Aggregator
CVE-2026-15510 | Leantime up to 3.8.0 API Setting::saveSetting improper authorization
4 days 21 hours ago
A vulnerability was found in Leantime up to 3.8.0. It has been declared as critical. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization.
This vulnerability was named CVE-2026-15510. The attack may be performed from remote. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Xiaomi превратила автомобиль в конструктор: сегодня это офис, завтра — гостиная, послезавтра — кемпинг
4 days 21 hours ago
Это не машина, а целая квартира-студия на колёсах.
CVE-2026-59707 | LocalAI up to 4.3.1 Models Apply Endpoint /models/apply GetGalleryConfigFromURLWithContext URL server-side request forgery (EUVD-2026-42097)
4 days 22 hours ago
A vulnerability has been found in LocalAI up to 4.3.1 and classified as problematic. The affected element is the function GetGalleryConfigFromURLWithContext of the file /models/apply of the component Models Apply Endpoint. Performing a manipulation of the argument URL results in server-side request forgery.
This vulnerability is identified as CVE-2026-59707. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2026-54698 | hasura graphql-engine up to 2.45.4/2.49.1 excessive authentication (EUVD-2026-42118)
4 days 22 hours ago
A vulnerability was found in hasura graphql-engine up to 2.45.4/2.49.1. It has been classified as problematic. This affects an unknown function. The manipulation leads to improper restriction of excessive authentication attempts.
This vulnerability is listed as CVE-2026-54698. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-28378 | Grafana up to 12.4.1 Public Dashboard Deletion Endpoint improper isolation or compartmentalization
4 days 22 hours ago
A vulnerability categorized as problematic has been discovered in Grafana up to 11.6.13/12.1.9/12.2.7/12.3.5/12.4.1. Affected by this vulnerability is an unknown functionality of the component Public Dashboard Deletion Endpoint. Such manipulation leads to improper isolation or compartmentalization.
This vulnerability is documented as CVE-2026-28378. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-55490 | OpenWrt up to 25.12.4 Emergency Access Daemon handle_send_a integer underflow (CNNVD-2026-97351497)
4 days 22 hours ago
A vulnerability was found in OpenWrt up to 25.12.4 and classified as critical. Affected is the function handle_send_a of the component Emergency Access Daemon. The manipulation results in integer underflow.
This vulnerability is identified as CVE-2026-55490. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-37270 | Trueview Security camera T18161- AF 4.9.60.0 hard-coded credentials (EUVD-2026-42154)
4 days 22 hours ago
A vulnerability classified as critical was found in Trueview Security camera T18161- AF 4.9.60.0. This impacts an unknown function. Executing a manipulation can lead to hard-coded credentials.
This vulnerability is handled as CVE-2026-37270. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2026-50810 | GPAC MPD Parser src/media_tools/mpd.c smooth_parse_stream_index null pointer dereference (Nessus ID 326072)
4 days 22 hours ago
A vulnerability was found in GPAC. It has been declared as problematic. This issue affects the function smooth_parse_stream_index of the file src/media_tools/mpd.c of the component MPD Parser. Executing a manipulation can lead to null pointer dereference.
This vulnerability is tracked as CVE-2026-50810. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-37271 | Fire-Boltt FB BGS001 2.0.4 improper authentication (EUVD-2026-42155)
4 days 22 hours ago
A vulnerability identified as critical has been detected in Fire-Boltt FB BGS001 2.0.4. The impacted element is an unknown function. This manipulation causes improper authentication.
This vulnerability is registered as CVE-2026-37271. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2026-14739 | HMBRAND DBI up to 1.649 on Perl SQL Statement Preparser out-of-bounds write (Nessus ID 325634)
4 days 22 hours ago
A vulnerability was found in HMBRAND DBI up to 1.649 on Perl. It has been classified as critical. Affected is an unknown function of the component SQL Statement Preparser. Performing a manipulation results in out-of-bounds write.
This vulnerability is known as CVE-2026-14739. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-14380 | DBI up to 1.649 Profile code injection (EUVD-2026-42123 / Nessus ID 325625)
4 days 22 hours ago
A vulnerability labeled as critical has been found in DBI up to 1.649. Impacted is an unknown function of the component Profile. The manipulation of the argument Profile results in code injection.
This vulnerability is reported as CVE-2026-14380. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-14740 | DBI up to 1.649 SQL Comment preparse out-of-bounds (EUVD-2026-42125 / Nessus ID 325624)
4 days 22 hours ago
A vulnerability described as critical has been identified in DBI up to 1.649. The impacted element is the function preparse of the component SQL Comment Handler. Such manipulation leads to out-of-bounds read.
This vulnerability is traded as CVE-2026-14740. The attack may be launched remotely. There is no exploit available.
vuldb.com
【竞赛通知】第四届全国大学生开源情报数据采集与分析挑战专项
4 days 22 hours ago
为在情报学领域深入落实国家人才培养战略,激发大学生对开源情报分析的热情,提升学生在数据采集、深度分析及情报应用等方面的综合能力,特举办“第四届全国大学生开源情报数据采集与分析挑战专项”活动。
【生物战】美国威胁减少局(DTRA) 全球项目分布分析报告
4 days 22 hours ago
本报告基于美国威胁减少局 (DTRA) 2022年9月发布的活跃合同清单,对其全球范围内的项目分布进行系统性的分类汇总分析。分析涵盖两个维度:一是按项目所在国家/地区进行地理分布分析;二是按项目类型进行领域分布分析。
比亚迪,怎么把车卖给英国人?
4 days 22 hours ago
手法重要,心法更重要。
CVE-2026-13079 | WatchGuard Fireware OS up to 12.12/2026.2 on Windows permission assignment (wgsa-2026-00027 / WID-SEC-2026-2193)
4 days 22 hours ago
A vulnerability identified as critical has been detected in WatchGuard Fireware OS up to 12.12/2026.2 on Windows. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in incorrect permission assignment.
This vulnerability is known as CVE-2026-13079. Attacking locally is a requirement. No exploit is available.
vuldb.com
CVE-2026-14535 | trailofbits fickling up to 0.1.11 shorten_code protection mechanism (GHSA-cffv-grgg-g429 / EUVD-2026-41676)
4 days 22 hours ago
A vulnerability, which was classified as critical, has been found in trailofbits fickling up to 0.1.11. This vulnerability affects the function shorten_code. Performing a manipulation results in protection mechanism failure.
This vulnerability is known as CVE-2026-14535. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2026-58380 | GIMP PNM File pnmscanner_gettoken off-by-one
4 days 22 hours ago
A vulnerability was found in GIMP. It has been declared as problematic. This affects the function pnmscanner_gettoken of the component PNM File Handler. Such manipulation leads to off-by-one.
This vulnerability is documented as CVE-2026-58380. The attack needs to be performed locally. There is not any exploit available.
vuldb.com
CVE-2026-58384 | GIMP PSD Parser read_RLE_channel integer overflow
4 days 22 hours ago
A vulnerability was found in GIMP. It has been declared as critical. This affects the function read_RLE_channel of the component PSD Parser. The manipulation results in integer overflow.
This vulnerability is known as CVE-2026-58384. It is possible to launch the attack remotely. No exploit is available.
vuldb.com