CVE-2026-28503

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...

CVE-2026-25523 Magento's X-Original-Url header can expose admin url

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

Unspecified Vulnerability in Connect Box EuroDOCSIS 3.0 Voice Gateway

Connect Box EuroDOCSIS 3.0 Voice Gateway is a home voice gateway device. A security vulnerability exists in the administration interface of the Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH version, which originates from the program receiving a POST request on port 80...

kebi-webmail_vul.txt

kebi-Webmail Solution vulnerability Tested by secret e-mail: [email protected] Summary : Get webmail server's admin competence by remote attack in kebi-Webmail Solution. Platform: Attacker platform : All Operating Systems + Web browser Target platform: All kebi Webmail solution loading server ke...