π¨ CVE-2026-12050
SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was interpolated directly into the SQL string with str.format() instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected PostgreSQL session to inject additional statements through that endpoint.
The injected SQL executes under the database role the user is already authenticated as. The defect does not cross a privilege boundary -- the user already has direct SQL access to that role through the Query Tool -- so the attacker gains no capability beyond what their database role already grants them. The marginal impact accounts for the fact that the injection path is not the documented SQL-execution interface, so a deployment that gates the Query Tool at the application layer could see SQL executed through a path it did not anticipate.
Fix passes the restore point name as a bound parameter and schema-qualifies the function call as pg_catalog.pg_create_restore_point so a non-default search_path on the connection cannot redirect the call to a shadow definition. A regression test asserts the value arrives as a bound parameter and not spliced into the SQL string.
This issue affects pgAdmin 4: from 1.0 before 9.16.
π@cveNotify
SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was interpolated directly into the SQL string with str.format() instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected PostgreSQL session to inject additional statements through that endpoint.
The injected SQL executes under the database role the user is already authenticated as. The defect does not cross a privilege boundary -- the user already has direct SQL access to that role through the Query Tool -- so the attacker gains no capability beyond what their database role already grants them. The marginal impact accounts for the fact that the injection path is not the documented SQL-execution interface, so a deployment that gates the Query Tool at the application layer could see SQL executed through a path it did not anticipate.
Fix passes the restore point name as a bound parameter and schema-qualifies the function call as pg_catalog.pg_create_restore_point so a non-default search_path on the connection cannot redirect the call to a shadow definition. A regression test asserts the value arrives as a bound parameter and not spliced into the SQL string.
This issue affects pgAdmin 4: from 1.0 before 9.16.
π@cveNotify
GitHub
fix(server): parametrise named restore point query to prevent SQL inj⦠· pgadmin-org/pgadmin4@3379c39
β¦ection
ServerNode.create_restore_point interpolated the user-supplied "value"
field directly into a SQL string with str.format(), so an authenticated
pgAdmin user could inject a...
ServerNode.create_restore_point interpolated the user-supplied "value"
field directly into a SQL string with str.format(), so an authenticated
pgAdmin user could inject a...
π¨ CVE-2026-48584
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
π@cveNotify
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
π@cveNotify
π¨ CVE-2026-50519
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
π@cveNotify
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
π@cveNotify
π¨ CVE-2026-12755
Improper input validation in the PAM AD discovery endpoints in
Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated
user with the UserGroupsView permission to coerce server-side
authentication to an attacker-controlled host, exposing PAM provider
credentials as a NTLMv2 challenge-response, via a crafted DomainName
parameter.
π@cveNotify
Improper input validation in the PAM AD discovery endpoints in
Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated
user with the UserGroupsView permission to coerce server-side
authentication to an attacker-controlled host, exposing PAM provider
credentials as a NTLMv2 challenge-response, via a crafted DomainName
parameter.
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-57431
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
π@cveNotify
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Featured Image Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57635
Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.
π@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress FunnelKit Payment Gateway for Stripe WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57648
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
π@cveNotify
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Nelio Content Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57654
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
π@cveNotify
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Affiliates Manager Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57660
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
π@cveNotify
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Booking and Rental Manager Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-38639
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
π@cveNotify
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
π@cveNotify
GitHub
pocs/redox/CVE-2026-38639 at master Β· Marsman1996/pocs
to show pocs found. Contribute to Marsman1996/pocs development by creating an account on GitHub.
π¨ CVE-2026-38641
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
π@cveNotify
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
π@cveNotify
GitHub
pocs/redox/CVE-2026-38641 at master Β· Marsman1996/pocs
to show pocs found. Contribute to Marsman1996/pocs development by creating an account on GitHub.
π¨ CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
π@cveNotify
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
π@cveNotify
GitHub
GitHub - user6400/cve-2026-39031-lansweeper-lsrunase2-lsencrypt2: CVE-2026-39031 β offline plaintext password recovery for Lansweeperβ¦
CVE-2026-39031 β offline plaintext password recovery for Lansweeper lsrunase 2.0 / lsencrypt 2.0 via a hardcoded RC4 key. PoC + technical advisory. - user6400/cve-2026-39031-lansweeper-lsrunase2-ls...
π¨ CVE-2026-36478
An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components
π@cveNotify
An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components
π@cveNotify
Technitium
Technitium | Push The Limits
Technitium provides software for privacy over the Internet. Technitium MAC Address Changer (TMAC) is a freeware utility to instantly change or spoof MAC Address of any network card (NIC). Technitium Bit Chat is a secure, peer-to-peer, open source instantβ¦
π¨ CVE-2026-38571
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write arbitrary memory via the serial console.
π@cveNotify
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write arbitrary memory via the serial console.
π@cveNotify
GitHub
Vulnerability-research/CVE-2026-38571 at main Β· ZEssaidi-CS/Vulnerability-research
Contribute to ZEssaidi-CS/Vulnerability-research development by creating an account on GitHub.
π¨ CVE-2026-31928
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.
π@cveNotify
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.
π@cveNotify
GitHub
CSAF/csaf_files/OT/white/2026/icsa-26-176-04.json at develop Β· cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.
π¨ CVE-2026-55975
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.
π@cveNotify
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.
π@cveNotify
GitHub
CSAF/csaf_files/OT/white/2026/icsa-26-176-05.json at develop Β· cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.
π¨ CVE-2025-59868
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application.
π@cveNotify
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application.
π@cveNotify
Hcl-Software
Security Bulletin: HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure (CVE-2025-59868) - Customerβ¦
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure.
π¨ CVE-2026-13333
The Groundhogg β CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The sanitized Contact_Query code path can be bypassed by supplying an invalid filter type (e.g., query[filters][0][0][type]=invalid_filter_nonexistent), causing a FilterException to be caught and execution to fall through to the unsanitized Legacy_Contact_Query path.
π@cveNotify
The Groundhogg β CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The sanitized Contact_Query code path can be bypassed by supplying an invalid filter type (e.g., query[filters][0][0][type]=invalid_filter_nonexistent), causing a FilterException to be caught and execution to fall through to the unsanitized Legacy_Contact_Query path.
π@cveNotify
π¨ CVE-2026-11364
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the __invoke() methods of the AttributeGroupController and AttributeController classes, which are bound to the 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create, edit, and delete arbitrary product specification groups and attributes (taxonomy terms in the 'spec-group' and attribute taxonomies), corrupting business data and impacting the site's frontend display.
π@cveNotify
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the __invoke() methods of the AttributeGroupController and AttributeController classes, which are bound to the 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create, edit, and delete arbitrary product specification groups and attributes (taxonomy terms in the 'spec-group' and attribute taxonomies), corrupting business data and impacting the site's frontend display.
π@cveNotify