π¨ CVE-2025-44141
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.
π@cveNotify
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.
π@cveNotify
backdrop.com
Backdrop.com Official
Custom Designed Backdrops for every event from birthday parties, bachelorette, bachelor, wedding, corporate, red carpet, step & repeat, trade show, festivals, fairs, press conference, and product launch
π¨ CVE-2025-47373
Memory Corruption when accessing buffers with invalid length during TA invocation.
π@cveNotify
Memory Corruption when accessing buffers with invalid length during TA invocation.
π@cveNotify
π¨ CVE-2024-55027
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
π@cveNotify
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
π@cveNotify
Gist
Multiple critical vulnerabilities in Weintek HMI products (CVE-2024-55019 to CVE-2024-55027)
Multiple critical vulnerabilities in Weintek HMI products (CVE-2024-55019 to CVE-2024-55027) - weintek-cve-2024-55019-55027.md
π¨ CVE-2025-13490
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2βr1 through 12.0.12.5βr1 and 13.0.1.0βr1 through 13.0.6.1βr1, and LTS versions 12.0.12βr1 through 12.0.12βr20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through manβinβtheβmiddle techniques.
π@cveNotify
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2βr1 through 12.0.12.5βr1 and 13.0.1.0βr1 through 13.0.6.1βr1, and LTS versions 12.0.12βr1 through 12.0.12βr20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through manβinβtheβmiddle techniques.
π@cveNotify
Ibm
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that reportβ¦
When an IBM App Connect Enterprise Certified Container IntegrationRuntime or IntegrationServer is configured to report metrics to a Prometheus instance in the OpenShift cluster, the metrics are sent over an unencrypted channel. This bulletin provides patchβ¦
π¨ CVE-2025-13734
IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
π@cveNotify
IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
π@cveNotify
Ibm
Security Bulletin: IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify dataβ¦
IBM Engineering Requirements Management DOORS Next could allow an authenticated user to view and edit data beyond their assigned access permissions. This issue occurs due to insufficient authorization enforcement. An attacker with valid credentials couldβ¦
π¨ CVE-2025-14604
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors.
π@cveNotify
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors.
π@cveNotify
Ibm
Security Bulletin: The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL compositionβ¦
The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL composition and could lead to improper execute permissions, have been remediated in Storage Scale versions 5.2.3.6 and 6.0.0.2.
π¨ CVE-2026-1762
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
π@cveNotify
A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
π@cveNotify
π¨ CVE-2026-1763
Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
π@cveNotify
Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
π@cveNotify
π¨ CVE-2026-20601
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission.
π@cveNotify
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission.
π@cveNotify
Apple Support
About the security content of macOS Tahoe 26.3 - Apple Support
This document describes the security content of macOS Tahoe 26.3.
π¨ CVE-2026-27482
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher.
π@cveNotify
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher.
π@cveNotify
GitHub
[Core] Use whitelist approach to block mutation requests from browser⦠· ray-project/ray@0fda8b8
β¦ (#60526)
## Description
Currently we use `get_browsers_no_post_put_middleware` to block PUT/POST
requests from browsers since these endpoints are not intended to be
called from a browser context...
## Description
Currently we use `get_browsers_no_post_put_middleware` to block PUT/POST
requests from browsers since these endpoints are not intended to be
called from a browser context...
π¨ CVE-2025-47371
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
π@cveNotify
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
π@cveNotify
π¨ CVE-2025-47383
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
π@cveNotify
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
π@cveNotify
π¨ CVE-2026-3344
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1.
π@cveNotify
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1.
π@cveNotify
Watchguard
WatchGuard Firebox System Integrity Check Bypass
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.
π¨ CVE-2026-23601
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.
π@cveNotify
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.
π@cveNotify
π¨ CVE-2025-70220
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
π@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
π@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70220 at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
β€1
π¨ CVE-2025-70223
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
π@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
π@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70223 at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
π¨ CVE-2025-70226
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
π@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
π@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70226 at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
π¨ CVE-2025-28164
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
π@cveNotify
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
π@cveNotify
Gist
CVE-2025-28164
CVE-2025-28164. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2026-28270
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.
π@cveNotify
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch for the issue.
π@cveNotify
GitHub
[Core] Kiteworks Core before 9.2.0 has an Unrestricted Upload of File with Dangerous Type
### Description
A vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file ...
A vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file ...
π¨ CVE-2026-28271
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.
π@cveNotify
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.
π@cveNotify
GitHub
[Core] Kiteworks Core before 9.2.0 is vulnerable to Server-Side Request Forgery (SSRF)
### Description
A vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access...
A vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access...
π¨ CVE-2026-28272
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface. Version 9.2.0 contains a patch for the issue.
π@cveNotify
Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface. Version 9.2.0 contains a patch for the issue.
π@cveNotify
GitHub
[EPG] Kiteworks Email Protection Gateway before version 9.2.0 has an Improper Neutralization of Input During Web Page Generationβ¦
### Description
A vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script execute...
A vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script execute...