229
Total CVEs
0
KEV Entries
14
Critical
48
High
43
Medium
27
Articles
CVE Feed
229 CVEs
CVE-2026-23600
CRITICAL
10.0
A remote authentication bypass vulnerability
exists in HPE AutoPass License Server (APLS).
CVE-2026-2628
CRITICAL
9.8
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthe...
CVE-2025-50187
CRITICAL
9.8
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in versi...
CVE-2026-3431
CRITICAL
9.8
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endp...
CVE-2025-30044
CRITICAL
9.4
In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogs...
CVE-2025-12462
CRITICAL
9.3
A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection.
This issue was fixe...
CVE-2025-14532
CRITICAL
9.3
DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution.
This issue was...
CVE-2026-2584
CRITICAL
9.3
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially...
CVE-2026-2999
CRITICAL
9.3
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from ...
CVE-2026-3000
CRITICAL
9.3
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remot...
CVE-2026-3422
CRITICAL
9.3
U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted ...
CVE-2026-3432
CRITICAL
9.3
On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` par...
CVE-2025-30035
CRITICAL
9.0
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any othe...
CVE-2025-30042
CRITICAL
9.0
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verificat...
CVE-2026-1566
HIGH
8.8
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is d...
CVE-2026-2448
HIGH
8.8
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for au...
CVE-2025-10350
HIGH
8.8
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM...
CVE-2025-50190
HIGH
8.8
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patch...
CVE-2025-50192
HIGH
8.8
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11....
CVE-2025-50198
HIGH
8.8
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST cou...
CVE-2025-52468
HIGH
8.8
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization o...
CVE-2026-21853
HIGH
8.8
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedd...
CVE-2026-3132
HIGH
8.8
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is du...
CVE-2024-47886
HIGH
8.7
Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing mult...
CVE-2026-3336
HIGH
8.7
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the fina...
CVE-2026-3338
HIGH
8.7
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Customers of A...
CVE-2026-0654
HIGH
8.5
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbi...
CVE-2026-28286
HIGH
8.5
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from cr...
CVE-2026-21882
HIGH
8.4
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via comm...
CVE-2025-52482
HIGH
8.3
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious ...
CVE-2026-0754
HIGH
8.2
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if ...
CVE-2026-3337
HIGH
8.2
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis.
The impacted implementations ...
CVE-2025-47373
HIGH
7.8
Memory Corruption when accessing buffers with invalid length during TA invocation.
CVE-2025-47375
HIGH
7.8
Memory corruption while handling different IOCTL calls from the user-space simultaneously.
CVE-2025-47376
HIGH
7.8
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
CVE-2025-47377
HIGH
7.8
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
CVE-2025-47379
HIGH
7.8
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
CVE-2025-47381
HIGH
7.8
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
CVE-2025-47385
HIGH
7.8
Memory Corruption when accessing trusted execution environment without proper privilege check.
CVE-2025-47386
HIGH
7.8
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
CVE-2025-59600
HIGH
7.8
Memory Corruption when adding user-supplied data without checking available buffer space.
CVE-2025-59603
HIGH
7.8
Memory Corruption when processing invalid user address with nonstandard buffer address.
CVE-2026-21385
HIGH
7.8
Memory corruption while using alignments for memory allocation.
CVE-2025-50199
HIGH
7.7
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.
CVE-2026-28403
HIGH
7.6
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP...
CVE-2026-3180
HIGH
7.5
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in all...
CVE-2026-3400
HIGH
7.4
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wp...
CVE-2026-2269
HIGH
7.2
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3...
CVE-2025-47383
HIGH
7.2
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
CVE-2025-50189
HIGH
7.2
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] an...
CVE-2025-47378
HIGH
7.1
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
CVE-2025-50193
HIGH
7.1
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This is...
CVE-2025-50194
HIGH
7.1
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.3...
CVE-2025-50195
HIGH
7.1
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in versio...
CVE-2025-50196
HIGH
7.1
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This ...
CVE-2025-50197
HIGH
7.1
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This iss...
CVE-2025-52469
HIGH
7.1
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add ...
CVE-2025-58402
HIGH
7.1
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages ...
CVE-2025-64427
HIGH
7.1
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticate...
CVE-2025-50188
HIGH
7.0
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts...
CVE-2025-50191
HIGH
7.0
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched i...
CVE-2025-52998
HIGH
7.0
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classe...
CVE-2025-30062
MEDIUM
6.9
In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.
CVE-2025-52564
MEDIUM
6.9
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as under...
CVE-2026-0655
MEDIUM
6.9
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or c...
CVE-2026-25477
MEDIUM
6.9
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the...
CVE-2026-3406
MEDIUM
6.9
A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manip...
CVE-2026-3409
MEDIUM
6.9
A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component ...
CVE-2026-3410
MEDIUM
6.9
A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation o...
CVE-2026-3411
MEDIUM
6.9
A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /admin_single_student_update.php. The mani...
CVE-2026-3413
MEDIUM
6.9
A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php. This manipulation of the argument ID causes sql i...
CVE-2026-1487
MEDIUM
6.5
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insuffici...
CVE-2025-47371
MEDIUM
6.5
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
CVE-2025-47384
MEDIUM
6.5
Transient DOS when MAC configures config id greater than supported maximum value.
CVE-2026-28412
MEDIUM
6.5
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to...
CVE-2026-2583
MEDIUM
6.4
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization ...
CVE-2026-28399
MEDIUM
6.2
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This iss...
CVE-2025-65465
MEDIUM
6.1
A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted...
CVE-2026-0689
MEDIUM
6.0
In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTT...
