CVE-2026-8479

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is...

CVE-2026-7653 r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

CVE-2025-5804

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a through 1.0.4...

CVE-2026-39351 Frappe allows unrestricted Doctype access via API exploit

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit...

PT-2026-30922

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk update. This vulnerability is fixed in 16.14.0 and 15.104.0...

Oracle Linux 8 : .NET / 10.0 (ELSA-2026-4458)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4458 advisory. 10.0.104-1.0.1 - Add support for Oracle Linux 10.0.104-1 - Update to .NET SDK 10.0.104 and Runtime 10.0.4 - Resolves: RHEL-152949 Tenable has extracted...

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Hospitals invest heavily in physical security: Clinical areas are access-controlled, sensitive rooms are locked, and patient records are governed by strict handling procedures. Network exposure does not always receive the same level of scrutiny. Rapid7 Labs identified more than 30 UK-based system...

CVE-2025-69287

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

CVE-2025-15508 Magic Import Document Extractor <= 1.0.6 - Unauthenticated Sensitive Information Exposure

The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the getfrontendsettings function. This makes it possible for unauthenticated attackers to extract the site's magicimport.ai license key from the...

CVE-2025-39692 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-39692 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-58256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonathan Brinley DOAJ Export doaj-export allows Stored XSS.This issue affects DOAJ Export: from n/a through = 1.0.4...

CVE-2022-50104

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xivegetmaxprio offindnodebypath returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

WordPress Advanced Blog Post Block plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Advanced Blog Post Block versions = 1.0.4...

CVE-2022-38249

Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the MTR component in version 1.0.4...

Nagios XI 跨站脚本漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI version v5.8.6, which stems from the discovery of a cross-site...

CVE-2020-20486

IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10xStaAddr...

IEC104 代码问题漏洞

IEC104 is an international standard of the International Electrotechnical Commission IEC standards organization widely used in the electric power, urban rail transit and other industries. A code issue vulnerability exists in IEC104 v1.0, which can be exploited by an attacker to cause a denial of...

Joomla! JoomRecipe Component SQL Injection Vulnerability

Joomla! is a content management system. A SQL injection vulnerability exists in version 1.0.4 of the JoomRecipe component of Joomla! The vulnerability allows attackers to obtain sensitive database information...