๐จ CVE-2026-0895
The extension extends TYPO3โ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 .
๐@cveNotify
The extension extends TYPO3โ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 .
๐@cveNotify
GitHub
[SECURITY] Harden message deserialization in `QueueableFileTransport` ยท CPS-IT/mailqueue@12a0a35
Resolves: CVE-2026-0895
Related: CVE-2026-0859
Related: CVE-2026-0859
๐จ CVE-2025-41768
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.
๐@cveNotify
On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.
๐@cveNotify
Certvde
Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server
๐จ CVE-2025-14523
A flaw in libsoupโs HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
๐@cveNotify
A flaw in libsoupโs HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
๐@cveNotify
๐จ CVE-2025-14533
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.
๐@cveNotify
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field.
๐@cveNotify
๐จ CVE-2025-14369
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.
๐@cveNotify
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.
๐@cveNotify
GitHub
dr_flac: Improvements to drflac_open_and_read_pcm_frames_*() and family. ยท mackron/dr_libs@b2197b2
Prior to this commit, the code would indiscriminately allocate a single
block of memory from `totalPCMFrameCount`. This can result in tiny
malignant FLAC files allocating huge blocks of memory.
I&...
block of memory from `totalPCMFrameCount`. This can result in tiny
malignant FLAC files allocating huge blocks of memory.
I&...
๐จ CVE-2025-40644
Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
๐@cveNotify
Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
๐@cveNotify
www.incibe.es
Reflected Cross-Site Scripting (XSS) in QRGen's Riftzilla
INCIBE has coordinated the publication of a medium-severity vulnerability affecting QRGen by Riftzilla
๐จ CVE-2025-40679
HTML
Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting the 'product_name' parameter.
๐@cveNotify
HTML
Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting the 'product_name' parameter.
๐@cveNotify
www.incibe.es
HTML injection in Isshue from Bdtask
INCIBE has coordinated the publication of a medium-severity vulnerability affecting a Isshue by Bdtask
๐จ CVE-2025-41024
Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows:
'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumber' y 'regno' parameters in '/farm/farmprofile.php'.
๐@cveNotify
Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows:
'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumber' y 'regno' parameters in '/farm/farmprofile.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Poultry Farm Management System
INCIBE has coordinated the publication of 2 medium-severity vulnerability affecting Poultry Farm Manag
๐จ CVE-2025-41025
Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows:
'category' y 'product' parameters in '/farm/sell_product.php'.
๐@cveNotify
Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows:
'category' y 'product' parameters in '/farm/sell_product.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Poultry Farm Management System
INCIBE has coordinated the publication of 2 medium-severity vulnerability affecting Poultry Farm Manag
๐จ CVE-2025-8110
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
๐@cveNotify
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
๐@cveNotify
wiz.io
Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited | Wiz Blog
Wiz Research discovered a Gogs zero-day (CVE-2025-8110) that bypasses a previous RCE fix via symlinks, leading to file overwrite and remote code execution.
๐จ CVE-2025-59429
FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The Asterisk HTTP status page is exposed by FreePBX and is available by default on version 16 via any bound IP address at port 8088. By default on version 17, the binding is only to localhost IP, making it significantly less vulnerable. The vulnerability can be exploited by unauthenticated attackers to obtain cookies from logged-in users, allowing them to hijack a session of an administrative user. The theft of admin session cookies allows attackers to gain control over the FreePBX admin interface, enabling them to access sensitive data, modify system configurations, create backdoor accounts, and cause service disruption. This issue has been patched in version 16.0.68.39 for FreePBX 16 and version 17.0.18.38 for FreePBX 17.
๐@cveNotify
FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The Asterisk HTTP status page is exposed by FreePBX and is available by default on version 16 via any bound IP address at port 8088. By default on version 17, the binding is only to localhost IP, making it significantly less vulnerable. The vulnerability can be exploited by unauthenticated attackers to obtain cookies from logged-in users, allowing them to hijack a session of an administrative user. The theft of admin session cookies allows attackers to gain control over the FreePBX admin interface, enabling them to access sensitive data, modify system configurations, create backdoor accounts, and cause service disruption. This issue has been patched in version 16.0.68.39 for FreePBX 16 and version 17.0.18.38 for FreePBX 17.
๐@cveNotify
GitHub
Reflected Cross-site Scripting in Asterisk HTTP Status page
# Summary
A Reflected Cross-site scripting vulnerability is present on the Asterisk HTTP Status page.
# Description
The Asterisk HTTP status page is exposed by FreePBX and is available by defa...
A Reflected Cross-site scripting vulnerability is present on the Asterisk HTTP Status page.
# Description
The Asterisk HTTP status page is exposed by FreePBX and is available by defa...
๐จ CVE-2026-0899
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 144 to the stable channel for Windows, Mac and Linux. This will roll out ov...
๐จ CVE-2026-0900
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 144 to the stable channel for Windows, Mac and Linux. This will roll out ov...
๐จ CVE-2026-0901
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 144 to the stable channel for Windows, Mac and Linux. This will roll out ov...
๐จ CVE-2026-0908
Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
๐@cveNotify
Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 144 to the stable channel for Windows, Mac and Linux. This will roll out ov...
๐จ CVE-2025-14369
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.
๐@cveNotify
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.
๐@cveNotify
GitHub
dr_flac: Improvements to drflac_open_and_read_pcm_frames_*() and family. ยท mackron/dr_libs@b2197b2
Prior to this commit, the code would indiscriminately allocate a single
block of memory from `totalPCMFrameCount`. This can result in tiny
malignant FLAC files allocating huge blocks of memory.
I&...
block of memory from `totalPCMFrameCount`. This can result in tiny
malignant FLAC files allocating huge blocks of memory.
I&...
๐จ CVE-2025-11743
A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover.
๐@cveNotify
A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover.
๐@cveNotify
Rockwell Automation
SD1770 | Security Advisory | Rockwell Automation | US
CompactLogixยฎ 5370 Denial of Service Vulnerability
๐จ CVE-2025-14027
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart.
๐@cveNotify
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive and, in some cases, result in a major nonrecoverable fault. Recovery may require a restart.
๐@cveNotify
Rockwell Automation
SD1769 | Security Advisory | Rockwell Automation | US
IMPORTANT NOTICE: Rockwell Automation Recommends Upgrading From 1756-RM2 XT To 1756-RM3 XT
๐จ CVE-2025-14376
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
๐@cveNotify
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
๐@cveNotify
Rockwell Automation
SD1767 | Security Advisory | Rockwell Automation | US
Verve Asset Manager โ Plaintext Storage Vulnerabilities
๐จ CVE-2025-14377
A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024.
๐@cveNotify
A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024.
๐@cveNotify
Rockwell Automation
SD1767 | Security Advisory | Rockwell Automation | US
Verve Asset Manager โ Plaintext Storage Vulnerabilities
๐จ CVE-2025-15281
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
๐@cveNotify
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
๐@cveNotify