| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-53470 | Cri | 0.55 | 9.6 | 0.00 | Jun 10, 2026 | A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual… | ||
| CVE-2026-53469 | Cri | 0.52 | 9.1 | 0.00 | Jun 10, 2026 | A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents,… | ||
| CVE-2026-45558 | Cri | 0.64 | 9.9 | 0.00 | Jun 10, 2026 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option… | ||
| CVE-2026-45556 | Cri | 0.64 | 9.9 | 0.00 | Jun 10, 2026 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to… | ||
| CVE-2026-45552 | Cri | 0.64 | 9.9 | 0.00 | Jun 10, 2026 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/routes/install/routes.py:36-39). The individual endpoints install_exporter,… | ||
| CVE-2026-45550 | Cri | 0.59 | 9.1 | 0.00 | Jun 10, 2026 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() — which validates that the caller has some group,… | ||
| CVE-2026-48031 | cri | 0.52 | — | 0.00 | Jun 10, 2026 | ## Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation ### Affected Component - `github.com/dhax/go-base` — Go REST API boilerplate (go-chi/jwtauth/v5, Viper, PostgreSQL/Bun) - 1,685 stars on GitHub ### Vulnerability Locations | File | Line | Role |… | ||
| CVE-2025-6254 | Cri | 0.64 | 9.8 | 0.00 | Jun 10, 2026 | The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for… | ||
| CVE-2026-9067 | Cri | 0.59 | 9.1 | 0.00 | Jun 10, 2026 | The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users… | ||
| CVE-2026-26241 | Cri | 0.59 | 9.1 | 0.00 | Jun 10, 2026 | A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||
| CVE-2026-26240 | Cri | 0.59 | 9.1 | 0.00 | Jun 10, 2026 | A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||
| CVE-2025-66276 | Cri | 0.64 | 9.8 | 0.00 | Jun 10, 2026 | QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later | ||
| CVE-2026-45328 | Cri | 0.53 | 9.3 | 0.00 | Jun 10, 2026 | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to… | ||
| CVE-2026-44963 | Cri | 0.61 | — | 0.02 | Jun 9, 2026 | A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. | ||
| CVE-2026-48030 | cri | 0.52 | — | 0.00 | Jun 9, 2026 | ### Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINAL_COMMANDS whitelist and achieving… | ||
| CVE-2026-48303 | Cri | 0.65 | 10.0 | 0.01 | Jun 9, 2026 | Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is… | ||
| CVE-2026-47938 | Cri | 0.65 | 10.0 | 0.00 | Jun 9, 2026 | Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed. | ||
| CVE-2026-47928 | Cri | 0.62 | 9.6 | 0.09 | Jun 9, 2026 | ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||
| CVE-2026-36727 | Cri | 0.59 | 9.1 | 0.00 | Jun 9, 2026 | An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | ||
| CVE-2026-36721 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2026 | A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | ||
| CVE-2026-30141 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file. | ||
| CVE-2026-10045 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2026 | Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify… | ||
| CVE-2026-34691 | Cri | 0.60 | 9.3 | 0.00 | Jun 9, 2026 | Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a… | ||
| CVE-2026-49841 | Cri | 0.57 | 9.8 | 0.00 | Jun 9, 2026 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a… | ||
| CVE-2026-49840 | Cri | 0.52 | 9.1 | 0.00 | Jun 9, 2026 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the… | ||
| CVE-2026-47643 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47291 | Cri | 0.64 | 9.8 | 0.22 | Jun 9, 2026 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47281 | Cri | 0.62 | 9.6 | 0.01 | Jun 9, 2026 | Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-45657 | Cri | 0.64 | 9.8 | 0.15 | Jun 9, 2026 | Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-45602 | Cri | 0.59 | 9.1 | 0.00 | Jun 9, 2026 | No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-44815 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42904 | Cri | 0.62 | 9.6 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2026-38615 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. | ||
| CVE-2026-34182 | Cri | 0.52 | 9.1 | 0.00 | Jun 9, 2026 | Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these… | ||
| CVE-2026-26142 | Cri | 0.64 | 9.8 | 0.02 | Jun 9, 2026 | Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-8025 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2026 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned… | ||
| CVE-2026-25089 | Cri | 0.64 | 9.8 | 0.23 | Jun 9, 2026 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS… | ||
| CVE-2026-10523 | Cri | 0.64 | 9.9 | 0.47 | Jun 9, 2026 | An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access | ||
| CVE-2026-10520 | Cri | 0.77 | 10.0 | 0.99 | KEV | Jun 9, 2026 | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution | |
| CVE-2026-7486 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2026 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2. | ||
| CVE-2026-46325 | Cri | 0.57 | 9.8 | 0.00 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles memory regions (MRs) with page sizes different from the system PAGE_SIZE. The core issue is… | ||
| CVE-2026-46316 | Cri | 0.53 | 9.3 | 0.00 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each… | ||
| CVE-2017-20251 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the… | ||
| CVE-2026-10731 | Cri | 0.60 | — | 0.00 | Jun 9, 2026 | SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be accessed without prior authentication, allowing unauthenticated… | ||
