🚨 CVE-2026-48165
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.
🎖@cveNotify
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.
🎖@cveNotify
GitHub
unsafe usage of `wsrep_sst_receive_address` values on the joiner side
### Impact
A high-privileged MariaDB user could've used `wsrep_sst_receive_address` or `wsrep_sst_donor` global system variables to execute shell commands as the uid of the mariadbd process on...
A high-privileged MariaDB user could've used `wsrep_sst_receive_address` or `wsrep_sst_donor` global system variables to execute shell commands as the uid of the mariadbd process on...
🚨 CVE-2026-53408
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
🎖@cveNotify
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
🎖@cveNotify
Zoom
ZSB-26010
🚨 CVE-2026-36521
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
🎖@cveNotify
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
🎖@cveNotify
Gist
Reference for CVE-2026-36521
Reference for CVE-2026-36521. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-37216
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
🎖@cveNotify
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
🎖@cveNotify
GitHub
通知公告模块存储型XSS漏洞 · Issue #320 · yangzongzhuan/RuoYi
漏洞背景 通知公告模块(/system/notice/*)在 application.yml 中被排除在XSS过滤器之外(第144行): xss: enabled: true excludes: /system/notice/* 排除XSS过滤是为了支持Summernote富文本编辑器提交HTML内容。但服务端未对提交的HTML进行安全消毒处理(如JSoup Cleaner),且前端使用th...
🚨 CVE-2026-38060
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.
🎖@cveNotify
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.
🎖@cveNotify
GitHub
IOT-vul/Tenda/5G03/action_unlock_sim at main · sezangel/IOT-vul
Contribute to sezangel/IOT-vul development by creating an account on GitHub.
🚨 CVE-2026-38061
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.
🎖@cveNotify
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.
🎖@cveNotify
GitHub
IOT-vul/Tenda/5G03/action_set_volume at main · sezangel/IOT-vul
Contribute to sezangel/IOT-vul development by creating an account on GitHub.
🚨 CVE-2026-38062
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.
🎖@cveNotify
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.
🎖@cveNotify
GitHub
IOT-vul/Tenda/5G03/action_set_rat_mode at main · sezangel/IOT-vul
Contribute to sezangel/IOT-vul development by creating an account on GitHub.
🚨 CVE-2026-38063
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.
🎖@cveNotify
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.
🎖@cveNotify
GitHub
IOT-vul/Tenda/5G03/action_radio_on_with_ia_apn at main · sezangel/IOT-vul
Contribute to sezangel/IOT-vul development by creating an account on GitHub.
🚨 CVE-2026-38064
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.
🎖@cveNotify
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.
🎖@cveNotify
GitHub
IOT-vul/Tenda/5G03/action_dial_call at main · sezangel/IOT-vul
Contribute to sezangel/IOT-vul development by creating an account on GitHub.
🚨 CVE-2026-38065
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.
🎖@cveNotify
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.
🎖@cveNotify
GitHub
IOT-vul/Tenda/5G03/action_ims_on_with_apn at main · sezangel/IOT-vul
Contribute to sezangel/IOT-vul development by creating an account on GitHub.
🚨 CVE-2026-39118
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
🎖@cveNotify
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
🎖@cveNotify
Iru
Kandji Agent Release 4.7.5 (5374)
This release includes miscellaneous bug fixes and performance improvements.
🚨 CVE-2026-39197
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
🎖@cveNotify
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
🎖@cveNotify
Gist
Reference for CVE-2026-39197
Reference for CVE-2026-39197. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50874
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
🎖@cveNotify
Gist
Reference for CVE-2026-50874
Reference for CVE-2026-50874. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50875
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
🎖@cveNotify
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
🎖@cveNotify
Gist
Reference for CVE-2026-50875
Reference for CVE-2026-50875. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50881
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.
🎖@cveNotify
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.
🎖@cveNotify
Gist
Reference for CVE-2026-50881
Reference for CVE-2026-50881. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50891
Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request.
🎖@cveNotify
Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request.
🎖@cveNotify
Gist
Reference for CVE-2026-50891
Reference for CVE-2026-50891. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-50892
Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request.
🎖@cveNotify
Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request.
🎖@cveNotify
Gist
Reference for CVE-2026-50892
Reference for CVE-2026-50892. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2026-48709
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not call auth.UserFromApiCall or checkDashboardAccess. When AuthRequireGuestsToLogin is enabled (the security-conscious configuration), this endpoint remains accessible to unauthenticated users and can be used as an oracle to enumerate valid action binding IDs and their argument configurations. This issue has been fixed in version 3000.13.0.
🎖@cveNotify
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not call auth.UserFromApiCall or checkDashboardAccess. When AuthRequireGuestsToLogin is enabled (the security-conscious configuration), this endpoint remains accessible to unauthenticated users and can be used as an oracle to enumerate valid action binding IDs and their argument configurations. This issue has been fixed in version 3000.13.0.
🎖@cveNotify
GitHub
Release 3000.13.0 · OliveTin/OliveTin
Changelog
Security
d74da93 security: GHSA-7fq5-7wr8-rjwj (HIGH) Shared template instances could cause command contamination
a386570 security: GHSA-f637-w7p2-m7fx (LOW) Validation endpoints allow a...
Security
d74da93 security: GHSA-7fq5-7wr8-rjwj (HIGH) Shared template instances could cause command contamination
a386570 security: GHSA-f637-w7p2-m7fx (LOW) Validation endpoints allow a...
🚨 CVE-2026-12300
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🎖@cveNotify
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 1704114. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-12301
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🎖@cveNotify
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2015647. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-12302
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2034489. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.