Recent Advisories

Severity ID Title Vendor Product Date Type
NONE PACKETSTORM:224373

πŸ“„ Penpot Server-Side Request Forgery_PACKETSTORM:224373

Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin server-side request forge...

N/A N/A PACKETSTORM
NONE PACKETSTORM:224403

πŸ“„ phpSysInfo 3.4.5 IP Allowlist Bypass_PACKETSTORM:224403

phpSysInfo versions 3.4.5 and below suffer from an IP Allowlist bypass vulnerability...

N/A N/A PACKETSTORM
NONE PACKETSTORM:224409

πŸ“„ Peyara Remote Mouse 1.0.1 Unauthenticated Remote Code Execution_PACKETSTORM:224409

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Peyara Remote Mouse 1.0.1. The application exposes a Sock...

N/A N/A PACKETSTORM
NONE F6F142F3-3C4F-

pocsmith_F6F142F3-3C4F-57A3-A265-A7DF88A31A6B

pocsmith pocsmith generates modular Python proof-of-concept templates from alias flags or YAML profiles. Install From GitHub with pipx: bash pipx i...

N/A N/A GITHUBEXPLOIT
NONE B6A66232-7621-

Sql-injection-scanner_B6A66232-7621-5872-A51D-EDDA3F824073

Sql-injection-scanner Developing a security scanning tool that can quickly, reliably, and automatically detect SQL Injection vulnerabilities in web...

N/A N/A GITHUBEXPLOIT
NONE THN:7A6FC6E72B7...

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign_THN:7A6FC6E72B7906A66B33E84A6B61E75E

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHsYcZgd4WIkN0k-b4_j7JxBgi0R0dzj0jSwSWVgItyIy88VoZK5z8BAiwjmYnou7YLrNuckCgQvnHXV2KYH...

N/A N/A THN
NONE H1:3823932

curl: CURLOPT_HAPROXY_CLIENT_IP lacks input validation, enabling HAProxy PROXY protocol injection_H1:3823932

Summary The CURLOPT_HAPROXY_CLIENT_IP option accepts an arbitrary string without validating that it is a valid IP address, and without stripping...

N/A N/A HACKERONE
NONE H1:3826199

curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0_H1:3826199

## Summary When an application sets `CURLOPT_SSL_VERIFYPEER=0` while keeping `CURLOPT_SSL_VERIFYHOST=2` (the default), the mbedTLS, wolfSSL, and r...

N/A N/A HACKERONE
NONE AKAMAIBLOG:978E...

The Cloud Giants Are Architecting an Agentic Future They Can’t Run_AKAMAIBLOG:978E7ED61CD644037FCD4A69D3E06906

{“lastseen”:”2026-06-26T13:36:50″,”description”:””,”published”:”2026-06-26T12:00:...

N/A N/A AKAMAIBLOG
NONE MALWAREBYTES:78...

Malware steals Chrome session cookies to take over your accounts_MALWAREBYTES:788C013A9E21914EAA8C63074A6CEDAB

An email attachment leads to the installation of a malicious Chrome extension. Researchers say it is part of a Windows backdoor delivered via a phi...

N/A N/A MALWAREBYTES