CVE-2026-48092

A flaw was found in 7-Zip, a file archiver. This vulnerability, affecting 32-bit builds, involves a heap memory disclosure caused by an integer overflow in the SquashFS ReadBlock function. An attacker can exploit this by providing a specially crafted archive, which, when processed, allows the...

CVE-2026-48095

A flaw was found in 7-Zip. A remote attacker could exploit a heap buffer overflow vulnerability in the application's handling of NTFS compressed streams. By crafting a malicious image and convincing a user to open it, the attacker can cause an under-allocation of a buffer, leading to an overwrite...

CVE-2026-44656

A flaw was found in Vim, an open-source command-line text editor. An attacker who controls the contents of a file can exploit an OS command injection vulnerability in Vim's :find command-line completion. This occurs when the path option, which can be set from a modeline, contains backtick-enclose...

CVE-2026-42216

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

CVE-2026-49975

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

CVE-2026-45613

A flaw was found in Rizin, a UNIX-like reverse engineering framework. A local attacker could exploit a heap-buffer-overflow vulnerability when a user processes a specially crafted Object Module Format OMF file. This flaw could lead to limited information disclosure...

CVE-2026-45324

A flaw was found in Rizin, a UNIX-like reverse engineering framework. A double free vulnerability exists in the bytepatternsearch function due to incorrect pointer ownership. This flaw could allow a local attacker with physical access to cause a denial of service DoS by corrupting memory...

CVE-2026-41293

Apache Tomcat did not validate HTTP/2 request headers, triggering unexpected application behavior, as applications may presume that header values exposed through the Servlet API would be valid...

CVE-2026-48906

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...

CVE-2026-50263

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

CVE-2026-50262

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

CVE-2026-50264

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

CVE-2026-50261

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

CVE-2026-50260

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

CVE-2026-50258

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...

CVE-2026-50259

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

CVE-2026-50256

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

CVE-2026-50257

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...

CVE-2026-50265

A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device is removed. This...

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

CVE-2026-6657

A flaw was found in jupyter-server. A remote attacker can bypass Cross-Origin Resource Sharing CORS origin validation when the alloworiginpat configuration is used. This vulnerability allows malicious domains to pass validation against patterns intended for trusted domains. This could lead to...

CVE-2026-48526

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

CVE-2026-4035

A flaw was found in MLflow. This vulnerability allows an attacker to exfiltrate sensitive server-side environment credentials. It occurs because the AI Gateway secrets can resolve environment variables, which are then sent to an attacker-controlled endpoint. This could lead to unauthorized access...

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

CVE-2026-36602

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation...

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CVE-2026-36176

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

CVE-2026-36175

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

CVE-2026-41013

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

CVE-2025-65640

Cross Site Scripting XSS vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript cod...

CVE-2026-7251

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have ful...

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

CVE-2025-67448

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...

CVE-2025-67446

Improper Authentication Authentication Bypass exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value e.g., setting it to "admin", an attacker can bypass the authentication schema and gain...

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

CVE-2025-12659

Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process...

CVE-2026-48155

A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can craft a malicious PDF file that, when processed, leads to excessive memory consumption. This occurs when extracting text in layout mode with large character offsets. This vulnerability can result in a Denia...

CVE-2026-48522

A flaw was found in PyJWT, a JSON Web Token implementation in Python. The PyJWKClient component, prior to version 2.13.0, directly passes its Uniform Resource Identifier URI argument to urllib.request.urlopen. This allows a remote attacker, by influencing the application's jku URL ingestion path,...

CVE-2026-48523

A flaw was found in PyJWT, a Python library for handling JSON Web Tokens JWT. An attacker with control over a registered JSON Web Key JWK private key can bypass security checks by signing a token with a forbidden algorithm while claiming to use an allowed one. This allows the attacker to have the...

CVE-2026-48524

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. A remote attacker can exploit this vulnerability by sending specially crafted JWTs with unknown 'kid' key ID values. This can force the PyJWKClient.getsigningkey function to make an unlimited number of unrate-limit...

CVE-2026-48525

A flaw was found in PyJWT. A remote attacker can exploit this by supplying an arbitrarily large Base64URL payload segment when verifying detached JSON Web Signature JWS tokens using the unencoded-payload option. This forces excessive CPU work and memory allocations, leading to a Denial of Service...

CVE-2026-48156

A flaw was found in pypdf, a free and open-source pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file. This file, containing specific cross-reference streams with /W 0 0 0 values and large /Size values, can lead to excessively long processi...

CVE-2026-48735

A flaw was found in pypdf, a pure-python PDF library. An attacker could craft a malicious PDF file containing large XMP metadata. Processing this crafted PDF would lead to excessive memory consumption, potentially causing a denial of service DoS for the affected system. Mitigation Mitigation for...

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

CVE-2026-42317

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...