KLA91051 ACE vulnerability in PostgreSQL

A remote code execution vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories PostgreSQL REFRESH PUBLICATION allows SQL injection via table name Exploitation Related products PostgreSQL CVE lis...

KLA91050 ACE vulnerability in PostgreSQL

A remote code execution vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories PostgreSQL pgcreatesubscriber allows SQL injection via subscription name Exploitation Related products PostgreSQL C...

Siemens SENTRON 7KT PAC1261 Data Manager

SUMMARY The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.0 contains a request smuggling vulnerability in the Go Project's net/http package that could allow an attacker to retrieve authorization tokens that can be used to gain administrative control over the device. Siemens has...

KLA91022 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in the DOM: Networking component can be...

Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Open redirect CWE-601 - CVE-2026-41226 Tony Kirkland of Sixgen Inc reported this...

KLA91008 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerability in the Audio/Video...

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions...

Siemens TPM 2.0

SUMMARY The products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affected products and recommends to update to the...

Siemens SINEC NMS

SUMMARY SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to...

Siemens SINEC NMS

SUMMARY Siemens SINEC NMS when used with User Management Component UMC contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application...

Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)

SUMMARY RUGGEDCOM CROSSBOW Station Access Controller SAC contains a vulnerability that could allow an attacker to achieve arbitrary code execution and to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller SAC and recommends...

KLA90977 ACE vulnerability in Adobe Acrobat Reader

A remote code execution vulnerability was found in Adobe Acrobat Reader. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories APSB26-43 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware i...

GHSA-JMQ3-X8Q7-J9QM baserCMS has a cross-site scripting vulnerability in blog posts

baserCMS has a cross-site scripting vulnerability in blog posts. Target baserCMS 5.2.1 and earlier versions Vulnerability Malicious Javascript may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows

Overview The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427 - CVE-2026-28760 Incorrect default permissions CWE-276 - CVE-2026-32680 Kazuma Matsumoto of GMO Cybersecurit...

KLA90905 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2026-06 · NTS-KE dissector crash Exploitation Related products Wireshark CVE list CVE-2026-3202 warning Solution Update to the latest...

KLA90888 DoS vulnerability in Mozilla Firefox ESR

Heap buffer overflow vulnerability was found in Mozilla Firefox ESR. Malicious users can exploit this vulnerability to cause denial of service. Original advisories MFSA2026-10 Exploitation Related products Mozilla-Firefox-ESR CVE list CVE-2026-2447 unknown Solution Update to the latest version...

KLA90889 DoS vulnerability in Mozilla Thunderbird ESR

Heap buffer overflow vulnerability was found in Mozilla Thunderbird ESR. Malicious users can exploit this vulnerability to cause denial of service. Original advisories MFSA2026-11 Exploitation Related products Mozilla-Thunderbird-ESR CVE list CVE-2026-2447 unknown Solution Update to the latest...

Fanwei e-cology - SQL Injection

Fanwei e-cology 8.0 contains a sql injection caused by unsanitized user input in the sql parameter of getdata.jsp, letting unauthenticated attackers execute arbitrary SQL queries and access sensitive data. id: CVE-2025-34038 info: name: Fanwei e-cology - SQL Injection author: ritikchaddha severit...

Omnissa Workspace ONE UEM - Path Traversal

Omnissa Workspace ONE UEM contains a path traversal caused by crafted GET requests to restricted API endpoints, letting malicious actors access sensitive information, exploit requires sending crafted requests. id: CVE-2025-25231 info: name: Omnissa Workspace ONE UEM - Path Traversal author:...

KLA90859 ACE vulnerability in Mozilla Thunderbird

A remote code execution vulnerability was found in Mozilla Thunderbird. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories MFSA2026-07 Related products Mozilla-Thunderbird CVE list CVE-2026-0818 warning Solution Update to the latest version Download...