CVE-2026-36770

Shenzhen Tenda Technology Co., Ltd Tenda USW3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-36773

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2026-35707

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

EUVD-2026-35476

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

EUVD-2026-35443

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

EUVD-2026-35444

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...

EUVD-2026-35445

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...

EUVD-2026-35440

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

Malicious code in fhirproxy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 405cf847121f4bfed32bc5679a40b64c1338b142af75823ef9583944a7ae7b5a On npm install via the prepare lifecycle hook and many other lifecycle aliases and on require, index.js performs broad reconnaissance and exfiltratio...

USN-8416-1: Go Networking vulnerability

It was discovered that Go Networking incorrectly handled certain Punycode-encoded labels in the idna package. An attacker could possibly use this issue to bypass hostname-based access restrictions...

Malicious code in exodus-checkout-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 921c5ef246587db452bdb65aae12321f4de868e7882f9550f9b9e32300ae792c exodus-checkout-signer is the unscoped name of the scoped package @exodus/checkout-signer and self-describes in README and package.json as a...

Exploit for CVE-2026-52885

TOCTOU: HMAC Checks Disk, Executes from Memory Notepad++ v8...

Exploit for CVE-2026-46394

CVE-2026-46394 - HAXcms Git.php OS Command Injection CWE-78...

CVE-2026-49959

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

CVE‑2026‑49975 – HTTP/2 Denial of Service Vulnerability

Status: EPMM unaffected Summary: CVE‑2026‑49975 is a denial‑of‑service DoS vulnerability affecting HTTP/2 implementations in several web servers. The issue allows an unauthenticated attacker to exhaust server memory using specially crafted HTTP/2 requests. EPMM / Sentry rely on Apache Tomcat for...

CVE-2026-38615

DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...

CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

Meta to Use Off-Site Business Data for Feed and AI Personalization

Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence AI chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to ma...

Malicious code in ultimate-ai-power (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 70f226090d6e1bc8acebdeff932907dda5bcf88c21b6c47d25360cd69a606f0d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...