DEBIAN-CVE-2026-2650

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2019-25359

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enablin...

CVE-2026-2676

CVE-2026-2676 concerns the GoofTech sms-ssm API, specifically the preHandle function in LoginInterceptor.java under the API Interface component. The weakness is described as allowing improper authorization, potentially exploitable remotely. The exploit is reportedly public, with no disclosed vers...

CVE-2026-2676 GoogTech sms-ssm API LoginInterceptor.java preHandle improper authorization

A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be...

CVE-2019-25401

Bematech MP-4200 TH printer (formerly Logic Controls, now Elgin) has a denial-of-service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the web service, causing DoS. CVSS metrics are provided: ...

Unsafe Dependency Resolution

Overview @tygo-van-den-hurk/slyde is a Make beautifully animated Slydes and presentations from XML with ease! Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic import process of /.plugin.js,mjs files from dependencies. An attacker can execute...

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB NOTES This exploit an...

CVE-2026-2666

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

What is CTEM? A Guide to Proactive Cybersecurity

Most security teams are great at finding problems. The real challenge is figuring out which problems to solve first. When everything is a priority, nothing is. This is a common frustration that leaves teams feeling overworked and unsure if their efforts are making a real difference. A more...

6 Best Continuous Threat Monitoring Platforms Reviewed

Security teams are drowning in data but starving for insight. You have logs, network traffic, and endpoint activity pouring in from all directions, but more data doesn't automatically equal better security. Without context, it’s just noise that leads to alert fatigue and missed threats. An...

6 Best Exposure Management Cybersecurity Platforms

How do you know if your security controls will actually stop an attack? You can have the best firewalls and endpoint protection on the market, but misconfigurations or undiscovered assets can render them useless. This is the fundamental question that traditional vulnerability management can't...

CVE-2026-2661

CVE-2026-2661 affects Squirrel up to 3.2, specifically the SQObjectPtr::operator in squirrel/sqobject.h. The public documentation describes a heap-based overflow arising from improper handling in that operator, enabling local exploitation. A separate PacketStorm report attributes a related issue ...

CVE-2026-2661 Squirrel sqobject.h operator heap-based overflow

A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be...

UBUNTU-CVE-2026-2659

A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument targetstack can lead to out-of-bounds read. It is possible to launch the attack o...

CVE-2026-2657

CVE-2026-2657 affects the Wren language (wren) up to version 0.4.0. The vulnerability is in the function printError within src/vm/wren_compiler.c of the Error Message Handler, where manipulation can cause a stack-based buffer overflow. The advisory notes a local attack vector and that an exploit ...

CVE-2026-2657 wren-lang wren Error Message wren_compiler.c printError stack-based overflow

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wrencompiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclos...

CVE-2025-65519

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...

CVE-2026-2656 ChaiScript type_info.hpp bare_equal use after free

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::TypeInfo::bareequal of the file include/chaiscript/dispatchkit/typeinfo.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitabili...

CVE-2026-1404

The vulnerability CVE-2026-1404 affects the WordPress plugin “Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership” up to version 2.11.1. It enables Reflected Cross-Site Scripting via filter parameters (e.g., filter_first_name) due to insufficien...

CVE-2026-2655

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::strless::operator of the file include/chaiscript/chaiscriptdefines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of...