CVE-2026-56129

creationtimestamp| type| source ---|---|--- 2026-06-25 09:45:11+00:00| seen| https://jvn.jp/en/vu/JVNVU91051826...

CVE-2026-53249

In the Linux kernel, CVE-2026-53249 affects the IPv4 handling of LSRR and SSRR options. The implemented patch restricts setting IPOPT_SSRR and IPOPT_LSRR to users with CAP_NET_RAW, preventing unprivileged applications from steering traffic through attacker-controlled nodes to leak TCP ISN and pot...

EUVD-2026-39200

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

CVE-2026-12244

creationtimestamp| type| source ---|---|--- 2026-06-25 08:00:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3xkkigqf2x...

CVE-2026-12245

creationtimestamp| type| source ---|---|--- 2026-06-25 07:55:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3xbltijl2w...

CVE-2026-12490

creationtimestamp| type| source ---|---|--- 2026-06-25 07:49:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3wyleh4a2c...

CVE-2026-9702

creationtimestamp| type| source ---|---|--- 2026-06-25 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp3vvpptdm2u 2026-06-25 07:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116809572458310891...

CVE-2026-10833

creationtimestamp| type| source ---|---|--- 2026-06-25 06:13:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3rmdu7rb24...

CVE-2026-13311

creationtimestamp| type| source ---|---|--- 2026-06-25 06:00:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp3qussy5o2f 2026-06-25 06:00:36+00:00| seen| https://infosec.exchange/users/offseq/statuses/116809218637128816 2026-06-25 06:45:49+00:00| seen|...

CVE-2026-2508

creationtimestamp| type| source ---|---|--- 2026-06-25 05:50:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3qc2cvjt2f...

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

TrakSYS 11.x.x - Sensitive Data Exposure

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

Astro - Information Disclosure

Astro versions v5.0.3 through v5.0.7 and Astro v4.16.17 or older with sourcemaps enabled contain a source code disclosure caused by sourcemap files being publicly accessible in the build output folder, letting unauthenticated users read server source code, exploit requires sourcemaps to be enable...

ThinkPHP < 3.2.4 - Remote Code Execution

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via the s parameter in index.php through the invokefunction functionality. id: CVE-2019-9082 info: name: ThinkPHP 3.2.4 - Remote Code Execution author: 0xanis severity: high description: |...

LaRecipe < 2.8.1 Remote Code Execution via SSTI

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection SSTI, which could potentially lead to Remote Code Execution RCE in vulnerable configurations. id: CVE-2025-53833 info:...

DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...

LionWiki <3.2.12 - Local File Inclusion

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion. id: CVE-2020-27191 info: name: LionWiki 3.2.12 - Local File Inclusion author: 0xAkoko severity: high description: LionWiki before...

Processwire CMS <2.7.1 - Local File Inclusion

Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...