[webapps] motionEye 0.43.1b4 - RCE
motionEye 0.43.
Vulnerability Disclosure
20 articles
[remote] Windows 10.0.17763.7009 - spoofing vulnerability
Windows 10.0.
[local] glibc 2.38 - Buffer Overflow
glibc 2.
800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin
On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 activ...
New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix
Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution
Malicious Commands in GitHub Codespaces Enable RCE
Flaws in GitHub Codespaces allow RCE via crafted repositories or pull requests
New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation
SolarWinds Web Help Desk Vulnerability Actively Exploited
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog
[remote] Redis 8.0.2 - RCE
Redis 8.0.
[remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
Ingress-NGINX Admission Controller v1.11.
[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
FortiWeb Fabric Connector 7.6.
SQL Injection Flaw Affects 40,000 WordPress Sites
40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says
[webapps] Piranha CMS 12.0 - Stored XSS in Text Block
Piranha CMS 12.
[webapps] RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)
RPi-Jukebox-RFID 2.8.
[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
D-Link DIR-825 Rev.B 2.
Critical and High Severity n8n Sandbox Flaws Allow RCE
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula
Critical Appsmith Flaw Enables Account Takeovers
Critical vulnerability in Appsmith allows account takeover via flawed password reset process