authentik is an open-source identity provider
Description
authentik is an open-source identity provider
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
authentik is an open-source identity provider
authentik is an open-source identity provider
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and...
The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5
---METADATA---
VENDOR: Zarinpal
PRODUCT: Zarinpal Gateway for WooCommerce plugin
AFFECTED_VERSIONS: Up to and including 5
---END_METADATA---
Description Summary:
The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to improper access control, allowing unauthorized modification of payment status updates.
Executive Summary:
A high-severity access control vulnerability in the Zarinpal Gateway plugin could allow attackers to manipulate payment statuses, leading to financial loss and order fulfillment fraud.
Vulnerability Details
CVE-ID: CVE-2026-2592
Affected Software: Zarinpal Gateway for WooCommerce (WordPress Plugin)
Affected Versions: Up to and including 5
Vulnerability: The plugin fails to properly validate access controls during payment status updates. This allows an attacker to potentially mark unpaid orders as "paid" or otherwise manipulate the transaction lifecycle without proper authorization.
Business Impact
This vulnerability directly impacts the financial integrity of e-commerce operations. Attackers could obtain goods or services without payment, resulting in direct revenue loss. The CVSS score of 7.7 reflects the high risk to business logic and financial transactions.
Remediation Plan
Immediate Action: Update the Zarinpal Gateway for WooCommerce plugin to the latest version immediately.
Proactive Monitoring: Audit recent WooCommerce orders to ensure that payment statuses match actual transactions in the Zarinpal merchant portal.
Compensating Controls: Implement additional verification steps for high-value orders and use a Web Application Firewall (WAF) to filter suspicious requests to payment callback endpoints.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 17, 2026, no public exploitation has been confirmed. However, payment gateway vulnerabilities are highly sought after by financially motivated threat actors.
Analyst Recommendation
E-commerce site administrators must prioritize this update to protect their revenue streams. In addition to patching, a manual audit of recent transactions is recommended to ensure no exploitation has already occurred.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
Dell Optimizer, versions prior to 6
Dell Optimizer, versions prior to 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Fiber is an Express inspired web framework written in Go
Fiber is an Express inspired web framework written in Go
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A regex wildcard handling error in fast-xml-parser's DOCTYPE entity replacement allows attackers to shadow built-in entities, leading to Cross-Site Sc...
A regex wildcard handling error in fast-xml-parser's DOCTYPE entity replacement allows attackers to shadow built-in entities, leading to Cross-Site Scripting (XSS).
---METADATA---
VENDOR: fast-xml-parser
PRODUCT: fast-xml-parser
AFFECTED_VERSIONS: 4.1.3 to before 5.3.5
---END_METADATA---
Description Summary:
A regex wildcard handling error in fast-xml-parser's DOCTYPE entity replacement allows attackers to shadow built-in entities, leading to Cross-Site Scripting (XSS).
Executive Summary:
A vulnerability in fast-xml-parser allows attackers to bypass entity encoding and execute malicious scripts in the user's browser via a specially crafted XML payload.
Vulnerability Details
CVE-ID: CVE-2026-25896
Affected Software: fast-xml-parser
Affected Versions: 4.1.3 to before 5.3.5
Vulnerability: The parser incorrectly treats a dot (.) in a DOCTYPE entity name as a regex wildcard during replacement. This allows an unauthenticated attacker to shadow standard entities (like <) with arbitrary values, bypassing security filters and leading to Cross-Site Scripting (XSS) when the output is rendered.
Business Impact
Successful exploitation can lead to the theft of session cookies, account hijacking, and the delivery of further client-side attacks. While XSS is often categorized as Medium, the CVSS score of 9.3 reflects the critical nature of this specific bypass within a widely used parsing library that handles sensitive data.
Remediation Plan
Immediate Action: Update the fast-xml-parser library to version 5.3.5 or later to resolve the regex wildcard replacement flaw.
Proactive Monitoring: Review application logs for XML payloads containing suspicious DOCTYPE declarations or attempts to redefine built-in XML entities.
Compensating Controls: Implement a Content Security Policy (CSP) to limit the impact of potential script injection and use a Web Application Firewall (WAF) to filter malicious XML input.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Feb 20, 2026, there is no public information indicating active exploitation. However, because this library is common in many JavaScript environments, the impact surface is broad.
Analyst Recommendation
Developers should immediately verify the version of fast-xml-parser used in their projects. Upgrading to version 5.3.5 is essential to prevent attackers from bypassing encoding mechanisms and executing unauthorized scripts on the client side.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Adminer is open-source database management software
Adminer is open-source database management software
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts
---METADATA---
VENDOR: Chartbrew
PRODUCT: Chartbrew
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
Chartbrew, an open-source data visualization platform, contains a vulnerability that could allow unauthorized access to connected databases and APIs.
Executive Summary:
Chartbrew is affected by a high-severity vulnerability that could enable attackers to gain unauthorized access to sensitive backend databases and external API services.
Vulnerability Details
CVE-ID: CVE-2026-25888
Affected Software: Chartbrew
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability affects the core web application of Chartbrew, which manages connections to external data sources. The flaw likely involves an authentication bypass or an injection vulnerability, potentially allowing an unauthenticated or low-privileged attacker to intercept or manipulate data queries.
Business Impact
The business impact is significant due to Chartbrew's role as a centralized hub for sensitive organizational data. A CVSS score of 8.8 reflects the high risk of a data breach, where an attacker could extract proprietary information from connected databases or manipulate business intelligence reports, leading to financial loss and reputational damage.
Remediation Plan
Immediate Action: Update the Chartbrew application to the latest version immediately to patch the vulnerability in the data connection logic.
Proactive Monitoring: Review database access logs for any anomalous queries or connection attempts originating from the Chartbrew host.
Compensating Controls: Restrict database user permissions for the account used by Chartbrew to "read-only" and utilize a Web Application Firewall (WAF) to filter suspicious traffic.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 7, 2026, there is no public information indicating active exploitation of this vulnerability. However, because Chartbrew is open-source and handles direct database credentials, the incentive for discovery and exploitation by malicious actors is high.
Analyst Recommendation
With a CVSS score of 8.8, this vulnerability is nearing the "Critical" threshold. Organizations must apply the vendor's security updates immediately and rotate any database or API credentials stored within the Chartbrew platform to ensure long-term security.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SandboxJS versions before 0.8.31 contain a sandbox escape vulnerability via prototype pollution, potentially allowing sandboxed code to achieve remote...
SandboxJS versions before 0.8.31 contain a sandbox escape vulnerability via prototype pollution, potentially allowing sandboxed code to achieve remote code execution (RCE) on the host.
---METADATA---
VENDOR: SandboxJS
PRODUCT: SandboxJS
AFFECTED_VERSIONS: Versions prior to 0.8.31
---END_METADATA---
Description Summary:
SandboxJS versions before 0.8.31 contain a sandbox escape vulnerability via prototype pollution, potentially allowing sandboxed code to achieve remote code execution (RCE) on the host.
Executive Summary:
A critical sandbox escape in SandboxJS allows malicious code to bypass security boundaries and execute arbitrary commands on the host system through prototype pollution.
Vulnerability Details
CVE-ID: CVE-2026-25881
Affected Software: SandboxJS
Affected Versions: Prior to 0.8.31
Vulnerability: The vulnerability exists in how the library handles global prototype references within array literals, which strips the "isGlobal" protection flag. This unauthenticated flaw allows sandboxed code to mutate host built-in prototypes, leading to persistent prototype pollution and potential Remote Code Execution (RCE).
Business Impact
The ability to escape a JavaScript sandbox undermines the primary security control of the library. With a CVSS score of 9.0, this vulnerability allows an attacker to transition from a restricted environment to full host compromise. This could lead to unauthorized data access, system-wide instability, and the execution of malicious payloads in the application's context.
