CVE-2026-30812

CVE-2026-30812 describes stored cross-site scripting in Pandora FMS components (versions 777–800) due to improper neutralization of input during web page generation. Affected: Pandora FMS event comments; attack requires user interaction. The connected sources corroborate the same description acro...

CVE-2026-36946

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/viewdetails.php...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

K000160730: Microsoft semantic kernel Python SDK vulnerability CVE-2026-26030

Security Advisory Description Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade...

CVE-2026-25208

Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-25207

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-6158 Totolink N300RH upgrade.so setUpgradeUboot os command injection

A flaw has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

ABB Ability Symphony Plus Engineering

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. The ABB S+ Engineering product versions are affected by vulnerabilities in PostgreSQL version 13.11 and earlier versions. If an attacker gains access to a site’s S+ Client Server network, they...

PT-2026-32520

Name of the Vulnerable Software and Affected Versions Vtiger CRM version 8.4.0 Description A reflected cross-site scripting XSS issue exists in the MailManager module, where XSS is a type of attack that injects malicious scripts into a trusted website. Improper handling of user-controlled input i...

Fedora: Security Advisory (FEDORA-2026-5eb6f779c0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HCL DevOps Velocity 安全漏洞

HCL DevOps Velocity is a pipeline orchestration and management tool used by HCL Company in India. Versions of HCL DevOps Velocity prior to 5.1.7 contained security vulnerabilities. These vulnerabilities were due to improper implementation of rate-limiting mechanisms for login attempts, which coul...

CVE-2026-31281

CVE-2026-31281 — Totara LMS HTML Injection : Totara LMS v19.1.5 and earlier is described as vulnerable to HTML injection via a message sent to users, enabling the attacker to execute HTML/JS in the victim’s browser and potentially causing session hijacking and command execution on the user’s devi...

Pachno 安全漏洞

Pachno is an open-source collaboration platform developed by Pachno. Version 1.0.6 of Pachno contains a security vulnerability, which stems from insecure XML parsing. This vulnerability could allow unverified attackers to read arbitrary files...

EUVD-2019-20126

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

CVE-2019-25710

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

CVE-2019-25707

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

CVE-2019-25691 Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

CVE-2019-25691 Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...

CVE-2019-25691

CVE-2019-25691 affects Faleemi Desktop Software 1.8. The vulnerability is a local buffer overflow in the System Setup dialog that enables DEP bypass through structured exception handling. An attacker can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a b...

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Unknown threat actors compromised CPUID "cpuid.com", a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident...