CVE-2026-26555

Technical details for CVE-2026-26555 are not publicly provided in the supplied documents. Monitor for updates from CIRCL and the GitHub repo for potential disclosures, PoCs, and remediation guidance.

CVE-2026-10874

CVE-2026-10874 affects projectworlds Online Art Gallery Shop Project 1.0. The vulnerability resides in an unknown function within /admin/adminHome.php, where manipulating the parameter social_insta leads to a SQL injection. Exploitation may be remote and publicly available. CVSS metrics in the so...

CVE-2023-5502

CVE-2023-5502 affects Arista EOS platforms where 802.1x is configured on access/trunk ports and IP routing is enabled on the access VLAN; a malicious supplicant may bypass 802.1x authentication. Arista’s advisory 0096 documents affected EOS releases (e.g., 4.31.x, 4.30.x, 4.29.x, 4.28.x, 4.27.x, ...

CVE-2024-27892

Arista CVE-2024-27892 affects Arista EOS platforms running OpenConfig, where a gNMI Set request can be allowed when it should be rejected, enabling unexpected configuration changes. Impact is elevated integrity/availability risk under network attack vectors; OpenConfig must be enabled with SSL pr...

CVE-2026-20245

Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) is affected by CVE-2026-20245. The vulnerability arises from insufficient validation of user-supplied input in the CLI, enabling an authenticated, local attacker to upload a crafted file and perform command injection, potentially elevating p...

CVE-2026-10873

The CVE-2026-10873 entry pertains to Shibby Tomato 1.28.0000, where the rstats_path function in /bin/rstats of the Web UI is vulnerable. The underlying issue enables an os command injection, with remote attack potential. Public exploit details exist per the connected CVE listing, and the project ...

CVE-2024-27890

CVE-2024-27890 affects Arista EOS platforms with OpenConfig enabled; a gNMI Set request can be accepted when it should be rejected, causing unexpected configuration changes. Affected EOS versions include 4.29.x (≤4.29.7M), 4.28.x (≤4.28.10M), 4.27.x (≤4.27.8M), 4.26.x (≤4.26.9M), 4.25.x (≤4.25.10...

CVE-2026-10872

CVE-2026-10872 affects Shibby Tomato 1.28.0000 Web UI: the start_vpnserver function in /sbin/rc is vulnerable to remote OS command injection. Exploit published; impact is high (C/I/A). Privileges required: HIGH; no user interaction. Superseded by FreshTomato.

CVE-2024-27891

Arista CVE-2024-27891 affects EOS platforms where MACsec and outbound egress ACLs are on the same interface, potentially causing ACL policies to not be enforced for egress packets. Affected EOS releases include 4.32.x (4.32.0.1F and below), 4.31.x (4.31.2F and below), 4.30.x (4.30.6M and below), ...

CVE-2026-48579

CVE-2026-48579 affects Microsoft Exchange Online and represents an information disclosure vulnerability due to improper authorization. The available data indicate an unauthenticated attacker could disclose information over the network, with a CVSS 3.1 base score of 9.1 (CRITICAL) and impact limit...

CVE-2026-47655

CVE-2026-47655 describes an information-disclosure vulnerability in Microsoft Graph. An authorized attacker could disclose sensitive data over a network due to a root cause that enables exposure to an attacker with Network access, Low complexity and Low privileges, with no user interaction. The C...

CVE-2026-47644

CVE-2026-47644 affects Copilot Chat in Microsoft Edge. The issue is an improper neutralization of special elements in output used by a downstream component ("injection"), enabling an unauthorized attacker to disclose information over a network. The vulnerability is documented across multiple sour...

CVE-2026-45497

CVE-2026-45497 affects Microsoft Copilot (M365 Copilot). According to the description, it involves improper neutralization of special elements in a command (command injection) that could allow an authorized attacker to execute code over a network. The connected documents do not provide concrete t...

CVE-2026-42824

Technical details (affected products, root cause specifics, exploit vectors, and fixes) are not publicly available in the provided documents. Monitor official advisories for updates.

CVE-2026-48567

CVE-2026-48567 : Azure HorizonDB suffers an authentication bypass by spoofing, enabling a network-based attacker with no privileges and no user interaction to achieve privilege escalation. CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H with a base score of 10.0 (CRITICAL). Explo...

CVE-2026-10871

CVE-2026-10871 affects Shibby Tomato 1.28.0000 in the Web UI, specifically the start_6rd_tunnel function in /sbin/rc. Manipulation of the ipv6_6rd_borderrelay argument enables OS command injection, with remote execution possible and exploits disclosed publicly. The project is superseded by FreshT...

CVE-2026-11322

Hermes WebUI (before v0.51.221) contains a path traversal vulnerability that lets an attacker escape the workspace boundary by supplying symlinks that resolve outside the workspace. The workspace file and listing APIs resolve symlink targets without enforcing that the final path remains within th...

