CVE-2026-6569 kodcloud KodExplorer fileGet Endpoint share.class.php improper authentication

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The...

CVE-2026-6564

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

EUVD-2026-23690

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2026-6562

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...

CVE-2026-6563

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2026-6563

CVE-2026-6563 affects H3C Magic B1 up to 100R004. The vulnerable element is the function SetAPWifiorLedInfoById in /goform/aspForm. Manipulating the argument param leads to a buffer overflow. The issue is remotely exploitable and the public exploit has been disclosed. The vendor was contacted ear...

CVE-2026-6563 H3C Magic B1 aspForm SetAPWifiorLedInfoById buffer overflow

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to...

LightPicture 安全漏洞

LightPicture is a corporate/team/personal image resource management system and photo hosting system developed by osuuu. Versions of LightPicture 1.2.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded credentials for parameters key in files...

PT-2026-33758

Name of the Vulnerable Software and Affected Versions gnu sed versions prior to 4.10 Description A race condition exists when the software is invoked with both -i in-place edit and --follow-symlinks. The function open next file performs two separate, non-atomic filesystem operations on the same...

WordPress plugin EMC – Easily Embed Calendarly Scheduling Features 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier had security vulnerabilities. These vulnerabilities stemmed from the handling of the key parameter in the owntracks/views.py file, which resulted in the use of a hardcoded encryption key...

DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier had security vulnerabilities. These vulnerabilities stemmed from the use of the parameter SECRETKEY in the file djangoblog/settings.py, which resulted in hard-coded credentials,...

A Novel Quantum Augmented Framework to Improve Microgrid Cybersecurity

Small modular nuclear reactors SMRs are redefining the energy generation landscape by enabling the deployment of modular, scalable, and pre-built power units that can be used to build distributed autonomous microgrids for critical infrastructure and burgeoning AI factories. Often, these microgrid...

PT-2026-33632

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

PT-2026-33648

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET KEY results in hard-coded credentials. The attack can be launched remotely. T...

It Takes 2 Minutes to Hack the EU’s New Age-Verification App

Plus: Major data breaches at a gym chain and hotel giant, a disruptive DDoS attack against Bluesky, dubious ICE hires, and more...

Exploit for CVE-2026-4484

CVE-2026-4484 Masteriyo LMS = 2.1.6 - Missing Authorizatio...

CVE-2026-6482

The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...

CVE-2026-33084

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

DEBIAN-CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...