New
CVE-2026-2887: aardappel lobster idents.h TypeName recursion: A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. Upgrading to version...
CVE-2026-2886: Tenda A21 SetOnlineDevName set_device_name stack-based overflow: A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for a...
CVE-2026-2885: D-Link DWR-M960 formIpv6Setup sub_469104 stack-based overflow: A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used fo...
CVE-2026-2884: D-Link DWR-M960 WAN Interface Setting formWanConfigSetup sub_41914C stack-based overflow: A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be ca...
CVE-2026-2883: D-Link DWR-M960 formIpQoS sub_427D74 stack-based overflow: A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Updated
CVE-2026-2088: PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection: A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be...
CVE-2026-2044: GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability: GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. T...
CVE-2026-2045: GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability: GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...
CVE-2026-2047: GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability: GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal...
CVE-2026-2048: GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability: GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...
CISA Known Exploited Vulnerabilities
CVE-2025-68461 Roundcube Webmail: RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document.
CVE-2025-49113 Roundcube Webmail: RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php.
CVE-2021-22175 GitLab GitLab: GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.
CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs): Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence.
CVE-2026-2441 Google Chromium: Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.