CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Recent assessments: wvu-r7 at November 02, 2021 7:12pm UTC reported: See the other topic. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

PoC for high-entropy ASLR bypass via MemoryProtector

high-entry ASLR Bypass Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: ASLR Bypass, vendor says they would fix in next versions. Assessed Attacker Value: 2 Assessed Attacker Value: 2Assessed Attacker Value: 1...

Oracle Beehive prepareAudioToPlay() Function Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Oracle Beehive suffers from a vulnerability tha...

CVE-2018-15142

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the “docid” and “content” parameters and accessing it in the traversed...

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

CVE-2026-12539

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

CVE-2026-11620

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

CVE-2026-8976

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

CVE-2026-10621

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

CVE-2026-0043

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

CVE-2026-10223

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

CVE-2026-10168

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

CVE-2018-25419

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

CVE-2018-25418

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

CVE-2026-46242

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix epremove struct eventpoll / struct file UAF epremove via epremovefile cleared file-fep under file-flock but then kept using @file inside the critical section isfileepoll, hlistdelrcu through the head, spinunlock. A...

CVE-2026-10116

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogssbixactadd in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...

CVE-2026-10114

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handlescpinfo in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been...

CVE-2026-47123

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

CVE-2025-41278

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...

CVE-2026-42965

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...

CVE-2026-10057

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

CVE-2026-49198

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

CVE-2026-9714

The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...

CVE-2026-2128

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

CVE-2026-8995

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

CVE-2026-35266

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks require human interaction...

CVE-2026-46159

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfsioctlspaceinfo slotcount TOCTOU which can lead to info-leak btrfsioctlspaceinfo has a TOCTOU race between two passes over the block group RAID type lists. The first pass counts entries to determine the allocation...

CVE-2026-9015

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

CVE-2026-44709

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

CVE-2026-9759

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

CVE-2026-6051

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

CVE-2025-66593

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

CVE-2025-13593

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

CVE-2026-40811

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-8606

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

CVE-2026-9603

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-46284

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges...

CVE-2026-44788

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

CVE-2026-9642

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...