🚨 CVE-2026-35076
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35077
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35078
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35079
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35080
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35081
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
🎖@cveNotify
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35082
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
🎖@cveNotify
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35083
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
🎖@cveNotify
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35084
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
🎖@cveNotify
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-35085
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
🎖@cveNotify
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
🎖@cveNotify
Certvde
MBS: Several security vulnerabilities in the UGW web GUI
🚨 CVE-2026-47897
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).
This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018.
Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
🎖@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).
This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018.
Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
🎖@cveNotify
🚨 CVE-2026-47898
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library).
This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018.
Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
🎖@cveNotify
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library).
This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018.
Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
🎖@cveNotify
🚨 CVE-2026-35159
Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
🎖@cveNotify
Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
🎖@cveNotify
🚨 CVE-2026-47896
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).
This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017.
Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
🎖@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).
This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017.
Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
🎖@cveNotify
🚨 CVE-2026-4321
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection.
This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
🎖@cveNotify
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection.
This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-4322
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS.
This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
🎖@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS.
This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-5137
The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the render_templates AJAX endpoint, which is used directly in a require/include statement without sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute files on the server ending in _templates.php, allowing the execution of any PHP code in those files.
🎖@cveNotify
The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the render_templates AJAX endpoint, which is used directly in a require/include statement without sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute files on the server ending in _templates.php, allowing the execution of any PHP code in those files.
🎖@cveNotify
🚨 CVE-2026-10054
In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication.
WebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header is missing or when no THEIA_HOSTS allowlist is configured (the default). The Socket.IO integration additionally replaces the real Origin header with a client-supplied fix-origin header that an attacker can control or omit.
As a result, a foreign-origin web page visited by a user with a running Theia instance can open the /services WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication.
A fix is in development that enforces same-origin validation by default, removes trust in the fix-origin header, gates HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitizes shell terminal creation options.
🎖@cveNotify
In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication.
WebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header is missing or when no THEIA_HOSTS allowlist is configured (the default). The Socket.IO integration additionally replaces the real Origin header with a client-supplied fix-origin header that an attacker can control or omit.
As a result, a foreign-origin web page visited by a user with a running Theia instance can open the /services WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication.
A fix is in development that enforces same-origin validation by default, removes trust in the fix-origin header, gates HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitizes shell terminal creation options.
🎖@cveNotify
GitHub
Cross-Origin WebSocket Access To Shell-Terminal Enables Command Execution And Output Exfiltration
### Impact
The Theia browser backend exposes privileged terminal RPC services over WebSocket (`/services/shell-terminal`, `/services/terminals/:id`) without service-level authentication or autho...
The Theia browser backend exposes privileged terminal RPC services over WebSocket (`/services/shell-terminal`, `/services/terminals/:id`) without service-level authentication or autho...
🚨 CVE-2026-10055
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller.
Because the destination URL is neither validated nor allowlisted, a remote attacker with access to the Theia service connection can issue server-side HTTP requests to localhost or other backend-reachable hosts and read their responses, exposing internal administrative endpoints, cloud instance metadata services, and other resources that are intentionally outside the browser network boundary.
The vulnerability affects deployments where the Theia service connection is reachable by untrusted users (for example, multi-tenant or publicly-reachable Theia deployments).
🎖@cveNotify
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller.
Because the destination URL is neither validated nor allowlisted, a remote attacker with access to the Theia service connection can issue server-side HTTP requests to localhost or other backend-reachable hosts and read their responses, exposing internal administrative endpoints, cloud instance metadata services, and other resources that are intentionally outside the browser network boundary.
The vulnerability affects deployments where the Theia service connection is reachable by untrusted users (for example, multi-tenant or publicly-reachable Theia deployments).
🎖@cveNotify
GitHub
SSRF and localhost response disclosure via `/services/request-service` RPC in Eclipse Theia
### Impact
A client that can reach the standard browser-facing `/services` messaging endpoint can invoke the `/services/request-service` RPC with an attacker-controlled URL. The Theia backend perf...
A client that can reach the standard browser-facing `/services` messaging endpoint can invoke the `/services/request-service` RPC with an attacker-controlled URL. The Theia backend perf...
🚨 CVE-2026-13341
A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
🎖@cveNotify
A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
🎖@cveNotify
GitHub
Stored Prompt Injection and Credential Exposure via Untrusted Analytics Data in Kong Konnect MCP
### Impact
Users could be impacted if they used the analytics tools to retrieve request data from a gateway that a malicious actor could send traffic to, and if their MCP
client or AI agent...
Users could be impacted if they used the analytics tools to retrieve request data from a gateway that a malicious actor could send traffic to, and if their MCP
client or AI agent...
🚨 CVE-2025-40910
Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.
Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
🎖@cveNotify
Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.
Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
🎖@cveNotify
blog.urth.org
Security Issues in Perl IP Address distros
Edit on 2021-03-29 21:40(ish) UTC: Added Net-Subnet (appears unaffected) and reordered the details to match the list at the top of the post.
Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected).
Edit on 2021-03-30 15:40(ish) UTC: Added…
Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected).
Edit on 2021-03-30 15:40(ish) UTC: Added…