admin

Joined: May 9, 2026
Articles: 110

Wire

CVE-2021-47949 – CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

CVE ID :CVE-2021-47949 Published : May 10, 2026, 1:16 p.m. | 4 hours, 3 minutes ago Description :CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the…

admin
May 10, 2026

Wire

CVE-2021-47944 – memono Notepad 4.2 Denial of Service via Buffer Overflow

CVE ID :CVE-2021-47944 Published : May 10, 2026, 1:16 p.m. | 4 hours, 3 minutes ago Description :memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields.…

admin
May 10, 2026

Wire

CVE-2021-47945 – Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation

CVE ID :CVE-2021-47945 Published : May 10, 2026, 1:16 p.m. | 4 hours, 3 minutes ago Description :Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service…

admin
May 10, 2026

Wire

CVE-2026-42605 – AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload

CVE ID :CVE-2026-42605 Published : May 9, 2026, 8:16 p.m. | 52 minutes ago Description :AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}/files/upload) is…

admin
May 9, 2026

Wire

CVE-2026-42606 – AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass

CVE ID :CVE-2026-42606 Published : May 9, 2026, 8:16 p.m. | 52 minutes ago Description :AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted…

admin
May 9, 2026

Wire

CVE-2026-42569 – phpvms: /importer authorization bypass causing full database wipe

CVE ID :CVE-2026-42569 Published : May 9, 2026, 8:16 p.m. | 52 minutes ago Description :phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy…

admin
May 9, 2026

Wire

CVE-2026-42571 – Privilege Escalation Attack affecting Pelican Web UI

CVE ID :CVE-2026-42571 Published : May 9, 2026, 8:16 p.m. | 52 minutes ago Description :Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before…

admin
May 9, 2026

Wire

CVE-2026-42601 – ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

CVE ID :CVE-2026-42601 Published : May 9, 2026, 8:16 p.m. | 52 minutes ago Description :ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core) accepts a config JSON field that…

admin
May 9, 2026