CVE-2026-27303

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a maliciously craft...

CVE-2026-34615

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentiall...

CVE-2026-27243

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session...

CVE-2026-27245

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session...

WordPress LatePoint plugin <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability

Authenticated Agent+ Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability discovered by skyv3il - AI SAFE in WordPress Plugin LatePoint versions = 5.4.1...

ca.islandora.alpaca:islandora-alpaca-app (>=2.0.0 <=2.2.0), ca.islandora.alpaca:islandora-connector-derivative (>=2.0.0 <=2.2.0) +82 more potentially affected by CVE-2026-40860 via org.apache.camel:camel-jms (>=3.0.0-M1 <=4.14.6)

org.apache.camel:camel-jms MAVEN version =3.0.0-M1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =3.0.0, =0.46, =0.3, =0.5, =0.1, =0.1, =1.0, =4.3.7.hyte-4307a, =4.3.7.hyte-4307a, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2026-40860 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321536...

PT-2026-35519

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

CVE-2018-25281

iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash...

CVE-2018-25281 iCash 7.6.5 Denial of Service via Connect to Server

iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash...

CVE-2018-25281

The vulnerability CVE-2018-25281 affects iCash 7.6.5. A buffer overflow in the Connect to Server dialog can be triggered by placing an oversized payload (a 7000-byte string) into the Host field and clicking Connect, causing the application to crash. This is a local vulnerability with a high impac...

EUVD-2018-21801

iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash...

CVE-2018-25281 iCash 7.6.5 Denial of Service via Connect to Server

iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash...

Maxprog iCash 安全漏洞

Maxprog iCash is a financial software developed by Maxprog Corporation, designed for managing financial transactions of individuals and small businesses. Version 7.6.5 of Maxprog iCash contains a security vulnerability. This vulnerability stems from a buffer overflow in the Connect to Server dial...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014341)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014341 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a...

GHSA-PXF8-6WQM-R6HH Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the IsPasswordMatch function. An attacker can gain unauthorized access to accounts registered through OIDC by submitting the password "null" to the internal login endpoint, which results in a valid session...

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

CVE-2026-6992

CVE-2026-6992 affects Linksys MR9600 (firmware 2.0.6.206937). The vulnerability lies in BTRequestGetSmartConnectStatus within /etc/init.d/run_central2.sh (JNAP Action Handler), where manipulating the argument pin enables OS command injection. The attack can be initiated remotely and public exploi...

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...