Aggregator

A vulnerability described as critical has been identified in neka-nat cupoch. This impacts an unknown function in the library third_party/libjpeg-turbo/libjpeg-turbo. Such manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-24797. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

The retail sector must adapt as consumers become more cybersecurity-conscious. Increased attack transparency is a good place to start.

A vulnerability categorized as problematic has been discovered in PHP Jabbers Hotel Booking System 4.0. The impacted element is an unknown function of the component Password Recovery. Such manipulation leads to information exposure through discrepancy. This vulnerability is referenced as CVE-2023-40760. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in PHP Jabbers Yacht Listing Script 2.0. This affects an unknown function of the component Password Recovery. Performing a manipulation results in information exposure through discrepancy. This vulnerability is identified as CVE-2023-40761. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in PHP Jabbers Document Creator 1.0. It has been declared as problematic. Impacted is an unknown function of the component Password Recovery. The manipulation results in information exposure through discrepancy. This vulnerability was named CVE-2023-40758. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in PHP Jabbers Restaurant Booking Script 3.0. It has been rated as problematic. The affected element is an unknown function of the component Password Recovery. This manipulation causes information exposure through discrepancy. The identification of this vulnerability is CVE-2023-40759. It is possible to initiate the attack remotely. There is no exploit available.

Currently trending CVE - Hype Score: 9 - The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary ...

Currently trending CVE - Hype Score: 33 - Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS ...

Currently trending CVE - Hype Score: 10 - SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system ...

Currently trending CVE - Hype Score: 12 - In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

Currently trending CVE - Hype Score: 10 - In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for ...

Currently trending CVE - Hype Score: 10 - Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Currently trending CVE - Hype Score: 13 - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to ...

Currently trending CVE - Hype Score: 13 - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 9 - A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 ...

Currently trending CVE - Hype Score: 30 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček ...

A vulnerability labeled as critical has been found in Mozilla Firefox up to 147.0.1. This vulnerability affects unknown code of the component Anti-Tracking. The manipulation results in Remote Code Execution. This vulnerability was named CVE-2026-24868. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 147.0.1. This affects an unknown function of the component Layout. The manipulation leads to use after free. This vulnerability is listed as CVE-2026-24869. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in NVIDIA GeForce, RTX, Quadro and NVS on Windows. Impacted is an unknown function of the component HD Audio Driver. Executing a manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2025-33237. The attack is restricted to local execution. No exploit exists.

A vulnerability labeled as critical has been found in NVIDIA GeForce, RTX PRO, RTX, Quadro, Tesla, Guest driver and Virtual GPU Manager on Linux. This issue affects some unknown processing of the component Kernel Module. The manipulation results in integer overflow. This vulnerability was named CVE-2025-33219. The attack needs to be approached locally. There is no available exploit.