CVE-2026-49324

The CVE-2026-49324 affects the Wireless Control Module (WCM) in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an exploitable brute‑force lockout that is reachable via any unauthenticated in‑vehicle network message, with no session binding and no reset on power cycle...

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.16.0 and earlier contained a security vulnerability. This vulnerability stemmed from the WhatsApp Cloud API webhook endpoint not verifying the x-hub-signature-256 HMAC signature, allowing unauthenticate...

PT-2026-39145

Name of the Vulnerable Software and Affected Versions Akamai Guardicore Platform Agent versions 7.0 through 7.3.1 Akamai Zero Trust Client versions 6.0 through 6.1.5 Akamai Guardicore Platform Agent affected versions not specified Description Local privilege escalation is possible on Linux and...

CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

CVE-2026-1579 PX4 Autopilot Missing authentication for critical function

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

CVE-2026-1579 PX4 Autopilot Missing authentication for critical function

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

PX4-Autopilot 访问控制错误漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. PX4-Autopilot has a security vulnerability related to access control. This vulnerability arises from the fact that encryption authentication is not required by default, and when MAVLink 2.0 message signing is not enabled, an...

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability allows attackers to send specially crafted messages before authentication, thereby allocating a large amount ...

Linux Distros Unpatched Vulnerability : CVE-2026-25611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. CVE-2026-25611 Note that Nessus relies on th...

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

UBUNTU-CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

CVE-2026-25611 Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

CVE-2026-25611

CVE-2026-25611 affects MongoDB server. It describes a denial-of-service vector where a series of specifically crafted, unauthenticated messages can exhaust memory and crash the server. The entry provides CVSS metrics (3.1/7.5 HIGH and 4.0/8.7 HIGH) indicating network-based, unauthenticated impact...

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

CVE-2026-25611 Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

PT-2026-7415

Name of the Vulnerable Software and Affected Versions MongoDB versions 3.4 and later Description A flaw in MongoDB’s OP COMPRESSED handling allows unauthenticated attackers to crash servers with minimal traffic. The issue arises because MongoDB allocates approximately 48MB of memory per connectio...

CVE-2025-12173 WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation

The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on beha...