Remediation Plan
Immediate Action: Update the SandboxJS library to version 0.8.31 or later to resolve the prototype mutation flaw.
Proactive Monitoring: Audit application code for uses of sensitive sinks (like execSync) that could be influenced by polluted object properties.
Compensating Controls: Implement strict Content Security Policies (CSP) and use object freezing techniques on global prototypes to prevent unauthorized modifications at runtime.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Feb 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, the technical details provided in the disclosure significantly lower the barrier for developing a functional exploit.
Analyst Recommendation
Developers using SandboxJS must treat this as a high-priority update. Because prototype pollution can have far-reaching effects across an entire Node.js process, immediate migration to version 0.8.31 is the only reliable way to ensure host integrity.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
SumatraPDF is a multi-format reader for Windows
SumatraPDF is a multi-format reader for Windows
---METADATA---
VENDOR: SumatraPDF
PRODUCT: SumatraPDF
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists in SumatraPDF for Windows. This flaw could allow for exploitation when the reader processes specially crafted multi-format documents.
Executive Summary:
SumatraPDF for Windows contains a high-severity vulnerability that could lead to system compromise if a user opens a maliciously crafted document.
Vulnerability Details
CVE-ID: CVE-2026-25880
Affected Software: SumatraPDF SumatraPDF
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability affects the SumatraPDF multi-format reader for Windows. While the specific technical vector is not detailed, the flaw typically involves an unauthenticated attacker providing a malicious file that triggers a memory corruption or logic error during parsing.
Business Impact
A successful exploit could lead to unauthorized code execution or application crashes, resulting in the loss of data integrity and system availability. With a CVSS score of 7.8, the risk is classified as High, as it targets a common end-user application used for handling diverse document formats. This could serve as an initial entry point for broader network compromise or intellectual property theft.
Remediation Plan
Immediate Action: IT administrators should update SumatraPDF installations to the latest version provided by the vendor immediately to mitigate the risk of document-based exploitation.
Proactive Monitoring: Security teams should monitor endpoint detection and response (EDR) logs for unusual child processes spawning from SumatraPDF.exe or unexpected file system modifications.
Compensating Controls: Restrict the opening of untrusted document formats from external sources and ensure email gateways are configured to scan for suspicious attachments.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 10, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw in a popular document reader, the potential for exploitation via phishing or web-based delivery is high.
Analyst Recommendation
The high CVSS score of 7.8 necessitates immediate attention from patch management teams. Because document readers are frequently targeted by threat actors to gain a foothold on workstations, applying the vendor-supplied security update is the only effective way to ensure the security of the environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Crypt::NaCl::Sodium for Perl contains an integer overflow on 32-bit systems when casting length pointers, potentially leading to memory corruption or...
Crypt::NaCl::Sodium for Perl contains an integer overflow on 32-bit systems when casting length pointers, potentially leading to memory corruption or cryptographic failures.
---METADATA---
VENDOR: Perl (CPAN)
PRODUCT: Crypt::NaCl::Sodium
AFFECTED_VERSIONS: Through 2.001
---END_METADATA---
Description Summary:
Crypt::NaCl::Sodium for Perl contains an integer overflow on 32-bit systems when casting length pointers, potentially leading to memory corruption or cryptographic failures.
Executive Summary:
A critical integer overflow vulnerability in the Crypt::NaCl::Sodium Perl module on 32-bit systems could allow attackers to cause memory corruption or bypass security controls.
Vulnerability Details
CVE-ID: CVE-2026-2588
Affected Software: Crypt::NaCl::Sodium (Perl module)
Affected Versions: Through 2.001
Vulnerability: An integer overflow exists on 32-bit systems where a 32-bit size_t is cast to a 64-bit unsigned long long when passing length pointers to libsodium. This discrepancy can lead to incorrect memory allocation or processing within the cryptographic library.
Business Impact
Exploitation of this flaw can lead to application crashes, memory corruption, or the compromise of cryptographic operations. On 32-bit platforms, this poses a significant risk to the integrity of encrypted data and the overall stability of applications relying on this library. The CVSS score is 9.1.
Remediation Plan
Immediate Action: Update the Crypt::NaCl::Sodium Perl module to the latest version via CPAN and recompile the module to ensure the fix is applied.
Proactive Monitoring: Monitor 32-bit systems for application crashes or unexpected behavior during cryptographic operations.
Compensating Controls: Migrate critical applications to 64-bit architectures where this specific integer overflow does not occur.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Feb 23, 2026, there is no public information indicating active exploitation. This vulnerability specifically targets legacy 32-bit environments, which may still be present in industrial or embedded systems.
Analyst Recommendation
Organizations running Perl applications on 32-bit systems must update this library immediately. The potential for memory corruption in a cryptographic module is a high-risk scenario that could undermine the security of the entire application stack.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The Langroid framework is vulnerable to remote code execution due to insecure handling of SQL produced by large language models.
The Langroid framework is vulnerable to remote code execution due to insecure handling of SQL produced by large language models.
---METADATA---
VENDOR: Langroid
PRODUCT: Langroid Framework
AFFECTED_VERSIONS: Prior to 0.63.0
---END_METADATA---
Description Summary:
The Langroid framework is vulnerable to remote code execution due to insecure handling of SQL produced by large language models.
Executive Summary:
An insecure SQL execution vulnerability in the Langroid framework allows prompt injection to trigger remote code execution on database hosts.
Vulnerability Details
CVE-ID: CVE-2026-25879
Affected Software: Langroid Framework
Affected Versions: Prior to 0.63.0
Vulnerability: The SQLChatAgent component executes SQL generated by an LLM without adequate sanitization, allowing an attacker to use prompt injection to execute dialect-specific system commands (e.g., xp_cmdshell) on the database host.
Business Impact
Successful exploitation allows an attacker to gain system-level access to the database server, leading to data exfiltration or total server takeover. With a CVSS score of 9.8, this flaw presents a critical risk to any application utilizing Langroid for LLM-powered database interaction.
Remediation Plan
Immediate Action: Upgrade to Langroid v0.63.0, which implements a secure allowlist for SQL operations and blocks dangerous patterns.
Proactive Monitoring: Review database audit logs for execution of dangerous system commands or unexpected queries originating from the application service.
Compensating Controls: Ensure the database user account utilized by the application has the minimum necessary privileges, explicitly denying access to system-level commands like xp_cmdshell or FILE.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Jun 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Frameworks integrating LLMs with database access must be configured with the principle of least privilege. Organizations should update to version 0.63.0 immediately and verify that database roles are restricted from performing administrative or system-level actions.
Update LG Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The OmniGen2-RL reward server contains an unauthenticated remote code execution (RCE) vulnerability due to insecure pickle deserialization of HTTP POS...
The OmniGen2-RL reward server contains an unauthenticated remote code execution (RCE) vulnerability due to insecure pickle deserialization of HTTP POST request bodies.
---METADATA---
VENDOR: OmniGen2-RL
PRODUCT: Reward Server
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
The OmniGen2-RL reward server contains an unauthenticated remote code execution (RCE) vulnerability due to insecure pickle deserialization of HTTP POST request bodies.
Executive Summary:
An unauthenticated RCE vulnerability in the OmniGen2-RL reward server allows attackers to execute arbitrary commands on the host system via malicious HTTP requests.
Vulnerability Details
CVE-ID: CVE-2026-25873
Affected Software: OmniGen2-RL Reward Server
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The reward server component insecurely deserializes request bodies using the Python pickle module. Because this occurs before authentication, any remote attacker can send a crafted HTTP POST request containing a malicious pickle payload to achieve code execution on the server.
Business Impact
This vulnerability is critical, as evidenced by its CVSS score of 9.8. It permits complete system takeover by an unauthenticated remote attacker. The business impact includes the potential for total data loss, deployment of ransomware, and the use of the compromised server as a pivot point for further internal network attacks.