CVE-2024-6858

In Arista EOS, CVE-2024-6858 affects multiple EOS releases (EOS 4.31.x, 4.30.x, 4.29.x, 4.28.x) where 802.1X is enabled and a fallback VLAN with an EAPOL-capable device can allow multi-auth unauthenticated hosts access to a switch port. Root cause: improper authentication handling when using dot1...

CVE-2026-42547

CVE-2026-42547 affects IRIS (web collaborative platform). In versions prior to 2.4.28, users can create alerts for customers not assigned to them, enabling false attribution of alerts. When combined with Cross-Site Scripting, this may also allow exfiltration of alerts between customers. The advis...

CVE-2026-42543

IRIS (web collaboration platform) is affected by CVE-2026-42543 in versions prior to 2.4.28. The vulnerability is CSRF caused by using HTTP GET to perform state-changing actions on the server. A patch exists in 2.4.28. Impact details are limited to what the sources state; there is no exploitation...

CVE-2026-47708

CVE-2026-47708 remains a reserved entry, but a connected advisory (GHSA-4P62-HQP5-G644) details a concrete vulnerability in MCP-for-Stata: the log_file_name parameter used by the stata_do API/CLI is directly interpolated into a Stata command string without sanitization. This allows an attacker to...

CVE-2026-42540

IRIS web collaborative platform suffers a Mass Assignment vulnerability (CVE-2026-42540). Versions prior to 2.4.28 allow an attacker to alter values in the database through manipulated API requests. A fix is available in version 2.4.28. The CVSS 3.1 score is 4.3 (Medium) with Network attack vecto...

CVE-2026-42539

CVE-2026-42539 affects the IRIS web collaborative platform. Versions prior to 2.4.28 expose sensitive data to users that is not required for operation. The root cause is an excessive data exposure in these older builds. Version 2.4.28 includes a patch to fix this. CVSS 3.1 metrics indicate a Medi...

CVE-2026-42538

IRIS is a web collaboration platform. Affected versions are prior to 2.4.28, where uploaded file validation is insufficient, enabling misuse to host phishing pages and an additional Cross-Site Scripting (XSS) vulnerability. The issue is addressed in version 2.4.28 (patch). There is no exploitatio...

CVE-2026-42329

Affected product : Iris web collaborative platform. Vulnerability : Open redirect in Iris prior to version 2.4.28, allowing an attacker to redirect a user to a malicious website. Root cause / surface : Weak redirect behavior in versions

CVE-2026-5066

The CVE-2026-5066 issue affects the Zephyr network sockets TLS path (subsys/net/lib/sockets/sockets_tls.c). When TLS session cache is enabled, tls_session_store() and tls_session_restore() copy a caller-provided address into a fixed-size buffer using addrlen without validating against the destina...

CVE-2026-10870

CVE-2026-10870 affects Shibby Tomato 1.28.0000 Web UI, specifically the start_dhcpc function in /sbin/rc. The stored description indicates an os command injection vulnerability that can be triggered remotely, with an exploit published. The project is superseded by FreshTomato. No remediation deta...

CVE-2026-5589

The CVE-2026-5589 issue affects the Bluetooth Mesh subsystem (bt_mesh_sol_recv in subsys/bluetooth/mesh/solicitation.c). When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the AD parsing loop reads an attacker-controlled length (reported_len) and computes reported_len - 3 without ensuring reported...

CVE-2026-47703

The Connected docs describe AdGuard Home and dnsproxy DoQ-to-UDP forwarding where the backend UDP hop does not preserve the DNS ID per query (DNS ID collapses to 0) while the UDP source port remains per-query. This reduces the backend tuple from (txid, source-port) to source-port only, creating a...

CVE-2026-21404

NAVTOR NavBox (versions up to 4.16.1.20) contains hard-coded credentials in its Windows Communication Foundation (SOAP) implementation. When SOAP is enabled, a local attacker can extract credentials and bypass the intended transfer workflow. Successful authentication to the SOAP interface grants ...

CVE-2026-48013

Shopware SSRF (CVE-2026-48013): An authenticated admin can abuse the /api/_action/media/external-link endpoint to perform server-side HTTP HEAD requests to arbitrary internal IPs. The vulnerable path uses MediaUploadV2Controller::externalLink() -> MediaUploadService::linkURL(), which only vali...

CVE-2026-48015

CVE-2026-48015 is not yet detailed in the initial entry, but a connected advisory (GHSA-XVHC-GM7J-MHMC) provides concrete technical details: Shopware stores SVGs uploaded via the media manager without sanitizing the SVG content, and SVGs are whitelisted in allowed_extensions. This enables stored ...

CVE-2026-48016

CVE-2026-48016 / Shopware Store API : The GHSA advisory confirms a logic flaw in the Store API endpoint /store-api/handle-payment where a caller with a valid foreign orderId can initiate or retry payment for another user’s order. Root cause: the endpoint forwards the provided orderId into the pay...

CVE-2026-48014

CVE-2026-48014 / GHSA-F8Q6-3G5W-JJR6 (Shopware Admin API ACL Bypass) The connected advisories describe a vertical authorization bypass in Shopware’s Admin API affecting order state transitions. The root cause is that the transition action endpoints (e.g., /api/_action/order/{orderId}/state/{trans...

