CVE-2026-47691

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

CVE-2026-12223

The CVE affects Yealink SIP-T46U with firmware 108.86.0.118, specifically the Web FastCGI Service component. The vulnerability lies in the mod_webd.TFTPUploadIperf function within /api/inner/tftpuploadiperf, where manipulating the ip/port argument leads to command injection. Exploitation is descr...

[SECURITY] Fedora 43 Update: bind9-next-9.21.22-2.fc43

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

PT-2026-49178

Name of the Vulnerable Software and Affected Versions DVDFab Virtual Drive version 2.0.0.5 Description Improper privilege management exists within the Signed Kernel Driver component, specifically affecting a function in the dvdfabio.sys library. This issue allows a local attacker to manipulate th...

CVE-2026-37216

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting XSS at the interface /system/notice/add...

CVE-2026-37216

CVE-2026-37216 affects Ruoyi 4.8.2 with a Cross Site Scripting (XSS) flaw at the interface /system/notice/add. Reported metrics indicate CVSS 3.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) base score 6.1 (Medium) and a potential impact on confidentiality and integrity (Low) with user interaction requi...

PT-2026-49411

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

PT-2026-49441

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49167

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...

CVE-2026-50874

Summary: CVE-2026-50874 describes an OS command injection in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0. The vulnerability allows an attacker to execute arbitrary commands by supplying crafted input. This flaw is documented across multiple feeds (NVD/NVD-derived en...

PT-2026-49493

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

PT-2026-49315

Name of the Vulnerable Software and Affected Versions kanishka-linux Reminiscence version 0.3.0 Description An OS command injection allows attackers to execute arbitrary commands by supplying crafted input to the '/manage/features/media' endpoint. OS command injection is a flaw where an applicati...

CVE-2026-50871

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

PT-2026-49290

Name of the Vulnerable Software and Affected Versions Ruoyi version 4.8.2 Description Cross Site Scripting XSS occurs at the '/system/notice/add' endpoint. XSS is a type of security flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. Recommendations At t...

PT-2026-49457

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

PT-2026-49463

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

CVE-2026-12193 VS Revo RevoUninstaller IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

MINI-4XGM-MWH2-5848

Bulletin has no description...