CVE-2025-5090

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

CVE-2025-5088

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

Exploit for CVE-2024-21182

CVE-2024-21182 - Oracle WebLogic Server Unauthenticated Stored...

CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

K000161597: Apache Tomcat vulnerability CVE-2026-34483

Security Advisory Description Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade...

EUVD-2026-34841

Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Geographic Tracking System: before v0.0.2...

EUVD-2026-34832

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

EUVD-2026-34833

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService

Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an authenticated Omni user with Reader...

CVE-2026-6209

Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Geographic Tracking System: before v0.0.2...

CVE-2026-37737

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

CVE-2026-50233

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

CVE-2026-50234

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

CVE-2026-6209

...

CVE-2026-6209

CVE-2026-6209 affects HAVELSAN's Geographic Tracking System prior to v0.0.2. The issue is Improper Access Control (Missing Authorization) allowing access to functionality not properly constrained by ACLs. CVSSv3.1 metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N; base score 9.1 (CRITICAL). Impact sta...

CVE-2026-6208

...

CVE-2026-11334 tittuvarghese CollegeManagementSystem fetch.php sql injection

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...

CVE-2026-45324

A flaw was found in Rizin, a UNIX-like reverse engineering framework. A double free vulnerability exists in the bytepatternsearch function due to incorrect pointer ownership. This flaw could allow a local attacker with physical access to cause a denial of service DoS by corrupting memory...

CVE-2026-50234

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...