CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

EUVD-2026-33281

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

EUVD-2025-209989

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

EUVD-2026-33277

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

CVE-2026-9559

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

CVE-2026-9559

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

CVE-2026-9559

CVE-2026-9559 describes a path traversal vulnerability in Mautic 7 within the campaign import feature. During ZIP extraction in campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories, enabling an authenticated user with campaign import priv...

CVE-2026-9559

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

EUVD-2026-33276

A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...

CVE-2026-9558

A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...

CVE-2026-9558

This CVE describes a Server-Side Template Injection (SSTI) in Mautic’s theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. With authenticated access to create or upload themes, an attacker could execute arbitrary code on the hosting server...

Security Bulletin: There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-5758)

Summary There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-5758 DESCRIPTION: JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0,...

CVE-2026-49199

The CVE-2026-49199 entry describes a root‑level RCE via crafted MQTT messages, enabling command injection on the target device. Connected records identify Predator Connect W6x as affected (CVE-2026-49199 CVE Record). The core issue is a vulnerability in handling MQTT payloads that allows arbitrar...

CVE-2026-49199 Predator Connect W6x: RCE via MQTT

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

CVE-2026-32998

This vulnerability in Veeam Service Provider Console allows for remote code execution...

Security update for samba

This update for samba fixes the following issues CVE-2026-2340: vfsworm does not block directory modification bsc1261158. CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server bsc1261160. CVE-2026-4408: Remote Code Execution in SAMR bsc1261163. CVE-2026-4480: Unauthenticated Remote...

Exploit for Protection Mechanism Failure in Artifex Ghostscript

Real Case Exploitation of Buffer Overflow & Format String Vuln...

Exploit for Code Injection in Xwiki

CVE-2025-24893 Exploit de Execução Remota de Código RCE no X...

EUVD-2026-33141

Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33137

Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...