LIVE · cybersecurity feed

info-disclosure

zeroday.news · 106d ago

CVE-2026-23921: A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise.

zeroday.news · 106d ago·medium

CVE-2026-33158: Craft CMS is a content management system (CMS).

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized to view. The endpoint returns image bytes (or a preview redirect) without enforcing a per-asset view authorization check, leading to potential unauthorized disclosure of private files. This issue has been patched in versions 4.17.8 and 5.9.14.

CVE-2026-32853vulnerability
zeroday.news · 106d ago·high

CVE-2026-32853: LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability i

LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.

CVE-2026-4712vulnerability
zeroday.news · 106d ago·high

CVE-2026-4712: Information disclosure in the Widget: Cocoa component.

Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVE-2026-33634vulnerability
zeroday.news · 106d ago·high

CVE-2026-33634: Trivy is a security scanner.

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have

CVE-2026-4597vulnerability
zeroday.news · 106d ago·medium

CVE-2026-4597: A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4.

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4594vulnerability
zeroday.news · 107d ago·high

CVE-2026-4594: A vulnerability has been found in erupts erupt up to 1.13.3.

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4593vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4593: A flaw has been found in erupts erupt bis 1.13.3.

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4592vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4592: A security vulnerability has been detected in kalcaddle kodbox 1.64.

A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4591vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4591: A weakness has been identified in kalcaddle kodbox 1.64.

A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-32845vulnerability
zeroday.news · 107d ago·high

CVE-2026-32845: cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when valid

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory disclosure.

CVE-2026-4590vulnerability
zeroday.news · 107d ago·low

CVE-2026-4590: A security flaw has been discovered in kalcaddle kodbox 1.64.

A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site request forgery. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4647vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4647: A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.

CVE-2026-4589vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4589: A vulnerability was identified in kalcaddle kodbox 1.64.

A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4588vulnerability
zeroday.news · 107d ago·low

CVE-2026-4588: A vulnerability was determined in kalcaddle kodbox 1.64.

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4586vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4586: A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7.

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4585vulnerability
zeroday.news · 107d ago·critical

CVE-2026-4585: A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0.

A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4584vulnerability
zeroday.news · 107d ago·low

CVE-2026-4584: A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N.

A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a high level of complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4633vulnerability
zeroday.news · 107d ago·low

CVE-2026-4633: A flaw was found in Keycloak.

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.

CVE-2026-4583vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4583: A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N.

A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the local network. The attack is considered to have high complexity. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4582vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4582: A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N.

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13997vulnerability
zeroday.news · 107d ago·medium

CVE-2025-13997: The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor pl

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site's Mailchimp, Facebook and Google API keys and secrets. This vulnerability requires the Premium license to be installed

CVE-2025-10679vulnerability
zeroday.news · 107d ago·high

CVE-2025-10679: The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plug

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function that allows user-controlled data to be passed directly to a variable function call mechanism. This makes it possible for unauthenticated attackers to call arbitrary PHP class methods that take no inputs or have default values, potentially leading to information disclosure or remote code execution depending on available methods and server configuration.

CVE-2026-4566vulnerability
zeroday.news · 107d ago·high

CVE-2026-4566: A flaw has been found in Belkin F9K1122 1.00.33.

A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4564vulnerability
zeroday.news · 107d ago·medium

CVE-2026-4564: A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2.

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4558vulnerability
zeroday.news · 108d ago·high

CVE-2026-4558: A flaw has been found in Linksys MR9600 2.0.6.206937.

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4546vulnerability
zeroday.news · 108d ago·high

CVE-2026-4546: A weakness has been identified in Flos Freeware Notepad2 4.2.25.

A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of complexity. The exploitability is said to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4545vulnerability
zeroday.news · 108d ago·high

CVE-2026-4545: A security flaw has been discovered in Flos Freeware Notepad2 4.2.25.

A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4544vulnerability
zeroday.news · 108d ago·low

CVE-2026-4544: A vulnerability was determined in Wavlink WL-WN578W2 221110.

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4543vulnerability
zeroday.news · 108d ago·medium

CVE-2026-4543: A vulnerability was found in Wavlink WL-WN578W2 221110.

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4536vulnerability
zeroday.news · 108d ago·high

CVE-2026-4536: A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0.

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4530vulnerability
zeroday.news · 108d ago·medium

CVE-2026-4530: A security flaw has been discovered in apconw Aix-DB up to 1.2.3.

