CVE-2026-45776

Open XDMoD (Open XDMoD) versions prior to 11.0.3 are affected when the optional Job Performance (SUPReMM) module is installed. A flaw in access control allows a crafted HTTPS POST to set a session variable used for authorization, enabling an attacker to view other users’ compute job efficiency me...

CVE-2026-46357

CVE-2026-46357 affects HAX CMS NodeJS backend. An authenticated attacker can crash the NodeJS process by sending a malformed request to the remote import workflow via the createSite endpoint, causing an availability DoS with a single HTTP request. The crash originates from a file object without o...

CVE-2026-46493

Affected software : HAX CMS running PHP or Node.js backends. Vulnerability : older releases (before 26.0.1) use PHP’s uniqid to generate salts, which is inappropriate for secure salt generation. Root cause : insecure randomness source in salt generation. Impact : described risk is consistent with...

CVE-2026-46401

HAX CMS (PHP/Node.js backends) has an improper session termination vulnerability affecting versions prior to 26.0.0, where authentication tokens remain valid after logout. This allows attackers who obtain valid tokens to maintain persistent access to authenticated CMS functionality, bypassing log...

CVE-2026-46400

Summary: CVE-2026-46400 affects HAXCMS PHP backend. From version 11.0.6 up to but not including 25.0.0, the file upload validation only checks file extensions via a regex rather than validating content or MIME type, enabling attackers to upload disguised malicious files (e.g., PHP webshells) and ...

CVE-2026-46398

HAX CMS vulnerability: the haxcms_refresh_token cookie is set without the Secure flag in versions 25.0.0 through

CVE-2026-46397

CVE-2026-46397 details a vulnerability in HAX CMS (PHP/Node.js backends) where an authenticated user can trigger a Local File Inclusion (LFI) via the saveOutline API, by manipulating the location field written into site.json. The issue allows reading arbitrary server files accessible to the web s...

CVE-2026-11401

The CVE-2026-11401 entry describes an untrusted search path vulnerability in the GlobalDatabasePlugin of the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL. A remote authenticated low-privilege actor can escalate to other Amazon RDS user privileges (including rds_superuser) via a crafted fu...

CVE-2026-11400

CVE-2026-11400 describes an untrusted search path vulnerability in the GlobalDatabasePlugin of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL. A remote authenticated low-privilege actor can escalate privileges to another Amazon RDS user, including rds_superuser, by creating a crafted ...

CVE-2026-11414

CVE-2026-11414 affects Altium Enterprise Server Vault service. The issue comprises two vulnerabilities: (1) a hard-coded cryptographic key used to sign file download URLs, identical across installations, enabling an unauthenticated network attacker to forge valid signatures and retrieve files fro...

CVE-2026-46496

HAX CMS is affected by a stored XSS in the component. Versions prior to 26.0.0 fail to sanitize input in the source/source-data attributes, allowing javascript: URIs that execute attacker-controlled JavaScript in victims’ browsers. This can lead to token exposure (e.g., JWTs) and other sensitive...

CVE-2026-46396

CVE-2026-46396 stems from a stored XSS in HAX CMS prior to 26.0.0, caused by improper sanitization of elements that permit javascript: in the src attribute. When a victim views a page containing such an iframe, arbitrary JavaScript can execute in the browser context, enabling access to sensitive...

CVE-2026-46511

CVE-2026-46511 affects HAX CMS prior to 26.0.0. A Stored XSS chain exposes active session tokens (jwt, user_token, site_token, appstore_token) via the /system/api/connectionSettings endpoint, which writes tokens into a global JavaScript object (window.appSettings). An authenticated attacker can c...

CVE-2026-5411

CVE-2026-5411 affects WP Captcha PRO (premium version, same slug as Advanced Google reCAPTCHA) for WordPress, vulnerable up to version 5.38. The root cause is a capability check in the licensing module’s save_ajax() function combined with unrestricted file extraction in sync_cloud_protection(), e...

CVE-2026-5415

The CVE-2026-5415 issue affects the WP Captcha PRO plugin for WordPress (

CVE-2026-10580

The CVE-2026-10580 entry describes an Authentication Bypass vulnerability in the Hippoo Mobile App for WooCommerce WordPress plugin (versions up to 1.9.4). A logic conflation in HippooPermissions::get_user_permissions() makes administrators and unauthenticated visitors share a null sentinel, whic...

CVE-2026-46395

HAX CMS Node.js backend (before 26.0.0) exposes a critical cryptographic flaw in the hmacBase64() function. It uses a hardcoded signing key of the string "0" and then appends the real key (this.privateKey + this.salt) to the output, producing tokens that reveal the private key when decoded. An un...

