🚨 CVE-2025-70102
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts.
🎖@cveNotify
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts.
🎖@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Security Advisory: CVE-2025-70102 - NULL Pointer Dereference in dhcpcd parse_option
Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct…
Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct…
🚨 CVE-2026-36213
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
🎖@cveNotify
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
🎖@cveNotify
GitHub
GitHub - sec-zone/CVE-2026-36213: CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service…
CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 - sec-zone/CVE-2026-36213
🚨 CVE-2026-36521
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
🎖@cveNotify
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
🎖@cveNotify
Gist
Reference for CVE-2026-36521
Reference for CVE-2026-36521. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-36537
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials. This results in a complete account takeover.
🎖@cveNotify
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote attacker can bypass authentication and gain full access to any existing user account on the platform without possessing the target user's credentials. This results in a complete account takeover.
🎖@cveNotify
Gist
Account Takeover via Sign in with Apple in ThingsBoard
Account Takeover via Sign in with Apple in ThingsBoard - CVE-2026-36537-PoC.md
🚨 CVE-2026-36670
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.
🎖@cveNotify
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.
🎖@cveNotify
GitHub
CVE-2026-36670/ADVISORY.md at main · Gabriel-Lacorte/CVE-2026-36670
Time-Based Blind SQL Injection Exploit for the OpenSIPs Control Panel (or my first CVE!) - Gabriel-Lacorte/CVE-2026-36670
🚨 CVE-2026-36933
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
🎖@cveNotify
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
🎖@cveNotify
0x09
Analyse de la caméra de surveillance 'Ease Life' - Retour à l'usine
En raison d’une fonctionnalité de test d’usine activée sur le firmware d’une caméra Ease Life, il est possible de réaliser de l’exécution de commandes à travers l’insertion d’une microSD contenant une série de fichiers forgés…
🚨 CVE-2026-37216
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
🎖@cveNotify
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
🎖@cveNotify
GitHub
通知公告模块存储型XSS漏洞 · Issue #320 · yangzongzhuan/RuoYi
漏洞背景 通知公告模块(/system/notice/*)在 application.yml 中被排除在XSS过滤器之外(第144行): xss: enabled: true excludes: /system/notice/* 排除XSS过滤是为了支持Summernote富文本编辑器提交HTML内容。但服务端未对提交的HTML进行安全消毒处理(如JSoup Cleaner),且前端使用th...
🚨 CVE-2026-38812
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.
🎖@cveNotify
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.
🎖@cveNotify
GitHub
GitHub - jjcjgo/CVE-2026-38812-RuoYi-SQL-Injection: CVE-2026-38812 RuoYi v4.8.2 SQL Injection
CVE-2026-38812 RuoYi v4.8.2 SQL Injection. Contribute to jjcjgo/CVE-2026-38812-RuoYi-SQL-Injection development by creating an account on GitHub.
🚨 CVE-2026-39006
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
🎖@cveNotify
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
🎖@cveNotify
GitHub
security-advisories/CVE-2026-39006.md at main · EaEa0001/security-advisories
Contribute to EaEa0001/security-advisories development by creating an account on GitHub.
🚨 CVE-2026-39007
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
🎖@cveNotify
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
🎖@cveNotify
GitHub
Vulnerability_Publications/CVE-2026-39007 at main · Kettn/Vulnerability_Publications
This repository contains information on the CVE's I've found. - Kettn/Vulnerability_Publications
🚨 CVE-2026-39118
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
🎖@cveNotify
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
🎖@cveNotify
Iru
Kandji Agent Release 4.7.5 (5374)
This release includes miscellaneous bug fixes and performance improvements.
🚨 CVE-2026-39197
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
🎖@cveNotify
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
🎖@cveNotify
Gist
Reference for CVE-2026-39197
Reference for CVE-2026-39197. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-48114
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0.
🎖@cveNotify
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0.
🎖@cveNotify
GitHub
Removed the harvester client for LTER. · NCEAS/metacat@820d595
Data repository software that helps researchers preserve, share, and discover data - Removed the harvester client for LTER. · NCEAS/metacat@820d595
🚨 CVE-2026-50870
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
🎖@cveNotify
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
🎖@cveNotify
Gist
Reference for CVE-2026-50870
Reference for CVE-2026-50870. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50871
An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
Gist
Reference for CVE-2026-50871
Reference for CVE-2026-50871. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50872
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.
🎖@cveNotify
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.
🎖@cveNotify
Gist
Reference for CVE-2026-50872
Reference for CVE-2026-50872. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50873
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.
🎖@cveNotify
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.
🎖@cveNotify
Gist
Reference for CVE-2026-50873
Reference for CVE-2026-50873. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50874
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
Gist
Reference for CVE-2026-50874
Reference for CVE-2026-50874. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50875
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
🎖@cveNotify
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
🎖@cveNotify
Gist
Reference for CVE-2026-50875
Reference for CVE-2026-50875. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50876
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
🎖@cveNotify
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
🎖@cveNotify
Gist
Reference for CVE-2026-50876
Reference for CVE-2026-50876. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50877
An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters.
🎖@cveNotify
An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters.
🎖@cveNotify
Gist
Reference for CVE-2026-50877
Reference for CVE-2026-50877. GitHub Gist: instantly share code, notes, and snippets.