4108 matches found
CVE-2026-34402
...
CVE-2026-34402
ChurchCRM (open-source church management software) contains a time-based blind SQL injection vulnerability in PropertyAssign.php that affects versions before 7.1.0. With Edit Records or Manage Groups permissions, authenticated users can exfiltrate or modify any database content, including user cr...
CVE-2026-27481
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...
CVE-2026-28756
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...
EUVD-2026-18619
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...
CVE-2026-28756
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...
CVE-2026-28756 Stored XSS Vulnerability
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...
CVE-2026-28756
CVE-2026-28756 affects ManageEngine Exchange Reporter Plus from Zoho (ManageEngine) versions prior to 5802. The issue is a Stored XSS vulnerability in the Permissions based on Distribution Groups report, allowing an attacker to inject script via the affected report. The CVSS 3.1 base metrics indi...
CVE-2026-28756 Stored XSS Vulnerability
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...
CVE-2026-28756
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...
CVE-2026-35535
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...
PT-2026-30024
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...
PT-2026-30241
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability allows unauthenticated or unauthorized users to view hidden staff-only tags and its...
ZOHO ManageEngine Exchange Reporter Plus 安全漏洞
ZOHO ManageEngine Exchange Reporter Plus is a web-based Exchange Server reporting tool developed by ZOHO Corporation. Previous versions of ZOHO ManageEngine Exchange Reporter Plus, including version 5802, contained security vulnerabilities. These vulnerabilities stemmed from a storage cross-site...
Threat actor abuse of AI accelerates from tool to cyberattack surface
For the last year, one word has represented the conversation living at the intersection of AI and cybersecurity: speed. Speed matters, but it’s not the most important shift we are observing across the threat landscape today. Now, threat actors from nation states to cybercrime groups are embedding...
CVE-2026-3774
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-33300
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1346 more potentially affected by CVE-2026-34516 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34516 Source advisory: OSV:GHSA-M5QP-6W8W-W647...
a-mailx (=0.1.0), a2a-acl (=0.0.15) +1346 more potentially affected by CVE-2026-34515 via aiohttp (>=0.13.1 <=3.13.3)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34515 Source advisory: OSV:GHSA-P998-JP59-783M...
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
New research from Seqrite explains the 'dual-use dilemma,' where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker…...