CVE-2026-5078 - morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
CVE ID :CVE-2026-5078
Published : June 3, 2026, 8:16 a.m. | 2 hours, 44 minutes ago
Description :Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF bytes to inject forged log lines, breaking the one-request-per-line structure of access logs and enabling log forgery against downstream log consumers. The built-in combined, common, default, and short formats are affected, as well as any custom format that references :remote-user. Affected versions: morgan 1.2.0 through 1.10.1. Patches: upgrade to morgan 1.11.0, which neutralizes control characters in the :remote-user token output. Workarounds: use a custom format string that does not include :remote-user.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5078
Published : June 3, 2026, 8:16 a.m. | 2 hours, 44 minutes ago
Description :Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF bytes to inject forged log lines, breaking the one-request-per-line structure of access logs and enabling log forgery against downstream log consumers. The built-in combined, common, default, and short formats are affected, as well as any custom format that references :remote-user. Affected versions: morgan 1.2.0 through 1.10.1. Patches: upgrade to morgan 1.11.0, which neutralizes control characters in the :remote-user token output. Workarounds: use a custom format string that does not include :remote-user.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15655 - WordPress School Management plugin <= 93.2.0 - SQL Injection vulnerability
CVE ID :CVE-2025-15655
Published : June 3, 2026, 9 a.m. | 2 hours ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-15655
Published : June 3, 2026, 9 a.m. | 2 hours ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15656 - WordPress School Management plugin <= 93.2.0 - Privilege Escalation vulnerability
CVE ID :CVE-2025-15656
Published : June 3, 2026, 9:04 a.m. | 1 hour, 56 minutes ago
Description :Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-15656
Published : June 3, 2026, 9:04 a.m. | 1 hour, 56 minutes ago
Description :Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14771 - File Disclosure in ABB T-MAC Plus web application and in ABB T-MAC plus Server - Default IIS Web Site
CVE ID :CVE-2025-14771
Published : June 3, 2026, 9:16 a.m. | 1 hour, 44 minutes ago
Description :Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-14771
Published : June 3, 2026, 9:16 a.m. | 1 hour, 44 minutes ago
Description :Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15654 - WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2025-15654
Published : June 3, 2026, 9:16 a.m. | 1 hour, 44 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-15654
Published : June 3, 2026, 9:16 a.m. | 1 hour, 44 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4035 - Environment Variable Resolution Vulnerability in mlflow/mlflow
CVE ID :CVE-2026-4035
Published : June 3, 2026, 9:16 a.m. | 1 hour, 44 minutes ago
Description :A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4035
Published : June 3, 2026, 9:16 a.m. | 1 hour, 44 minutes ago
Description :A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14772 - Broken Access Control in ABB T-MAC Plus web application
CVE ID :CVE-2025-14772
Published : June 3, 2026, 9:25 a.m. | 1 hour, 34 minutes ago
Description :Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-14772
Published : June 3, 2026, 9:25 a.m. | 1 hour, 34 minutes ago
Description :Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-47065 - Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232
CVE ID :CVE-2026-47065
Published : June 3, 2026, 9:39 a.m. | 1 hour, 20 minutes ago
Description :ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the marker for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc() is dispatched. JDK then calls the default ObjectInputStream.resolveProxyClass(interfaces) implementation, which performs Class.forName(intf, false, latestUserDefinedLoader()) for EACH interface name and constructs the proxy class — bypassing the accepted classes list . ZDRES-233: Class.forName(name, initialize=true, classLoader) in readClassDescriptor Triggers Static Initialiser of Allow-Listed Classes Assessment: Fully addressed. For ANY class on the allow-list, deserialising a stream that names it triggers the class’s (static initialiser) BEFORE any instance is constructed. This means an attacker who supplies a class name on the allow-list (e.g., the developer wrote accept(“com.myapp.*") , attacker supplies com.myapp.SomeClass ) causes of SomeClass — and many real-world classes have side-effecting static initialisers Both issues have been fixed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47065
Published : June 3, 2026, 9:39 a.m. | 1 hour, 20 minutes ago
Description :ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the marker for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc() is dispatched. JDK then calls the default ObjectInputStream.resolveProxyClass(interfaces) implementation, which performs Class.forName(intf, false, latestUserDefinedLoader()) for EACH interface name and constructs the proxy class — bypassing the accepted classes list . ZDRES-233: Class.forName(name, initialize=true, classLoader) in readClassDescriptor Triggers Static Initialiser of Allow-Listed Classes Assessment: Fully addressed. For ANY class on the allow-list, deserialising a stream that names it triggers the class’s (static initialiser) BEFORE any instance is constructed. This means an attacker who supplies a class name on the allow-list (e.g., the developer wrote accept(“com.myapp.*") , attacker supplies com.myapp.SomeClass ) causes of SomeClass — and many real-world classes have side-effecting static initialisers Both issues have been fixed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14773 - Stored Cross-Site Scripting in ABB T-MAC Plus web application
CVE ID :CVE-2025-14773
Published : June 3, 2026, 9:40 a.m. | 1 hour, 20 minutes ago
Description :Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-14773
Published : June 3, 2026, 9:40 a.m. | 1 hour, 20 minutes ago
Description :Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14774 - Communication analysis between the Card Reader and TP2CardReaderService daemon
CVE ID :CVE-2025-14774
Published : June 3, 2026, 9:48 a.m. | 1 hour, 12 minutes ago
Description :Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-14774
Published : June 3, 2026, 9:48 a.m. | 1 hour, 12 minutes ago
Description :Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41032 - Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
CVE ID :CVE-2026-41032
Published : June 3, 2026, 10:16 a.m. | 44 minutes ago
Description :It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41032
Published : June 3, 2026, 10:16 a.m. | 44 minutes ago
Description :It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35081 - Arbitrary process termination vulnerability in method ugw-logstop
CVE ID :CVE-2026-35081
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-35081
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35082 - Local file inclusion vulnerability and deletion in ugw-logread method
CVE ID :CVE-2026-35082
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-35082
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35083 - Stack buffer overflow in method bac-deviceobject
CVE ID :CVE-2026-35083
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-35083
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35084 - Stack buffer overflow in method dali-devconfig
CVE ID :CVE-2026-35084
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-35084
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35085 - Stack buffer overflow in method gdv-serverconfig
CVE ID :CVE-2026-35085
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-35085
Published : June 3, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-49036 - Synology Active Backup for Business Recovery Media Creator Arbitrary Code Execution
CVE ID :CVE-2022-49036
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2022-49036
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-49042 - Synology Hyper Backup Explorer: Local Code Execution via Untrusted Control Sphere Inclusion
CVE ID :CVE-2022-49042
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2022-49042
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-52951 - Synology Note Station Client Cleartext Transmission of Sensitive Information
CVE ID :CVE-2023-52951
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2023-52951
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-47263 - Synology Hyper Backup Path Traversal
CVE ID :CVE-2024-47263
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information via unspecified vectors.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-47263
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information via unspecified vectors.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-47273 - Synology Hyper Backup Path Traversal
CVE ID :CVE-2024-47273
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-47273
Published : June 3, 2026, 2:16 p.m. | 44 minutes ago
Description :An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...