CVE-2016-20093

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

PT-2026-49654

Name of the Vulnerable Software and Affected Versions NPort W2150A-W4/W2250A-W4 Series versions prior to 1.5.1 Description A stack-based buffer overflow occurs due to insufficient input validation of user-supplied input in the Server location parameter on the Basic settings page. An authenticated...

RLSA-2026:24368 Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

📄 Chatwoot 4.11.1 SQL Injection

This Metasploit module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1. ================================================================================================================================== |...

ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ASUS Software Manage...

CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability

...

CVE-2026-41977

DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-47659

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications are susceptible to a Regular...

Oracle Database Server (May 2026 CSPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the May 2026 CSPU advisory. - Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to...

ASB-A-467352655

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-46840

Vulnerability in Oracle REST Data Services component: Backend-as-a-Service. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in...

Nautobot 安全漏洞

Nautobot is a web-based automation platform developed by the Nautobot team. Versions of Nautobot prior to 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from users who had permission to add/modify GitRepository records being able to directly set the currenthead...

CVE-2026-44618

Technical details for CVE-2026-44618 are not publicly available in the provided documents. The records mention an XXE vulnerability in Apache CXF WS-Transfer and upgrade versions, but no further specifics are provided. Monitor for updates.

UBUNTU-CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2020-37230

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSyste...

EUVD-2020-31231

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSyste...

IObit Advanced SystemCare Service 代码问题漏洞

IObit Advanced SystemCare Service is a Windows background service component developed by IObit that supports system optimization, performance cleanup, and security maintenance. Version 13.0.0.157 of IObit Advanced SystemCare Service contains a code vulnerability. This vulnerability stems from an...

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

GHSA-935G-9RQ5-Q95C short-video-maker has a path traversal vulnerability

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...

CVE-2026-34596

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...