Threat Intelligence

CVE-2026-49186 4 Jun 2026
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +)... Read more ➔
CVE-2026-49185 4 Jun 2026
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. Read more ➔
CVE-2026-48681 (v3: 5.9) 4 Jun 2026
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. Read more ➔
CVE-2026-44917 (v3: 4.9) 4 Jun 2026
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templat... Read more ➔
CVE-2026-41283 (v3: 9.9) 4 Jun 2026
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which... Read more ➔
CVE-2026-41010 (v3: 8.2) 4 Jun 2026
ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name retur... Read more ➔
CVE-2026-8829 4 Jun 2026
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cach... Read more ➔
CVE-2026-41860 (v3: 8.8) 4 Jun 2026
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoi... Read more ➔
CVE-2026-41859 (v3: 7.8) 4 Jun 2026
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and ca... Read more ➔
CVE-2026-41858 (v3: 7.5) 4 Jun 2026
Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network atta... Read more ➔
CVE-2026-41011 (v3: 8.2) 4 Jun 2026
PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_met... Read more ➔
CVE-2026-10597 (v3: 5.3) 4 Jun 2026
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific... Read more ➔
CVE-2026-8653 (v3: 6.5) 4 Jun 2026
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and includ... Read more ➔
CVE-2026-7764 4 Jun 2026
An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an... Read more ➔
CVE-2026-10737 (v3: 7.5) 4 Jun 2026
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file fun... Read more ➔
CVE-2026-8722 4 Jun 2026
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. M... Read more ➔
CVE-2026-10783 (v3: 2.5) 4 Jun 2026
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handle... Read more ➔
CVE-2026-2596 3 Jun 2026
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Read more ➔
CVE-2026-10777 (v3: 7.3) 3 Jun 2026
A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some u... Read more ➔
CVE-2026-10775 (v3: 3.6) 3 Jun 2026
A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Han... Read more ➔
CVE-2026-46447 (v3: 5.8) 3 Jun 2026
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. Read more ➔
CVE-2026-22055 3 Jun 2026
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthori... Read more ➔
CVE-2026-22054 3 Jun 2026
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unaut... Read more ➔
CVE-2026-10771 (v3: 7.3) 3 Jun 2026
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/... Read more ➔
CVE-2026-50033 (v3: 7.3) 3 Jun 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.... Read more ➔