Remediation Plan
Immediate Action: Update the OmniGen2-RL reward server to the latest version immediately. If the service is not strictly necessary for external operations, disable network access to the reward server port.
Proactive Monitoring: Inspect network traffic for suspicious HTTP POST requests directed at the reward server and monitor the host for unauthorized process creation or unexpected network connections.
Compensating Controls: Place the reward server behind a firewall and restrict access to specific, trusted IP addresses. Replace pickle-based communication with safer formats like JSON where possible.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 18, 2026, there is no public information indicating active exploitation. However, insecure deserialization is a well-known attack vector, and unauthenticated RCE vulnerabilities are frequently exploited shortly after discovery.
Analyst Recommendation
Immediate patching is required. The ability for an unauthenticated attacker to execute code remotely represents the highest possible risk tier. Organizations should isolate the affected service until the patch is verified and applied.
Update the reward Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A remote code execution vulnerability in the GlassFish server-side template rendering mechanism allows attackers to execute arbitrary commands via mal...
A remote code execution vulnerability in the GlassFish server-side template rendering mechanism allows attackers to execute arbitrary commands via malicious Expression Language (EL) injection.
---METADATA---
VENDOR: Oracle
PRODUCT: GlassFish
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A remote code execution vulnerability in the GlassFish server-side template rendering mechanism allows attackers to execute arbitrary commands via malicious Expression Language (EL) injection.
Executive Summary:
A critical remote code execution vulnerability in the GlassFish server allows unauthenticated attackers to gain full control of the underlying host system.
Vulnerability Details
CVE-ID: CVE-2026-2587
Affected Software: Oracle GlassFish
Affected Versions: See vendor advisory
Vulnerability: The application improperly sanitizes user-supplied values during template rendering, enabling Expression Language (EL) injection. This allows an unauthenticated attacker to execute arbitrary OS commands on the host server.
Business Impact
This vulnerability carries a CVSS score of 9.6, indicating a catastrophic potential for business operations. Successful exploitation results in complete system compromise, enabling data exfiltration, persistence, and lateral movement within the network, which could lead to a total loss of confidentiality and integrity.
Remediation Plan
Immediate Action: Apply the latest security patches provided by the vendor to remediate the template rendering mechanism.
Proactive Monitoring: Monitor server logs for suspicious XML input patterns and expressions (e.g., #{...}) that deviate from standard operational traffic.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules designed to detect and block malicious EL injection patterns in incoming requests.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the potential for full system compromise, this vulnerability requires immediate attention. Security teams must ensure that all GlassFish instances are patched and that input validation controls are reviewed and strengthened to prevent further injection attempts.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
MobaXterm versions prior to 26
MobaXterm versions prior to 26
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Conditional Fields for Contact Form 7 WordPress plugin through version 2
Conditional Fields for Contact Form 7 WordPress plugin through version 2
---METADATA---
VENDOR: WordPress
PRODUCT: Conditional Fields for Contact Form 7
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability exists in the Conditional Fields for Contact Form 7 WordPress plugin, potentially allowing for unauthorized actions.
Executive Summary:
A high-severity vulnerability in the Conditional Fields for Contact Form 7 plugin requires an immediate update to maintain the security of the WordPress environment.
Vulnerability Details
CVE-ID: CVE-2026-25863
Affected Software: WordPress plugin "Conditional Fields for Contact Form 7"
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Conditional Fields for Contact Form 7 plugin. While the specific nature is not fully detailed, vulnerabilities in such plugins often involve improper capability checks, allowing unauthorized users to modify forms or access data.
Business Impact
Assigned a CVSS score of 7.5, this vulnerability represents a significant risk. If exploited, it could allow unauthorized individuals to manipulate form submissions or access sensitive information collected through the contact forms.
Remediation Plan
Immediate Action: Update the "Conditional Fields for Contact Form 7" plugin to the latest version via the WordPress admin dashboard.
Proactive Monitoring: Review form submission logs for any suspicious activity or unauthorized configuration changes within the plugin.
Compensating Controls: If an update is not immediately available, disable the plugin or implement a Web Application Firewall (WAF) rule to block malicious requests targeting the plugin's endpoints.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 6, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Plugin vulnerabilities are a common attack vector for WordPress sites. Administrators must ensure all plugins are updated to the latest versions to mitigate the risk of compromise.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
An authenticated remote code execution vulnerability exists in the GlassFish Administration Console, allowing users with console access to execute arb...
An authenticated remote code execution vulnerability exists in the GlassFish Administration Console, allowing users with console access to execute arbitrary commands.
---METADATA---
VENDOR: Oracle
PRODUCT: GlassFish
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
An authenticated remote code execution vulnerability exists in the GlassFish Administration Console, allowing users with console access to execute arbitrary commands.
Executive Summary:
An authenticated remote code execution vulnerability in the GlassFish Administration Console allows an attacker with panel access to execute arbitrary operating system commands.
Vulnerability Details
CVE-ID: CVE-2026-2586
Affected Software: Oracle GlassFish
Affected Versions: See vendor advisory
Vulnerability: The Administration Console fails to properly sanitize requests, allowing an authenticated user to perform arbitrary command execution with the privileges of the application service user.
Business Impact
With a CVSS score of 9.1, this flaw poses a severe risk to internal security, as it allows a compromised or malicious administrative account to escalate privileges to the OS level. This could result in unauthorized data access or the complete takeover of the application server.
Remediation Plan
Immediate Action: Update GlassFish to the latest patched version and audit current administrative accounts for unauthorized activity.
Proactive Monitoring: Review logs for command execution attempts within the Administration Console and limit access to the console to trusted IP addresses only.
Compensating Controls: Implement Multi-Factor Authentication (MFA) for all administrative access and utilize the principle of least privilege for service accounts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
While this vulnerability requires authentication, the impact is severe. Organizations should immediately review who has access to the GlassFish Administration Console and apply the vendor's security patches to prevent potential privilege escalation.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OpenBullet2 through version 0
OpenBullet2 through version 0
---METADATA---
VENDOR: OpenBullet
PRODUCT: OpenBullet2
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability in OpenBullet2 allows for potential unauthorized operations.
Executive Summary:
OpenBullet2 contains a high-severity vulnerability that may allow attackers to compromise system integrity or access sensitive data.
Vulnerability Details
CVE-ID: CVE-2026-25856
Affected Software: OpenBullet, OpenBullet2
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability involves an unspecified security flaw within the OpenBullet2 framework. Given the nature of the application, this flaw likely allows for unauthenticated or low-privileged remote interaction with the automation engine.
Business Impact
The identified vulnerability carries a CVSS score of 8.8, classifying it as High severity. Exploitation could lead to unauthorized control over automated testing workflows, resulting in potential data exfiltration, service disruption, or the execution of arbitrary commands on the hosting environment.
Remediation Plan
Immediate Action: Audit current deployments and apply all available security updates provided by the OpenBullet project immediately.
Proactive Monitoring: Monitor server logs for unusual outbound traffic or unauthorized process execution initiated by the OpenBullet service account.
Compensating Controls: Implement strict network segmentation and ensure the OpenBullet instance is not exposed to the public internet without a Web Application Firewall (WAF) or VPN access.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the high CVSS score, the potential for exploitation is significant and requires immediate attention.
Analyst Recommendation
Organizations utilizing OpenBullet2 must prioritize this update to prevent potential system compromise. We recommend performing a thorough review of the application's environment and ensuring that the most recent stable version is deployed to mitigate this high-risk vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenBullet2 through version 0
OpenBullet2 through version 0
---METADATA---
VENDOR: OpenBullet
PRODUCT: OpenBullet2
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A second high-severity vulnerability has been identified in OpenBullet2, requiring urgent review and remediation by administrators.
Executive Summary:
OpenBullet2 is impacted by a high-severity security vulnerability that could lead to unauthorized system access or broader environment compromise.
