CVE-2026-39911

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...

CVE-2026-7595

A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function formatplugins of the file .claude/skills/ui-styling/scripts/tailwindconfiggen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attac...

CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-30363

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function...

Exploit for Missing Authentication for Critical Function in Cpanel

cve-2026-41940-exploit Cpanel Au...

CVE-2026-7591

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

EUVD-2026-26709

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

CLSA-2026-1777661044 vim: Fix of CVE-2026-33412

CVE-2026-33412: fix OS command injection via newline in glob by adding \n to SHELLSPECIAL in src/osunix.c so newlines are escaped before the pattern is passed to the user's shell...

GHSA-VF35-8M4J-GM8V MixPHP Framework has an SQL injection vulnerability

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

MixPHP Framework has an SQL injection vulnerability

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

JLSEC-2026-380

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in the sync-invoke client when processing data received from a server response. An attacker can execute arbitrary code by sending crafted serialized data from a malicious...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the data function in BuildHelper.php. An attacker can execute arbitrary SQL commands by supplying a specially crafted data array. Remediation There is no fixed version for mix/mix. References - GitHub Gist - Vulnerable...

CVE-2026-43030

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. A logic error in the regsafe function, specifically when handling pointers to packets, could lead to an incorrect state where valid packet ranges are not properly explored. This vulnerability may allow an attacker to...

CVE-2026-37538

Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted busname...

CVE-2026-7587 Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amfnsmfpdusessionhandleupdatesmcontext of the file /src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit...

Exploit for Missing Authentication for Critical Function in Cpanel

poc...

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...