Overview
Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
Description
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
Description
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
Statistics
- 1 Post
Last activity: 3 hours ago
Fediverse
Here is a brief overview of two kernel-level vulnerabilities uncovered by Xint Code in iOS and iPadOS and now patched: CVE-2026-28972 and CVE-2026-28986
https://xint.io/blog/kernel-vulnerabilities-ios-ipados
Overview
- ivanti
- Virtual Traffic Manager
12 May 2026
Published
12 May 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
Pending
KEV
Description
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
- ivanti
- Secure Access Client
12 May 2026
Published
12 May 2026
Updated
CVSS v3.1
MEDIUM (4.4)
EPSS
Pending
KEV
Description
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can lead to accessing array with negative offset, which can trigger a denial of service.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
- PHP Group
- PHP
- soap
10 May 2026
Published
11 May 2026
Updated
CVSS v4.0
LOW (2.9)
EPSS
0.11%
KEV
Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer, causing a segmentation fault. This allows a remote unauthenticated attacker to crash the PHP SOAP server process, resulting in denial of service.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
- PHP Group
- PHP
- soap
10 May 2026
Published
11 May 2026
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.04%
KEV
Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistance is handled incorrectly, resulting in freeing the object while keeping a pointer to it, which may lead to use-after-free. This may lead to memory corruption, information disclosure, or process crashes, with confidentiality, integrity, and availability impact on the vulnerable system.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewing the PHP-FPM status page.
Statistics
- 1 Post
Last activity: 12 hours ago