Vulnerability Details
CVE-ID: CVE-2026-25855
Affected Software: OpenBullet2
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the OpenBullet2 framework. Similar to other high-severity flaws in this software, it presents a significant risk to the application's integrity and requires immediate patching.
Business Impact
The vulnerability poses a severe risk to any environment running OpenBullet2. With a CVSS score of 8.8, the potential for exploitation could result in full application compromise, potentially exposing the data processed or managed by the tool.
Remediation Plan
Immediate Action: Ensure the OpenBullet2 installation is updated to the latest available version as specified by the vendor.
Proactive Monitoring: Monitor for unexpected process execution or unauthorized changes to the application environment.
Compensating Controls: Isolate the OpenBullet2 instance from public-facing networks and restrict administrative access to trusted personnel.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
All organizations running OpenBullet2 should prioritize the remediation of this vulnerability. Promptly applying vendor-provided updates is the most effective way to secure the application against potential exploitation and protect against associated risks.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OCPP WebSocket endpoints lack authentication, allowing unauthenticated attackers to impersonate legitimate charging stations and issue unauthorized co...
OCPP WebSocket endpoints lack authentication, allowing unauthenticated attackers to impersonate legitimate charging stations and issue unauthorized commands.
---METADATA---
VENDOR: OCPP Implementations
PRODUCT: OCPP WebSocket Endpoint
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
OCPP WebSocket endpoints lack authentication, allowing unauthenticated attackers to impersonate legitimate charging stations and issue unauthorized commands.
Executive Summary:
The failure to authenticate OCPP WebSocket connections allows attackers to impersonate charging stations and manipulate critical infrastructure data.
Vulnerability Details
CVE-ID: CVE-2026-25851
Affected Software: OCPP WebSocket Implementations
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: An unauthenticated attacker can connect to an OCPP WebSocket endpoint using a discovered charging station ID. Without authentication, the backend accepts the attacker as a legitimate charger, allowing for full command issuance and reception.
Business Impact
Successful exploitation leads to privilege escalation and unauthorized control over the charging network. This can result in the corruption of charging data, unauthorized free charging, or disruption of service. The CVSS score of 9.4 indicates a critical vulnerability that directly impacts the security of the energy distribution chain.
Remediation Plan
Immediate Action: Enable and enforce authentication on the OCPP backend immediately, following the OCPP 1.6 or 2.0.1 security whitepapers.
Proactive Monitoring: Monitor for anomalous OCPP command sequences that deviate from standard charging station behavior.
Compensating Controls: Implement IP whitelisting for charging stations if they operate on static IP addresses or within a private APN.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Feb 27, 2026, there is no public information indicating active exploitation. The risk remains high due to the critical nature of the affected infrastructure.
Analyst Recommendation
Protecting charging infrastructure from unauthorized access is essential for maintaining public trust and operational stability. Immediate implementation of robust authentication for all WebSocket endpoints is required.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
JetBrains Hub versions prior to 2025.3.119807 contain an authentication bypass vulnerability that allows unauthenticated attackers to perform administ...
JetBrains Hub versions prior to 2025.3.119807 contain an authentication bypass vulnerability that allows unauthenticated attackers to perform administrative actions.
---METADATA---
VENDOR: JetBrains
PRODUCT: Hub
AFFECTED_VERSIONS: Prior to 2025.3.119807
---END_METADATA---
Description Summary:
JetBrains Hub versions prior to 2025.3.119807 contain an authentication bypass vulnerability that allows unauthenticated attackers to perform administrative actions.
Executive Summary:
An authentication bypass in JetBrains Hub allows unauthenticated remote attackers to gain administrative control over the platform, compromising all managed user accounts and integrations.
Vulnerability Details
CVE-ID: CVE-2026-25848
Affected Software: JetBrains Hub
Affected Versions: Prior to 2025.3.119807
Vulnerability: The vulnerability allows an unauthenticated attacker to bypass the standard login process. Once bypassed, the attacker can perform actions with administrative privileges, granting them full control over the Hub instance.
Business Impact
JetBrains Hub serves as a central authorization and user management point. A CVSS score of 9.1 reflects the critical risk; a successful exploit allows an attacker to modify user permissions, access sensitive integration tokens, and potentially pivot into other JetBrains tools like YouTrack or TeamCity, leading to a massive supply chain or data breach.
Remediation Plan
Immediate Action: Update JetBrains Hub to version 2025.3.119807 or later immediately.
Proactive Monitoring: Review administrative audit logs for any actions performed by unexpected IP addresses or during unusual timeframes.
Compensating Controls: Place the Hub instance behind a VPN or implement IP-based access control lists (ACLs) to restrict access to the administrative interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Feb 9, 2026, there is no public information indicating active exploitation. Because Hub manages identities for other critical development tools, this vulnerability is a high-value target for attackers.
Analyst Recommendation
Given that this is an unauthenticated authentication bypass, it must be treated with the highest urgency. Organizations should apply the update immediately to prevent unauthorized access to their identity management infrastructure.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
In JetBrains PyCharm before 2025
In JetBrains PyCharm before 2025
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Mbed TLS before 3
Mbed TLS before 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Mbed TLS 3
Mbed TLS 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A stack buffer overflow in HMS Networks Ewon Flexy and Cosy+ devices allows unauthenticated remote code execution or denial of service via malicious n...
A stack buffer overflow in HMS Networks Ewon Flexy and Cosy+ devices allows unauthenticated remote code execution or denial of service via malicious network requests.
---METADATA---
VENDOR: HMS Networks
PRODUCT: Ewon Flexy and Cosy+
AFFECTED_VERSIONS: Ewon Flexy < 15.0s4, Cosy+ 22.xx < 22.1s6, Cosy+ 23.xx < 23.0s3
---END_METADATA---
Description Summary:
A stack buffer overflow in HMS Networks Ewon Flexy and Cosy+ devices allows unauthenticated remote code execution or denial of service via malicious network requests.
Executive Summary:
Critical stack buffer overflow vulnerabilities in HMS Networks industrial gateways allow unauthenticated attackers to remotely execute code or crash devices, threatening industrial control stability.
Vulnerability Details
CVE-ID: CVE-2026-25823
Affected Software: HMS Networks Ewon Flexy and Cosy+
Affected Versions: Ewon Flexy < 15.0s4, Cosy+ 22.xx < 22.1s6, Cosy+ 23.xx < 23.0s3
Vulnerability: This vulnerability is a classic stack-based buffer overflow occurring within the device firmware. An unauthenticated remote attacker can send specially crafted packets to the device that overwrite memory, leading to either a system crash or the execution of arbitrary commands with high privileges.
Business Impact
The impact on industrial operations is severe, as these gateways often manage critical connectivity between OT and IT networks. A CVSS score of 9.8 reflects the potential for unauthenticated remote code execution, which could allow an attacker to pivot into the internal industrial network. This could lead to production downtime, physical equipment damage, or theft of operational data.
Remediation Plan
Immediate Action: Apply firmware updates provided by HMS Networks (15.0s4 for Flexy, 22.1s6 or 23.0s3 for Cosy+) to patch the overflow vulnerability.
Proactive Monitoring: Monitor industrial network traffic for anomalous packets directed at gateway management ports and track device stability for unexpected reboots.
Compensating Controls: Restrict access to the device management interfaces using firewalls and ensure the devices are not exposed directly to the public internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 13, 2026, there is no public information indicating active exploitation of this vulnerability. The complexity of crafting a stable exploit for embedded systems may delay widespread use, but the risk remains critical.
Analyst Recommendation
Given the critical role these devices play in industrial environments, immediate firmware patching is mandatory. Organizations should verify their current firmware versions and schedule maintenance windows to update all affected HMS Networks hardware to prevent potential remote takeover.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
HMS Networks Ewon Flexy with firmware before 15
HMS Networks Ewon Flexy with firmware before 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
HMS Networks Ewon Flexy and Cosy+ devices suffer from weak entropy in authentication cookies, enabling attackers to brute-force encryption parameters...
