Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.4 CVE-2026-10646

Use-after-return in `zsock_getaddrinfo()` when a timed-out DNS query is retried without cancellation_CVE-2026-10646

Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct...

zephyrproject zephyr 4.0.0 CVE
HIGH 8.8 95D6A730-EFAD-

Exploit for CVE-2026-43503_95D6A730-EFAD-5C8A-A651-39A9ED5B00CB

DirtyClone DirtyClone is a C-based local privilege escalation LPE proof-of-concept targeting a kernel/XFRM-related vulnerability described in the s...

N/A N/A GITHUBEXPLOIT
HIGH 8.8 1C0E4383-9787-

Exploit for CVE-2025-56399_1C0E4383-9787-58E2-A56F-70D9888E6255

Laravel FileManager Unrestricted File Upload CVE-2025-56399 CWE-434: Unrestricted Upload of File with Dangerous Type CVSS Score: 8.5 High --- 📋 De...

N/A N/A GITHUBEXPLOIT
HIGH 7.6 CVE-2026-58056

RustDesk – FileTransfer Session Authorization Scope Bypass_CVE-2026-58056

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer sessi...

RustDesk RustDesk CVE
HIGH 7.2 CVE-2026-58054

MyBB – Privilege Escalation from Limited ACP User Management to Administrator_CVE-2026-58054

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers ...

MyBB MyBB CVE
HIGH 7 CVE-2026-58050

libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation_CVE-2026-58050

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_at...

libssh2 libssh2 CVE
HIGH 8.6 CVE-2026-58049

FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()_CVE-2026-58049

FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary...

FFmpeg FFmpeg CVE
HIGH 7.2 52E3EC4D-B3B2-

Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager_52E3EC4D-B3B2-5A5A-B602-597C9814297E

OpenSTAManager RCE Exploit CVE-2026-38751 Arbitrary File Upload leading to Remote Code Execution Full-featured proof-of-concept for CVE-2026-38751,...

N/A N/A GITHUBEXPLOIT
HIGH 8.7 CVE-2026-10643

Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)_CVE-2026-10643

Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_co...

zephyrproject zephyr 3.6.0 CVE
HIGH 8.1 CVE-2026-8095

Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion_CVE-2026-8095

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. ...

nmedia Frontend File Manager Plugin CVE