CVE-2026-46394

CVE-2026-46394 : HAX CMS PHP backend prior to v26.0.0 is vulnerable to OS command injection in the Git.php library. The application builds shell commands from unsanitized input and executes them via proc_open(); only one of 17 command-invoking functions uses escapeshellarg(), increasing risk. An ...

CVE-2026-46393

The CVE-2026-46393 entry documents an authenticated SSRF in HAXcms createSite. In affected versions prior to 26.0.0, a malicious build.files input lets an authenticated user cause server-side requests (via file_get_contents on attacker-controlled tmp_name), enabling fetches of arbitrary internal/...

CVE-2026-46392

HAX CMS (PHP, pre-26.0.0) has a case-sensitivity mismatch in HTML upload handling. The saveFile endpoint validates extensions case-insensitively but the .htaccess rule enforcing Content-Disposition: attachment for HTML is case-sensitive. As a result, an uploaded HTML file with an uppercase extens...

CVE-2026-46391

CVE-2026-46391 concerns HAX CMS/Open-apis where, from versions before 26.0.0, multiple functions perform substring-only hostname validation for basic auth destinations. The underlying issue is substring matching that can be manipulated by an attacker to exfiltrate credentials by directing request...

CVE-2026-46390

HAX CMS (PHP/Node.js backends) is affected by an unauthenticated access issue in the gitlist plugin. From version 2.0.0 up to, but not including, 26.0.0, the gitlist plugin is exposed to unauthenticated users, enabling browsing of git repositories and git history without authentication. Version 2...

CVE-2026-46399

CVE-2026-46399 affects HAX CMS with PHP backend prior to v26.0.0. The vulnerability is an authenticated file overwrite that allows an attacker to configure malicious Git filter commands, leading to code execution on the HAX CMS server. The issue is specific to the PHP version before 26.0.0; the f...

CVE-2026-47731

The NASA AMMOS Instrument Toolkit Binary Stream Capture (BSC) REST API exposes /NAME/start to create log handlers with attacker-controlled fields (log_dir_path, path, file_name_pattern). This allows path traversal and arbitrary file writes outside the configured root_log_directory, because _get_l...

CVE-2026-46389

CVE-2026-46389 affects UDS Identity Config (Keycloak integration) used by UDS Core Identity. A logic error in the Keycloak client authenticator named client-kubernetes-secret (shipped by uds-identity-config) in versions 0.11.0–0.26.0 overwrites the submitted client_secret with the mounted Kuberne...

CVE-2026-45750

Summary: CVE-2026-45750 affects Termix prior to 2.3.2. The flaw is in the GET /ssh/file_manager/ssh/resolvePath endpoint of the Termix File Manager, where the path parameter is embedded into a shell command executed in the active SSH session. User-controlled input is placed inside double quotes w...

CVE-2026-45749

Termix (web-based server management platform) prior to v2.3.2 exposes MFA risk via POST /users/totp/disable and POST /users/totp/backup-codes, which accept only the account password as authentication for MFA-critical actions. An attacker with a compromised password can disable TOTP or regenerate ...

CVE-2026-45748

Termix includes a vulnerability in its POST /ssh/tunnel/connect endpoint prior to version 2.3.2. The handler builds an SSH tunnel command by directly interpolating user-controlled fields (endpointIP, endpointUsername, password) into a shell command without escaping, enabling persistent OS command...

CVE-2026-2379

The CVE-2026-2379 issue affects Arista EOS on hardware IPSec platforms where anti-replay is disabled. When IPsec is enabled, specific events (physical interface flaps or certain agent restarts) can trigger IPsec tunnel re-establishment using existing SAs, causing sequence number mismatches betwee...

CVE-2026-45746

Termix prior to v2.3.2 exposes a critical Broken Access Control in the File Manager due to improper validation of the sessionId, allowing a client-controlled session identifier to access other users’ File Manager sessions tied to SSH connections. This can lead to unauthorized interaction with rem...

CVE-2026-45744

Termix web-based server management platform is affected by an OS command injection in the GET /ssh/file_manager/ssh/resolvePath endpoint prior to version 2.3.2. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution....

CVE-2026-45743

Termix before 2.3.2 has an IDOR flaw in 16 file-manager endpoints where the server fails to verify that the requester owns the SSH session identified by sessionId. An authenticated user who can guess another user’s active sessionId can read, write, delete, download, and execute files on the victi...

CVE-2026-45745

Termix Desktop (Electron) versions starting with 1.7.0 have disabled TLS certificate validation, enabling network-level MITM to intercept/modify HTTPS traffic to the Termix server and potentially steal credentials and JWT/session data during login and normal use. No patched versions are publicly ...

CVE-2026-50733

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), enabling arbitrary JavaScript execution across render paths (live preview, presentation mode, and HTML export via WaveDrom.ProcessAll()/eva()). Attack vector includes a crafted m...

