CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

CVE-2026-42211

CVE-2026-42211 affects React Router versions 7.0.0–7.14.1 when used in Framework Mode. A combination of steps could enable a prototype pollution condition that an attacker could leverage in a two-step process to trigger unauthorized remote code execution on the remote server. The issue does not i...

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

EUVD-2026-33993

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-0611

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 - MCPJam Inspector RCE PoC Proof of Concept ex...

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

CVE-2026-30649

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the setgetparam.cgi component...

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

EUVD-2026-33974

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

CVE-2026-0611

Summary: CVE-2026-0611 affects Spacelabs Healthcare Sentinel 10.5.x and higher and Sentinel 11.x.x prior to 11.6.0. A deprecated .NET Remoting HTTP channel exposed on port 8989 allows unauthenticated remote code execution by supplying valid .NET URI endpoints, enabling arbitrary file read/write a...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2026-9319)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2026-35717

A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...

CVE-2026-47117

OpenMed prior to version 1.5.2 is affected by a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model_name, enabling a value like attacker/foo-privacy-filter-bar to route to a path t...

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...