π¨ CVE-2026-23634
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the βgetting startedβ experience smooth: new users can experiment with Pepr and create resources dynamically without needing to pre-configure RBAC. This vulnerability is fixed in 1.0.5.
π@cveNotify
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the βgetting startedβ experience smooth: new users can experiment with Pepr and create resources dynamically without needing to pre-configure RBAC. This vulnerability is fixed in 1.0.5.
π@cveNotify
GitHub
Release v1.0.5 Β· defenseunicorns/pepr
1.0.5 (2026-01-15)
Bug Fixes
added log warning and updated docs for default admin mode (#2883) (d4675a6)
Bug Fixes
added log warning and updated docs for default admin mode (#2883) (d4675a6)
π¨ CVE-2026-0943
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.
Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.
π@cveNotify
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.
Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.
π@cveNotify
π¨ CVE-2026-26720
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
π@cveNotify
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
π@cveNotify
Dillonkirsch
No Sandbox, No Problem: Exploiting Remote Code Execution in Twenty CRM. CVE-2026-26720
From Learning to Root: How I Found a Remote Code Execution Vulnerability in Twenty CRM Code reviews and web application security arenβt exactly my wheelhouse. I wanted to change that, so I challenged myself to audit open-source codebases and look for potentialβ¦
π¨ CVE-2025-48545
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2026-23833
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check `ptr + field_length > end` in `components/api/proto.cpp` can overflow when a malicious client sends a large `field_length` value. This affects all ESPHome device platforms (ESP32, ESP8266, RP2040, LibreTiny). The overflow bypasses the out-of-bounds check, causing the device to read invalid memory and crash. When using the plaintext API protocol, this attack can be performed without authentication. When noise encryption is enabled, knowledge of the encryption key is required. Users should upgrade to ESPHome 2025.12.7 or later to receive a patch, enable API encryption with a unique key per device, and follow the Security Best Practices.
π@cveNotify
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check `ptr + field_length > end` in `components/api/proto.cpp` can overflow when a malicious client sends a large `field_length` value. This affects all ESPHome device platforms (ESP32, ESP8266, RP2040, LibreTiny). The overflow bypasses the out-of-bounds check, causing the device to read invalid memory and crash. When using the plaintext API protocol, this attack can be performed without authentication. When noise encryption is enabled, knowledge of the encryption key is required. Users should upgrade to ESPHome 2025.12.7 or later to receive a patch, enable API encryption with a unique key per device, and follow the Security Best Practices.
π@cveNotify
ESPHome - Smart Home Made Simple
Security Best Practices
Security best practices for ESPHome devices and networks.
π¨ CVE-2026-24001
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\r`, `\u2028`, or `\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its "leading garbage"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*Β³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\r`, `\u2028`, or `\u2029`.
π@cveNotify
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\r`, `\u2028`, or `\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its "leading garbage"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*Β³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\r`, `\u2028`, or `\u2029`.
π@cveNotify
GitHub
Fix the second denial-of-service vulnerability in parsePatch (#649) Β· kpdecker/jsdiff@15a1585
* Fix the second ReDOS
* Fix release notes
* Fix release notes
π¨ CVE-2026-22719
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.
To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
π@cveNotify
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.
To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
π@cveNotify
π¨ CVE-2026-28412
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue.
π@cveNotify
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue.
π@cveNotify
GitHub
Merge commit from fork Β· f/textream@3524fa9
fix: enforce connection limit, offload broadcast to background queue,β¦
π¨ CVE-2025-48634
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2025-62814
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
π@cveNotify
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
π@cveNotify
Samsung Semiconductor Global
Product Security Update | Support | Samsung Semiconductor Global
Samsung semiconductor values product security. Check out the latest product security update at Samsung Semiconductor Global.
π¨ CVE-2025-66363
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
π@cveNotify
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
π@cveNotify
Samsung Semiconductor Global
Product Security Update | Support | Samsung Semiconductor Global
Samsung semiconductor values product security. Check out the latest product security update at Samsung Semiconductor Global.
π¨ CVE-2023-31044
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.
π@cveNotify
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.
π@cveNotify
Nokia Corporation | Nokia
Homepage | Nokia.com
As a technology leader across mobile, fixed and cloud networks, our solutions enable a more productive, sustainable and inclusive world.
π¨ CVE-2024-55022
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.
π@cveNotify
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.
π@cveNotify
Gist
Multiple critical vulnerabilities in Weintek HMI products (CVE-2024-55019 to CVE-2024-55027)
Multiple critical vulnerabilities in Weintek HMI products (CVE-2024-55019 to CVE-2024-55027) - weintek-cve-2024-55019-55027.md
π¨ CVE-2024-55026
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
π@cveNotify
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
π@cveNotify
Gist
Multiple critical vulnerabilities in Weintek HMI products (CVE-2024-55019 to CVE-2024-55027)
Multiple critical vulnerabilities in Weintek HMI products (CVE-2024-55019 to CVE-2024-55027) - weintek-cve-2024-55019-55027.md
π¨ CVE-2024-55027
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
π@cveNotify
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
π@cveNotify
Gist
Multiple critical vulnerabilities in Weintek HMI products (CVE-2024-55019 to CVE-2024-55027)
Multiple critical vulnerabilities in Weintek HMI products (CVE-2024-55019 to CVE-2024-55027) - weintek-cve-2024-55019-55027.md
π¨ CVE-2025-66945
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution
π@cveNotify
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution
π@cveNotify
GitHub
GitHub - kaliworld/Zdir-Pro-Zip-slip-vulnerability: Zdir Pro Zip slip vulnerability POC
Zdir Pro Zip slip vulnerability POC. Contribute to kaliworld/Zdir-Pro-Zip-slip-vulnerability development by creating an account on GitHub.
π¨ CVE-2026-2590
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentially exposing sensitive information to other users, by creating
or editing certain connection types while password saving is disabled.
π@cveNotify
Improper
enforcement of the Disable password saving in vaults setting in the
connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries,
potentially exposing sensitive information to other users, by creating
or editing certain connection types while password saving is disabled.
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-3130
Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion.
π@cveNotify
Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion.
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-3204
Improper
input validation in the error message page in Devolutions Server 2025.3.15 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
π@cveNotify
Improper
input validation in the error message page in Devolutions Server 2025.3.15 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-3224
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
π@cveNotify
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2025-70341
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
π@cveNotify
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
π@cveNotify
GitHub
App-Auto-Patch/App-Auto-Patch-via-Dialog.zsh at main Β· App-Auto-Patch/App-Auto-Patch
Auto patch management script via Dialog. Contribute to App-Auto-Patch/App-Auto-Patch development by creating an account on GitHub.