CVE-2026-40551

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

CVE-2026-10154 Dolibarr ERP CRM messaging.php authorization

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

2026-05 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 (KB5087052)

2026-05 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 KB5087052...

May 12, 2026—KB5087420 (OS Build 22631.7079)

May 12, 2026—KB5087420 OS Build 22631.7079 ​​​​​This cumulative update for Windows 11, version 23H2 KB5087420, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates,...

Microsoft Hyper-V 资源管理错误漏洞

Microsoft Hyper-V is an application developed by Microsoft Corporation in the United States. It is a system management program that enables desktop virtualization. There is a resource management vulnerability in Microsoft Hyper-V. Attackers can exploit this vulnerability to gain elevated...

Linux Distros Unpatched Vulnerability : CVE-2026-7689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library...

Astra Linux – Vulnerability in Twisted

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web would process the requests asynchronously, without guaranteeing the order of responses. If either of the endpoints was controlled by an...

CVE-2026-40551 Use of Client-Side Authentication in mpGabinet

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

Nordic Semiconductor IronSide SE 安全漏洞

Nordic Semiconductor IronSide SE is a security development environment software developed by the Norwegian company Nordic Semiconductor. There are security vulnerabilities in Nordic Semiconductor IronSide SE for nRF54H20 versions up to 23.0.2+17. These vulnerabilities stem from algorithmic...

KB5082052: Windows 11 version 23H2 Security Update (April 2026)

The remote Windows host is missing security update 5082052. It is, therefore, affected by multiple vulnerabilities - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. CVE-2026-33824 - Protection mechanism failure in Windows Shell allows an...

CVE-2023-31044

Summary: CVE-2023-31044 affects Nokia Impact prior to Mobile 23_FP1. In Impact DM 19.11 and later, a remote authenticated user can exploit the Add Campaign function to inject a malicious payload within the Campaign Name. When exported to CSV, those payloads may execute via spreadsheet software, e...

GHSA-V8JW-8W5P-23G3 AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction

Summary An authenticated Remote Code Execution RCE vulnerability was identified in AVideo related to the plugin upload/import functionality. The issue allowed an authenticated administrator to upload a specially crafted ZIP archive containing executable server-side files. Due to insufficient...

AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction

Summary An authenticated Remote Code Execution RCE vulnerability was identified in AVideo related to the plugin upload/import functionality. The issue allowed an authenticated administrator to upload a specially crafted ZIP archive containing executable server-side files. Due to insufficient...

AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

PT-2026-22880

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 23 Description The software contains an unauthenticated SQL injection flaw within the objects/videos.json.php and objects/video.php components. The application does not properly sanitize the catName parameter when...

SimTech ThinkWise 安全漏洞

SimTech ThinkWise is a mind mapping software developed by South Korea’s SimTech company. Versions of SimTech ThinkWise from 7 onwards, up to version 23, have security vulnerabilities. These vulnerabilities stem from stack buffer overflows, which may lead to remote code execution...

CVE-2024-9432

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

EUVD-2026-4892

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...