CryptPad unbounded WebSocket frame flood

RISK EVALUATION CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. 2. RECOMMENDED PRACTICES Upgrade to 2026.2.2. 3. DESCRIPTION CryptPad 2025.3.1 allows unbounded WebSocket...

CVE-2026-0610

CVE-2026-0610 is a SQL Injection vulnerability in the remote-sessions component of Devolutions Server. Affected versions are 2025.3.1 through 2025.3.12. The issue is caused by unsafely constructed SQL queries in the remote-sessions functionality, enabling an attacker to potentially read or modify...

PT-2026-3441

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.1 through 2025.3.12 Description A SQL Injection issue exists in the remote-sessions component of Devolutions Server. This allows for potential unauthorized access or modification of data. The issue is located...

N-able N-central 操作系统命令注入漏洞

N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.3.1, which stems from insufficient input...