Tag: Bulletins

Vulnerability Summary for the Week of April 27, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info n/a– OVMS3 3.3.005 Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated,…

Read more →

Vulnerability Summary for the Week of April 20, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Thinkphp–ThinkPHP ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can…

Read more →

Vulnerability Summary for the Week of April 13, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Grafana–Pyroscope Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use…

Read more →

Vulnerability Summary for the Week of April 6, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info nyariv–SandboxJS SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = …), but this protection can be…

Read more →

Vulnerability Summary for the Week of February 2, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Insaat–Fikir Odalari AdminPando A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to…

Read more →

Vulnerability Summary for the Week of January 26, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike Software–Bandwidth Monitor 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers…

Read more →

Vulnerability Summary for the Week of January 19, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Agatasoft–AgataSoft PingMaster Pro AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing…

Read more →

Vulnerability Summary for the Week of January 12, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike–Strike Network Inventory Explorer Pro 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution.…

Read more →

Vulnerability Summary for the Week of January 5, 2026

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info AA-Team–Amazon Native Shopping Recommendations Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue…

Read more →

Vulnerability Summary for the Week of December 29, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info SmarterTools–SmarterMail Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.…

Read more →

Vulnerability Summary for the Week of December 22, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 9786–phpok3w A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads…

Read more →

Vulnerability Summary for the Week of December 15, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Cisco–Cisco Secure Email Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available. 2025-12-17 10 CVE-2025-20393…

Read more →

Vulnerability Summary for the Week of December 8, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Unknown–Typora Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into…

Read more →

Vulnerability Summary for the Week of December 1, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10web–10Web Booster Website speed optimization, Cache & Page Speed optimizer The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable…

Read more →

Vulnerability Summary for the Week of November 24, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 0x4m4–HexStrike AI By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server,…

Read more →

Vulnerability Summary for the Week of November 17, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info ABB–ABB Ability Edgenius Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. 2025-11-20 9.6 CVE-2025-10571…

Read more →

Vulnerability Summary for the Week of November 10, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info leopardhost–TNC Toolbox: Web Performance The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This…

Read more →

Vulnerability Summary for the Week of September 22, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info FlowiseAI–Flowise Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution.…

Read more →

Vulnerability Summary for the Week of September 15, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Logo Software–Diva Authorization Bypass Through User-Controlled SQL Primary Key, CWE – 89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in…

Read more →

Vulnerability Summary for the Week of September 8, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Adobe–Acrobat Reader Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of…

Read more →