admin

Joined: May 9, 2026
Articles: 214

Wire

CVE-2026-2379 – Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled

CVE ID :CVE-2026-2379 Published : June 5, 2026, 5:59 p.m. | 27 minutes ago Description :On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps…

admin
June 5, 2026

Wire

CVE-2026-50733 – Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()

CVE ID :CVE-2026-50733 Published : June 5, 2026, 5:49 p.m. | 36 minutes ago Description :Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path –…

admin
June 5, 2026

Wire

CVE-2026-49493 – Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()

CVE ID :CVE-2026-49493 Published : June 5, 2026, 5:49 p.m. | 36 minutes ago Description :Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. A…

admin
June 5, 2026

Wire

CVE-2026-49492 – Markdown Preview Enhanced OS Command Injection in External File and Link Opening

CVE ID :CVE-2026-49492 Published : June 5, 2026, 5:49 p.m. | 37 minutes ago Description :Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown…

admin
June 5, 2026

Wire

CVE-2026-25551 – Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service

CVE ID :CVE-2026-25551 Published : June 4, 2026, 5:20 p.m. | 1 hour, 1 minute ago Description :Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is…

admin
June 4, 2026

Wire

CVE-2026-10880 – Unauthenticated SQL Injection in Osnexus Quantastor

CVE ID :CVE-2026-10880 Published : June 4, 2026, 5:19 p.m. | 1 hour, 1 minute ago Description :OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a…

admin
June 4, 2026

Wire

CVE-2025-67446 – Neterbit NW-431F Router Authentication Bypass via Predictable Cookie

CVE ID :CVE-2025-67446 Published : June 4, 2026, 5:16 p.m. | 1 hour, 4 minutes ago Description :Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie…

admin
June 4, 2026

Wire

CVE-2026-25550 – Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service

CVE ID :CVE-2026-25550 Published : June 4, 2026, 5:13 p.m. | 1 hour, 8 minutes ago Description :Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via…

admin
June 4, 2026

Wire

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public.…

admin
June 4, 2026

Wire

CVE-2026-42321 – GLPI has stored XSS in asset locks

CVE ID :CVE-2026-42321 Published : June 3, 2026, 4:16 p.m. | 1 hour, 59 minutes ago Description :GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS…

admin
June 3, 2026