PT-2026-4284

Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A Cross-Site Scripting XSS issue exists in a parameter within Omada Controllers because of insufficient input sanitization. Successful exploitation requires specific conditions,...

CVE-2025-68135 EVerest's inadequate exception handling leads to denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...

CVE-2025-68135

EVerest (EV charging software stack) prior to version 2025.10.0 has a vulnerability in the TbdController loop where C++ exceptions are not properly handled, causing the loop and its caller to terminate silently and leading to a denial of service affecting SDP and ISO15118-20 servers. The issue is...

GHSA-FQCV-8859-86X2 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...

CVE-2026-1223

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

CVE-2026-1222

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

Server-Side Request Forgery (SSRF)

Umbraco CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the baseUrl parameter in dashboard and help controller endpoints, which allows an attacker to craft requests that force the server to make unauthorized requests to external hosts...

CLSA-2026-1768669128 kernel: Fix of 39 CVEs

Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...

CVE-2026-1223

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

CVE-2026-1223 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Insufficiently Protected Credentials

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

CVE-2026-1222 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Arbitrary File Upload

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-1222

CVE-2026-1222 involves the PrismX MX100 AP controller from Browan Communications, which has an arbitrary file upload vulnerability that could allow privileged remote attackers to upload and execute web shells, enabling arbitrary code execution on the server. The connected sources consistently des...

CVE-2026-1136

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title causes cross site scripting. Remote exploitatio...

CVE-2026-1202

CVE-2026-1202 affects CRMEB up to version 5.6.3. The vulnerable element is the appleLogin function in crmeb/app/api/controller/v1/LoginController.php, where manipulating the openId argument results in improper authentication. This allows remote exploitation, and public-proof-of-concept exploits e...

CVE-2026-1202

A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried out...

Rockwell Automation ArmorStart LT 安全漏洞

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from an unexpected device reboot during the execution of the Achilles Comprehensive limited storm test,...

MiracleLinux 9 : qemu-kvm-8.2.0-11.el9 (AXSA:2024-7897:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7897:02 advisory. QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019 QEMU: VNC: infinite loop in inflatebuffer leads to denial of service...

MiracleLinux 7 : kernel-3.10.0-1160.41.1.el7 (AXSA:2021-2410:19)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2410:19 advisory. kernel: out-of-bounds write in xtcompattargetfromuser in net/netfilter/xtables.c CVE-2021-22555 kernel: race condition for removal of the HCI...

PT-2026-3649

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions 0.20.2 through 1.2.0 Description The External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to...

CVE-2026-1111

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...