EUVD-2026-34360

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

Dell SmartFabric Storage Software 命令注入漏洞

Dell SmartFabric Storage Software is an independent storage software solution provided by the American company Dell. Versions of Dell SmartFabric Storage Software prior to 1.4.5 contained a command injection vulnerability. This vulnerability stemmed from improper handling of special elements with...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in the GET /api/tasks and POST /api/tasks/stop/taskid...

BIT-JRE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

EUVD-2026-23868

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...

CVE-2026-4725

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-32949

SQLBot is vulnerable prior to version 1.7.0 to an SSRF leading to arbitrary local-file reads. An attacker can abuse /api/v1/datasource/check by supplying a forged MySQL data source with extraJdbc="local_infile=1". During connectivity verification, a rogue MySQL server issues a malicious LOAD DATA...

CVE-2026-26340

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...

KLA90890 DoS vulnerability in Mozilla Firefox

Heap buffer overflow vulnerability was found in Mozilla Firefox. Malicious users can exploit this vulnerability to cause denial of service. Original advisories MFSA2026-10 Exploitation Related products Mozilla-Firefox CVE list CVE-2026-2447 unknown Solution Update to the latest version Download...

PT-2025-51993

Name of the Vulnerable Software and Affected Versions Freedombox versions prior to 25.17.1 Description Freedombox versions prior to 25.17.1 do not establish appropriate permissions for the backups-data directory. This allows unauthorized access to database dump files. Recommendations Update to...

CVE-2025-34437 AVideo < 20.1 IDOR Arbitrary Comment Image Upload

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

PT-2025-50315

Name of the Vulnerable Software and Affected Versions usbmuxd versions prior to 3ded00c9985a5108cfc7591a309f9a23d57a8cba Description A Path Traversal vulnerability exists in usbmuxd, potentially allowing local users to gain elevated privileges to the service user level. The issue is due to...

AZL-68996 CVE-2025-64283 affecting package rtkit 0.11-24

Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through = 1.6.7...

CVE-2019-8184

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2010-4815

Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution...

WordPress Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Pham Van Tam in WordPress Plugin Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme versions = 1.1...

PT-2025-13021 · Synapse · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.127.1 Description: The issue allows a malicious server to craft events that prevent Synapse from federating with other servers. The vulnerability has been exploited in the wild. Recommendations: For versions prior ...

CVE-2024-10539

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS. This issue affects Uyumsoft ERP: before Erp4.2109.166p45...

CVE-2024-43754

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web...