PT-2026-36116

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

PT-2026-36096

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR 3.5.2025117...

PT-2026-36031

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

CVE-2026-36340

CVE-2026-36340 affects Krayin CRM v2.1.5; fixed in v2.1.6. The issue arises in Email → Compose when attaching files, allowing an authenticated user to upload PHP payloads to a publicly accessible directory, enabling remote code execution. Upgrade to v2.1.6 or apply vendor mitigations; PoC indicat...

Medium: tomcat-native

Issue Overview: CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115;...

Linux Distros Unpatched Vulnerability : CVE-2026-7376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVE-2026-7376 Note that Nessus relies on the presence of the package as reported by...

FUXA 1.2.8 - Authentication Bypass + RCE Exploit

Exploit Title: FUXA 1.2.8 - Authentication Bypass + RCE Exploit Date: 2026-02-25 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll/ Software Link: https://github.com/frangoteam/FUXA/tree/v1.2.8 Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA 1.2.8. Do not u...

Supply Chain Cybersecurity Risk Management Guide

Your organization's security is only as strong as its weakest vendor. A single compromised supplier, an unpatched software dependency, or a breached managed service provider can give attackers a direct path into your environment, bypassing every control you have built internally. The SolarWinds...

GHSA-49M9-PGWW-9VQ6 n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration

Impact The MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. T...

n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration

Impact The MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. T...

CVE-2026-42432

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system...

CVE-2018-25314

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

CVE-2018-25314

CVE-2018-25314 affects Allok Soft WMV to AVI MPEG DVD WMV Converter 4.6.1217, where a buffer overflow in the License Name field allows local attackers to execute arbitrary code via input containing shellcode with an SEH overwrite, potentially gaining application-privilege execution. The NVD/CVE r...

CVE-2018-25314 Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

EUVD-2018-21835

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

CVE-2018-25309

CVE-2018-25309 affects MyBB 17.0 Recent Threads. It is a persistent XSS in the thread subject that lets attackers inject scripts to execute in the browsers of users viewing the index page. The root cause is crafted subject lines containing script tags, enabling arbitrary JavaScript execution in a...

CVE-2018-25303

Allok Video to DVD Burner 2.6.1217 is affected by a stack-based buffer overflow in the License Name field that enables local code execution via SEH overwrite. An input of ~780 junk bytes followed by SEH chain pointers and shellcode can be pasted into the License Name field during registration to ...

Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

CVE-2026-5166

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 0.6.4...

CVE-2026-5141

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3...