CVE-2026-26742

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...

Fedora 45 : bpfman (2026-0523662d59)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0523662d59 advisory. Automatic update for bpfman-0.5.4-6.fc45. Changelog Wed Mar 11 2026 Daniel Mellado - 0.5.4-6 - Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes...

CVE-2026-26742

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...

CVE-2026-26741

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state after landing and before the automatic disarm triggered by the COMDISARMLAND parameter, the system lacks a thrott...

CVE-2026-26742

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...

Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf

CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...

CVE-2026-26742

PX4 Autopilot versions 1.12.x–1.15.x have a protection mechanism failure in the Re-arm Grace Period logic. The system applies the in-air emergency re-arm logic to ground scenarios; if a pilot switches to Manual mode and re-arms within 5 seconds of an automatic landing, pre-flight safety checks (i...

CVE-2026-26742

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...

CVE-2026-26742

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...

Zip Slip Path Traversal on Node Unpack

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. See CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Pat...

auto-exploit-amazing-mesh-koy6

No d...

EUVD-2026-10028

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

A flawed TLS handshake implementation affects Viber Proxy in multiple platforms

Overview The Rakuten Viber messaging app for Android V25.7.2.0g and Windows V25.6.0.0-V25.8.1.0, has a flaw in its TLS handshake implementation when using the Cloak proxy configuration. This flaw allows for easy identification of proxy usage, potentially compromising user anonymity. Description...

CVE-2025-68467

Dark Reader CVE-2025-68467 describes a vulnerability where pre-4.9.117 builds could be used to request a style sheet from a local web server (e.g., http://localhost:8080/style.css) via cross-origin requests. The issue involved cross-origin CSS files being parsed or stored in Session Storage, enab...

Dark Reader gives users the ability to request style sheets from local web servers

Description Dark Reader versions prior to 4.9.117 included a behavior where a website could request a style sheet from a locally running web server, for example http://localhost:8080/style.css, If an address was available and returned a text/css content type. Patches The problem was fixed in...

CVE-2025-70220

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWANwizard4...

PT-2026-23066

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

honeypot-server

ReportedIP Honeypot Server !License: BSL 1.1https://img.s...

CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects...

CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects...