🚨 CVE-2026-9785
Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of NVBULibrarySlot JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27630.
🎖@cveNotify
Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of NVBULibrarySlot JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27630.
🎖@cveNotify
🚨 CVE-2026-9786
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of NVBUDashboard JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27626.
🎖@cveNotify
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of NVBUDashboard JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27626.
🎖@cveNotify
🚨 CVE-2026-9787
Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of NVBULogDaemon JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27625.
🎖@cveNotify
Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of NVBULogDaemon JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27625.
🎖@cveNotify
🚨 CVE-2026-2815
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
🎖@cveNotify
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47145
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47146
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47147
In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47148
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47149
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47150
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47151
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47152
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47153
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-47154
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-4526
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.
🎖@cveNotify
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.
🎖@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
🚨 CVE-2026-54823
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
🎖@cveNotify
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
🎖@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Widget Options Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54829
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
🎖@cveNotify
Patchstack
SQL Injection in WordPress WP Photo Album Plus Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54830
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Five Star Restaurant Reservations Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.