EUVD-2025-210023

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2025-59610

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2025-59610 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

PT-2026-40270

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 - cPanel & WHM Authentication Bypass Proof of C...

CVE-2026-33132 ZITADEL is missing enforcement of organization scopes

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

PT-2026-26195

Summary A vulnerability in Zitadel's OAuth2/OIDC interface, which allowed users to bypass organization enforcement during authentication. Impact Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:id and...

EUVD-2026-10285

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may...

CVE-2026-3795

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may...

EUVD-2026-8979

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...

EUVD-2026-8974

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

CVE-2026-23702

CVE-2026-23702 affects XWEB Pro (v1.12.1 and earlier). AOS command injection in the API V1 route’s import preconfiguration action allows an authenticated attacker to achieve remote code execution by sending crafted input in the server username field. Impact is high (remote code execution, post-au...

GHSA-J8HF-CP34-G4J7 Dragonfly Manager Job API Unauthenticated Access

Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. Affected Products - Product: Dragonfly - Component:...

CVE-2022-37144

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to document...

CVE-2025-67750

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/python-paho-template (=0.2.13)

@asyncapi/python-paho-template NPM version =0.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/python-paho-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

CVE-2025-60646

A stored cross-site scripting XSS in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

Linux Distros Unpatched Vulnerability : CVE-2025-40104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from...