| CVE-2025-10263 | Cri | 0.59 | 9.1 | 0.00 | Jun 9, 2026 | Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher… | ||
| CVE-2009-10007 | Cri | 0.52 | 9.1 | 0.00 | Jun 9, 2026 | Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to… | ||
| CVE-2026-9698 | Cri | 0.57 | 9.8 | 0.00 | Jun 9, 2026 | DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an… | ||
| CVE-2026-44083 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2026 | An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later | ||
| CVE-2026-5067 | Cri | 0.57 | 9.8 | 0.01 | Jun 9, 2026 | A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL… | ||
| CVE-2026-44748 | Cri | 0.64 | 9.9 | 0.00 | Jun 9, 2026 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to… |
- risk 0.55cvss 9.6epss 0.00
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual…
- risk 0.52cvss 9.1epss 0.00
A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents,…
- risk 0.64cvss 9.9epss 0.00
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option…
- risk 0.64cvss 9.9epss 0.00
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to…
- risk 0.64cvss 9.9epss 0.00
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/routes/install/routes.py:36-39). The individual endpoints install_exporter,…
- risk 0.59cvss 9.1epss 0.00
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() — which validates that the caller has some group,…
- risk 0.52cvss —epss 0.00
## Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation ### Affected Component - `github.com/dhax/go-base` — Go REST API boilerplate (go-chi/jwtauth/v5, Viper, PostgreSQL/Bun) - 1,685 stars on GitHub ### Vulnerability Locations | File | Line | Role |…
- risk 0.64cvss 9.8epss 0.00
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for…
- risk 0.59cvss 9.1epss 0.00
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users…
- risk 0.59cvss 9.1epss 0.00
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
- risk 0.59cvss 9.1epss 0.00
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later
- risk 0.64cvss 9.8epss 0.00
QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
- risk 0.53cvss 9.3epss 0.00
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to…
- risk 0.61cvss —epss 0.02
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
- risk 0.52cvss —epss 0.00
### Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINAL_COMMANDS whitelist and achieving…
- risk 0.65cvss 10.0epss 0.01
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is…
- risk 0.65cvss 10.0epss 0.00
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.
- risk 0.62cvss 9.6epss 0.09
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
- risk 0.59cvss 9.1epss 0.00
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
- risk 0.64cvss 9.8epss 0.00
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.
- risk 0.64cvss 9.8epss 0.00
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify…
- risk 0.60cvss 9.3epss 0.00
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a…
- risk 0.57cvss 9.8epss 0.00
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a…
- risk 0.52cvss 9.1epss 0.00
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the…
- risk 0.64cvss 9.8epss 0.01
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.22
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
- risk 0.62cvss 9.6epss 0.01
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
- risk 0.64cvss 9.8epss 0.15
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
- risk 0.59cvss 9.1epss 0.00
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
- risk 0.64cvss 9.8epss 0.01
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
- risk 0.62cvss 9.6epss 0.00
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
- risk 0.64cvss 9.8epss 0.01
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
- risk 0.52cvss 9.1epss 0.00
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these…
- risk 0.64cvss 9.8epss 0.02
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.00
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned…
- risk 0.64cvss 9.8epss 0.23
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS…
- risk 0.64cvss 9.9epss 0.47
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
- risk 0.77cvss 10.0epss 0.99
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
- risk 0.64cvss 9.8epss 0.00
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2.
- risk 0.57cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles memory regions (MRs) with page sizes different from the system PAGE_SIZE. The core issue is…
- risk 0.53cvss 9.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each…
- risk 0.64cvss 9.8epss 0.01
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the…
- risk 0.60cvss —epss 0.00
SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be accessed without prior authentication, allowing unauthenticated…
- risk 0.59cvss 9.1epss 0.00
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher…
- risk 0.52cvss 9.1epss 0.00
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to…
- risk 0.57cvss 9.8epss 0.00
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an…
- risk 0.64cvss 9.8epss 0.00
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later
- risk 0.57cvss 9.8epss 0.01
A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL…
- risk 0.64cvss 9.9epss 0.00
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to…