CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...

CVE-2026-2564

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly...

CVE-2026-2620 Huace Monitoring and Early Warning System ProjectRole.aspx sql injection

A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

CVE-2026-2537

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely...

VulnCheck KEV: CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...

Tenable Security Center 安全漏洞

Tenable Security Center is a security center provided by the American company Tenable. There are security vulnerabilities present in Tenable Security Center, and these vulnerabilities stem from remote attacks by authentication attackers, which allow them to execute arbitrary code...

HPE Aruba Networking Private 5G Core 安全漏洞

HPE Aruba Networking Private 5G Core is a 5G core component developed by the American company HPE. There is a security vulnerability present in HPE Aruba Networking Private 5G Core, which stems from a flaw in the management API. This vulnerability could allow unverified remote attackers to trigge...

CVE-2026-2564 Intelbras VIP 3260 Z IA OutsideCmd password recovery

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly...

CVE-2026-2563 JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privileges management

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function setstcreenendeabledstatus/getstatus of the file /f/service/controlDevice of the component jdcapprpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the...

Advisory ROSA-SA-2026-3187

Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 unaffected versions = jackson-databind-2.10.0-1.0.2.rv3 affected versions jackson-databind-2.10.0-1.0.2.rv3 CVE-ID: CVE-2020-25649 BDU-ID: 2022-05602 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DOMDeserializer component of the...

CVE-2026-2553

A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Name/Email results in sql injection...

CVE-2026-2555

CVE-2026-2555 affects JeecgBoot 3.9.1 in the Retrieval-Augmented Generation component, specifically the importDocumentFromZip function in AiragKnowledgeController.java. The issue is a deserialization vulnerability triggered by manipulating input, allowing a remote attacker to exploit the flaw. Th...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

CVE-2026-2551

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...

EUVD-2026-6117

A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2026-2545

A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2026-2545 LigeroSmart index.pl cross site scripting

A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...