8.8
CVE-2019-25320 - elearning-script 1.0 - Authentication Bypass
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain unauthoriโฆ
8.4
CVE-2019-25319 - Domain Quester Pro 6.02 - Stack Overflow (SEH)
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violationโฆ
8.4
CVE-2019-25318 - AVS Audio Converter 9.1.2.600 - Stack Overflow
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button isโฆ
9.3
CVE-2026-26068 - emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection)
emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata (Transport, Hostname) is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code โฆ
8.5
CVE-2026-26224 - Intego Log Reporter TOCTOU Local Privilege Escalation
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure direโฆ
8.5
CVE-2026-26225 - Intego Personal Backup Task File Privilege Escalation
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileโฆ
5.3
CVE-2026-26185 - Directus Affected by User Enumeration via Password Reset Timing Attack
Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the response time differs by approximately 500ms between existiโฆ
6.9
CVE-2026-26076 - ntpd-rs affected by excessive CPU load from malformed packets
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more eโฆ
6.9
CVE-2026-26075 - Cross-Site Request Forgery (CSRF) in FastGPT
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, โฆ
5.4
CVE-2025-14282 - Dropbear: privilege escalation via unix domain socket forwardings
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files.โฆ