π¨ CVE-2026-34115
Guardian language-system passes the id GET parameter directly into a PHP exec() call in transcribe_amazon.php (line 15) without sanitization: exec(\"php jobs/transcribe_amazon.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
π@cveNotify
Guardian language-system passes the id GET parameter directly into a PHP exec() call in transcribe_amazon.php (line 15) without sanitization: exec(\"php jobs/transcribe_amazon.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
π@cveNotify
Gist
the_guardian_system_poc
the_guardian_system_poc. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2026-34116
Guardian language-system passes the id GET parameter directly into a PHP exec() call in transcribe.php (line 15) without sanitization: exec(\"php jobs/transcribe.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
π@cveNotify
Guardian language-system passes the id GET parameter directly into a PHP exec() call in transcribe.php (line 15) without sanitization: exec(\"php jobs/transcribe.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
π@cveNotify
Gist
the_guardian_system_poc
the_guardian_system_poc. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2026-34117
Guardian language-system passes the id GET parameter directly into a PHP exec() call in text_to_subtitles.php (line 19) without sanitization: exec(\"php jobs/text_to_subtitles.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
π@cveNotify
Guardian language-system passes the id GET parameter directly into a PHP exec() call in text_to_subtitles.php (line 19) without sanitization: exec(\"php jobs/text_to_subtitles.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
π@cveNotify
Gist
the_guardian_system_poc
the_guardian_system_poc. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2026-49087
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable.
π@cveNotify
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable.
π@cveNotify
Discuss the Elastic Stack
Kibana 8.19.15, 9.3.4 Security Update (ESA-2026-49)
Allocation of Resources Without Limits or Throttling in Kibana Leading to Denial of Service Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated userβ¦
π¨ CVE-2026-54399
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive header length
π@cveNotify
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive header length
π@cveNotify
π¨ CVE-2026-56148
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.
π@cveNotify
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.
π@cveNotify
Discuss the Elastic Stack
Elasticsearch 8.19.17, 9.3.6, 9.4.3 Security Update (ESA-2026-42)
Uncontrolled Recursion in Elasticsearch Leading to Denial of Service Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causesβ¦
π¨ CVE-2026-56149
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.
π@cveNotify
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.
π@cveNotify
Discuss the Elastic Stack
Elasticsearch 8.19.17, 9.3.6, 9.4.3 Security Update (ESA-2026-43)
Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A userβ¦
π¨ CVE-2026-56150
Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.
π@cveNotify
Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.
π@cveNotify
Discuss the Elastic Stack
Fleet Server 8.19.11, 9.2.5, 9.3.0 Security Update (ESA-2026-44)
Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attackerβ¦
π¨ CVE-2026-56151
Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.
π@cveNotify
Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.
π@cveNotify
Discuss the Elastic Stack
Kibana 8.19.17, 9.3.6, 9.4.3 Security Update (ESA-2026-45)
Improper Input Validation in Kibana Leading to Denial of Service Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy inputβ¦
π¨ CVE-2026-56152
Incorrect Authorization (CWE-863) in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs (CAPEC-1). Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to view.
π@cveNotify
Incorrect Authorization (CWE-863) in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs (CAPEC-1). Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to view.
π@cveNotify
Discuss the Elastic Stack
Elastic Defend 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-46)
Incorrect Authorization in Elastic Defend Leading to Information Disclosure Incorrect Authorization (CWE-863) in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs (CAPEC-1). Underβ¦
π¨ CVE-2026-57516
Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the read_webdataset() function. The _default_decoder() function in webdataset_datasource.py unconditionally calls pickle.loads() on tar entries with .pkl/.pickle extensions and torch.load() with weights_only=False on .pt/.pth entries, executing arbitrary code inside Ray remote workers on every worker that processes the malicious archive.
π@cveNotify
Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the read_webdataset() function. The _default_decoder() function in webdataset_datasource.py unconditionally calls pickle.loads() on tar entries with .pkl/.pickle extensions and torch.load() with weights_only=False on .pt/.pth entries, executing arbitrary code inside Ray remote workers on every worker that processes the malicious archive.
