EUVD-2026-25209

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-2097

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-1331

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-1222

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-1222 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Arbitrary File Upload

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

PT-2026-1235

Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload issue. Authenticated remote attackers can upload and execute web...

CVE-2025-15228

BPMFlowWebkit by WELLTEND TECHNOLOGY is affected by an Arbitrary File Upload vulnerability that enables unauthenticated remote attackers to upload and execute a Web Shell backdoor, leading to arbitrary code execution on the server. Affected component is BPMFlowWebkit; root cause is an arbitrary f...

CVE-2025-15226

CVE-2025-15226 concerns WMPro by Sunnet, where an Arbitrary File Upload vulnerability allows unauthenticated remote attackers to upload and execute a web shell on the server, enabling arbitrary code execution . The vulnerability is described in multiple feeds (NVD/Red Hat/CIRCL/etc.) with no spec...

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw CVE-2022-24086, CVSS score: 9.8 in Adobe Commerce and Magento Open Source...

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. "CISA and FBI...

DarkCrewFriends Returns with Botnet Strategy

The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service DDoS attacks, command execution, information...