CVE-2026-20999

Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions...

CVE-2026-20999

Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions...

CVE-2026-20997

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

CVE-2026-20990

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

CVE-2026-4212

CVE-2026-4212 affects multiple D-Link network devices (DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW/321/322L/323/325/326/327L, DNR-326, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04) up to 20260205. The issue is in the function Downloads_Schedule_Info of the file /cgi-bin/d...

CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

Malicious Package

Overview @myisrfn/baileys-mod is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-4201

CVE-2026-4201 identifies a weakness in glowxq glowxq-oj up to commit 6f7c723090472057252040fd2bbbdaa1b5ed2393. The vulnerability affects the Upload function in business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java, where manipulation can lead to unrestri...

CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...

PT-2026-25639

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the remove training data function within the src/vanna/legacy/google/bigquery vector.py file. Manipulation of the ID argument can lead to SQL injection. This issue can be exploit...

CVE-2025-69783

CVE-2025-69783 concerns OpenEDR’s 2.5.1.0 self-defense mechanism. A local attacker can rename a malicious executable to a trusted process name (for example, csrss.exe, edrsvc.exe, edrcon.exe), enabling unauthorized interaction with the OpenEDR kernel driver. This exposes privileged functionality ...

PT-2026-25613

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and cou...

Ubuntu: Security Advisory (USN-8087-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

(Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...

PT-2026-25775

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.14.2 Description FastMCP, a framework for building MCP applications, does not properly validate the resource parameter submitted by the client during authorization and token requests. Instead of issuing tokens...

PT-2026-25765

A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected...

PT-2026-25841

Name of the Vulnerable Software and Affected Versions Open Neural Network Exchange ONNX versions through 1.20.1 Description ONNX is an open standard for machine learning interoperability. A security control bypass exists in the onnx.hub.load function due to flawed repository trust verification...

PT-2026-25604

Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions...

CVE-2025-69783

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...

Cleanuparr 安全漏洞

Cleanuparr is an automated tool developed by Cleanuparr OpenSource, designed to clean up invalid files in the download queue. Cleanuparr versions 2.8.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from logical flaws in the/api/auth/login endpoint, which could allo...