CVE Vulnerabilities - 13 May 2026

ERPNext users with certain roles may be able to access and modify data they shouldn't. This could lead to incorrect or unauthorized changes to your business data. Update to ERPNext version 16.9.1 or l...

JupyterLab, a popular interactive computing environment, had a security issue that allowed malicious buttons to execute code on a user's computer without their knowledge. This has been fixed in versio...

Traefik's REST provider can be exposed by a low-privileged user in a shared deployment, allowing them to reconfigure routers and services. This is possible because Traefik accepts any backend referenc...

The Web::Passwd Perl module has a security flaw that allows hackers to execute unauthorized commands on a server. This can lead to unauthorized access to sensitive data or the takeover of the server. ...

Netty, a network framework, has a security issue that can allow attackers to manipulate HTTP requests in a way that can cause issues for downstream servers. This can happen when a request contains con...

A weak key in Ecommerce Systempay 1.0 makes it easy for hackers to guess a secret key used to verify payments. This allows them to fake payment signatures and change transaction amounts. You should up...

An outdated Goobi viewer API endpoint allowed unauthorized access to its entire Solr index. This meant an attacker could read, modify, or delete sensitive data, including protected documents. To fix t...

ELECOM wireless LAN access points are vulnerable to an attack that can execute any system command without a password. This means an attacker could potentially take control of the device or disrupt its...

Some ELECOM wireless LAN access points do not require a password to access certain settings. This means that anyone with access to the device can make changes without needing a password. You should up...

A security issue in the pgx/v5 package for Root:Go has been fixed by Root. This affects how the database connects to your application. Update to a fixed version to prevent potential security risks.

The GUARDIANWALL MailSuite and Mail Security Cloud SaaS may allow a remote attacker to execute malicious code on the system if they send a specially crafted request to the product's web service. This ...

The Apache HTTP Server is affected by a vulnerability that allows attackers to execute arbitrary code on a server without needing a password. This could allow unauthorized access to sensitive data or ...

Any authenticated Obot user can connect to and use MCP servers they shouldn't have access to, potentially allowing them to make changes or view sensitive data. This is a critical issue that requires i...

NGINX software has a weakness that can be exploited by sending specially crafted HTTP requests. This could cause the software to crash or, in some cases, allow an attacker to take control of the syste...

A vulnerability in Debian Linux allows unauthorized access to sensitive system files. This could be exploited by an attacker to gain elevated privileges, potentially leading to data breaches or system...

The Garmin WDU's web interface on some versions can be hacked remotely by tricking the user into visiting a malicious website. This allows the hacker to take full control of the device. To stay safe, ...

If you're using an OPNsense firewall version prior to 26.1.8, an attacker could potentially execute malicious code on your system. This is a serious issue because it could give an attacker complete co...

OPNsense users with certain privileges can run system commands with root access, which could allow an attacker to gain control of the system. This is a serious issue because it allows an attacker to m...

A security issue in older versions of OPNsense's firewall and routing platform allows attackers to run malicious code on the system. This is a serious risk because it could be used to take control of ...

An unpatched security issue in CubeCart's email templates, invoices, documents, and contact forms allows any administrator to run commands on the server, potentially leading to data loss or system com...

CubeCart's file upload feature allows authorized users to upload malicious files that can be executed by the web server, potentially leading to unauthorized access and control of the website. To prote...

A security issue exists in older versions of CubeCart's email and document features. An attacker with admin access could potentially read sensitive files or create malicious code, which could lead to ...

A bug in the Netty framework could cause incorrect data to be read from a response. This happens when a server sends multiple responses in a specific order. Affected versions of Netty are fixed in 4.2...

Netty's DNS handler in older versions does not properly check domain names, which can allow attackers to send malicious data. This could lead to security issues if an attacker is able to control the d...

A highly privileged attacker with a Manager role in iControl REST can create configuration objects to run arbitrary commands. This could lead to unauthorized access to sensitive data or system comprom...