361188 matches found
May 2026 Security Advisory Ivanti Virtual Traffic Manager (vTM) (CVE-2026-8051)
Summary Ivanti has released updates for Ivanti Virtual Traffic Manager which addresses one High severity vulnerability. Successful exploitation could lead to admin authenticated remote code execution. We are not aware of any customers being exploited by this vulnerability at the time of disclosur...
May 2026 Security Advisory Ivanti Secure Access Client (CVE-2026-7431, CVE-2026-7432)
Update 22 May: CVE-2026-8992 has been added to Vulnerability Details Summary Ivanti has released updates for the Ivanti Secure Access Client which addresses one medium severity vulnerability and two High severity vulnerabilities. We are not aware of any customers being exploited by these...
Security Advisory - Ivanti Xtraction (CVE-2026-8043)
Summary Ivanti has released an update for Ivanti Xtraction which addresses one Critical severity vulnerability. Successful exploitation could lead to sensitive information disclosure and client-side attacks. We are not aware of any customers being exploited by this vulnerability at the time of...
Security Advisory Ivanti Endpoint Manager (EPM) May 2026
Security Advisory Ivanti Endpoint Manager EPM CVE-2026-8109, CVE-2026-8110, CVE-2026-811 Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one Medium severity and two High severity vulnerabilities. Successful exploitation could lead to information disclosure, privile...
Security Advisory Ivanti DSM (CVE-2026-3483)
Security Advisory Ivanti DSM CVE-2026-3483 Summary Ivanti has released an update for Ivanti Desktop and Server Management DSM which addresses one high severity vulnerability. Successful exploitation could allow an attacker to elevate their local privileges. We are not aware of any customers being...
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-10727)
Update 11 June: FAQ Updated Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details CVE Number | Descriptio...
Security Advisory EPM February 2026 for EPM 2024
Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...
Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address fr...
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past every scanner tested mor...
CVE-2026-6382 Multiple elFinder Plugins - Authenticated OS Command Injection
The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...
CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter
The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...
CVE-2026-6382 Multiple elFinder Plugins - Authenticated OS Command Injection
The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...
CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter
The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
K000162085: Spring Data MongoDB vulnerability CVE-2026-41717
Security Advisory Description Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions...
Exploit for CVE-2026-9290
CVE-2026-9290 — WP User Manager LFI to RCE Exploit Pre-Auth Path...
CVE-2026-14767
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...
EUVD-2026-41777
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...
CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...