33 matches found
The Machine Found It First. The Machine Will Exploit It Next.
& For decades, the question behind every CVE has been "who found it, and how fast can attackers catch up?" As of May 12, 2026, the question has flipped. Machines found the bug. Machines will weaponize the next one. The race is no longer human-versus-human with a stopwatch. Discovery Discovery...
EUVD-2026-20884
Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...
PT-2026-31314
Name of the Vulnerable Software and Affected Versions ProSolution WP Client plugin for WordPress versions up to and including 1.9.9 Description The ProSolution WP Client plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the proSol...
CVE-2026-0949
PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting XSS vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and...
Fedora 42 : pgadmin4 (2025-3c80b660e0)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3c80b660e0 advisory. Update to pgadmin-9.8. Fixes CVE-2025-9636. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
PT-2025-32386 · Mitel · Micollab +1
Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 9.8.2.12 Description: A vulnerability exists in the NuPoint Unified Messaging NPM component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input...
CVE-2020-21147
RockOA V1.9.8 is affected by a cross-site scripting XSS vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/modeemailmAction.php does not perform strict filtering...
LoLLMs 代码注入漏洞
LoLLMs is a large language and multimodal system by the individual developer Saifeddine ALOUI. A code injection vulnerability exists in LoLLMs version 9.8, which stems from the use of the eval function in the Calculate function and could lead to remote code execution...
WordPress WP Recipe Maker plugin <= 9.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin WP Recipe Maker versions = 9.8.0...
CVE-2019-2904
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...
LoLLMS 安全漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMS version 9.8. An attacker exploited the vulnerability to cause service disruption, resource exhaustion, and extended downtime...
PT-2024-29293 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...
EcoStruxure Foxboro DCS Core Control Services Buffer Error Vulnerability
Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric France. A buffer error vulnerability exists in EcoStruxure Foxboro DCS Core Control Services 9.8 and prior versions, which stems from the presence of an...
Schneider Electric EcoStruxure Foxboro DCS Input Validation Error Vulnerability
Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric France. An input validation error vulnerability exists in Schneider Electric EcoStruxure Foxboro DCS Core Control Services version 9.8 and prior versions, which...
CVE-2024-32854
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation...
AZL-43024 CVE-2024-6387 affecting package openssh for versions less than 9.8p1-1
A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...
Vulnerabilities fixed in HPE Aruba Access Points
Vulnerabilities have been fixed in HPE Aruba Access Points. The vulnerabilities allow a local malicious party to manipulate data, perform a denial-of-service and execute unauthenticated arbitrary code. The vulnerability with attribute CVE-2023-45616 has received a CVSS score assigned of 9.8. HPE...
Trend Micro Mobile Security vulnerable to cross-site scripting
Overview Trend Micro Incorporated has released a security update for Trend Micro Mobile Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A cross-site scripting attack may be conducted if a user who is logged in to the...
Trend Micro Mobile Security for Enterprise 安全漏洞
Trend Micro Mobile Security for Enterprise is a mobile antivirus from Trend Micro. A security vulnerability exists in Trend Micro Mobile Security for Enterprise version 9.8 SP5, which stems from a file upload vulnerability that could allow an attacker to create arbitrary files on an affected...
Trend Micro Mobile Security for Enterprise 安全漏洞
Trend Micro Mobile Security for Enterprise is a mobile antivirus from Trend Micro. A security vulnerability exists in Trend Micro Mobile Security for Enterprise version 9.8 SP5, which stems from a file upload vulnerability that could allow an attacker to create arbitrary files on an affected...