🚨 CVE-2026-41940
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
🎖@cveNotify
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
🎖@cveNotify
cPanel & WHM Documentation
Release Notes | cPanel & WHM Documentation
Release notes for cPanel & WHM.
👍1
🚨 CVE-2026-7447
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
🎖@cveNotify
GitHub
Pet grooming management software -update_customer.php '**id**' SQL inject · Issue #1 · zhi-cyber/cve
Pet grooming management software -update_customer.php 'id' SQL inject Exploit Title: Pet grooming management software - update_customer.php 'id' SQL inject Vendor Homepage: https://...
🚨 CVE-2026-7468
A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
GitHub
GitHub - 1024-lab/smart-admin: SmartAdmin国内首个以「高质量代码」为核心,「简洁、高效、安全」快速开发平台;基于SpringBoot2/3 + Sa-Token + Mybatis-Plus 和 Vue3 + Vite5…
SmartAdmin国内首个以「高质量代码」为核心,「简洁、高效、安全」快速开发平台;基于SpringBoot2/3 + Sa-Token + Mybatis-Plus 和 Vue3 + Vite5 + Ant Design Vue 4.x (同时支持JavaScript和TypeScript双版本);满足国家三级等保要求、支持登录限制、接口数据国产加解密、高防SQL注入等一系列安全体系。 ...
🚨 CVE-2026-7469
A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
🎖@cveNotify
🚨 CVE-2026-7470
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
🎖@cveNotify
🚨 CVE-2026-42510
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
🎖@cveNotify
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
🎖@cveNotify
Launchpad
Bug #2148331 “Possible command injection in both console impleme...” : Bugs : Ironic
Tuomo Tanskanen and Dmitry Tantsur from the Metal3.io security team have discovered a potential issue in Ironic using an AI-based security analysis tool. Here is the generated report followed by a review by the submitter.
NOTE: shellinabox is gone from main…
NOTE: shellinabox is gone from main…
🚨 CVE-2026-5201
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
🎖@cveNotify
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
🎖@cveNotify
🚨 CVE-2026-31431
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
🎖@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
🎖@cveNotify
🚨 CVE-2025-13030
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file names.
🎖@cveNotify
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file names.
🎖@cveNotify
🚨 CVE-2026-6868
HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
GitLab
HTTP Dissector - Stack Buffer Overflow via X.25 conversation path (crash/oob) (#21185) · Issues · Wireshark Foundation / Wireshark…
Summary File: epan/dissectors/packet-http.c Function: dissect_http_tcp() The X.25 dissector establishes a...
🚨 CVE-2026-7375
UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
GitLab
Infinite Loop in UDS DDDI Dissector results in Denial of Service (#21225) · Tasks · Wireshark Foundation / Wireshark · GitLab
Jaime Cavero reported the following to the security email address: 1. Summary A malformed...
🚨 CVE-2026-7376
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
GitLab
sharkd: NULL pointer dereference in setcomment when comment parameter is omitted (#21206) · Issues · Wireshark Foundation / Wireshark…
Summary A single malformed JSON-RPC request causes sharkd to crash via strlen(NULL). The comment parameter in the setcomment...
🚨 CVE-2024-39847
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
🎖@cveNotify
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
🎖@cveNotify
United States
Fast development platform for business apps
Find out how to quickly and simply design and develop powerful business apps for the Web, the mobile as well as for macOS and Windows.
🚨 CVE-2026-41226
Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.
🎖@cveNotify
Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.
🎖@cveNotify
リコーグループ企業・IRサイト
脆弱性ごとの情報リスト | リコーグループ 企業・IR | RICOH
2022年10月1日以降は脆弱性情報を本ページに掲載します。お客様にとって重要と判断した場合は、従来と同様に「重要なお知らせ」にも掲載いたします。
🚨 CVE-2026-42511
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it.
A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.
🎖@cveNotify
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it.
A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.
🎖@cveNotify
🚨 CVE-2026-42798
Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.
🎖@cveNotify
Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.
🎖@cveNotify
GitHub
Fix for ParseCube integer overflow in LUT allocation · mm2/Little-CMS@6a68601
thanks to @zerojackyi for reporting
🚨 CVE-2026-5299
ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
GitLab
ICMPv6 PvD exponential recursion denial of service (#21077) · Issues · Wireshark Foundation / Wireshark · GitLab
Summary The dissect_icmpv6_nd_opt() function in the ICMPv6 dissector recursively calls dissect_icmpv6_nd_opt(), which can hang...
🚨 CVE-2026-5401
AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
🎖@cveNotify
GitLab
AFP Spotlight dissector stack overflow (#21088) · Issues · Wireshark Foundation / Wireshark · GitLab
Summary The spotlight_dissect_query_loop() function in the AFP dissector crashes due to a stack overflow. Crash...
👍1
🚨 CVE-2026-31431
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
🎖@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
🎖@cveNotify
👍1
🚨 CVE-2026-41016
Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS upgrade, and capture the SMTP credentials sent during the subsequent `login()` call. Users are advised to upgrade to the `apache-airflow-providers-smtp` version that contains the fix.
🎖@cveNotify
Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS upgrade, and capture the SMTP credentials sent during the subsequent `login()` call. Users are advised to upgrade to the `apache-airflow-providers-smtp` version that contains the fix.
🎖@cveNotify
GitHub
Validate SMTP server certificate on STARTTLS upgrade by potiuk · Pull Request #65346 · apache/airflow
Summary
smtplib.SMTP.starttls() does not validate the server certificate unless an SSL context is passed. airflow.utils.email.send_mime_email and the SMTP provider's SmtpHook (both sync get...
smtplib.SMTP.starttls() does not validate the server certificate unless an SSL context is passed. airflow.utils.email.send_mime_email and the SMTP provider's SmtpHook (both sync get...
🚨 CVE-2026-42800
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/sipuri.c.
🎖@cveNotify
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/sipuri.c.
🎖@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. (ASR, 688220.SH)was established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xi’an and other mar