๐จ CVE-2026-0901
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 144 to the stable channel for Windows, Mac and Linux. This will roll out ov...
๐จ CVE-2026-1324
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Sangfor OSM Remote Code Execution via SSH Protocol ยท Issue #20 ยท LX-LX88/cve
Security Advisory: Sangfor OSM Remote Code Execution via SSH Protocol Product: Sangfor (ๆทฑไฟกๆ) Product Name: Operation and Maintenance Security Management System (OSM / ่ฟ็ปดๅฎๅ
จ็ฎก็็ณป็ป) Affected Version: 3....
๐จ CVE-2026-1325
A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Sangfor OSM Unauthenticated Arbitrary Password Reset ยท Issue #21 ยท LX-LX88/cve
Security Advisory: Sangfor OSM Unauthenticated Arbitrary Password Reset Product: Sangfor (ๆทฑไฟกๆ) Product Name: Operation and Maintenance Security Management System (OSM / ่ฟ็ปดๅฎๅ
จ็ฎก็็ณป็ป) Affected Version: ...
๐จ CVE-2025-48754
In the memory_pages crate 0.1.0 for Rust, division by zero can occur.
๐@cveNotify
In the memory_pages crate 0.1.0 for Rust, division by zero can occur.
๐@cveNotify
crates.io
crates.io: Rust Package Registry
๐จ CVE-2025-48755
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).
๐@cveNotify
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).
๐@cveNotify
crates.io
crates.io: Rust Package Registry
๐จ CVE-2025-48756
In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.
๐@cveNotify
In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.
๐@cveNotify
crates.io
crates.io: Rust Package Registry
๐จ CVE-2026-23953
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the โincusโ group) can create an environment variable containing newlines, which can be used to add additional configuration items in the containerโs lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6
and 6.21.0, but they have not been released at the time of publication.
๐@cveNotify
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the โincusโ group) can create an environment variable containing newlines, which can be used to add additional configuration items in the containerโs lxc.conf due to newline injection. This can allow adding arbitrary lifecycle hooks, ultimately resulting in arbitrary command execution on the host. Exploiting this issue on IncusOS requires a slight modification of the payload to change to a different writable directory for the validation step (e.g /tmp). This can be confirmed with a second container with /tmp mounted from the host (A privileged action for validation only). A fix is planned for versions 6.0.6
and 6.21.0, but they have not been released at the time of publication.
๐@cveNotify
GitHub
incus/internal/server/instance/drivers/driver_lxc.go at e4c267db822295c28cfb29d05270cc7fa4193d36 ยท lxc/incus
Powerful system container and virtual machine manager - lxc/incus
๐จ CVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the โincusโ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.
๐@cveNotify
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the โincusโ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths are not checked for symbolic links or directory traversal. This can also be exploited in IncusOS. A fix is planned for versions 6.0.6 and 6.21.0, but they have not been released at the time of publication.
๐@cveNotify
GitHub
incus/internal/server/instance/drivers/driver_lxc.go at e4c267db822295c28cfb29d05270cc7fa4193d36 ยท lxc/incus
Powerful system container and virtual machine manager - lxc/incus
๐จ CVE-2026-24515
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
๐@cveNotify
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
๐@cveNotify
GitHub
[CVE-2026-24515] lib: Make `XML_ExternalEntityParserCreate` copy unknown encoding handler user data by hartwork ยท Pull Requestโฆ
:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub - [CVE-2026-24515] lib: Make `XML_ExternalEntityParserCreate` copy unknown encoding handler user data by hartwork ยท Pull Request #1131 ยท libexpat/libexpat
๐จ CVE-2026-24421
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.
๐@cveNotify
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.
๐@cveNotify
GitHub
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
### Summary
Authenticated nonโadmin users can call /api/setup/backup and trigger a configuration backup. The endpoint only checks authentication, not authorization, and returns a link to the gener...
Authenticated nonโadmin users can call /api/setup/backup and trigger a configuration backup. The endpoint only checks authentication, not authorization, and returns a link to the gener...
๐จ CVE-2024-13086
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QTS 5.2.0.2851 build 20240808 and later
QuTS hero h5.2.0.2851 build 20240808 and later
๐@cveNotify
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QTS 5.2.0.2851 build 20240808 and later
QuTS hero h5.2.0.2851 build 20240808 and later
๐@cveNotify
๐จ CVE-2025-39205
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
๐@cveNotify
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
๐@cveNotify
๐จ CVE-2025-13505
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.This issue affects Datactive: from 2.13.34 before 2.14.0.6.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.This issue affects Datactive: from 2.13.34 before 2.14.0.6.
๐@cveNotify
๐จ CVE-2025-66476
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
๐@cveNotify
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
๐@cveNotify
GitHub
patch 9.1.1947: [security]: Windows: Vim may execute commands from cuโฆ ยท vim/vim@083ec6d
โฆrrent directory
Problem: [security]: Windows: Vim may execute commands from current
directory (Simon Zuckerbraun)
Solution: Set the $NoDefaultCurrentDirectoryInExePath before running
...
Problem: [security]: Windows: Vim may execute commands from current
directory (Simon Zuckerbraun)
Solution: Set the $NoDefaultCurrentDirectoryInExePath before running
...
๐จ CVE-2025-13751
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
๐@cveNotify
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
๐@cveNotify
๐จ CVE-2025-33208
NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.
๐@cveNotify
NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.
๐@cveNotify
๐จ CVE-2024-50388
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.1.673 and later
๐@cveNotify
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.1.673 and later
๐@cveNotify
๐จ CVE-2025-13000
The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks
๐@cveNotify
The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks
๐@cveNotify
WPScan
DB Access <= 0.8.7 - Subscriber+ SQLi
See details on DB Access <= 0.8.7 - Subscriber+ SQLi CVE 2025-13000. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-13001
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks
๐@cveNotify
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks
๐@cveNotify
WPScan
Donation <= 1.0 - Admin+ SQLi
See details on Donation <= 1.0 - Admin+ SQLi CVE 2025-13001. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-13879
Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.
๐@cveNotify
Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.
๐@cveNotify
EfficientIP
SOLIDserver IPAM Solutions | EfficientIP
Discover EfficientIP's SOLIDserver IPAM solutions for streamlined network management and enhanced security. Learn more about our innovative offerings now!
๐จ CVE-2025-40700
Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.
๐@cveNotify
Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.
๐@cveNotify