CVE-2026-44757

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

Android Wireless ADB Wireless Port Checker Flipper Zero GUI Application

This program is a Flipper Zero application that checks whether the Android Debug Bridge ADB wireless debugging port 5555 is open on a specified IP address. It integrates with the Flipper GUI system to display results directly on the device screen...

PT-2026-48470

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

PT-2026-48435

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before request → @jwt required app/routes/install/routes.py:36-39. The individual endpoints install exporter, install waf, install geoip,...

PT-2026-48452

A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...

EulerOS 2.0 SP13 : glibc (EulerOS-SA-2026-2290)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width...

Roxy-WI 授权问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability related to authorization. This vulnerability arises from using the API substring in the URL and unauthenticated /api/gpt endpoints,...

Lenovo Android Application 安全漏洞

Lenovo Android Application is an application developed by Lenovo Corporation, designed for managing Lenovo devices. There is a security vulnerability in Lenovo Android Application, which stems from websites accessed via the built-in browser potentially overwriting system clipboard contents...

CVE-2026-53675

CVE-2026-53675 concerns BuddyPress 14.4.0, where an insecure direct object reference in the friends REST API allows any authenticated user to enumerate another user’s complete friend list. The get_items_permissions_check method only verifies that the requester is logged in, not ownership of the r...

GHSA-FQC7-9XJW-JRH3 SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

Description CVE-2024-50340 GHSA-x8vp-gf4q-mw5j addressed an issue where, with registerargcargv=On, a crafted query string let an unauthenticated GET change the kernel environment and debug flag by feeding --env/--no-debug through $SERVER'argv'. The fix shipped in symfony/runtime 5.4.46 / 6.4.14 /...

CVE-2026-34711 CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require...

CVE-2026-39170

SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcmsuser.php...

CVE-2026-45604

Out-of-bounds read in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-45594

Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-0420

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...

EUVD-2026-35553

Out-of-bounds read in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability

...

CVE-2026-45594

CVE-2026-45594 : This vulnerability concerns the Windows Application Identity (AppID) Subsystem , where an exposure of sensitive information to an unauthorized actor enables a local attacker to disclose information. The NVD entry reiterates the issue as a local confidentiality breach (impact: Hig...

EUVD-2026-35552

Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability

...