π¨ CVE-2026-33590
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent
access on the host.
π@cveNotify
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent
access on the host.
π@cveNotify
GitHub
fix(swarm): fix environment security checks BE-12541 (#1666) Β· portainer/portainer@3e2fdb1
Making Docker and Kubernetes management easy. Contribute to portainer/portainer development by creating an account on GitHub.
β€1
π¨ CVE-2026-45467
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
π@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
π@cveNotify
π¨ CVE-2026-45481
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
π@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
π@cveNotify
π¨ CVE-2026-45418
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title (English, Spanish...). The POST /actions/subtitle_edit.php request used to change their title includes a number parameter which is vulnerable to SQL Injection. A boolean-based blind SQL injection can be used to exfiltrate sensitive data. This issue has been patched in version 5.5.3 - #132.
π@cveNotify
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title (English, Spanish...). The POST /actions/subtitle_edit.php request used to change their title includes a number parameter which is vulnerable to SQL Injection. A boolean-based blind SQL injection can be used to exfiltrate sensitive data. This issue has been patched in version 5.5.3 - #132.
π@cveNotify
GitHub
Blind SQL Injection in subtitle_edit.php
## Summary
Any authenticated user who can upload videos can add multiple subtitles from different files and change their title (English, Spanish...). The POST `/actions/subtitle_edit.php` reque...
Any authenticated user who can upload videos can add multiple subtitles from different files and change their title (English, Spanish...). The POST `/actions/subtitle_edit.php` reque...
π¨ CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account.
π@cveNotify
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account.
π@cveNotify
cPanel
WP Toolkit CVE-2026-47365
SituationArgument injection vulnerability in WP Toolkit before version 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitra...
π¨ CVE-2026-47366
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.
π@cveNotify
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.
π@cveNotify
π¨ CVE-2026-47367
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
π@cveNotify
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
π@cveNotify
π¨ CVE-2026-47368
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
π@cveNotify
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
π@cveNotify
π¨ CVE-2026-47369
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
π@cveNotify
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
π@cveNotify
π¨ CVE-2026-47370
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
π@cveNotify
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
π@cveNotify
π¨ CVE-2026-48610
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
π@cveNotify
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
π@cveNotify
π¨ CVE-2026-44802
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44804
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44807
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44808
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44811
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44813
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44814
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
π@cveNotify
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2026-48565
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
π@cveNotify
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-48569
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
π@cveNotify
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
π@cveNotify
π¨ CVE-2025-52292
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Attached: 1 image
Security Advisory: CVE-2025-52292 - Stack-based Buffer Overflow in GPAC/MP4Box
Processing a crafted MP4 file with `MP4Box` can trigger a stack-based buffer overflow in `filein_process()` in `filters/in_file.c`, causing a crash and potentialβ¦
Security Advisory: CVE-2025-52292 - Stack-based Buffer Overflow in GPAC/MP4Box
Processing a crafted MP4 file with `MP4Box` can trigger a stack-based buffer overflow in `filein_process()` in `filters/in_file.c`, causing a crash and potentialβ¦