CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

CVE-2026-12328

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

CVE-2026-12328

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

CVE-2026-12327 Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

CVE-2026-12326 Memory safety bugs fixed in Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

CVE-2026-12326

CVE-2026-12326 is a Firefox/Thunderbird memory-safety issue affecting Firefox 151 and Thunderbird 151. The available sources indicate memory corruption that could be exploited to run arbitrary code, with a fix delivered in Firefox 152 and Thunderbird 152. The vulnerability details include affecte...

BIT-MARIADB-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

EUVD-2026-37063

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

CVE-2026-5416

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

MAL-2026-5876 Malicious code in temp-development-package-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cdc1d94dd0cfb62a4a0267ae52bf1a72dfa31a6854196b4bb220759b7c6e878 Starting with version 0.4, package installs a sitecustomize.py that executes during Python engine initialization. The embeded code uses mshta to download...

CVE-2026-49774 WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...

WordPress Premmerce Dev Tools plugin <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Remote Code Execution vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Premmerce Dev Tools versions = 2.0...

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...

Ruby on Rails <5.0.1 - Remote Code Execution

Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials. id: CVE-2020-8163 info: name: Ruby on Rails 5.0.1 - Remote Code Execution author: timkoopmans severity: high description: Ruby on Rails before version 5.0...

Cisco HyperFlex HX Data Platform - Remote Command Execution

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1498 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution

IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations...

AirFlow < 2.4.0 - Remote Code Execution

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. id: CVE-2022-40127 info: name: AirFlow 2.4.0 -...