Overview
- Galaxy Software Services Corporation
- iota C.ai Conversational Platform
27 Nov 2024
Published
27 Nov 2024
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.39%
KEV
Description
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
- Huawei
- HarmonyOS
05 Mar 2026
Published
05 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.6)
EPSS
0.01%
KEV
Description
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
Description
Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- openlit
- openlit
26 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.05%
KEV
Description
OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix.
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
Description
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix a race in packet_set_ring() and packet_notifier()
When packet_set_ring() releases po->bind_lock, another thread can
run packet_notifier() and process an NETDEV_UP event.
This race and the fix are both similar to that of commit 15fe076edea7
("net/packet: fix a race in packet_bind() and packet_notifier()").
There too the packet_notifier NETDEV_UP event managed to run while a
po->bind_lock critical section had to be temporarily released. And
the fix was similarly to temporarily set po->num to zero to keep
the socket unhooked until the lock is retaken.
The po->bind_lock in packet_set_ring and packet_notifier precede the
introduction of git history.
Statistics
- 2 Posts
Last activity: 1 hour ago
Overview
Description
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork.
Statistics
- 1 Post
Last activity: 4 hours ago
Overview
- go-vikunja
- vikunja
27 Feb 2026
Published
03 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV
Description
Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a critical logic bug in the token cleanup cron job, reset tokens remain valid forever. This allows an attacker who intercepts a single reset token (via logs, browser history, or phishing) to perform a complete, persistent account takeover at any point in the future, bypassing standard authentication controls. Version 2.1.0 contains a patch for the issue.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
- freescout-help-desk
- freescout
03 Mar 2026
Published
05 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.03%
KEV
Description
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution (RCE) on the server by uploading a malicious .htaccess file using a zero-width space character prefix to bypass the security check. The vulnerability exists in the sanitizeUploadedFileName() function in app/Http/Helper.php. The function contains a Time-of-Check to Time-of-Use (TOCTOU) flaw where the dot-prefix check occurs before sanitization removes invisible characters. This vulnerability is fixed in 1.8.207.
Statistics
- 1 Post
Last activity: 22 hours ago
Overview
- Qualcomm, Inc.
- Snapdragon
02 Mar 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.01%
KEV
Description
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
Statistics
- 1 Post
Last activity: 22 hours ago