CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

CVE-2026-3667 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has...

CVE-2026-3667

CVE-2026-3667 affects Freedom Factory dGEN1 (up to 20260221) with the vulnerability in the function FakeAppService of the component org.ethosmobile.ethoslauncher. The underlying issue is improper authorization, exploitable from a local attacker. Public exploits exist and the vendor was notified w...

CVE-2026-3667 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has...

CVE-2026-3665 xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference

A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. Th...

CVE-2026-3662

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2026-3589

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example...

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

denkair-lab

DenkAir - Windows AD Pentesting Lab A comprehensive Windows A...

EUVD-2026-10128

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

CVE-2026-28787

OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during...

CVE-2026-30830

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

Symlink Attack

Overview shescape is a simple shell escape library Affected versions of this package are vulnerable to Symlink Attack in resolving shells in unix.js. An attacker can expose sensitive information by configuring the shell path as a symbolic link to another symlink, which may bypass proper escaping ...

CVE-2026-28395

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl...

CVE-2026-26124

'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

PT-2026-23840

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Machine Learning Techniques for Enhancing Quantum Key Distribution

Quantum Key Distribution QKD offers theoretically unbreakable security by leveraging quantum mechanics. However, practical implementation is challenged by environmental vulnerabilities, noise, and hardware imperfections. Recently, Machine Learning ML has emerged as a powerful tool to address thes...

PT-2026-23885

Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221 Description A flaw exists in Freedom Factory dGEN1 that allows for improper authorization. The issue is located within the FakeAppReceiver function of the org.ethosmobile.ethoslauncher component...

PT-2026-23880

A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may ...

GHSA-H6GW-8F77-MMMP WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources

Summary A DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses e.g., 127.0.0.1, 192.168.x.x. By crafting a malicious domain that resolves to a public IP during...