Currently trending CVE - Hype Score: 1 - The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Currently trending CVE - Hype Score: 1 - A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
A vulnerability, which was classified as very critical, was found in EIPStackGroup OpENer up to 2.3.0. This issue affects some unknown processing of the component SendUnitData. Executing a manipulation can lead to integer underflow.
The identification of this vulnerability is CVE-2026-51540. The attack may be launched remotely. There is no exploit available.
A vulnerability, which was classified as critical, has been found in MikroTik RouterOS up to 7.21.3/7.22.1. This vulnerability affects the function unflatten of the file libumsg.so of the component Unflattener. Performing a manipulation results in denial of service.
This vulnerability was named CVE-2026-39042. The attack may be initiated remotely. There is no available exploit.
A vulnerability classified as critical was found in HedgeDoc up to 1.10.x. This affects an unknown part of the component Login/Registration. Such manipulation of the argument cf-connecting-ip leads to improper authentication.
This vulnerability is uniquely identified as CVE-2026-58488. The attack can be launched remotely. No exploit exists.
A vulnerability classified as problematic has been found in libmodbus 3.1.12. Affected by this issue is some unknown functionality of the component Receive Loop. This manipulation causes denial of service.
This vulnerability is handled as CVE-2026-51539. The attack can be initiated remotely. There is not any exploit available.
A vulnerability described as problematic has been identified in Glarysoft Glary Utilities 6.24.0.28. Affected by this vulnerability is an unknown functionality of the component Disk Clean. The manipulation results in path traversal.
This vulnerability is known as CVE-2026-15684. Attacking locally is a requirement. No exploit is available.
A vulnerability marked as problematic has been reported in AnyDesk. Affected is an unknown function of the component Send Support Information Feature. The manipulation leads to denial of service.
This vulnerability is traded as CVE-2026-15682. An attack has to be approached locally. There is no exploit available.
A vulnerability labeled as problematic has been found in EIPStackGroup OpENer 2.3.0. This impacts an unknown function of the component Encapsulation Handler. Executing a manipulation can lead to improper access controls.
This vulnerability appears as CVE-2026-51538. The attack may be performed from remote. There is no available exploit.
A vulnerability identified as problematic has been detected in Ollama 0.7.1. This affects the function downloadBlob of the component Download Blob. Performing a manipulation results in improper validation of array index.
This vulnerability is reported as CVE-2026-15685. The attack is possible to be carried out remotely. No exploit exists.
A vulnerability categorized as problematic has been discovered in Lorex 2K Indoor Wi-Fi Security Camera 2.800.020000000.3.R.20220331. The impacted element is an unknown function of the component Certificate Validation. Such manipulation leads to improper certificate validation.
This vulnerability is documented as CVE-2026-15683. The attack can be executed remotely. There is not any exploit available.
A vulnerability was found in EIPStackGroup OpENer 2.3.0. It has been rated as critical. The affected element is an unknown function of the component ForwardOpen Handler. This manipulation causes out-of-bounds read.
This vulnerability is registered as CVE-2026-51537. Remote exploitation of the attack is possible. No exploit is available.
A vulnerability was found in Across OpENer 2.3.0. It has been declared as very critical. Impacted is the function DecodePaddedEPath of the component CIP Packet Handler. The manipulation of the argument length results in stack-based buffer overflow.
This vulnerability is cataloged as CVE-2026-51536. The attack may be launched remotely. There is no exploit available.
A vulnerability was found in crewAIInc crewAI up to 1.15.0 and classified as problematic. This vulnerability affects the function validate_url of the component URL Validation. Executing a manipulation can lead to server-side request forgery.
This vulnerability is tracked as CVE-2026-62240. The attack can be launched remotely. No exploit exists.
A vulnerability has been found in codecentric Spring Boot Admin up to 4.1.1 and classified as problematic. This affects an unknown part. Performing a manipulation of the argument managementUrl results in server-side request forgery.
This vulnerability is identified as CVE-2026-62242. The attack can be initiated remotely. There is not any exploit available.
A vulnerability, which was classified as problematic, was found in Dao-AILab FlashAttention up to 2.8.3.post1. Affected by this issue is the function download_and_copy of the file hopper/setup.py of the component Archive Extraction. Such manipulation leads to symlink following.
This vulnerability is referenced as CVE-2026-62239. The attack can only be performed from a local environment. No exploit is available.
A vulnerability, which was classified as problematic, has been found in appium MCP up to 1.85.9. Affected by this vulnerability is the function createLocatorGeneratorUI of the component Locator Generator UI. This manipulation of the argument text/content-desc/resource-id/locator selector causes cross site scripting.
The identification of this vulnerability is CVE-2026-58500. It is possible to initiate the attack remotely. There is no exploit available.
A vulnerability classified as problematic was found in ChurchCRM up to 7.3.x. Affected is an unknown function of the file FamilyCustomFieldsEditor.php of the component Request Parameter Handler. The manipulation of the argument parameter names/parameter values results in cross site scripting.
This vulnerability was named CVE-2026-58411. The attack may be performed from remote. There is no available exploit.
In a first, the UK and the EU jointly imposed sanctions on Russian individuals and entities for cyberattacks and disinformation campaigns in the region.