Roundcube Webmail - Remote Code Execution

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...

Ruckus vRioT IoT Controller - Authentication Bypass

Ruckus vRioT through 1.5.1.0.21 contains an API backdoor caused by a hardcoded token in validatetoken.py,letting unauthenticated attackers interact with the API without authentication. id: CVE-2020-26879 info: name: Ruckus vRioT IoT Controller - Authentication Bypass author: DhiyaneshDk severity:...

CVE-2026-9873

CVE-2026-9873 is a use-after-free vulnerability in Google Chrome's Network component. In Chromium-based Chrome, the flaw could allow a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected builds are prior to 148.0.7778.216; a fixed version is 148.0.7778.2...

RLSA-2026:19372 Critical: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

Critical: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Important: Red Hat Security Advisory: Kiali 2.11.10 for Red Hat OpenShift Service Mesh 3.1

Kiali 2.11.10 for Red Hat OpenShift Service Mesh 3.1 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.1. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Comm...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 cPanel & WHM Verification Tool This repository...

Critical: Red Hat Security Advisory: Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6

Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6 is now available. An update is now available for Red Hat OpenShift Service Mesh 2.6. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Comm...

CVE-2026-20013

creationtimestamp| type| source ---|---|--- 2026-03-05 11:03:43+00:00| seen| https://www.cert.at/de/warnungen/2026/3/kritische-sicherheitslucken-in-cisco-secure-firewall-produkten-updates-verfugbar 2026-03-05 14:15:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgcyc5zbe22b...

CVE-2026-20015

creationtimestamp| type| source ---|---|--- 2026-03-05 11:03:43+00:00| seen| https://www.cert.at/de/warnungen/2026/3/kritische-sicherheitslucken-in-cisco-secure-firewall-produkten-updates-verfugbar 2026-03-05 14:15:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgcyc5zbe22b...

PT-2026-23059

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.4 Description A Zip Slip vulnerability exists in the backup restore functionality, allowing arbitrary file overwrite via path traversal in uploaded ZIP archives. The application uses zipfile.extractall...

Critical: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

CVE-2025-1369

A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexit...

CVE-1999-0520

A system-critical NETBIOS/SMB share has inappropriate access control...

CVE-1999-0522

The permissions for a system-critical NIS+ table e.g. passwd are inappropriate...

CVE-2025-1117

A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2025-1902

A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-1582

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/all-request.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The...

CVE-2025-1106

A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletediraction/restoreaction in the library lib/admin/databaseadmin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to...