HMS Networks Ewon Flexy and Cosy+ devices suffer from weak entropy in authentication cookies, enabling attackers to brute-force encryption parameters and recover user passwords.
---METADATA---
VENDOR: HMS Networks
PRODUCT: Ewon Flexy and Cosy+
AFFECTED_VERSIONS: Ewon Flexy < 15.0s4, Cosy+ 22.xx < 22.1s6, Cosy+ 23.xx < 23.0s3
---END_METADATA---
Description Summary:
HMS Networks Ewon Flexy and Cosy+ devices suffer from weak entropy in authentication cookies, enabling attackers to brute-force encryption parameters and recover user passwords.
Executive Summary:
Weak cryptographic entropy in HMS Networks gateways allows attackers with a captured session cookie to crack user passwords, leading to unauthorized administrative access.
Vulnerability Details
CVE-ID: CVE-2026-25818
Affected Software: HMS Networks Ewon Flexy and Cosy+
Affected Versions: Ewon Flexy < 15.0s4, Cosy+ 22.xx < 22.1s6, Cosy+ 23.xx < 23.0s3
Vulnerability: The firmware utilizes insufficient entropy when generating authentication cookies. An attacker who successfully intercepts or steals a valid session cookie can perform an offline brute-force attack against the encryption parameters to reverse-engineer and identify the plaintext user password.
Business Impact
The compromise of administrative passwords on industrial gateways grants attackers full control over the device and the traffic it manages. With a CVSS score of 9.1, this vulnerability represents a high risk to the confidentiality of credentials. Once a password is recovered, the attacker can maintain persistent access and potentially manipulate industrial processes.
Remediation Plan
Immediate Action: Update device firmware to the latest versions (15.0s4, 22.1s6, or 23.0s3) to implement stronger entropy for session management.
Proactive Monitoring: Monitor for multiple failed login attempts or unusual administrative activity that might indicate the use of compromised credentials.
Compensating Controls: Enforce the use of HTTPS for all management sessions to prevent cookie interception and implement multi-factor authentication where supported.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 13, 2026, there is no public information indicating active exploitation of this vulnerability. However, the use of weak cryptography is a common target for sophisticated attackers seeking long-term access.
Analyst Recommendation
The recovery of plaintext passwords through session analysis is a critical security failure. Administrators must update HMS Networks firmware immediately. After updating, it is strongly recommended that all administrative passwords be changed, as they may have been previously compromised without detection.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
HMS Networks Ewon Flexy with firmware before 15
HMS Networks Ewon Flexy with firmware before 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
3DP-MANAGER automatically creates an administrative account with default credentials (admin/admin) upon initialization. Attackers can use these creden...
3DP-MANAGER automatically creates an administrative account with default credentials (admin/admin) upon initialization. Attackers can use these credentials to gain full control over VPN and system settings.
---METADATA---
VENDOR: 3DP-MANAGER
PRODUCT: 3DP-MANAGER
AFFECTED_VERSIONS: 2.0.1 and prior
---END_METADATA---
Description Summary:
3DP-MANAGER automatically creates an administrative account with default credentials (admin/admin) upon initialization. Attackers can use these credentials to gain full control over VPN and system settings.
Executive Summary:
The use of hardcoded default administrative credentials in 3DP-MANAGER allows unauthenticated attackers to gain full control over the application and its VPN management features.
Vulnerability Details
CVE-ID: CVE-2026-25803
Affected Software: 3DP-MANAGER
Affected Versions: 2.0.1 and prior
Vulnerability: Upon initial setup, the application creates an account with the well-known credentials "admin/admin". Any unauthenticated attacker with network access to the login interface can use these credentials to gain full administrative privileges.
Business Impact
A CVSS score of 9.8 reflects the high impact of this flaw. An attacker gaining administrative access can manage VPN tunnels, modify system settings, and potentially intercept or redirect network traffic, leading to a complete breach of the organization's secure communications.
Remediation Plan
Immediate Action: Change the default "admin" password immediately. Plan to update to version 2.0.2 as soon as it is released to address the underlying initialization flaw.
Proactive Monitoring: Check system logs for successful logins using the "admin" account from unexpected IP addresses and review all VPN configuration changes for unauthorized modifications.
Compensating Controls: Implement multi-factor authentication (MFA) if supported, or restrict access to the 3DP-MANAGER login page to a specific administrative management network.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Feb 6, 2026, active exploitation has not been reported, but the use of default credentials is one of the most common vectors for automated attacks.
Analyst Recommendation
The presence of default credentials on an internet-facing management tool is a critical security failure. Administrators must change the default password immediately and update the software to version 2.0.2 upon release to secure the deployment.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system
---METADATA---
VENDOR: New API
PRODUCT: New API LLM Gateway
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the New API large language model (LLM) gateway and AI asset management system could allow for unauthorized access or manipulation of AI resources.
Executive Summary:
The New API LLM gateway is subject to a high-severity vulnerability that could compromise artificial intelligence asset management and gateway integrity.
Vulnerability Details
CVE-ID: CVE-2026-25802
Affected Software: New API LLM Gateway
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the New API system, a gateway designed for managing LLM and AI assets. While the specific vulnerability type is not detailed, the high CVSS score suggests a critical failure in access control or input handling within the API management layer.
Business Impact
A successful exploit could lead to the unauthorized use of expensive AI model credits, leakage of sensitive training data, or the redirection of LLM traffic to malicious endpoints. With a CVSS score of 7.6, the severity is classified as High, reflecting a significant risk to the confidentiality and integrity of an organization’s AI infrastructure and associated data assets.
Remediation Plan
Immediate Action: Administrators should apply the latest security updates provided by the New API project maintainers immediately to secure the gateway.
Proactive Monitoring: Implement rigorous logging of API requests and monitor for unusual spikes in LLM token usage or unauthorized IP addresses accessing the management console.
Compensating Controls: Deploy a Web Application Firewall (WAF) to filter incoming traffic to the gateway and restrict access to the management interface using IP allowlisting.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw in a centralized AI gateway, the potential for exploitation is high once details emerge.
Analyst Recommendation
The high CVSS score and the critical role that LLM gateways play in modern infrastructure necessitate immediate action. Organizations utilizing New API must prioritize the application of vendor-provided patches. Failure to remediate this flaw could result in significant financial loss through resource theft or the exposure of proprietary AI workflows.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injectio...
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4
---METADATA---
VENDOR: WP Maps
PRODUCT: WP Maps – Store Locator
AFFECTED_VERSIONS: Up to and including 4.x
---END_METADATA---
Description Summary:
The WP Maps WordPress plugin is vulnerable to time-based SQL Injection via the ‘orderby’ parameter, allowing attackers to extract sensitive database information.
Executive Summary:
A high-severity SQL Injection vulnerability in the WP Maps plugin for WordPress allows attackers to extract sensitive information from the site's database.
Vulnerability Details
CVE-ID: CVE-2026-2580
Affected Software: WP Maps WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters
Affected Versions: All versions up to, and including, 4.x
Vulnerability: The plugin is vulnerable to time-based SQL Injection through the orderby parameter. This occurs because the plugin fails to properly sanitize user-supplied input before using it in a database query, allowing a remote attacker to infer data by observing the time the server takes to respond.
Business Impact
An attacker can use this vulnerability to extract sensitive information from the WordPress database, including user credentials, configuration details, and customer information. This leads to a loss of confidentiality and can serve as a stepping stone for a full site takeover. The CVSS score of 7.5 reflects this significant risk.
Remediation Plan
Immediate Action: Update the WP Maps plugin to the latest version immediately to resolve the SQL injection flaw.
Proactive Monitoring: Review database logs for unusual time-delay queries and monitor for unauthorized access to administrative accounts.
