UBUNTU-CVE-2026-8589

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

HTB-TwoMillion-Exploit

HTB-TwoMillion-Exploit Importante: Esto NO es un writeu...

CVE-2026-11252

Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

Anthropic Claude Code < 2.0.65 API Key Leak via Project Settings (CVE-2026-21852)

The version of Anthropic Claude Code installed on the remote host is prior to 2.0.65. It is, therefore, affected by an information disclosure vulnerability. A vulnerability in the project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirm...

CVE-2026-20969

Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability...

CVE-2025-5126

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

CVE-2024-10545 NextGEN Gallery < 3.59.9 - Admin+ Stored XSS

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

WordPress Plugin GTG Product Feed for Shopping Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

The vulnerability of the SetWan2Settings() function in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.

The vulnerability of the SetWan2Settings function in D-Link DIR-3040 wireless router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HNAP...

The vulnerability of the SetWLanRadioSettings() function in the D–Link DIR-823G router’s software allows a hacker to cause a service failure.

The vulnerability of the SetWLanRadioSettings function in the microprogrammed software for D–Link DIR-823G routers is related to the issue where the operation’s output escapes the buffer in memory when processing the GuardInt parameter. Exploiting this vulnerability could allow a malicious actor ...

PT-2023-3089 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to elevate their privileges using a specially crafted link. Recommendations: At the...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. Google Android 13 suffers from a security vulnerability that stems from a sandbox escape in Settings that has the potential to bypass factory reset protection if an attacker has physical access to the...

The vulnerability of the form_fast_setting_wifi_set() function in the Tenda AC18 router’s microprogramming software allows a hacker to induce a service failure.

The vulnerability of the formfastsettingwifiset function in the Tenda AC18 router’s microprogramming software is related to the issue of writing operations outside the buffer in memory when processing the ssid parameter. Exploiting this vulnerability could allow a malicious actor to cause service...

PT-2021-1592 · Microsoft · Windows Remote Desktop +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop affected versions not specified Description: The issue is related to errors in security settings of the Remote Desktop Services RDS in Windows operating systems. It may allow a remote attacker to impact the...

Design/Logic Flaw

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2...

Design/Logic Flaw

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4...