CVE-2026-26721

Summary : CVE-2026-26721 affects Key Systems Inc Global Facilities Management Software v.20230721a. A vulnerability in the SID query parameter can allow a remote attacker to obtain sensitive information, impacting confidentiality (CVE-3.1.3.1 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) ...

CVE-2026-26722

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...

Silicon Labs Gecko SDK和Silicon Labs Simplicity SDK 安全漏洞

The Silicon Labs Gecko SDK GSDK and Silicon Labs Simplicity SDK are both open-source products from Silicon Labs. The Silicon Labs Gecko SDK is a library that combines the Silicon Labs wireless software development kit SDK with the Gecko platform into an integrated software package. The Silicon La...

RICOH ジョブログ集計/分析ソフトウェア 代码问题漏洞

RICOH Job Log Aggregation/Analysis Software is a tool developed by the Japanese RICOH company for aggregating job logs. Versions of RICOH Job Log Aggregation/Analysis Software prior to version 1.3.7 contained code vulnerabilities. These vulnerabilities were caused by issues with the DLL search...

Automatic, Expressive, and Scalable Fuzzing with Stitching

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test. Approaches that instead explore new sequences dynamically lack the...

CVE-2026-27003

OpenClaw (npm package) is affected by CVE-2026-27003. The vulnerability stems from logging Telegram bot tokens in error messages/stack traces due to insufficient redaction, which can lead to token disclosure. Affected versions are = 2026.2.15 and rotate any bot tokens that may have been exposed. ...

CVE-2026-24122 Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview @feathersjs/authentication-oauth is an oAuth 1 and 2 authentication for Feathers. Powered by Grant. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the session cookies. An attacker can access sensitive...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in server-side rendering when attribute spreading is performed on elements. An attacker can inject...

Hono added timing comparison hardening in basicAuth and bearerAuth

Summary The basicAuth and bearerAuth middlewares previously used a comparison that was not fully timing-safe. The timingSafeEqual function used normal string equality === when comparing hash values. This comparison may stop early if values differ, which can theoretically cause small timing...

CVE-2025-8308

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers.This issue affects INFOREX- General Information Management System: from 2025 and...

CVE-2025-69287

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

CVE-2026-26200

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...

Exploit for CVE-2026-27180

MajorDoMo RCE !Authorhttps://img.shields.io/badge/Author-Mo...

CVE-2026-26362

creationtimestamp| type| source ---|---|--- 2026-02-19 16:04:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf7xux7eab2s 2026-02-19 16:28:31+00:00| seen| https://bsky.app/profile/potato.software/post/3mf7z7siwjz25 2026-02-19 23:00:18+00:00| seen|...

CVE-2025-9953

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: before 2026/04...

CVE-2025-9953 SQLi in Database Software's Databank Accreditation Software

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: before 2026/04...

CVE-2025-9953

CVE-2025-9953 affects Databank Accreditation Software from DATABASE Software Training Consulting Ltd. The issue is an Authorization Bypass Through User-Controlled SQL Primary Key that enables SQL Injection. According to the description, the vulnerability involves SQL Injection via a user-controll...

CVE-2025-8350

Execution After Redirect EAR, Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted...

CVE-2025-9062 IDOR in MeCODE Informatics' Envanty

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...