Compensating Controls: Enable a Web Application Firewall (WAF) with SQL injection protection rules to mitigate exploitation attempts while waiting for a patch window.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 23, 2026, there is no public information indicating active exploitation. SQL injection remains one of the most common and effective attack vectors for compromising web applications.
Analyst Recommendation
Applying the vendor's patch is the only effective way to remediate this vulnerability. Organizations should prioritize this update to protect their database integrity and prevent sensitive data leakage.
Apply vendor patches immediately. Review database access controls and enable query logging.
ImageMagick is free and open-source software used for editing and manipulating digital images
ImageMagick is free and open-source software used for editing and manipulating digital images
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Sliver is a command and control framework that uses a custom Wireguard netstack
Sliver is a command and control framework that uses a custom Wireguard netstack
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all ve...
The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interf...
Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "Motion Control Diagnostics" parameters page, the malicious code would be executed in the scope of their web session.
---METADATA---
VENDOR: Siemens
PRODUCT: SIMATIC S7-1500 / TIA Portal (via "Motion Control Diagnostics")
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status
---END_METADATA---
Description Summary:
A stored cross-site scripting (XSS) vulnerability in the "Motion Control Diagnostics" web interface allows authenticated attackers to inject malicious scripts.
Executive Summary:
An authenticated stored XSS vulnerability in the Motion Control Diagnostics interface allows attackers to execute malicious scripts in the context of other users' sessions.
Vulnerability Details
CVE-ID: CVE-2026-25787
Affected Software: Siemens (inferred from TIA project context) Motion Control Diagnostics
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: The application fails to sanitize Technology Object (TO) names rendered on the "Motion Control Diagnostics" page. An authenticated attacker with project download permissions can inject malicious scripts that execute when a benign user views the page.
Business Impact
With a CVSS score of 9.1, this vulnerability presents a high risk of session hijacking and unauthorized administrative actions. By compromising the web session of an authorized user, an attacker could potentially manipulate diagnostic data or gain further unauthorized access to the industrial control system environment.
Remediation Plan
Immediate Action: Update the affected products to the latest version provided by the vendor to ensure proper input sanitization.
Proactive Monitoring: Audit access to the "Motion Control Diagnostics" page and monitor for anomalous script execution or unexpected changes to project configurations.
Compensating Controls: Limit access to the web interface to authorized personnel only and ensure that users log out immediately after finishing administrative tasks.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of May 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability highlights the risk of script injection in industrial web interfaces. Administrators should verify the patch status with the vendor and enforce strict access controls for users capable of modifying TIA projects to mitigate the threat of session compromise.
Update Affected Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This co...
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "communication" parameters page, the malicious code would be executed in the scope of their web session.
---METADATA---
VENDOR: Siemens
PRODUCT: SIMATIC S7-1500 / TIA Portal (via "communication" parameters)
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status
---END_METADATA---
Description Summary:
A stored cross-site scripting (XSS) vulnerability exists on the "communication" parameters page of the web interface, allowing authenticated attackers to inject malicious scripts.
Executive Summary:
An authenticated stored XSS vulnerability in the communication parameters page allows attackers to execute malicious scripts in the context of other users' web sessions.
Vulnerability Details
CVE-ID: CVE-2026-25786
Affected Software: Siemens (inferred from TIA project context) communication parameters interface
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: The application does not properly validate or sanitize PLC/station names rendered on the "communication" parameters page. An authenticated attacker authorized to download TIA projects can inject scripts that execute within the web session of any user viewing the page.
Business Impact
The CVSS score of 9.1 underscores the critical nature of this flaw, as it facilitates the compromise of user sessions. Successful exploitation can lead to unauthorized access to system parameters and potential manipulation of industrial communication settings, impacting operational integrity.
Remediation Plan
Immediate Action: Apply the latest firmware or software updates released by the vendor to resolve the input validation issue.
Proactive Monitoring: Review web interface logs for suspicious activity and monitor for any unauthorized modifications to PLC or station names.
Compensating Controls: Implement strict role-based access control (RBAC) to limit the number of users who can download TIA projects to the device.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of May 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Maintaining the integrity of the web management interface is essential for system security. Organizations must ensure that all relevant patches are applied to prevent the execution of malicious scripts and restrict project-level access to trusted, authenticated users only.
Update Affected Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A path traversal vulnerability in Lanscope Endpoint Manager allows attackers to tamper with arbitrary files. This flaw can be leveraged to execute arb...
A path traversal vulnerability in Lanscope Endpoint Manager allows attackers to tamper with arbitrary files. This flaw can be leveraged to execute arbitrary code on the affected Sub-Manager Server.
---METADATA---
VENDOR: Motex
PRODUCT: Lanscope Endpoint Manager (On-Premises)
AFFECTED_VERSIONS: Sub-Manager Server Ver.9.4.7.3 and earlier
---END_METADATA---
Description Summary:
A path traversal vulnerability in Lanscope Endpoint Manager allows attackers to tamper with arbitrary files. This flaw can be leveraged to execute arbitrary code on the affected Sub-Manager Server.
Executive Summary:
Motex Lanscope Endpoint Manager is affected by a critical path traversal vulnerability that could allow an unauthenticated attacker to tamper with files and achieve remote code execution.
Vulnerability Details
CVE-ID: CVE-2026-25785
Affected Software: Motex Lanscope Endpoint Manager (On-Premises)
Affected Versions: Sub-Manager Server Ver.9.4.7.3 and earlier
Vulnerability: The vulnerability is a classic path traversal flaw within the Sub-Manager Server component. An unauthenticated attacker can use specially crafted input to access files outside of the intended directory, leading to unauthorized file modification and potential code execution.
Business Impact
This vulnerability carries a CVSS score of 9.8, reflecting its potential for total system compromise. Successful exploitation could allow an attacker to gain a foothold in the corporate network, steal sensitive endpoint data, or deploy ransomware across the infrastructure. The ability to execute arbitrary code on a management server is a catastrophic risk to business continuity.
Remediation Plan
Immediate Action: Update the Lanscope Endpoint Manager Sub-Manager Server to the latest patched version provided by Motex.
Proactive Monitoring: Review server logs for unusual file access patterns or requests containing "dot-dot-slash" (../) sequences directed at the Sub-Manager Server.
Compensating Controls: Deploy a Web Application Firewall (WAF) with path traversal detection rules to filter malicious incoming requests before they reach the application server.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Feb 25, 2026, there is no public information indicating active exploitation of this vulnerability. Due to the critical nature of path traversal leading to RCE, security teams should treat this as a high-priority threat.
Analyst Recommendation
Path traversal vulnerabilities in endpoint management software are particularly dangerous as these servers often have high-level privileges across the network. Security administrators must prioritize the installation of the latest software updates. Immediate isolation of the Sub-Manager Server from the public internet is strongly recommended until the patch is applied.
Update Path Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
in OpenHarmony v6
in OpenHarmony v6
---METADATA---
VENDOR: OpenHarmony
PRODUCT: OpenHarmony
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
An unspecified security vulnerability has been identified in OpenHarmony version 6.
Executive Summary:
OpenHarmony v6 is subject to a security vulnerability that could allow for unauthorized system impact if left unmitigated.
Vulnerability Details
CVE-ID: CVE-2026-25781
Affected Software: OpenHarmony
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The source data provides insufficient technical information to classify the specific vulnerability type or the required authentication level for a successful attack.
Business Impact
The CVSS score of 8.4 indicates a High-severity vulnerability. Successful exploitation could lead to significant system compromise, potentially resulting in data loss or unauthorized control over affected devices, necessitating urgent remediation.
Remediation Plan
Immediate Action: Apply vendor-supplied security patches to all OpenHarmony v6 environments immediately.
Proactive Monitoring: Review system and application logs for anomalous behavior or unauthorized access patterns.
