CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2025-15568

A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution RCE when the router is configured with sysmode=ap. Successful exploitation results in root-level...

CVE-2026-27689

Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...

CVE-2026-30919

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

[SECURITY] Fedora 42 Update: perl-Crypt-SysRandom-XS-0.011-1.fc42

This module uses whatever C interface is available to procure cryptographically random data from the system...

[SECURITY] Fedora 43 Update: perl-Crypt-SysRandom-XS-0.011-1.fc43

This module uses whatever C interface is available to procure cryptographically random data from the system...

EUVD-2025-208557

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

EUVD-2025-208556

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

EUVD-2025-208548

Improper input validation in the UEFI FlashUcAcmSmm module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local...

EUVD-2025-208544

Improper input validation in the UEFI WheaERST module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local...

EUVD-2025-208555

Exposure of resource to wrong sphere in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 代码注入漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have code injection vulnerabilities; these vulnerabilities stem from code injection issues that may allow for the executi...

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 信任管理问题漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have vulnerabilities related to trust management. These vulnerabilities stem from the use of hardcoded credentials, which...

Himmelblau 后置链接漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 and 2.3.8 had a post-link vulnerability, which was due to insufficient protection for symbolic links, potentially allowing local privilege escalation...

Himmelblau 安全漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that authentication was not limited by tenant domains, allowing for attempts at...

PT-2026-28635

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.1.10 Drupal AI versions 1.2.0 through 1.2.11 Description An incorrect authorization issue exists in Drupal AI Artificial Intelligence that allows for resource injection. The module and certain submodules AI...

SUSE SLES15 Security Update : valkey (SUSE-SU-2026:0848-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0848-1 advisory. Update to version 8.0.7. Security issues fixed: - CVE-2025-67733: data tampering and denial of service via improper null character...

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from the HTTP RPC module directly concatenating commands into the username parameter without proper...