Tag: Bulletins

Vulnerability Summary for the Week of June 15, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 10Web–Form Maker by 10Web Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. 2026-06-15 9.3 CVE-2026-39502 404-redirection-manager–404 Redirection Manager The 404 Redirection Manager plugin version 1.0 for…

Read more →

Vulnerability Summary for the Week of June 8, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdguardTeam–AdGuardHome AdGuard Home, when started with the –glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequence…

Read more →

Vulnerability Summary for the Week of June 1, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 10Web–Photo Gallery by 10Web Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue…

Read more →

Vulnerability Summary for the Week of May 25, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1Panel-dev–MaxKB MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB’s webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which…

Read more →

Vulnerability Summary for the Week of May 18, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 10-Strike–Network Inventory Explorer 10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by…

Read more →

Vulnerability Summary for the Week of May 11, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acl–ACL Analytics ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers…

Read more →

Vulnerability Summary for the Week of May 4, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info gotenberg–gotenberg Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves…

Read more →

Vulnerability Summary for the Week of April 27, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info n/a– OVMS3 3.3.005 Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated,…

Read more →

Vulnerability Summary for the Week of April 20, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Thinkphp–ThinkPHP ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can…

Read more →

Vulnerability Summary for the Week of April 13, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Grafana–Pyroscope Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use…

Read more →

Vulnerability Summary for the Week of April 6, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info nyariv–SandboxJS SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = …), but this protection can be…

Read more →

Vulnerability Summary for the Week of February 2, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Insaat–Fikir Odalari AdminPando A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to…

Read more →

Vulnerability Summary for the Week of January 26, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike Software–Bandwidth Monitor 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers…

Read more →

Vulnerability Summary for the Week of January 19, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Agatasoft–AgataSoft PingMaster Pro AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing…

Read more →

Vulnerability Summary for the Week of January 12, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike–Strike Network Inventory Explorer Pro 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution.…

Read more →

Vulnerability Summary for the Week of January 5, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info AA-Team–Amazon Native Shopping Recommendations Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue…

Read more →

Vulnerability Summary for the Week of December 29, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info SmarterTools–SmarterMail Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.…

Read more →

Vulnerability Summary for the Week of December 22, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 9786–phpok3w A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads…

Read more →

Vulnerability Summary for the Week of December 15, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Cisco–Cisco Secure Email Cisco is aware of a potential vulnerability.&nbsp; Cisco is currently investigating and&nbsp;will update these details as appropriate&nbsp;as more information becomes available. 2025-12-17 10 CVE-2025-20393…

Read more →

Vulnerability Summary for the Week of December 8, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Unknown–Typora Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into…

Read more →