Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the host request matcher when the host list contains more than 100 entries. An attacker can gain unauthorized access to protected routes and sensitive endpoints by altering the case of the Host...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the matchPatternWithEscapeSequence function when handling patterns containing percent-escape sequences. An attacker can gain unauthorized access to protected routes and sensitive endpoints by...

Unchecked Return Value

Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper error handling in the provision function. An attacker can gain unauthorized access by presenting a client certificate signed by any system-trusted certificate authority, bypassing the intended...

GrandStream GXP1600 proxy SIP traffic

This capture module works against Grandstream GXP1600 series VoIP devices and can reconfigure the device to use an arbitrary SIP proxy. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...

GrandStream GXP1600 Gather Credentials

This gather module works against Grandstream GXP1600 series VoIP devices and can collect HTTP, SIP, and TR-069 credentials from a device. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...

CLSA-2026-1771955086 grub2: Fix of CVE-2025-61662

CVE-2025-61662: fix use-after-free in gettext/gettext due to unregistered gettext command on module unload...

CLSA-2026-1771954436 grub2: Fix of CVE-2025-61662

CVE-2025-61662: fix use-after-free in gettext/gettext due to unregistered gettext command on module unload...

OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE

Summary OneUptime lets project members write custom JavaScript that runs inside monitors. The problem is it executes that code using Node.js's built-in vm module, which Node.js itself documents as "not a security mechanism — do not use it to run untrusted code." The classic one-liner escape gives...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path security policy enforcement. An attacker can access sensitive files by supplying specially crafted file paths containing traversal sequences like /etc/. Details A Directory Traversal attack also known as...

CVE-2026-27483 MindsDB has Path Traversal in /api/files Leading to Remote Code Execution

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the...

CVE-2026-27483 MindsDB has Path Traversal in /api/files Leading to Remote Code Execution

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the...

CVE-2026-2788

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2664

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...

CVE-2026-2664

Summary: CVE-2026-2664 is an out-of-bounds read in the grpcfuse kernel module used by Docker Desktop’s Linux VM on Windows, Linux, and macOS. Affected: Docker Desktop versions up to 4.61.0. Attack vector: local attacker could exploit by writing to /proc/docker entries, with impact described as un...

CVE-2026-2664 Out of bounds read vulnerability in grpcfuse kernel module

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...

CVE-2026-2664

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...

CVE-2026-2664 Out of bounds read vulnerability in grpcfuse kernel module

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...

EUVD-2026-7385

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...

CVE-2026-2965

A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The...

CVE-2026-3050

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...