Compensating Controls: Utilize endpoint security solutions to detect and block malicious processes that may attempt to leverage this vulnerability.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Due to the high CVSS score, this vulnerability should be addressed with urgency. Security teams should monitor vendor communications closely to identify the correct remediation path and ensure all systems are patched to a secure version.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same sessi...
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Six Apart Movable Type contains a code injection vulnerability that allows an authenticated attacker to execute arbitrary Perl scripts on the server.
Six Apart Movable Type contains a code injection vulnerability that allows an authenticated attacker to execute arbitrary Perl scripts on the server.
---METADATA---
VENDOR: Six Apart
PRODUCT: Movable Type
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
Six Apart Movable Type contains a code injection vulnerability that allows an authenticated attacker to execute arbitrary Perl scripts on the server.
Executive Summary:
A critical code injection vulnerability in Movable Type allows attackers to execute arbitrary Perl scripts, resulting in full system compromise.
Vulnerability Details
CVE-ID: CVE-2026-25776
Affected Software: Six Apart Movable Type
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a code injection vulnerability. While the description implies the need for interaction, the nature of the flaw allows for the execution of arbitrary Perl scripts by an attacker who gains access to the application's processing functions.
Business Impact
With a CVSS score of 9.8, this vulnerability is extremely dangerous. Successful exploitation grants the attacker the ability to execute code with the permissions of the web server, potentially allowing them to compromise the entire underlying web hosting environment and sensitive databases.
Remediation Plan
Immediate Action: Update Movable Type to the latest patched version provided by Six Apart.
Proactive Monitoring: Monitor for unusual Perl script execution or unexpected changes to the web directory structure.
Compensating Controls: Use a Web Application Firewall (WAF) with rules designed to detect and block common code injection patterns and malicious Perl syntax.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Apr 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical CVSS rating, immediate patching is required. Organizations should ensure their Movable Type deployments are updated to the latest secure version to prevent unauthorized command execution and potential data breaches.
Update Movable Type Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication...
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.
---METADATA---
VENDOR: SenseLive
PRODUCT: X3050
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: high
MISSING: versions, patch, exploit_status
---END_METADATA---
Description Summary:
A critical authentication bypass in the SenseLive X3050 remote management service allows unauthenticated attackers to retrieve or update firmware without authorization or integrity checks.
Executive Summary:
The SenseLive X3050 remote management service is vulnerable to an unauthenticated firmware manipulation attack, posing a critical risk to system integrity and device control.
Vulnerability Details
CVE-ID: CVE-2026-25775
Affected Software: SenseLive X3050
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The remote management service fails to perform authentication or authorization checks for firmware-related operations. An unauthenticated attacker can remotely trigger firmware updates or retrieve sensitive firmware data from any reachable host.
Business Impact
Successful exploitation allows an attacker to gain full control over the device by uploading malicious firmware or extracting sensitive configuration data. Given the CVSS score of 9.8, this vulnerability poses a severe risk of persistent compromise, potential lateral movement within the network, and complete loss of device availability, necessitating immediate attention.
Remediation Plan
Immediate Action: Update the SenseLive X3050 firmware to the latest version provided by the vendor to address the missing authentication logic.
Proactive Monitoring: Monitor network traffic for unusual firmware update requests or connections to the remote management service from unauthorized IP addresses.
Compensating Controls: Restrict access to the remote management interface via network segmentation or firewall rules to ensure only trusted administrative hosts can communicate with the service.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Apr 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a critical security failure in device management. Organizations utilizing SenseLive X3050 hardware must prioritize the application of vendor-supplied firmware updates to remediate the authentication bypass. Failure to patch these devices leaves them susceptible to full remote takeover.
Update SenseLive X3050 Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8
---METADATA---
VENDOR: Focalboard
PRODUCT: Focalboard
AFFECTED_VERSIONS: Focalboard version 8
---END_METADATA---
Description Summary:
Focalboard version 8 is affected by a high-severity vulnerability; however, the product was designated as unsupported at the time the CVE was assigned.
Executive Summary:
Focalboard version 8 contains a high-risk vulnerability and is no longer supported by the vendor, leaving users exposed to unpatchable security risks.
Vulnerability Details
CVE-ID: CVE-2026-25773
Affected Software: Focalboard
Affected Versions: Focalboard version 8
Vulnerability: The vulnerability affects Focalboard, an open-source project management tool. Because the software was "UNSUPPORTED WHEN ASSIGNED," the specific technical details of the flaw may not be fully documented, but the CVSS score of 8.1 indicates a severe risk of unauthorized access or data manipulation.
Business Impact
The business impact is elevated because the software is End-of-Life (EOL). A successful exploit could lead to the total compromise of project management data, including sensitive timelines and internal communications, with no official patch forthcoming to resolve the issue.
Remediation Plan
Immediate Action: Since the product is unsupported, the primary recommendation is to migrate to a supported project management alternative immediately.
Proactive Monitoring: If migration cannot occur instantly, monitor the server hosting Focalboard for any signs of unauthorized file access or anomalous network traffic.
Compensating Controls: Place the Focalboard instance behind a VPN and restrict access to a very small group of trusted users to minimize the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation. However, vulnerabilities in unsupported software are frequently targeted because attackers know they will not be officially patched.
Analyst Recommendation
The use of unsupported software presents an unacceptable risk to organization security. Immediate decommissioning of Focalboard version 8 and migration to a maintained platform is the only way to ensure long-term protection against this and future vulnerabilities.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Wazuh Manager is vulnerable to privilege escalation where an authenticated node can overwrite the manager's configuration file to achieve Root Remote...
Wazuh Manager is vulnerable to privilege escalation where an authenticated node can overwrite the manager's configuration file to achieve Root Remote Code Execution.
---METADATA---
VENDOR: Wazuh
PRODUCT: Wazuh Manager
AFFECTED_VERSIONS: 3.9.0 through 4.14.2
---END_METADATA---
Description Summary:
Wazuh Manager is vulnerable to privilege escalation where an authenticated node can overwrite the manager's configuration file to achieve Root Remote Code Execution.
Executive Summary:
Wazuh Manager contains a critical privilege escalation vulnerability that allows authenticated cluster nodes to gain full root-level Remote Code Execution on the manager node.
Vulnerability Details
CVE-ID: CVE-2026-25770
Affected Software: Wazuh Manager
Affected Versions: 3.9.0 through 4.14.2
Vulnerability: The wazuh-clusterd service allows authenticated nodes to write arbitrary files. Due to insecure permissions, an attacker can overwrite /var/ossec/etc/ossec.conf to inject a malicious <localfile> command, which is then executed as root by the wazuh-logcollector service.
Business Impact
This vulnerability completely breaks the security model of the Wazuh cluster, allowing a compromised worker node to take full control of the master manager. With a CVSS score of 9.1, the impact includes total loss of confidentiality, integrity, and availability across the entire threat detection platform.
Remediation Plan
Immediate Action: Upgrade Wazuh Manager to version 4.14.3 or later immediately to resolve the insecure file writing and permission issues.
Proactive Monitoring: Inspect the ossec.conf file for unauthorized <localfile> blocks and monitor cluster synchronization logs for unusual file transfer activity.
Compensating Controls: Restrict cluster communication to known, trusted IP addresses and implement strict file integrity monitoring (FIM) on the /var/ossec/etc/ directory.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 17, 2026, there is no public information indicating active exploitation of this vulnerability. The complexity of the exploit chain is low once a node is authenticated, making this a significant internal threat risk.
Analyst Recommendation
Immediate upgrading to version 4.14.3 is mandatory for all Wazuh deployments using cluster mode. This vulnerability allows for lateral movement and full system takeover, which could be used to blind security monitoring or launch further attacks.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The Nanobot WhatsApp bridge component exposes an unauthenticated WebSocket server on all network interfaces, allowing remote attackers to hijack sessi...
The Nanobot WhatsApp bridge component exposes an unauthenticated WebSocket server on all network interfaces, allowing remote attackers to hijack sessions and intercept real-time communications.
