CVE-2026-45469 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963 , the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution RCE o...

Exploit for CVE-2017-20251

CVE-2017-20251: Insert PHP Plugin PHP Code Injection Vulne...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447

CVE-2026-45447 is a heap use-after-free in OpenSSL PKCS7_verify triggered when SignedData digestAlgorithms is an empty ASN.1 SET, risking process crashes, heap corruption, or remote code execution. It affects applications processing PKCS#7/S/MIME with OpenSSL PKCS#7 APIs (CMS APIs are not affecte...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

CVE-2026-0409

Summary: CVE-2026-0409 affects NETGEAR Orbi 370 series devices prior to version 12.1.2.7. A remote attacker who can intercept and tamper with traffic between the router and the Internet can trigger a remote command execution when the device administrator performs certain management actions. This ...

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...

CVE-2026-9279

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

CVE-2026-10520

Ivanti Sentry (formerly MobileIron Sentry) is affected by CVE-2026-10520, an OS Command Injection vulnerability that allows an unauthenticated remote attacker to execute arbitrary commands as root. The issue resides in the ConfigServiceController via the unauthenticated POST to /mics/api/v2/sentr...