151 matches found
CVE-2026-28289
FreeScout suffers CVE-2026-28289 (affecting
CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...
CVE-2025-68686
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...
CVE-2025-68686
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...
CVE-2025-68686
CVE-2025-68686 concerns a publicly exposed information disclosure in Fortinet FortiOS. A remote, unauthenticated attacker could bypass a patch related to the symbolic link persistency mechanism after compromising the product at the filesystem level, and then issue crafted HTTP requests to exfiltr...
Fortinet Fortigate SSL-VPN Symlink Persistence Patch Bypass (FG-IR-25-934)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-934 advisory. - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0...
VulnCheck KEV: CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
PT-2026-28319
Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description A flaw exists in the Node.js Permission Model's filesystem enforcement, specifically leaving the fs.realpathSync.native function without the necessary read permission checks. Comparable filesystem...
CVE-2025-67846
The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...
CVE-2025-67846
CVE-2025-67846 affects Mintlify Platform prior to 2025-11-15, where the Deployment Infrastructure allows remote attackers to bypass security patches and perform downgrade attacks by using predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure o...
EUVD-2025-204424
The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...
CVE-2025-67846
The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...
PT-2025-52407
Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows attackers to bypass security patches and execute downgrade attacks. This is possible through predictable...
CVE-2025-66481
DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...
Node.js: CVE-2024-36137 Patch Bypass - FileHandle.chmod/chown
Vulnerability description not provided...
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch...
EUVD-2025-30842
Malicious code in bioql PyPI...
CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...