Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code root/admin privileges - Execution of arbitrary code user privileges -...

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.1.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

CVE-2026-34906

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

XWiki < 4.10.20 - Remote code execution

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a close...

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote cod...

Apache Druid - Remote Code Execution

Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server. id: CVE-2021-25646 info: name: Apache Druid - Remote Cod...

CVE-2026-42359

A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

Exploit for CVE-2026-49009

CVE-2026-49...

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - a full PTY shell Unauthenticated Stored Cross...

CVE-2026-34906

CVE-2026-34906 describes a Server-Side Template Injection (SSTI) in Wirtualna Uczelnia that allows an unauthenticated attacker to achieve Remote Code Execution (RCE) via insufficient input validation in the redirectToUrl endpoint and redirectUrlParameter. The payloades injected through these para...

EUVD-2026-33902

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

CVE-2026-34906

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

CVE-2026-34906 Server-Side Template Injection (SSTI) in Wirtualna Uczelnia

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

CVE-2026-34906 Server-Side Template Injection (SSTI) in Wirtualna Uczelnia

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

WordPress Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by kai63001 in WordPress Plugin Spectra versions = 2.19.25...

Exploit for Improper Control of Dynamically-Managed Code Resources in Nocobase

CVE-2026-34156 – NocoBase Sandbox Escape RCE !CVE-2026-34...