CVE-2026-1734 Zhong Bang CRMEB crontab Endpoint CrontabController.php authorization

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

CVE-2026-1734

CVE-2026-1734 affects Zhong Bang CRMEB up to 5.6.3, specifically the crontab Endpoint’s CrontabController.php. The root cause is missing authorization in the crontab endpoint, enabling remote exploitation. Public PoC/exploit information appears in the entry and related sources, indicating real-wo...

EUVD-2026-5107

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

CVE-2026-23039

The CVE-2026-23039 issue affects the Linux kernel DRM Gud (drm/gud) code path. On USB disconnect, drm_atomic_helper_disable_all() clears plane fb and crtc by setting them to NULL before a commit, which can trigger a kernel oops. The fix implements guards to prevent NULL dereferences when accessin...

EUVD-2026-5055

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drmatomichelperdisableall is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every displ...

CVE-2026-0963

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

CLEANSTART-2026-OJ41940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

CLEANSTART-2026-CR41732 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

CVE-2025-26385 Metasys product command injection vulnerability could allow remote SQL execution

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

CVE-2025-26385

CVE-2025-26385 concerns Johnson Controls Metasys components vulnerable to an Improper Neutralization of Special Elements used in a Command (Command Injection) , with potential for remote SQL execution . Affected versions include Metasys ADS/ADX with SQL Express in 14.1 and earlier, LCS8500/NAE850...

CVE-2026-0963

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0805

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

EUVD-2026-5043

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0805

CVE-2026-0805 affects Crafty Controller’s Backup Configuration component. The vulnerability is described as an input neutralization/path traversal weakness that could allow a remote, authenticated attacker to tamper files and achieve remote code execution. Reported CVSS v3.1 base score is 8.2 (HI...

CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...