CVE-2026-44002 vm2: Host File Path Disclosure via Stack Trace Information Leak

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class intended as a safe wrapper for V8's native CallSite blocks getThis and getFunction to prevent host object leakage, but allows getFileName to return unsanitized host absolute paths. Any sandboxed code can...

CVE-2026-8241

A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed ...

CVE-2026-8241 Industrial Application Software IAS Canias ERP RMI iasGetServerInfoEvent improper authorization

A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed ...

CVE-2026-8241

A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed ...

CVE-2026-41931

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-35527

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940-POC cPanel/WHM Authentication Bypass Proof of...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the reliance on static MD5 hashes for the...

CVE-2026-32211 Azure MCP Server Information Disclosure Vulnerability

...

CVE-2026-32211

CVE-2026-32211 describes a missing-authentication vulnerability in Azure MCP Server that allows an unauthorized network attacker to disclose information. The NVD entries corroborate a critical impact (CVSS v3.1: 9.1) with high confidentiality and integrity impact, and network attack vector with n...

PT-2026-22126

Name of the Vulnerable Software and Affected Versions PcVue versions 12.0.0 through 16.3.3 Description The default configuration of IIS and ASP.net adds HTTP headers that are not removed during the deployment of webservices used by the WebVue, WebScheduler, TouchVue, and SnapVue features. This...

Wings 安全漏洞

Wings is the server control interface for Pterodactyl Panel. Versions of Wings prior to 1.12.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in multiple controllers, which could allow node token holders to access information about any serv...

Exploit for Path Traversal in Tuzitio Camaleon_Cms

Exploit-for-CVE-2024-46987 Exploit for CVE-2024-46987 usage:...

Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.

Summary IBM ApplinX has been updated in order to address the multiple vulnerabilities CVE-2025-36410, CVE-2025-36409, CVE-2025-36419, CVE-2025-36408, CVE-2025-36418, CVE-2025-36411. Vulnerability Details CVEID:CVE-2025-36410 DESCRIPTION: IBM ApplinX could allow an authenticated user to perform...

CVE-2021-22529

A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

UBUNTU-CVE-2023-54260

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

CVE-2025-40941

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks...

EUVD-2025-201915

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks...

CVE-2025-40941

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks...

CVE-2025-40941

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks...