CVE-2026-7371

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

CVE-2026-46357 HAX CMS NodeJS application Vulnerable to Denial of Service using Malicious Import Request

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire...

CVE-2026-42366

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

CVE-2026-8890

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...

CVE-2026-8620

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...

CVE-2026-11401 Privilege Escalation in AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

CVE-2026-11401 Privilege Escalation in AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

CVE-2024-27686

Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...

EUVD-2026-34867

An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-48104 GHSL-2026-120: 7-Zip SquashFS BlockToNode uninitialized heap read

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

CVE-2025-5090

CVE-2025-5090 affects Arista CloudVision Exchange (CVX) in Arista EOS-based deployments. The issue arises when CVX processes unexpected messages from a connected switch, leading to agent crashes on CVX and instability in the CVX cluster, enabling a DoS under high-privilege conditions on the conne...

CVE-2025-5090

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

OESA-2026-2552 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

OESA-2026-2549 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

OESA-2026-2545 opensc security update

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to sma...

CVE-2026-48092

A flaw was found in 7-Zip, a file archiver. This vulnerability, affecting 32-bit builds, involves a heap memory disclosure caused by an integer overflow in the SquashFS ReadBlock function. An attacker can exploit this by providing a specially crafted archive, which, when processed, allows the...

CVE-2026-48095

A flaw was found in 7-Zip. A remote attacker could exploit a heap buffer overflow vulnerability in the application's handling of NTFS compressed streams. By crafting a malicious image and convincing a user to open it, the attacker can cause an under-allocation of a buffer, leading to an overwrite...

JLSEC-2026-574

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

CVE-2026-48095

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...