CVE-2026-26335

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\Program Files x86\Veramark\VeraSMART\WebRoot\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

[SECURITY] Fedora 43 Update: libssh-0.11.4-1.fc43

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

PT-2026-8256

CVE-2025-35961 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-35961 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link f...

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

CVE-2026-1358

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server...

CVE-2026-26068 emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection)

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how...

Exploit for Deserialization of Untrusted Data in Wazuh

CVE-2026-25769 - Remote Code Execution via Insecure Deserializ...

CVE-2026-2319

CVE-2026-2319 describes a race in Chrome DevTools before 145.0.7632.45 that could allow a remote attacker to potentially exploit object corruption via a malicious file, contingent on a user performing specific UI gestures and installing a malicious extension. The vulnerability affects Google Chro...

📄 Qualys Security Advisory - GHOST glibc gethostbyname Buffer Overflow

During a code audit performed internally at Qualys, they discovered a buffer overflow in the nsshostnamedigitsdots function of the GNU C Library glibc. This bug is reachable both locally and remotely via the gethostbyname functions, so we decided to analyze it -- and its impact -- thoroughly, and...

CVE-2026-21228 Azure Local Remote Code Execution Vulnerability

...

CVE-2026-21228

CVE-2026-21228 affects Azure Local and is due to improper certificate validation. The TALOS update describes an attacker intercepting unsecured communication between the configurator and target systems, tampering responses to trigger command injection with administrative privileges and potentiall...

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

CVE-2026-2260

A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

Microsoft GitHub Copilot and Visual Studio 代码注入漏洞

Microsoft GitHub Copilot and Visual Studio are generative AI tools developed by the American company Microsoft. There is a code injection vulnerability in Microsoft GitHub Copilot and Visual Studio. Attackers can exploit this vulnerability to execute code remotely. The following products and...

PT-2026-7413

Name of the Vulnerable Software and Affected Versions Microsoft Defender for Linux affected versions not specified Description The software contains a flaw in how it generates code, potentially allowing an attacker on the same network to run code without authorization. There is no information abo...

Microsoft Defender 代码注入漏洞

Microsoft Defender for Linux is Microsoft's own antivirus security software. A security vulnerability exists in Microsoft Defender for Linux that originates from improper input validation and can be exploited by remote attackers to execute arbitrary code...

CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

CVE-2026-2211

A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...