π@cveNotify
GitHub
[Data] Gate unsafe deserialization in WebDataset default decoder by bveeramani Β· Pull Request #63469 Β· ray-project/ray
Description
The default decoder in read_webdataset runs pickle.loads on .pkl/.pickle files and torch.load(weights_only=False) on .pt/.pth files from attacker-controlled TAR archives, enabling arbit...
The default decoder in read_webdataset runs pickle.loads on .pkl/.pickle files and torch.load(weights_only=False) on .pt/.pth files from attacker-controlled TAR archives, enabling arbit...
π¨ CVE-2026-57720
Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ThumbPress: from n/a through 6.3.2.
π@cveNotify
Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ThumbPress: from n/a through 6.3.2.
π@cveNotify
Patchstack
Broken Access Control in WordPress ThumbPress Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57721
Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ApplyOnline: from n/a through 2.6.7.6.
π@cveNotify
Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ApplyOnline: from n/a through 2.6.7.6.
π@cveNotify
Patchstack
Broken Access Control in WordPress ApplyOnline Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-58452
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a string beginning with a valid MAC-like prefix followed by a semicolon and a shell payload, which bypasses partial sscanf() validation and is passed unsanitized into an echo shell command executed through a system() wrapper.
π@cveNotify
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a string beginning with a valid MAC-like prefix followed by a semicolon and a shell payload, which bypasses partial sscanf() validation and is passed unsanitized into an echo shell command executed through a system() wrapper.
π@cveNotify
GitHub
jaiotlink-c492a-wifi-camera/writeups/01-setmac-command-injection.md at main Β· rwprimitives/jaiotlink-c492a-wifi-camera
0-days found in the JAIOTlink C492A-W6 WiFi IP Camera which runs Anyka chip and software. - rwprimitives/jaiotlink-c492a-wifi-camera
π¨ CVE-2026-58453
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these hardcoded credentials to access camera snapshots, video streams, network configuration, and factory-level API endpoints including the SetMAC command injection surface.
π@cveNotify
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these hardcoded credentials to access camera snapshots, video streams, network configuration, and factory-level API endpoints including the SetMAC command injection surface.
π@cveNotify
GitHub
jaiotlink-c492a-wifi-camera/writeups/02-default-http-credentials.md at main Β· rwprimitives/jaiotlink-c492a-wifi-camera
0-days found in the JAIOTlink C492A-W6 WiFi IP Camera which runs Anyka chip and software. - rwprimitives/jaiotlink-c492a-wifi-camera
π¨ CVE-2026-58454
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.
π@cveNotify
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.
π@cveNotify
GitHub
jaiotlink-c492a-wifi-camera/writeups/03-anyka-config-execution-trigger.md at main Β· rwprimitives/jaiotlink-c492a-wifi-camera
0-days found in the JAIOTlink C492A-W6 WiFi IP Camera which runs Anyka chip and software. - rwprimitives/jaiotlink-c492a-wifi-camera
π¨ CVE-2026-31431
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
π@cveNotify
π¨ CVE-2026-9086
A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-Site Scripting (XSS) vulnerability allows for arbitrary code execution in the Keycloak origin when a victim clicks the crafted link, such as in the logout flow or the Admin Console.
π@cveNotify
A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-Site Scripting (XSS) vulnerability allows for arbitrary code execution in the Keycloak origin when a victim clicks the crafted link, such as in the logout flow or the Admin Console.
π@cveNotify
π¨ CVE-2026-9099
A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such as one possessing the realm-admin role) under their managed group.
Because group permissions follow a hierarchical structure, this action unauthorizedly grants the attacker management and password-reset capabilities over the members of the targeted privileged group. An attacker can exploit this to reset an administrator's password, compromise the account, and achieve a full realm takeover, leading to a complete compromise of confidentiality, integrity, and availability.
π@cveNotify
A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such as one possessing the realm-admin role) under their managed group.
Because group permissions follow a hierarchical structure, this action unauthorizedly grants the attacker management and password-reset capabilities over the members of the targeted privileged group. An attacker can exploit this to reset an administrator's password, compromise the account, and achieve a full realm takeover, leading to a complete compromise of confidentiality, integrity, and availability.
π@cveNotify
π¨ CVE-2026-58016
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
π@cveNotify
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
π@cveNotify
π¨ CVE-2025-45729
D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services.
π@cveNotify
D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services.
π@cveNotify