CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

PT-2026-46211

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

E-Learning System 1.0 - SQL Injection

E-Learning System 1.0 contains an unauthenticated SQL injection caused by unsanitized input, letting remote attackers execute arbitrary code on the server and gain a reverse shell, exploit requires no authentication. id: CVE-2021-3239 info: name: E-Learning System 1.0 - SQL Injection author:...

📄 MCPJam Inspector 1.4.2 Command Injection

This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and reverse shell access. The script supports multiple payload types, endpoint discovery, listener management, and several...

CRESS: Quantifying Vulnerabilities of Attack Scenarios in Hardware Reverse Engineering

The safety, security, and reliability of microelectronic systems depend on a trustworthy, secured supply chain and design flow. Globally distributed supply chains or unintentional design weaknesses leave the door open for attacks on the hardware level. These scenarios encompass counterfeiting,...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : rsync vulnerabilities (USN-8349-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8349-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...

EUVD-2026-34148

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...

System-Exploitation-Compromising

💀 System Exploitation & Compromising CAP 6135 – Cyber Lab...

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

EUVD-2026-33902

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

CVE-2026-34906 Server-Side Template Injection (SSTI) in Wirtualna Uczelnia

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

JDWPEx

JDWP Remote Code Execution Exploit A Python 3 implement...

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

CVE-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

[SECURITY] Fedora 43 Update: nginx-1.30.2-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

PT-2026-45364

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the login redirect route allows authenticated users to craft URLs that bypass the is safe url check. This enables the redirection of users from a trusted Airflow domain to an origin...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

CVE-2023-30253 — Dolibarr ERP/CRM 17.0.0 Remote Code Execution...

CVE-2026-45613

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

The vulnerability was concealed in Starlette

There is a vulnerability in Starlette, a Python library for developing web services. Starlette is used by various products, including FastAPI. An unauthorized malicious actor can exploit this vulnerability to bypass authentication checks. This allows the malicious actor to access protected URL...