Everest Forms Pro <= 1.9.12 - Unauthenticated RCE via Calculation Formula Injection

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: alcorpci: Fix nullptrderef when there is no PCI bridge There is a issue with the ASPM optional capability checking function. A device may be directly connected to the root complex. In this case, bus-selfbridge will be...

CVE-2026-46935

Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2026-46934

Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2026-46915

Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Production. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

PT-2026-50022

Name of the Vulnerable Software and Affected Versions Oracle Complex Maintenance, Repair and Overhaul versions 12.2.3 through 12.2.15 Description An issue exists in the Production component of Oracle Complex Maintenance, Repair and Overhaul within Oracle E-Business Suite. A low privileged attacke...

PT-2026-50038

Name of the Vulnerable Software and Affected Versions Oracle Complex Maintenance, Repair and Overhaul versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite. A low...

tiny-regex-c 资源管理错误漏洞

tiny-regex-c is a lightweight regular expression parsing library developed by Kokke. There is a resource management vulnerability in tiny-regex-c, which stems from improper operation of the matchstar function in the pattern processing component of the file re.c. This vulnerability may lead to...

Exploit for CVE-2026-3300

CVE-2026-3300 - Everest Forms Pro Unauthenticated Stored Cross...

SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems

Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...

MAL-2026-4840 Malicious code in @bcs-bank-complex-ui/deeplink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @bcs-bank-complex-ui/deeplink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @bcs-bank-complex-ui/deeplink is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Security Bulletin: Vault Denial of Service Through Complex JSON Payloads

Summary A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to becom...

CVE-2026-8233

A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: HWS, fixed the issue where complex rule rehash operations failed. Moving rules from one matcher to another should not fail. However, if it does fail due to various reasons, the error handling mechanism should allow t...

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

vulnswarm

VulnSwarm AI-powered vulnerability discovery using multi-agen...

EUVD-2026-18490

OpenClaw's complex interpreter pipelines could skip exec script preflight validation...

GHSA-FVX6-PJ3R-5Q4Q OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Summary Before OpenClaw 2026.4.2, exec script preflight validation could fail open on complex interpreter invocations such as pipes or other non-simple command forms. In those cases, script-content validation could be skipped entirely. Impact An attacker-controlled command shape could bypass the...