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2756vulnerability
zeroday.news · 109d ago·medium

CVE-2026-2756: A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308.

A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4516vulnerability
zeroday.news · 109d ago·medium

CVE-2026-4516: A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1.

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4515vulnerability
zeroday.news · 109d ago·medium

CVE-2026-4515: A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1.

A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4513vulnerability
zeroday.news · 109d ago·medium

CVE-2026-4513: A vulnerability was detected in vanna-ai vanna up to 2.0.2.

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4511vulnerability
zeroday.news · 109d ago·medium

CVE-2026-4511: A security vulnerability has been detected in vanna-ai vanna up to 2.0.2.

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-33210vulnerability
zeroday.news · 109d ago·critical

CVE-2026-33210: Ruby JSON is a JSON implementation for Ruby.

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

CVE-2026-4507vulnerability
zeroday.news · 109d ago·medium

CVE-2026-4507: A vulnerability was determined in Mindinventory MindSQL up to 0.2.1.

A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4506vulnerability
zeroday.news · 109d ago·medium

CVE-2026-4506: A vulnerability was found in Mindinventory MindSQL up to 0.2.1.

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core/mindsql_core.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4505vulnerability
zeroday.news · 109d ago·medium

CVE-2026-4505: A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5.

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4504vulnerability
zeroday.news · 109d ago·high

CVE-2026-4504: A flaw has been found in eosphoros-ai db-gpt up to 0.7.5.

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4496vulnerability
zeroday.news · 110d ago·medium

CVE-2026-4496: A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880.

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of the component show_merge_diff/quick_merge_summary/show_file_diff. The manipulation results in os command injection. The attack must be initiated from a local position. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. It is advisable to implement a patch to correct this issue. The vendor was contacted early about this disclosure but di

CVE-2026-33371vulnerability
zeroday.news · 110d ago·medium

CVE-2026-33371: An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1.

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser with external entity resolution enabled. Successful exploitation may allow disclosure of sensitive local files from the server.

CVE-2026-4478vulnerability
zeroday.news · 110d ago·high

CVE-2026-4478: A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200.

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4477vulnerability
zeroday.news · 110d ago·low

CVE-2026-4477: A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200.

A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4476vulnerability
zeroday.news · 110d ago·medium

CVE-2026-4476: A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200.

A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attack. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4475vulnerability
zeroday.news · 110d ago·high

CVE-2026-4475: A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200.

A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4468vulnerability
zeroday.news · 110d ago·medium

CVE-2026-4468: A vulnerability was determined in Comfast CF-AC100 2.6.0.8.

A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET&section=update_interface_png. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4467vulnerability
zeroday.news · 110d ago·medium

CVE-2026-4467: A vulnerability was found in Comfast CF-AC100 2.6.0.8.

A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=wireless_device_dissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4466vulnerability
zeroday.news · 110d ago·medium

CVE-2026-4466: A vulnerability has been found in Comfast CF-AC100 2.6.0.8.

A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-33289vulnerability
zeroday.news · 110d ago·high

CVE-2026-33289: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding it into the LDAP search filter. By injecting LDAP control characters, an unauthenticated attacker can manipulate the query logic, which can lead to authentication bypass or information disclosure. Versions 7.15.1 and 8.9.3 patch the issue.

CVE-2026-22737vulnerability
zeroday.news · 110d ago·medium

CVE-2026-22737: Use of Java scripting engine enabled (e.g.

Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

CVE-2026-4342vulnerability
zeroday.news · 110d ago·high

CVE-2026-4342: A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject c

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVE-2026-27934vulnerability
zeroday.news · 110d ago·high

CVE-2026-27934: Discourse is an open-source discussion platform.

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

CVE-2026-4424vulnerability
zeroday.news · 111d ago·high

CVE-2026-4424: A flaw was found in libarchive.

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

CVE-2026-1276vulnerability
zeroday.news · 111d ago·medium

CVE-2026-1276: IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting.

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2026-30701vulnerability
zeroday.news · 112d ago·critical

CVE-2026-30701: The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded credential disc

The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded credential disclosure mechanisms (in the form of Server Side Include) within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives that dynamically retrieve and expose the web administration password from non-volatile memory at runtime.

CVE-2026-26948vulnerability
zeroday.news · 112d ago·medium

CVE-2026-26948: Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

CVE-2026-4366vulnerability
zeroday.news · 112d ago·medium

CVE-2026-4366: A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP red

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure.