SUSE CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

CVE-2026-42184 Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

PT-2026-44098

Name of the Vulnerable Software and Affected Versions Gladinet Triofox Cloud Server Agent affected versions not specified Description Improper handling of remote HTTP messages in the GladServerAgentService.exe, which listens on TCP port 7878, allows unauthenticated attackers to potentially gain...

PT-2026-29545

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005)

Overview Xerox FreeFlow Core contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2026-2251 XML external entity reference XXE CWE-611 - CVE-2026-2252 FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...

MAL-2026-1320 Malicious code in chain-promised-await (npm)

Remote code execution via fetching code from a remote URL and Discord webhook usage indicates malicious intent. Single version adds to suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5b882a33fdd394ef7a848100d8ee39ef4c7f0747942b4bea86e38af5780c978 The...

📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout

The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...

Malicious code in ctf-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e47981485066b674150cc4d9d3709e41707e69111f188e54e772becc7349ab89 The package states to contain a modified curl library to allow low-level request modifications. However, there is also undisclosed malicious behavior: 1. The...

CVE-2026-2650

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

PT-2026-23542

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The software contains a server-side request forgery issue in attachment and media URL handling. This allows remote attackers to retrieve data from arbitrary HTTPS URLs. An attacker who can contro...

CVE-2023-31240

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials...

ABB WebPro SNMP Card PowerValue和ABB WebPro SNMP Card PowerValue UL 安全漏洞

ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL are both a remote web management system from ABB Switzerland. A security vulnerability exists in ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL 1.1.8.K and earlier versions, which stems from an incorrec...

ABB WebPro SNMP Card PowerValue和ABB WebPro SNMP Card PowerValue UL 代码问题漏洞

ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL are both remote web management systems from ABB Switzerland. A code issue vulnerability exists in ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card PowerValue UL 1.1.8.K and prior versions, which stems from an inadequat...

CVE-2025-21079

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

CVE-2025-21079

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

CVE-2025-21079

Samsung Members before version 5.5.01.3 has an input validation flaw that allows a remote attacker to connect to an arbitrary URL and launch arbitrary Samsung Members–privileged activities. User interaction is required to trigger the issue. Public sources in multiple feeds corroborate this CVE (C...

Newforma Project Center Server Code Execution Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...

CVE-2025-35057

Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...

EUVD-2025-33577

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...