CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

CVE-2026-12066 PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

EUVD-2026-10753

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state after landing and before the automatic disarm triggered by the COMDISARMLAND parameter, the system lacks a thrott...

KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

NVIDIA多款产品 安全漏洞

NVIDIA HGX GB200 and others are an acceleration platform for high-performance computing from NVIDIA. A security vulnerability exists in various NVIDIA products, which stems from a flaw in the HGX Management Controller that could lead to code execution, denial of service, elevation of privilege,...

CVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

The vulnerability of the `init_ISA_irqs()` and `make_8259A_irq()` functions in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the initISAirqs and make8259Airq functions in the Linux operating system is related to the swapping of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...

(Pwn2Own) Oracle VirtualBox OHCI USB Controller Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-1262

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument picurl leads to unrestricted...

NVIDIA DGX Security Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in the NVIDIA DGX H100 BMC, which stems from a security flaw in IPMI that can be exploited by attackers to cause code execution, denial of service, privilege escalation, and...

CVE-2023-4010 Kernel: usb: hcd: malformed usb descriptor leads to infinite loop in usb_giveback_urb()

A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...

CVE-2023-2007

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the...

Design/Logic Flaw

controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new...

Microsoft Windows Storage Spaces Controller 权限许可和访问控制问题漏洞

Microsoft Windows Storage Spaces Controller is an essential driver for providing storage space functionality from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows Storage Spaces Controller with privilege permission and access control issues. The following products and editio...

The vulnerability of the microprogrammed logic controller Quantum 140 NOE771x1, related to insufficient checking of unusual or exceptional states, allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed logic controller Quantum 140 NOE771x1 software is related to insufficient testing of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to cause malfunctions in the system...

F5 NGINX Controller 安全漏洞

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller due to incorrect default permissions that allow local users ...

74CMS 安全漏洞

Knight CMS 74cms is a free website management system based on PHP+MYSQL, providing perfect talent recruitment website construction program. There is a PHP remote file inclusion vulnerability in the assignresumetpl method in Application/Common/Controller/BaseController.class.php in versions prior ...

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...