CVE-2026-48012

CVE-2026-48012 is tied to an open redirect in Shopware’s SSO entry point. The GHSA advisory describes an unauthenticated GET /api/oauth/sso/auth flow that falls back to the request Referer when the expected SSO session state is absent. Because the Referer is attacker-controlled and the code does ...

CVE-2026-41522

Affected software: Iris DFIR-IRIS web collaboration platform. Vulnerable version: earlier than 2.4.28. Issue: optional GraphQL endpoint at /graphql did not enforce the same authorization as the REST API, enabling three unauthorized actions by any authenticated user: (1) IOC read across cases (IDO...

CVE-2026-41518

Chartbrew (versions 4.9.0–5.0.0) is affected by a stored DOM XSS in the ChartTooltip rendering path. An authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in ChartDatasetConfig.legend, which is persisted and injected into the tooltip via an unguarded innerHTML ...

CVE-2026-48010

The CVE refers to Shopware where UserController::upsertUser() bypasses ACL in SYSTEM_SCOPE, allowing non-admin users with user:create or user:update to assign admin: true and escalate to full admin. The Github advisory details the exact code path (src/Core/Framework/Api/Controller/UserController....

CVE-2026-48009

Shopware Admin API vulnerability: a low-privilege admin with user_recovery:read can trigger password recovery for a victim, read the recovery hash from POST /api/search/user-recovery, and reuse it at PATCH /api/_action/user/user-recovery/password to reset the victim’s password. Root cause is expo...

CVE-2026-41249

CoreShop (versions 5.0.1–5.1.0-beta.1) is affected by an RCE in GitHub Actions workflow: the static.yml workflow uses pull_request_target but checks out the PR head ref and executes bin/console from that untrusted checkout, enabling an attacker to run arbitrary code on the runner. The incident is...

CVE-2026-48008

CVE-2026-48008 / Shopware : The GitHub advisory details a privilege escalation via the Sync API. A non-admin API user with the integration:create ACL can gain full admin by creating an integration with admin: true through POST /api/_action/sync. The vulnerability arises because SyncController::sy...

CVE-2026-54458

The connected GitHub advisory describes an unauthenticated stored DOM XSS in the AVideo YPTSocket plugin. An attacker can craft a malicious page_title sent via the WebSocket broadcast after obtaining a WebSocket URL from getWebSocket.json.php, then injects HTML into the admin page’s DOM when admi...

CVE-2026-50183

CVE-2026-50183 is linked to a stored XSS vulnerability in WWBN’s AVideo software, specifically in the YouTubeAPI plugin. The adversary-controlled YouTube video title is fetched via YouTube Data API and unsafely injected into the homepage gallery markup without HTML encoding. The vulnerability ste...

CVE-2026-50182

The connected GHSA advisory details a reflected XSS in AVideo (WWBN) involving the YouTubeAPI and Layout plugins. The vulnerability arises from unsafely embedding the user-supplied $_GET['search'] value directly into the pagination hrefs in plugin/YouTubeAPI/gallerySection.php, without HTML-escap...

CVE-2026-49279

Connected document confirms CVE-2026-49279 context is not public in Initial, but GHSA advisory details a concrete vulnerability: in AVideo, a stored XSS via WebSocket messaging bypasses sanitization. The root cause is shallow removal of autoEvalCodeOnHTML only from json['msg']; msgToResourceId() ...

CVE-2026-8462

OpenMeter SQL injection (CVE-2026-8462) An authenticated tenant can inject SQL via POST /api/v1/meters when sending valueProperty or groupBy. The vulnerability stems from interpolating user input into a ClickHouse query with fmt.Sprintf and insufficient escaping, creating a non-parameterized, exe...

CVE-2026-41237

Froxlor CVE-2026-41237 affects versions 2.3.6 and earlier, where the LOC record regex uses \s+ allowing embedded newlines, TLSA matchingType=0 has no upper bound on hex data length, and validators return raw input without zone-file escaping. Version 2.3.7 includes an updated patch. Technical deta...

CVE-2026-41236

Froxlor 2.3.6 contains a privilege-escalation via a symlink in the SSH keys workflow. The provisioning code appends keys to ~/.ssh/authorized_keys under a customer-controlled home directory without validating that the target path isn’t a symlink. An attacker with shell access to the customer acco...

CVE-2026-41235

CVE-2026-41235 affects Froxlor 2.3.6 where system.available_shells is used to present allowed shells but not enforced by server-side Ftps::add/ Ftps::update. An authenticated customer with shell delegation can submit an arbitrary shell (e.g., /bin/bash); with nssextrausers integration this shell ...

CVE-2026-41234

CVE-2026-41234 affects Froxlor prior to 2.3.7, where the DomainZones.add API does not sanitize newline characters in TXT records. An authenticated user with DNS editing enabled can inject newlines into TXT content, causing the TXT value to break out of the line in the generated BIND zone file. Th...