🚨 CVE-2025-68713
An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.
🎖@cveNotify
An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.
🎖@cveNotify
GitHub
com.estmob.android.sendanywhere/CVE-2025-68713 at main · actuator/com.estmob.android.sendanywhere
Contribute to actuator/com.estmob.android.sendanywhere development by creating an account on GitHub.
🚨 CVE-2025-70102
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts.
🎖@cveNotify
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts.
🎖@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Security Advisory: CVE-2025-70102 - NULL Pointer Dereference in dhcpcd parse_option
Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct…
Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct…
🚨 CVE-2026-36213
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
🎖@cveNotify
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
🎖@cveNotify
GitHub
GitHub - sec-zone/CVE-2026-36213: CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service…
CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 - sec-zone/CVE-2026-36213
🚨 CVE-2026-36521
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
🎖@cveNotify
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
🎖@cveNotify
Gist
Reference for CVE-2026-36521
Reference for CVE-2026-36521. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-36537
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials. This results in a complete account takeover.
🎖@cveNotify
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials. This results in a complete account takeover.
🎖@cveNotify
Gist
Account Takeover via Sign in with Apple in ThingsBoard
Account Takeover via Sign in with Apple in ThingsBoard - CVE-2026-36537-PoC.md
🚨 CVE-2026-36670
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.
🎖@cveNotify
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.
🎖@cveNotify
GitHub
CVE-2026-36670/ADVISORY.md at main · Gabriel-Lacorte/CVE-2026-36670
Time-Based Blind SQL Injection Exploit for the OpenSIPs Control Panel (or my first CVE!) - Gabriel-Lacorte/CVE-2026-36670
🚨 CVE-2026-36933
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
🎖@cveNotify
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
🎖@cveNotify
0x09
Analyse de la caméra de surveillance 'Ease Life' - Retour à l'usine
En raison d’une fonctionnalité de test d’usine activée sur le firmware d’une caméra Ease Life, il est possible de réaliser de l’exécution de commandes à travers l’insertion d’une microSD contenant une série de fichiers forgés…
🚨 CVE-2026-37216
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
🎖@cveNotify
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
🎖@cveNotify
GitHub
通知公告模块存储型XSS漏洞 · Issue #320 · yangzongzhuan/RuoYi
漏洞背景 通知公告模块(/system/notice/*)在 application.yml 中被排除在XSS过滤器之外(第144行): xss: enabled: true excludes: /system/notice/* 排除XSS过滤是为了支持Summernote富文本编辑器提交HTML内容。但服务端未对提交的HTML进行安全消毒处理(如JSoup Cleaner),且前端使用th...
🚨 CVE-2026-38812
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.
🎖@cveNotify
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.
🎖@cveNotify
GitHub
GitHub - jjcjgo/CVE-2026-38812-RuoYi-SQL-Injection: CVE-2026-38812 RuoYi v4.8.2 SQL Injection
CVE-2026-38812 RuoYi v4.8.2 SQL Injection. Contribute to jjcjgo/CVE-2026-38812-RuoYi-SQL-Injection development by creating an account on GitHub.
🚨 CVE-2026-39006
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
🎖@cveNotify
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
🎖@cveNotify
GitHub
security-advisories/CVE-2026-39006.md at main · EaEa0001/security-advisories
Contribute to EaEa0001/security-advisories development by creating an account on GitHub.
🚨 CVE-2026-39007
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
🎖@cveNotify
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
🎖@cveNotify
GitHub
Vulnerability_Publications/CVE-2026-39007 at main · Kettn/Vulnerability_Publications
This repository contains information on the CVE's I've found. - Kettn/Vulnerability_Publications
🚨 CVE-2026-39118
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
🎖@cveNotify
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
🎖@cveNotify
Iru
Kandji Agent Release 4.7.5 (5374)
This release includes miscellaneous bug fixes and performance improvements.
🚨 CVE-2026-39197
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
🎖@cveNotify
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
🎖@cveNotify
Gist
Reference for CVE-2026-39197
Reference for CVE-2026-39197. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-48114
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0.
🎖@cveNotify
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0.
🎖@cveNotify
GitHub
Removed the harvester client for LTER. · NCEAS/metacat@820d595
Data repository software that helps researchers preserve, share, and discover data - Removed the harvester client for LTER. · NCEAS/metacat@820d595
🚨 CVE-2026-50870
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
🎖@cveNotify
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
🎖@cveNotify
Gist
Reference for CVE-2026-50870
Reference for CVE-2026-50870. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50871
An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
Gist
Reference for CVE-2026-50871
Reference for CVE-2026-50871. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50872
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.
🎖@cveNotify
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.
🎖@cveNotify
Gist
Reference for CVE-2026-50872
Reference for CVE-2026-50872. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50873
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.
🎖@cveNotify
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.
🎖@cveNotify
Gist
Reference for CVE-2026-50873
Reference for CVE-2026-50873. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50874
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
Gist
Reference for CVE-2026-50874
Reference for CVE-2026-50874. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50875
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
🎖@cveNotify
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
🎖@cveNotify
Gist
Reference for CVE-2026-50875
Reference for CVE-2026-50875. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50876
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
🎖@cveNotify
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
🎖@cveNotify
Gist
Reference for CVE-2026-50876
Reference for CVE-2026-50876. GitHub Gist: instantly share code, notes, and snippets.