New
CVE-2026-7782: CodeCanyon Perfex CRM Tenant Clients.php project authorization: A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from remote. The exploit is now public and ma...
CVE-2026-7781: Open5GS amf-3gpp-access Endpoint nudm-handler.c udm_nudm_uecm_handle_amf_registration_update denial of service: A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manipulation leads to denial of service. The attack...
CVE-2026-7791: Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.
CVE-2026-7780: Open5GS smf-registrations Endpoint udm-sm.c udm_state_operational denial of service: A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been...
CVE-2026-7776: Boundary Workers Vulnerable to Denial of Service During TLS Handshake: Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, caus...
Updated
CVE-2026-43964: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
CVE-2026-5720: miniupnpd Integer Underflow SOAPAction Header Parsing: miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders()...
CVE-2026-7776: Boundary Workers Vulnerable to Denial of Service During TLS Handshake: Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, caus...
CVE-2026-7429: SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing: SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output encoding in the /api/stl/actions/dyn...
CVE-2026-0598: Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api: A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attack...
CISA Known Exploited Vulnerabilities
CVE-2026-31431 Linux Kernel: Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVE-2026-32202 Microsoft Windows: Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2024-1708 ConnectWise ScreenConnect: ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
CVE-2024-7399 Samsung MagicINFO 9 Server: Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.