π¨ CVE-2026-23767
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
π@cveNotify
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
π@cveNotify
π¨ CVE-2026-2418
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email
π@cveNotify
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email
π@cveNotify
WPScan
Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass
See details on Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass CVE 2026-2418. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2025-13476
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0βv25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)
π@cveNotify
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0βv25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)
π@cveNotify
Viber
Download | Viber
π¨ CVE-2025-70948
A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.
π@cveNotify
A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.
π@cveNotify
Gist
Public Security Advisory for CVE-2025-70948 and CVE-2025-70949
Public Security Advisory for CVE-2025-70948 and CVE-2025-70949 - CVE-2025-70948 and CVE-2025-70949.md
π¨ CVE-2025-70949
An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel.
π@cveNotify
An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel.
π@cveNotify
Gist
Public Security Advisory for CVE-2025-70948 and CVE-2025-70949
Public Security Advisory for CVE-2025-70948 and CVE-2025-70949 - CVE-2025-70948 and CVE-2025-70949.md
π¨ CVE-2025-70995
An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime. The uploaded configuration file alters the execution context of the upload directory, enabling compilation and execution of attacker-controlled code (e.g., generation of an .aspx webshell). This allows remote command execution on the server without user interaction beyond authentication, impacting both On-Premise and SaaS deployments.
π@cveNotify
An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime. The uploaded configuration file alters the execution context of the upload directory, enabling compilation and execution of attacker-controlled code (e.g., generation of an .aspx webshell). This allows remote command execution on the server without user interaction beyond authentication, impacting both On-Premise and SaaS deployments.
π@cveNotify
Arandasoft
Adjuntar Archivos | DocumentaciΓ³n API ASDK (v8)
π¨ CVE-2024-35644
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Preferred Languages Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-28080
Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through 3.0.95.
π@cveNotify
Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through 3.0.95.
π@cveNotify
Patchstack
Broken Access Control in WordPress Rank Math SEO PRO Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-28106
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a through 5.3.80.
π@cveNotify
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a through 5.3.80.
π@cveNotify
Patchstack
Open Redirection in WordPress B2BKing Premium Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
π@cveNotify
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
π@cveNotify
π¨ CVE-2021-30952
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
π@cveNotify
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
π@cveNotify
π¨ CVE-2023-41974
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.
π@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.
π@cveNotify
Apple Support
About the security content of iOS 17 and iPadOS 17
This document describes the security content of iOS 17 and iPadOS 17.
π¨ CVE-2023-43000
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.
π@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.
π@cveNotify
Apple Support
About the security content of Safari 16.6 - Apple Support
This document describes the security content of Safari 16.6.
π¨ CVE-2026-26022
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. This issue has been patched in version 0.14.2.
π@cveNotify
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. This issue has been patched in version 0.14.2.
π@cveNotify
GitHub
markup: restrict data URI scheme to safe image MIME types (#8174) Β· gogs/gogs@441c64d
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
π¨ CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been patched in version 0.14.2.
π@cveNotify
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been patched in version 0.14.2.
π@cveNotify
GitHub
database: use safe git-module API for tag deletion (#8175) Β· gogs/gogs@a000f0c
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
π¨ CVE-2026-26998
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize configuration to restrict the amount of data read from the authentication server response. If the authentication server returns an unexpectedly large or unbounded response body, Traefik will allocate unlimited memory, potentially causing an out-of-memory (OOM) condition that crashes the process. This results in a denial of service for all routes served by the affected Traefik instance. This issue has been patched in versions 2.11.38 and 3.6.9.
π@cveNotify
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize configuration to restrict the amount of data read from the authentication server response. If the authentication server returns an unexpectedly large or unbounded response body, Traefik will allocate unlimited memory, potentially causing an out-of-memory (OOM) condition that crashes the process. This results in a denial of service for all routes served by the affected Traefik instance. This issue has been patched in versions 2.11.38 and 3.6.9.
π@cveNotify
GitHub
Release v2.11.38 Β· traefik/traefik
CVE fixed:
CVE-2026-26998 (Advisory GHSA-fw45-f5q2-2p4x)
CVE-2026-26999 (Advisory GHSA-xw98-5q62-jx94)
CVE-2026-29054 (Advisory GHSA-92mv-8f8w-wq52)
Bug fixes:
[middleware] Fix case sensitivity ...
CVE-2026-26998 (Advisory GHSA-fw45-f5q2-2p4x)
CVE-2026-26999 (Advisory GHSA-xw98-5q62-jx94)
CVE-2026-29054 (Advisory GHSA-92mv-8f8w-wq52)
Bug fixes:
[middleware] Fix case sensitivity ...
π¨ CVE-2026-26999
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is completed. When a TLS handshake read error occurs, the code attempts a second handshake with different connection parameters, silently ignoring the initial error. A remote unauthenticated client can exploit this by sending an incomplete TLS record and stopping further data transmission, causing the TLS handshake to stall indefinitely and holding connections open. By opening many such stalled connections in parallel, an attacker can exhaust file descriptors and goroutines, degrading availability of all services on the affected entrypoint. This issue has been patched in versions 2.11.38 and 3.6.9.
π@cveNotify
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is completed. When a TLS handshake read error occurs, the code attempts a second handshake with different connection parameters, silently ignoring the initial error. A remote unauthenticated client can exploit this by sending an incomplete TLS record and stopping further data transmission, causing the TLS handshake to stall indefinitely and holding connections open. By opening many such stalled connections in parallel, an attacker can exhaust file descriptors and goroutines, degrading availability of all services on the affected entrypoint. This issue has been patched in versions 2.11.38 and 3.6.9.
π@cveNotify
GitHub
Release v2.11.38 Β· traefik/traefik
CVE fixed:
CVE-2026-26998 (Advisory GHSA-fw45-f5q2-2p4x)
CVE-2026-26999 (Advisory GHSA-xw98-5q62-jx94)
CVE-2026-29054 (Advisory GHSA-92mv-8f8w-wq52)
Bug fixes:
[middleware] Fix case sensitivity ...
CVE-2026-26998 (Advisory GHSA-fw45-f5q2-2p4x)
CVE-2026-26999 (Advisory GHSA-xw98-5q62-jx94)
CVE-2026-29054 (Advisory GHSA-92mv-8f8w-wq52)
Bug fixes:
[middleware] Fix case sensitivity ...
π¨ CVE-2025-70218
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
π@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component.
π@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70218 at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
π¨ CVE-2025-70220
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
π@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4.
π@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70220 at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
π¨ CVE-2025-70223
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
π@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
π@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70223 at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
π¨ CVE-2025-70226
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
π@cveNotify
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard.
π@cveNotify
GitHub
CVEreport/D-link/CVE-2025-70226 at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.