CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

CVE-2026-2670

Affected product/versions: Advantech WISE-6610 (1.2.1_20251110). Vulnerable component/file: /cgi-bin/luci/admin/openvpn_apply in the Background Management module. Root cause / condition: Manipulation of the argument delete_file enables an OS command injection. Impact: Remote execution possible wi...

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

CVE-2026-1999

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses, potentially disrupting background job processing, accessing administrative endpoints, metrics, and...

PT-2026-20509

Name of the Vulnerable Software and Affected Versions Advantech WISE-6610 version 1.2.1 20251110 Description A flaw exists in Advantech WISE-6610 that allows remote execution of operating system commands. This is due to improper handling of the delete file argument within an unknown function of t...

Chrome “preloading” could be leaking your data and causing problems in Browser Guard

This article explains why Chrome’s “preloading” feature can cause scary-looking blocks in Malwarebytes Browser Guard and how to turn it off. Modern browsers want to provide content instantly. To do that, Chrome includes a feature called page preloading. When this is enabled, Chrome doesn’t just...

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...

Malicious code in tablixs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 46731b2531e50115b70ae49abbd4bd1abb55f364a4cc2d8234c749f750883359 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

WordPress Sudoku Shortcode plugin <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'background' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Sudoku Shortcode versions = 1.0.0...

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...

CVE-2026-25728

CVE-2026-25728 covers a TOCTOU race in ClipBucket v5 pre-5.5.3 where avatar/background image uploads are moved to a web‑accessible location before validation. The file is later validated via ValidateImage() and may be deleted if validation fails, creating a window to execute arbitrary PHP code. E...

CVE-2026-25728 ClipBucket v5 Affected by Remote Code Execution via Avatar/Background File Upload Race Condition

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...

CVE-2026-25728 ClipBucket v5 Affected by Remote Code Execution via Avatar/Background File Upload Race Condition

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...

CVE-2026-25728 ClipBucket v5 Affected by Remote Code Execution via Avatar/Background File Upload Race Condition

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...

CVE-2026-0509

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...

PT-2026-7207

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated, low-privileged user can execute background Remote Function Calls without the necessary S RFC authorization in specific...

PT-2026-7321

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 Description ClipBucket is an open source video sharing platform. A Time-of-Check to Time-of-Use TOCTOU race condition exists in the avatar and background image upload functionality. The application moves...

ClipBucket 安全漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to host video websites. Versions of ClipBucket prior to 5.5.3 – version 40 – contained a security vulnerability. This vulnerability stemmed from a race condition in the upload function for...

SAP ABAP Platform和SAP NetWeaver Application Server ABAP 安全漏洞

SAP ABAP Platform and SAP NetWeaver Application Server ABAP are both products of the German company SAP. SAP ABAP Platform is an SAP solution based on ABAP language. SAP NetWeaver Application Server ABAP is a platform for running and developing applications written in the ABAP language. There are...

Fedora 43 : cef (2026-792b1b7bbd)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-792b1b7bbd advisory. Update to Chromium 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description block...