CVE ID :CVE-2018-25355 Published : May 23, 2026, 6:30 p.m. | 54 minutes ago Description :Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input…
CVE ID :CVE-2018-25353 Published : May 23, 2026, 6:30 p.m. | 54 minutes ago Description :Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor…
CVE ID :CVE-2018-25351 Published : May 23, 2026, 6:30 p.m. | 1 day ago Description :Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username…
CVE ID :CVE-2026-48700 Published : May 22, 2026, 6:43 p.m. | 37 minutes ago Description :An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file’s path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus…
CVE ID :CVE-2026-6406 Published : May 22, 2026, 6:32 p.m. | 48 minutes ago Description :The Docker CLI –use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless…
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The disruption of First VPN…
CVE ID :CVE-2026-9255 Published : May 22, 2026, 4:38 p.m. | 2 hours, 42 minutes ago Description :Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands,…
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets…
CVE ID :CVE-2026-48248 Published : May 21, 2026, 6:16 p.m. | 59 minutes ago Description :Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for…
CVE ID :CVE-2026-48249 Published : May 21, 2026, 6:16 p.m. | 59 minutes ago Description :Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for…