CVE-2026-12805

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-12776

Montodel House-Rental-Management is affected by an SQL injection in /index.php?page=houses triggered by manipulating the ID parameter. The flaw affects the application as a whole with a remote-access exploit published and the vendor pursuing a rolling-release strategy, making exact affected versi...

EUVD-2026-36692

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

EUVD-2026-36668

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

EUVD-2026-36676

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

CVE-2026-12201 IObit Malware Fighter DLL permission

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

CVE-2026-12201

CVE-2026-12201 affects IObit Malware Fighter (up to 13.2.0) via an unknown functionality in the DLL Handler component, where manipulation leads to permission issues. The flaw enables a local attacker with access to the system to trigger the vulnerability; an exploit has been published. The docume...

CVE-2026-12201 IObit Malware Fighter DLL permission

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

PT-2026-49615

CVE ID :CVE-2026-54294 Published : June 15, 2026, 6:33 p.m. | 1 hour, 17 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-49151

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

PT-2026-49342

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.10.0 Description The Shareable Playground feature, also known as Public Flows, allows unauthenticated users to execute workflows via a public link. A flaw in this feature enables arbitrary file reading depending on...

CVE-2026-54298

creationtimestamp| type| source ---|---|--- 2026-06-12 16:48:25+00:00| published-proof-of-concept| https://github.com/withastro/astro/security/advisories/GHSA-jrpj-wcv7-9fh9...

CVE-2026-44311

creationtimestamp| type| source ---|---|--- 2026-06-11 21:48:31+00:00| published-proof-of-concept| https://github.com/fabricjs/fabric.js/security/advisories/GHSA-w22m-hvvm-xmwx...

CVE-2026-47781

creationtimestamp| type| source ---|---|--- 2026-06-11 13:25:28+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-qq6c-99pv-prvf...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the ICON decoding. An attacker can cause a crash by providing a specially crafted ICON file that triggers an out-of-bounds heap write. Remediation A fix was pushed into the master branch but not yet published...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the subimage-search when handling a specially crafted image. An attacker can cause the application to enter an infinite loop and exhaust system resources by providing a malicious image file. Remediation A fix was pushed...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the SF3 encoder when handling crafted multi-frame images. An attacker can cause a heap buffer overwrite by submitting specially crafted image data. Remediation A fix was pushed into the master branch b...

CVE-2026-45566 Roxy-WI: Open redirect on /login?next= via basic-auth userinfo syntax bypass

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnexturl and the JS client redirects via...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error due to the improper matching of the query destination address and port with the response source address and port when Idns is used in applications as stub resolver over UDP. Remediation A fix was pushed into the...

CVE-2026-44291

creationtimestamp| type| source ---|---|--- 2026-06-10 09:00:04+00:00| published-proof-of-concept| Telegram/ZHpMnVOz2cJfIOonPjLT3mqz43XsQAtrT-ty2tkYMtXDqE...