CVE-2026-44166 Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

ROS-20260417-73-0041

Vulnerability in zabbix7-lts related to providing a data element for an erroneous session. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

Microsoft Office Sharepoint Server 跨站脚本漏洞

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

Microsoft Azure Functions 信息泄露漏洞

Microsoft Azure Functions is a hosted Platform-as-a-Service PaaS provider from Microsoft Corporation USA that delivers event-driven and scheduled compute resources for Azure cloud services. An information disclosure vulnerability exists in Microsoft Azure Functions, which can be exploited by an...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by free usage in ANGLE. An attacker can exploit the vulnerability to execute arbitrary code on a system...

NSecsoft NSecKrnl 安全漏洞

NSecsoft NSecKrnl is the underlying core module of a terminal protection software from China Anzai NSecsoft. A security vulnerability exists in NSecsoft NSecKrnl, which originates from a local attacker being able to terminate another user's process via a specially crafted IOCTL request...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are affected:Windows 10 Version 1809 for...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows that stems from an attacker's ability to elevate privileges by exploiting the vulnerability...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege authentication bypass vulnerability exists in the Huawei HarmonyOS Camera app, which can be exploited by an attacker to compromise service...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by a clickjacking/overwriting attack in the maybeShowDialog function in ControlsSettingsDialogManager.kt that results in ControlsSettingsTialog...

Google Android TV has an unspecified vulnerability

Google Android TV is a television operating system application from the American company Google Google. Google Android TV suffers from a security vulnerability that can be exploited by an attacker that may result in arbitrary activity being initiated...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML content of email notification settings. An attacker can inject malicious scripts by crafting malicious inputs that are rendered in the preview mode. Note: This is only exploitable if the attacker ha...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an SVG parsing module exception capture failure, and can be exploited by an attacker to...

Git Credential Manager 信息泄露漏洞

Git Credential Manager GCM is a secure Git credential assistant open-sourced by Git Ecosystem. An information disclosure vulnerability exists in Git Credential Manager. An attacker could exploit this vulnerability to capture the credentials of another Git remote. The following products and versio...

CVE-2024-12848

CVE-2024-12848 concerns the SKT Page Builder plugin for WordPress. The vulnerability allows authenticated users with subscriber-level access or higher to upload arbitrary files due to a missing authorization check in the addLibraryByArchive function across all versions up to 4.6, enabling potenti...

kernel: net: kernel: UAF in network route management

A use-after-free flaw was found in the Linux kernel's network route management. This flaw allows an attacker to alter the behavior of certain network connections...

json-override 安全漏洞

json-override is a library by Luke Bond Personal Developer. A security vulnerability exists in json-override version 0.2.0. An attacker exploiting this vulnerability could execute arbitrary code or cause a denial of service...

React-PDF 安全漏洞

React-PDF is an application by Wojciech Maj Personal Developer. A security vulnerability exists in react-pdf. An attacker exploiting this vulnerability could execute JavaScript code...