2164 items
Unread (2164) All Dismissed
HIGH
CVE-2026-3644 (CVSS 7.5) — The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete....
NVD CVE-2026-3644CVE-2026-0672 82d ago
CRITICAL
CVE-2026-23941 (CVSS 9.4) — Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP ...
NVD CVE-2026-23941 85d ago
CRITICAL
CVE-2026-3611 (CVSS 10) — The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentica...
NVD CVE-2026-3611 86d ago
HIGH
CVE-2026-3497 (CVSS 7.5) — Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerabilit...
NVD CVE-2026-3497 86d ago
CRITICAL
CVE-2025-13462 (CVSS 9.8) — The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even whil...
NVD CVE-2025-13462 86d ago
CRITICAL
CVE-2026-1524 (CVSS 0) — An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can ...
NVD CVE-2026-1524 87d ago
HIGH
CVE-2026-28807 (CVSS 7.5) — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in glea...
NVD CVE-2026-28807 88d ago
HIGH
CVE-2026-28806 (CVSS 8.8) — Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device c...
NVD CVE-2026-28806 88d ago
HIGH
CVE-2026-26134 (CVSS 7.8) — Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileg...
NVD CVE-2026-26134 88d ago
HIGH
CVE-2026-26110 (CVSS 8.4) — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor...
NVD CVE-2026-26110 88d ago
HIGH
CVE-2026-23925 (CVSS 8.1) — An authenticated Zabbix user (User role) with template/host write permissions is able to create obje...
NVD CVE-2026-23925 93d ago
MEDIUM
CVE-2026-28395 (CVSS 6.5) — OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability i...
NVD CVE-2026-28395 93d ago
INFO
On the Effectiveness of Mutational Grammar Fuzzing
rss:googleprojectzero zero-dayresearch 94d ago
CRITICAL
CVE-2026-2743 (CVSS 9.8) — Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interfa...
NVD CVE-2026-2743 94d ago
HIGH
CVE-2026-23231 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-a...
NVD CVE-2026-23231 95d ago
CRITICAL
CVE-2026-24352 (CVSS 9.8) — PluXml CMS allows a user's session identifier to be set before authentication. The value of this ses...
NVD CVE-2026-24352 100d ago
HIGH
CVE-2026-25109 (CVSS 8) — An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an a...
NVD CVE-2026-25109 100d ago
HIGH
CVE-2026-20910 (CVSS 8) — An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut...
NVD CVE-2026-20910 100d ago
INFO
A Deep Dive into the GetProcessHandleFromHwnd API
rss:googleprojectzero zero-dayresearch 101d ago
HIGH
CVE-2026-1773 (CVSS 7.5) — IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format ...
NVD CVE-2026-1773 103d ago
MEDIUM
CVE-2026-3091 (CVSS 6.7) — An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows...
NVD CVE-2026-3091 103d ago
CRITICAL
CVE-2026-26980 (CVSS 9.4) — Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a...
NVD CVE-2026-26980 +2 107d ago
INFO
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
BleepingComputer 14d ago
INFO
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
The Hacker News 13d ago
MEDIUM
CVE-2026-2704 (CVSS 4.3) — A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the fu...
NVD CVE-2026-2704 108d ago
HIGH
CVE-2026-23204 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_hea...
NVD CVE-2026-23204 112d ago
HIGH
CVE-2025-71221 (CVSS 7) — In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race c...
NVD CVE-2025-71221 112d ago
CRITICAL
CVE-2026-23112 (CVSS 9.8) — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in...
NVD CVE-2026-23112 114d ago
HIGH
CVE-2026-23111 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inver...
NVD CVE-2026-23111 114d ago
INFO
Bypassing Administrator Protection by Abusing UI Access
rss:googleprojectzero zero-dayresearch 115d ago
HIGH
CVE-2026-0661 (CVSS 8.4) — A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption ...
NVD CVE-2026-0661 122d ago
HIGH
CVE-2026-0660 (CVSS 8.4) — A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer...
NVD CVE-2026-0660 122d ago
HIGH
CVE-2026-0538 (CVSS 8.4) — A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Wri...
NVD CVE-2026-0538 122d ago
HIGH
CVE-2026-0537 (CVSS 8.4) — A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption ...
NVD CVE-2026-0537 122d ago
HIGH
CVE-2026-22226 (CVSS 7.2) — A command injection vulnerability may be exploited after the admin's authentication in the VPN serve...
NVD CVE-2026-22226 124d ago
HIGH
CVE-2025-8587 (CVSS 8.6) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
NVD CVE-2025-8587 125d ago
HIGH
CVE-2026-23025 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: prevent pcp corr...
NVD CVE-2026-23025 127d ago
INFO
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
rss:googleprojectzero CVE-2024-54529CVE-2025-31235zero-day 128d ago
MEDIUM
CVE-2026-25210 (CVSS 6.9) — In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize...
NVD CVE-2026-25210 128d ago
HIGH
CVE-2025-7714 (CVSS 7.5) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
NVD CVE-2025-7714 129d ago
MEDIUM
CVE-2025-7014 (CVSS 5.7) — Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking...
NVD CVE-2025-7014 129d ago
MEDIUM
CVE-2025-7013 (CVSS 5.7) — Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Men...
NVD CVE-2025-7013 129d ago
HIGH
CVE-2025-7016 (CVSS 8) — Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd...
NVD CVE-2025-7016 129d ago
MEDIUM
CVE-2025-7015 (CVSS 5.7) — Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Me...
NVD CVE-2025-7015 129d ago
INFO
Bypassing Windows Administrator Protection
rss:googleprojectzero zero-dayresearch 132d ago
HIGH
CVE-2026-0535 (CVSS 8.1) — A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can t...
NVD CVE-2026-0535 135d ago
HIGH
CVE-2026-0534 (CVSS 8.1) — A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger ...
NVD CVE-2026-0534 135d ago
HIGH
CVE-2026-0533 (CVSS 8.1) — A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation d...
NVD CVE-2026-0533 135d ago
HIGH
CVE-2025-4764 (CVSS 8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
NVD CVE-2025-4764 136d ago
INFO
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
rss:googleprojectzero zero-dayresearch 143d ago
INFO
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
rss:googleprojectzero zero-dayresearch 143d ago
INFO
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
rss:googleprojectzero zero-dayresearch 143d ago
CRITICAL NVD Fri, 20 Feb 2026 02:16:54 UTC
CVE-2026-26980 (CVSS 9.4) — Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a...
https://nvd.nist.gov/vuln/detail/CVE-2026-26980
TL;DR
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
CVE-2026-26980
Read full story ↗
Related coverage (2)
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
BleepingComputer 14d ago
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
The Hacker News 13d ago