CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

EUVD-2026-36555

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

Exploit_sin_monitos_v3_4_3

Exploitsinmonitosv343 Escaner l...

Exploit for CVE-2022-38694

ZTE Blade X1001 — Root con Magisk Android 15, Unisoc UMS9230...

sbom-risk-analyzer

SBOM-Risk-Analyzer Exploitability-weighted vulnerability pri...

CVE-2026-12066

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

MAL-2026-5684 Malicious code in jec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfd390b5ea0fe558bd7f5fd56dec8386148e58d7f8d4b6bba14f8a2aa8b6d323 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-12066

CVE-2026-12066 affects PbootCMS up to version 3.2.12. The vulnerability resides in the function retrieve of file apps/home/controller/MemberController.php (Password Handler). Manipulating the arguments username/password/email/checkcode enables weak password recovery; the issue is exploitable remo...

EUVD-2026-36423

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

CVE-2026-12066 PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

EUVD-2026-36417

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

CVE-2026-12065 Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

CVE-2026-12065

Groww Android app (Groww Stock, Mutual Fund, Gold App) up to 20260805 is affected due to improper authorization in the WebView URL Handler for a custom URL scheme. The issue is located in an unknown part of the WebView URL handling logic and can be triggered on a physical device. Exploitation sta...

CVE-2026-12065 Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

OESA-2026-2668 libwebsockets security update

Libwebsockets LWS is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop. Security Fixes: A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of t...

OESA-2026-2648 poppler security update

is a PDF rendering library. Security Fixes: A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized...

Exploit for CVE-2026-20253

No d...

BIT-SQLITE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

linux-privesc-linpeas

🐧 linux-privesc-linpeas End-to-end Linux privilege escalati...

PT-2026-49042

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.27 Description A state mutation issue exists in the node pairing reconnection process. This allows paired nodes to confuse approval scope decisions, enabling attackers to exploit reconnection logic to restore ...