CVE-2026-9071

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

httpd: NULL pointer dereference via specially crafted request

A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...

EUVD-2026-38254

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

EUVD-2026-38253

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

CVE-2026-20181 Cisco Identity Services Engine Remote Code Execution Vulnerability

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

CVE-2026-12117

CVE-2026-12117 affects Devolutions Server 2026.2.5: improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata they are not authorized to access via a crafted API request. CVSSv3.1 base score is 4.3 (Medium). The p...

EUVD-2026-36778

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

EUVD-2026-36768

An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...

EUVD-2026-36776

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2026-50885

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

CVE-2026-50880

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

CVE-2026-39197

An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service DoS via a crafted request or payload...

CVE-2026-20262

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

CVE-2026-50880

CVE-2026-50880 affects YouTransfer v1.0.6, specifically the sendmail transport integration component. The issue allows an attacker to execute arbitrary code by sending a crafted request. The cybersecurity metadata indicates a critical impact (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). C...

CVE-2026-50891

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

PT-2026-49311

Name of the Vulnerable Software and Affected Versions whoogle-search version 1.2.3 Description An information disclosure issue in the configuration endpoint allows attackers to obtain sensitive information by sending a crafted GET request. Recommendations At the moment, there is no information...

CVE-2026-50885

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

CVE-2026-50886

Summary: CVE-2026-50886 describes an access-control flaw in the webhook management component of Project Firefly III (version 6.5.9). The root cause is an incorrect access-control implementation, enabling an attacker to scan internal resources by sending a crafted POST request. Affected software: ...