Aggregator

A vulnerability marked as problematic has been reported in Orthanc DICOM Server up to 1.12.10. This issue affects some unknown processing of the component ZIP Archive Handler. The manipulation of the argument size leads to allocation of resources. This vulnerability is documented as CVE-2026-5439. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in Orthanc DICOM Server up to 1.12.10. Impacted is the function DecodePsmctRle1 of the file DicomImageDecoder.cpp of the component Image Parser. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-5441. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in Orthanc DICOM Server up to 1.12.10. The affected element is an unknown function of the component DICOM Image Parser. This manipulation causes integer overflow. This vulnerability appears as CVE-2026-5442. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Orthanc DICOM Server up to 1.12.10. The impacted element is an unknown function of the component DICOM Image Parser. Such manipulation leads to integer overflow. This vulnerability is traded as CVE-2026-5443. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Orthanc DICOM Server up to 1.12.10. This affects the function DecodeLookupTable of the file DicomImageDecoder.cpp of the component Image Parser. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-5445. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, has been found in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. This vulnerability is identified as CVE-2026-5959. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Submit #796310 / VDB-354113

Submit #796281 / VDB-356619

Submit #796232 / VDB-356618

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and

Submit #796201 / VDB-356617

Submit #796200 / VDB-356616

Submit #796199 / VDB-356615

A vulnerability was found in Kiamo up to 8.3. It has been classified as problematic. This issue affects some unknown processing of the component Administrative Interface. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2025-70365. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in mtrojnar osslsigncode up to 2.11 and classified as critical. This vulnerability affects unknown code. Such manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-39853. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in makeplane plane up to 1.2.x and classified as critical. This affects the function fetch_and_encode_favicon. This manipulation causes server-side request forgery. This vulnerability is handled as CVE-2026-39843. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Kiamo up to 8.3. Affected by this issue is some unknown functionality. The manipulation results in privilege escalation. This vulnerability is known as CVE-2025-70364. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in ChurchCRM up to 7.0.x. Affected by this vulnerability is an unknown functionality of the file EditEventAttendees.php. The manipulation of the argument EName/EDesc leads to cross site scripting. This vulnerability is traded as CVE-2026-39941. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]

A vulnerability classified as critical was found in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. This vulnerability appears as CVE-2026-6033. The attack may be performed from remote. In addition, an exploit is available.