Siemens RUGGEDCOM RST2428P Out-of-bounds Write (CVE-2026-1484)

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...

RHEL 8 : kernel (RHSA-2026:26570)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26570 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in...

📄 Wing FTP Server 8.1.2 Remote Code Execution via Session Poisoning

This proof of concept remote code execution exploit abuses a flaw in how Wing FTP Server handles admin session serialization, specifically the mydirectory basefolder field. Version 8.1.2 is affected...

📄 Genetec RabbitMQ Local Privilege Escalation

Genetec RabbitMQ local privilege escalation proof of concept exploit for Windows mimicking techniques used in token impersonation-based attacks such as Rotten Potato–style methods...

Libheif 1.19.x < 1.23.0 DoS (macOS)

According to its self-reported version, libheif on the remote host is affected by a denial of service vulnerability. A crafted HEIF sequence file can cause libheif to perform unbounded heap allocation due to a missing bound check in the stsz fixed-size mode of the HEIF sequence parser, leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-12528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger...

📄 WordPress Contest Gallery 28.1.4 SQL Injection

WordPress Contest Gallery plugin version 28.1.4 unauthenticated blind SQL Injection exploit written in Python3. ================================================================================================================================== | Title : WordPress Contest Gallery 28.1.4...

📄 Microsoft Windows Defender MsMpEng.exe Race Condition / Privilege Escalation

This PowerShell script demonstrates a local privilege escalation attack targeting a race condition in the Windows Defender engine MsMpEng.exe. ================================================================================================================================== | Title : Windows...

EUVD-2026-37830

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

CVE-2026-48764 TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

CVE-2026-48764

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

CVE-2026-48764

TypeBot suffers an SSRF in HTTP request and script fetch flows prior to version 3.17.2. The root cause is a time‑of‑check/time‑of‑use gap: the hostname is validated once against a forbidden range, but the subsequent request resolves the hostname again and may connect to a different IP, enabling D...

CVE-2026-48764 TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

CVE-2026-50268

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

CVE-2026-45617

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in striphtml filter uses a regex containing four flawed lazy-quantified alternatives, leading to ReDoS via quadratic backtracking. When the input contains many script...

CVE-2026-45357

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...

CVE-2026-44644

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

Crypto Clipper uses Tor and worm-like propagation for persistence and control

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligence and Microsoft Defender Experts identified a Windows-based cryptocurrency clipper that has affected users since February of 2026. Clipper malware relies on...

Malicious code in vite-common-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1d3397d754ffeb3726496769b2f159ce8596b2233b5875afa8f7fbca29ed0fd The package presents itself as a Vite utility library but its only export, loadFilbetScriptSilently, creates a element whose src is hardcoded to...

MAL-2026-6088 Malicious code in vite-common-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1d3397d754ffeb3726496769b2f159ce8596b2233b5875afa8f7fbca29ed0fd The package presents itself as a Vite utility library but its only export, loadFilbetScriptSilently, creates a element whose src is hardcoded to...