EUVD-2026-26468

A vulnerability was found in Open5GS up to 2.7.7. This affects the function amfnamfcommhandleregistrationstatusupdaterequest in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/ueContextId/transfer-update. Performing a manipulation of the argument ueContextId results in denia...

OSV-2026-659 Heap-buffer-overflow in ___interceptor_strncpy

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=507904196 Crash type: Heap-buffer-overflow WRITE Crash state: interceptorstrncpy concathashstring ndpisearchsshtcp...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the HID multitouch driver not checking that the report response matches the request, and a malicious device...

PT-2026-36468

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The wacom intuos bt irq function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read—a condition wher...

PT-2026-36465

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID core where the memset function within hid report raw event attempts to clear data by zeroing the area between the end of the incoming data string and the assumed...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the wacomintuosbtirq function in the wacom driver that does not adequately bounds-check Bluetooth HID...

PT-2026-36464

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID multitouch component where a device can respond to a feature request using a report ID that differs from the one requested. This discrepancy can lead to confusio...

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

Exploit for CVE-2026-41940

cpanel-cve-2026-41940-fix One-shot detection and remediatio...

CVE-2026-40603

Chartbrew CVE-2026-40603 affects Chartbrew 4.9.0, where a legacy /api/project/dashboard/:brewName route exposes a project’s report data to any authenticated member of the same team, bypassing project-level authorization. This allows a low-privileged same-team user to read another project’s dashbo...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /ureport/datasource/testConnection endpoint. An authenticated user can access internal network resources by sending a malicious GET request. Remediation There is no fixed version for...

CVE-2026-40595 Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. Th...

CVE-2026-40595

Chartbrew 4.9.0 exposes public chart retrieval and export endpoints that only check project-level public access (and, for exports, a team-level toggle) without validating that the chart is allowed on the public report or that SharePolicy permits public access. An unauthenticated attacker who know...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 20, 2026 to April 26, 2026)

Last week, there were 158 vulnerabilities disclosed in 123 WordPress Plugins and 27 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

Exploit for Embedded Malicious Code in Tukaani Xz

Security Review: CVE-2024-3094 XZ Utils Backdoor Автор:...

exploit-tool

Exploit-Tool Single-console pentest platform built on authori...

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

EUVD-2026-26400

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

PT-2026-36153

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

PT-2026-36032

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...