Latest Vulnerabilities

CVE ID :CVE-2026-43924 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect targets, creating an open redirect vulnerability exploitable for phishing attacks. Users following a legitimate FOSSBilling URL can be silently redirected to an attacker-controlled external site. The redirect is issued as a 301 (Moved Permanently) response, which browsers cache persistently, amplifying the impact. Exploitation requires administrator privileges to create or modify redirect entries, limiting practical attack scenarios to multi-admin environments or compromised admin accounts. Version 0.8.0 fixes the issue. Some workarounds are available. Restrict admin access to the Redirect module to trusted administrators only and/or audit existing redirect entries in the database (the `extension_meta` table with `extension = ‘mod_redirect’`) for any unexpected or external target URLs. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-44682 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-44609 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-50033 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-37700 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-40495 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hide_version_public` security setting. The FOSSBilling version is embedded in the query string of every `

CVE ID :CVE-2026-42061 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-10766 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance. Severity: 3.6 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-26824 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-26825 Published : June 3, 2026, 8:16 p.m. | 1 hour, 33 minutes ago Description :A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-8876 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-8878 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover the original hash values and access the protected data. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-8879 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately hides all page content, creates a full-page overlay, pauses all videos, and only restores content when the service worker confirms the page passes filtering. If Securly’s servers are unreachable, pages remain indefinitely hidden. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-8888 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-8889 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-8874 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-8881 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-42839 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale (POS) cart interface for every operator who adds that item to a transaction.This issue affects ERPNext: 16.16.0. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-42840 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (POS) interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-45614 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn’t verified to be a point on the correct curve. By passing approximately 30-40 crafted public keys to OP-TEE, the private key can be reconstructed by a normal world attacker. When calling TEE_DeriveKey the public key is provided with full X and Y values, but the (X, Y) point might not satisfy the `Y^2 == X^3 + aX + b mod P` math for the specific curve that is used. When those public keys aren’t rejected, the attacker can select public keys such that each DeriveKey call will leak `d % r` where `d` is the private key and `r` comes from the relationship between the correct curve and the attacker selected curve. With enough leaked data the Chinese remainder theorem can be used to recover the full private key. Version 4.11.0 fixes the issue. Severity: 4.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-45702 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFA_MEM_SHARE request from the normal world. This only applies when OP-TEE is configured as an SPMC for S-EL0 SPs, that is, with `CFG_CORE_SEL1_SPMC=y` and `CFG_SECURE_PARTITION=y`. Version 4.11.0 fixes the issue. Severity: 4.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-7888 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 and Sanjorn Keeratirungsan (dizconnect) for both independently reporting. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 8.4 with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-26378 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-26379 Published : June 3, 2026, 7:16 p.m. | 2 hours, 33 minutes ago Description :An issue in Koha v.25.11 and before allows a remote attacker to execute arbitrary code via the Z39.50 configuration module Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID :CVE-2026-46273 Published : June 3, 2026, 6:16 p.m. | 3 hours, 33 minutes ago Description :In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stopping all traffic until manually reset. Implement ndo_features_check to disable GSO for packets with small MSS values. The network stack will perform software segmentation instead. The 224-byte minimum matches ibmvnic commit (“ibmvnic: Enforce stronger sanity checks on GSO packets”) which uses the same physical adapters in SEA configurations. The issue occurs specifically when the hardware attempts to perform segmentation (gso_segs > 1) with a small MSS. Single-segment GSO packets (gso_segs == 1) do not trigger the problematic LSO code path and are transmitted normally without segmentation. Add an ndo_features_check callback to disable GSO when MSS < 224 bytes. Also call vlan_features_check() to ensure proper handling of VLAN packets, particularly QinQ (802.1ad) configurations where the hardware parser may not support certain offload features. Validated using iptables to force small MSS values. Without the fix, the adapter freezes. With the fix, packets are segmented in software and transmission succeeds. Comprehensive regression testing completedd (MSS tests, performance, stability). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…