CVE-2025-14346

CVE-2025-14346 affects WHILL Model C2 Electric Wheelchairs and WHILL Model F Power Chairs. Connected sources confirm lack of authentication for Bluetooth connections, enabling an attacker within Bluetooth range to pair with the device and issue movement commands, override speed restrictions, and ...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.420.8 and earlier versions, which stems from an information leak in the API endpoint that could lead to unauthorized email address changes...

tar security update

2:1.34-9 - Fix the last patch to solve a regression with -x and --xattrs: RHEL-136277 also, fix another tiny mistake in the patch w/o visible consequences 2:1.34-8 - Backport upstream changes to jailify extraction directory Includes related gnulib changes to add openat2 Fixes CVE-2025-45582...

PT-2026-1345

Name of the Vulnerable Software and Affected Versions Craft versions 5.0.0-RC1 through 5.8.20 Craft versions 4.0.0-RC1 through 4.16.16 Description Craft is susceptible to authenticated Remote Code Execution RCE through a Twig Server-Side Template Injection SSTI. Successful exploitation requires...

Oracle Linux 10 : tar (ELSA-2026-0002)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-0002 advisory. 2:1.35-9 - Fix a tiny mistake in the last patch affecting hardling extraction w/o visible consequences 2:1.35-8 - Backport upstream changes to jailify extracti...

CVE-2026-21446

Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints /install/api/ are directly accessible and exploitable without any authentication. An attacker can...

PT-2026-1181

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an improper access control issue. The platform allows unauthorized device manipulation by accepting arbitrary serial...

CVE-2026-21446

Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints /install/api/ are directly accessible and exploitable without any authentication. An attacker can...

CVE-2026-21446

Summary (CVE-2026-21446) Bagisto (Laravel-based eCommerce) prior to 2.3.10 exposes installer API endpoints under /install/api/* that remain accessible after installation. The root cause is unauthenticated access to API routes (no auth/CSRF in /install/api/*), enabling an attacker to create admin ...

CVE-2026-21446 Bagisto Missing Authentication on Installer API Endpoints

Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints /install/api/ are directly accessible and exploitable without any authentication. An attacker can...

Webkul Software Bagisto 访问控制错误漏洞

Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. An access control error vulnerability exists in Webkul Software Bagisto versions prior to 2.3.10, which stems from an API route that remains active after installation and does not require authentication,...

VulnCheck KEV: CVE-2025-14998

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

PT-2026-1095

Name of the Vulnerable Software and Affected Versions License Center versions prior to 2.0.36 Description A buffer overflow issue exists in License Center. Successful exploitation could allow a remote attacker with administrator privileges to modify memory or cause processes to crash...

PT-2026-3703

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.14 and 7.2.4 Description An easily exploitable issue exists in the Oracle VM VirtualBox Core component, potentially allowing a high-privileged attacker with access to the system where Oracle VM VirtualBox runs...

PT-2026-28363

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Dovecot OTP authentication is susceptible to a replay attack under certain conditions. Specifically, if the authentication cache is enabled and a username is modified within the passdb, OTP credentia...

PT-2026-27652

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s PLIC Platform Level Interrupt Controller component contains a flaw where interrupt handling can freeze due to incorrect affinity settings. Specifically, the PLIC may...

EUVD-2025-206083

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...