CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-2318

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-48725 QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: fastjson (UTSA-2026-005331)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005331 advisory. The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is...

Linux Distros Unpatched Vulnerability : CVE-2026-2316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-2318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI...

CVE-2026-21518

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

GDI+ Denial of Service Vulnerability

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network...

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

CVE-2026-2215

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

CVE-2026-2095

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user...

CVE-2026-2095

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user...

CVE-2026-2198

A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficultyid leads to sql injection. It is possible to launch the attack...

PT-2026-7283

Name of the Vulnerable Software and Affected Versions IntelR AMT and IntelR Standard Manageability affected versions not specified Description A flaw exists that may allow a denial of service. A network attacker with unauthenticated access, combined with a complex attack, could potentially enable...

PT-2026-7330

Name of the Vulnerable Software and Affected Versions Windows Notepad versions prior to 11.2502.1.0 Windows 10 and Windows 11 versions prior to February 2026 Patch Tuesday Description A command injection issue exists in the modern Microsoft Store version of the Windows Notepad app due to improper...

CVE-2026-2145

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely...

CVE-2026-2169

A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...