CVE-2026-48778

creationtimestamp| type| source ---|---|--- 2026-05-28 12:51:30+00:00| seen| https://www.acn.gov.it/portale/w/notepad-poc-pubblici-per-le-cve-2026-48800-cve-2026-48778-e-cve-2026-48770 2026-05-29 22:04:26+00:00| seen| https://bsky.app/profile/crustytldr.bsky.social/post/3mmzk5ms7vf2l 2026-05-30...

EUVD-2026-31006

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be...

PT-2026-42025

Name of the Vulnerable Software and Affected Versions Windows 11 affected versions not specified Windows Server 2022 affected versions not specified Windows Server 2025 affected versions not specified Description A security feature bypass known as YellowKey exists in the BitLocker component of...

PT-2026-30029

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicl...

CVE-2026-3265

A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The...

CVE-2026-3054

The CVE affects Alinto SOGo 5.12.3/5.12.4 . The vulnerability is in an unknown function where manipulating the argument hint leads to cross-site scripting (XSS) . It is described as injectable remotely with an exploit publicly available . The vendor was contacted but did not respond. The document...

September Microsoft Patch Tuesday

September Microsoft Patch Tuesday. A total of 103 vulnerabilities, 29 fewer than in August. Of these, 25 vulnerabilities were added between the August and September MSPT. So far, no vulnerabilities are known to be exploited in the wild. Two have public PoC exploits: DoS - Newtonsoft.Json...

CVE-2022-1211

A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the...

CVE-2022-46953

creationtimestamp| type| source ---|---|--- 2025-04-07 19:45:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10770...

GHSA-4G52-PQ8J-6QV5

creationtimestamp| type| source ---|---|--- 2025-01-15 15:55:02+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1776...

APSystems Altenergy Power Control

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow remote...

Vulnerabilities found in Microsoft Exchange Sever

GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...

CVE-2022-1087

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE Overview of CVE...

Vulnerabilities fixed in Siemens Scalance products

Siemens has fixed vulnerabilities in Scalance products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authenticati...

Automattic: [FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification

Subject: FG-VD-19-022 Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification Dear Automattic, Fortinet's FortiGuard Labs have discovered a security issue in your product WooCommerce on 02/13/2019. We estimate its risk level is 2, on a scale of 1 lowest to 5 highest, in terms of its...