---METADATA---
VENDOR: Nanobot
PRODUCT: WhatsApp bridge
AFFECTED_VERSIONS: Default configuration (See vendor advisory)
---END_METADATA---
Description Summary:
The Nanobot WhatsApp bridge component exposes an unauthenticated WebSocket server on all network interfaces, allowing remote attackers to hijack sessions and intercept real-time communications.
Executive Summary:
An unauthenticated remote attacker can hijack active WhatsApp sessions and intercept private messages or media by connecting to an unprotected WebSocket server exposed by Nanobot.
Vulnerability Details
CVE-ID: CVE-2026-2577
Affected Software: Nanobot WhatsApp bridge
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This critical flaw involves the WhatsApp bridge component binding its WebSocket server to all network interfaces (0.0.0.0) on port 3001 without requiring authentication. This allows an unauthenticated remote attacker to gain full control over the session, including the ability to capture authentication QR codes.
Business Impact
A successful exploit results in a total compromise of communication confidentiality and integrity. Attackers can impersonate users, send fraudulent messages, and steal sensitive media in real-time. Given the CVSS score of 10.0, this represents the highest possible risk level, potentially leading to severe reputational damage and legal liability for compromised private data.
Remediation Plan
Immediate Action: Update the affected component to the latest secure version immediately and ensure the WebSocket server is configured to bind only to localhost or requires robust authentication.
Proactive Monitoring: Audit network configurations to identify any unauthorized services listening on port 3001 and review connection logs for unusual IP addresses accessing the bridge.
Compensating Controls: Implement firewall rules to restrict access to port 3001 to known, trusted internal IP addresses only, effectively blocking external unauthenticated access.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Feb 16, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and its "Critical" severity, the potential for exploitation is extremely high once the port is identified via scanning.
Analyst Recommendation
The maximum CVSS score of 10.0 demands immediate attention. Organizations utilizing the Nanobot WhatsApp bridge must prioritize patching and network isolation. Failure to secure this endpoint allows for trivial session hijacking, making the application a high-value target for malicious actors.
Update SAP Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Wazuh deployments in cluster mode are vulnerable to Remote Code Execution via deserialization of untrusted data if a worker node is compromised.
Wazuh deployments in cluster mode are vulnerable to Remote Code Execution via deserialization of untrusted data if a worker node is compromised.
---METADATA---
VENDOR: Wazuh
PRODUCT: Wazuh Manager
AFFECTED_VERSIONS: 4.0.0 through 4.14.2
---END_METADATA---
Description Summary:
Wazuh deployments in cluster mode are vulnerable to Remote Code Execution via deserialization of untrusted data if a worker node is compromised.
Executive Summary:
Wazuh Manager is vulnerable to a critical Remote Code Execution flaw that allows a compromised worker node to gain root access to the master node via insecure data deserialization.
Vulnerability Details
CVE-ID: CVE-2026-25769
Affected Software: Wazuh Manager
Affected Versions: 4.0.0 through 4.14.2
Vulnerability: This vulnerability is caused by the deserialization of untrusted data within the Wazuh cluster communication protocol. An attacker who has gained access to a worker node can send malicious serialized data to the master node to achieve full RCE with root privileges.
Business Impact
A compromise of the master node in a Wazuh cluster results in a total loss of control over the security monitoring infrastructure. With a CVSS score of 9.1, this flaw allows for lateral movement from a single compromised node to the entire security stack, potentially leading to the destruction of logs and detection rules.
Remediation Plan
Immediate Action: Upgrade all Wazuh cluster components (Master and Workers) to version 4.14.3 or later to patch the deserialization flaw.
Proactive Monitoring: Monitor network traffic between cluster nodes for unexpected payloads and audit the master node for unauthorized root-level process execution.
Compensating Controls: Isolate cluster communication to a private network and use mutual TLS (mTLS) to ensure only authorized nodes can communicate with the master.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 17, 2026, there is no public information indicating active exploitation of this vulnerability. Deserialization vulnerabilities are highly dangerous as they often lead to reliable RCE.
Analyst Recommendation
Immediate patching is required for all Wazuh installations utilizing a master/worker architecture. Ensuring that the manager is updated to version 4.14.3 is the only effective way to prevent a compromised worker from taking over the entire security environment.
Update Arch Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
AdonisJS is a TypeScript-first web framework
AdonisJS is a TypeScript-first web framework
---METADATA---
VENDOR: AdonisJS
PRODUCT: AdonisJS Framework
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
AdonisJS framework contains a high-severity vulnerability that may compromise application integrity. Technical details suggest a flaw within the core TypeScript-first web framework architecture.
Executive Summary:
The AdonisJS web framework is affected by a high-severity vulnerability that could allow attackers to compromise web applications built on this platform.
Vulnerability Details
CVE-ID: CVE-2026-25762
Affected Software: AdonisJS Framework
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability involves a high-severity flaw within the AdonisJS framework. While specific technical vectors are not fully detailed in the initial disclosure, the CVSS score indicates a significant risk likely involving unauthenticated or low-privileged interaction with framework internals.
Business Impact
A successful exploit against the AdonisJS framework could lead to unauthorized access, data breaches, or complete application takeover. Given the CVSS score of 7.5, this vulnerability represents a significant risk to the confidentiality and integrity of business-critical web applications. Organizations relying on this framework may face operational downtime and reputational damage if the flaw is leveraged to intercept sensitive user data.
Remediation Plan
Immediate Action: Administrators should apply the latest security patches provided by the AdonisJS development team immediately to mitigate the risk of exploitation.
Proactive Monitoring: Security teams should monitor web application logs for unusual patterns, such as unexpected TypeScript execution errors or anomalous routing requests.
Compensating Controls: Deploying a Web Application Firewall (WAF) with updated signatures for framework-specific attacks can provide a temporary layer of defense until patches are fully deployed.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw in a popular web framework, the potential for exploitation is high once technical details are reverse-engineered.
Analyst Recommendation
The high-severity rating of 7.5 necessitates an immediate response from development and security teams. It is strongly recommended to audit all AdonisJS-based applications and upgrade the framework to the latest secure version to prevent potential unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment...
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
---METADATA---
VENDOR: Authentik
PRODUCT: Authentik
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
Authentik, an open-source identity provider, is affected by a high-severity vulnerability that could compromise authentication processes or user identity data.
Executive Summary:
The Authentik identity provider contains a high-severity vulnerability that poses a significant risk to the security of organizational authentication and identity management.
Vulnerability Details
CVE-ID: CVE-2026-25922
Affected Software: Authentik
Affected Versions: See vendor advisory for affected versions
Vulnerability: While specific technical details are not provided in the summary, the CVSS score of 8.8 indicates a critical flaw in this identity provider. Vulnerabilities in such products typically involve authentication bypass, session hijacking, or unauthorized access to identity metadata.
Business Impact
A compromise of an identity provider like Authentik can lead to a total breakdown of an organization's security perimeter. Attackers could potentially impersonate users, gain unauthorized access to integrated applications (SSO), and exfiltrate sensitive identity data, leading to widespread unauthorized access.
Remediation Plan
Immediate Action: Update the Authentik installation to the latest version immediately to resolve the identified security flaw.
Proactive Monitoring: Review authentication logs for anomalous login patterns, unauthorized administrative changes, or unusual service provider (SP) registrations.
Compensating Controls: Ensure that Multi-Factor Authentication (MFA) is enforced for all accounts to provide an additional layer of security in the event of a primary credential compromise.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 14, 2026, there is no public information indicating active exploitation. Because Authentik is a central security component, any vulnerability with an 8.8 score must be treated as a critical priority.
Analyst Recommendation
Identity management infrastructure is a tier-0 asset. Administrators must prioritize the remediation of this vulnerability above all others to ensure the continued integrity of the organization's authentication and authorization framework.