CVE-2026-49493

Markdown Preview Enhanced prior to 0.8.28 runs Bitfield fenced code blocks containing interpretJS(), which evaluates code via vm.runInNewContext(), enabling arbitrary server-side code execution when rendering or exporting a document. The issue’s root cause is that Bitfield definitions were treate...

CVE-2026-49492

The CVE-2026-49492 entry concerns Markdown Preview Enhanced (pre-0.8.28) which opens external files/links from the preview via a shell and does not validate untrusted inputs from the markdown document (e.g., diagram filename attribute, imported file paths, latex_engine code-chunk attribute). On W...

CVE-2025-71318

CVE-2025-71318 concerns NetMan 204, where authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly access pages (e.g., administration.html, administration-commands.html, configuration.html) to disclose sensitive details such as ...

CVE-2025-71317

NetMan 204 is affected by a hard-coded backdoor account (username/password: 'eurek'). A remote, unauthenticated attacker can authenticate via the cgi-bin/login.cgi endpoint (e.g., /cgi-bin/login.cgi?username=eurek&password=eurek; can be shortened due to lax parameter validation) to gain administr...

CVE-2026-11344

CVE-2026-11344 affects the code-projects Vehicle Management System 1.0, specifically the New Driver Registration Form’s file handling in newdriver.php. The vulnerability arises from manipulating the argument photo, leading to an unrestricted upload condition. The flaw is exploitable remotely and ...

CVE-2026-11342

Vulnerability : In code-projects Hotel and Tourism Reservation System 1.0, the file /details.php is susceptible to SQL injection via the room parameter. Root cause : unsanitized input in the argument dispatched to an SQL query. Impact : exploitation can be performed remotely; CVSS metrics in sour...

CVE-2026-45327

TinyIce (Go) versions 0.8.95–2.4.1 expose a missing authentication on the WebRTC ingest endpoint POST /webrtc/source-offer?mount=, enabling unauthenticated stream injection. The issue is fixed in v2.5.0 by requiring either HTTP Basic auth or a ?password= query parameter, verifying the supplied pa...

CVE-2026-45291

CVE-2026-45291 concerns Cloudburst Network components used in Cloudburst projects. A vulnerability exists in versions prior to 1.0.0.CR3-20260418.124334-32 of Network, where a bug can be exploited to close the parent Netty channel, rendering the affected software inoperable. Impact is described a...

CVE-2026-45290

Cloudburst Network: A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 affects the Network component and can stall the Netty event loop, rendering affected software inoperable. Impact is availability-focused (HIGH) with no confidentiality or integrity impact per the cited metrics. ...

CVE-2026-11341

The CVE-2026-11341 affects the D-Link DWR-M920 series up to firmware 1.1.50. The vulnerability is in the function sub_412DA0 of /boafrm/formIMEISetup, where improper handling of the IMEI_value enables an OS command injection. What is vulnerable: the specific function and file path in the device’s...

CVE-2026-52878

Klever-Go P2P interceptor vulnerability (CVE-2026-52878) arises from a nil dereference in txVersionChecker.CheckTxVersion when tx.RawData is nil. The nil pointer panic occurs in the production path of the MultiDataInterceptor/SingleDataInterceptor during ProcessReceivedMessage, via InterceptedTra...

CVE-2026-52880

Summary: CVE-2026-52880 is connected to Klever-go's REST API startup path using Gin Engine.Run, where Go’s default http.ListenAndServe omits application-level ReadHeaderTimeout/ReadTimeout/MaxHeaderBytes. An unauthenticated client reachable on the REST listener (:8080) can hold incomplete HTTP he...

CVE-2026-52879

The CVE candidate CVE-2026-52879 is addressed by a connected advisory for klever-go (GHSA-HF2G-6J7H-98WG) describing an unbounded goroutine spawn in the direct-message ingress path. Specifically, network/p2p/libp2p/netMessenger.go: directMessageHandler spawns a new goroutine for every incoming di...

CVE-2026-49343

CVE-2026-49343 is contextualized by connected advisories for Klever-Go KVM, which document a DoS risk during epoch bootstrap due to a throttler slot leak in trie account-data syncers. The root cause: StartProcessing() is called without a guaranteed EndProcessing() on all error paths, leaking boun...

CVE-2026-47680

The CVE entry CVE-2026-47680 aligns with a public advisory for Flux project’s source-controller: improper path handling allows traversal. Affected component: source-controller (Flux CD) with surface in Bucket and GitRepository sparse‑checkout paths. Exploitation details are not provided in the do...

CVE-2026-47670

The connected document GHSA-WM5R-5QP3-5VXF details an authenticated remote code execution in DbGate via unsanitized functionName input to /runners/load-reader. Exploitation arises from injecting newline into functionName, bypassing a partial mitigation (require = null) with dynamic import, enabli...