CVE-2025-47147
MEDIUM
5.7
Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the s...
CVE-2026-20801
MEDIUM
5.6
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access t...
CVE-2026-1336
MEDIUM
5.3
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and get...
CVE-2024-50337
MEDIUM
5.3
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This i...
CVE-2025-15597
MEDIUM
5.3
A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads ...
CVE-2025-58405
MEDIUM
5.3
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an ...
CVE-2025-58406
MEDIUM
5.3
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, an...
CVE-2026-23865
MEDIUM
5.3
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tab...
CVE-2026-28357
MEDIUM
5.3
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI::() patterns are rend...
CVE-2026-28359
MEDIUM
5.3
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap edito...
CVE-2026-28397
MEDIUM
5.3
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3...
CVE-2026-28398
MEDIUM
5.3
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stor...
CVE-2026-28401
MEDIUM
5.3
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in ...
CVE-2026-3408
MEDIUM
5.3
A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to...
CVE-2026-3412
MEDIUM
5.3
A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site ...
CVE-2025-52475
MEDIUM
5.1
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is ...
CVE-2025-52476
MEDIUM
5.1
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/u...
CVE-2025-52563
MEDIUM
5.1
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/a...
CVE-2026-28361
MEDIUM
4.9
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate...
CVE-2026-28396
MEDIUM
4.9
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refre...
CVE-2025-50186
MEDIUM
4.8
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a ...
CVE-2025-52470
MEDIUM
4.8
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by impro...
CVE-2026-3402
MEDIUM
4.8
A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argu...
CVE-2026-3403
MEDIUM
4.8
A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Sub...
CVE-2026-3407
MEDIUM
4.8
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes he...
CVE-2026-1628
MEDIUM
4.6
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functional...
CVE-2026-25884
LOW
2.7
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability ...
CVE-2026-27596
LOW
2.7
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulne...
CVE-2026-27631
LOW
2.7
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulne...
CVE-2026-28358
LOW
2.7
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enu...
CVE-2026-28360
LOW
2.7
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issu...
CVE-2026-20757
LOW
2.5
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server.
This issue affects Command C...
CVE-2026-3401
LOW
2.3
A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the...
CVE-2026-3404
LOW
2.3
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation...
CVE-2026-3405
LOW
2.3
A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possib...
CVE-2024-31328
UNKNOWN
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. T...
CVE-2024-43766
UNKNOWN
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no addit...
CVE-2025-32313
UNKNOWN
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges n...
CVE-2025-48567
UNKNOWN
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation...
CVE-2025-48568
UNKNOWN
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2025-48574
UNKNOWN
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privileg...
CVE-2025-48577
UNKNOWN
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privile...
CVE-2025-48578
UNKNOWN
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege...
CVE-2025-48579
UNKNOWN
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional ...
CVE-2025-48582
UNKNOWN
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additi...
CVE-2025-48585
UNKNOWN
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi...
CVE-2025-48587
UNKNOWN
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi...
CVE-2025-48602
UNKNOWN
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privil...
CVE-2025-48605
UNKNOWN
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional executio...
CVE-2025-48609
UNKNOWN
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to lo...
CVE-2025-48613
UNKNOWN
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege w...
CVE-2025-48619
UNKNOWN
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privi...
CVE-2025-48630
UNKNOWN
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no addi...
CVE-2025-48634
UNKNOWN
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution priv...
CVE-2025-48635
UNKNOWN
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additi...
CVE-2025-48636
UNKNOWN
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no addit...
CVE-2025-48641
UNKNOWN
In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...
CVE-2025-48642
UNKNOWN
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges n...
CVE-2025-48644
UNKNOWN
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. Use...
CVE-2025-48645
UNKNOWN
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privi...
CVE-2025-48646
UNKNOWN
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed...
CVE-2025-48650
UNKNOWN
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio...
CVE-2025-48653
UNKNOWN
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional exe...
CVE-2025-48654
UNKNOWN
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution pr...
CVE-2025-58107
UNKNOWN
In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-m...
CVE-2025-66880
UNKNOWN
Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) mod...
CVE-2025-70252
UNKNOWN
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is wor...
CVE-2026-0005
UNKNOWN
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permi...
CVE-2026-0006
UNKNOWN
In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User int...
CVE-2026-0007
UNKNOWN
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no add...
CVE-2026-0008
UNKNOWN
In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
CVE-2026-0010
UNKNOWN
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2026-0011
UNKNOWN
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no a...
CVE-2026-0012
UNKNOWN
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional ex...
CVE-2026-0013
UNKNOWN
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional ex...
CVE-2026-0014
UNKNOWN
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi...
CVE-2026-0015
UNKNOWN
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution ...
CVE-2026-0017
UNKNOWN
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional executi...
CVE-2026-0020
UNKNOWN
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of priv...
CVE-2026-0021
UNKNOWN
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additio...
CVE-2026-0023
UNKNOWN
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege...
CVE-2026-0024
UNKNOWN
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information dis...
CVE-2026-0025
UNKNOWN
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution ...
CVE-2026-0026
UNKNOWN
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege ...
CVE-2026-0027
UNKNOWN
In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User int...
CVE-2026-0028
UNKNOWN
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privilege...
CVE-2026-0029
UNKNOWN
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. Us...
CVE-2026-0030
UNKNOWN
In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional executi...
CVE-2026-0031
UNKNOWN
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges nee...
CVE-2026-0032
UNKNOWN
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg...
CVE-2026-0034
UNKNOWN
In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no addit...
CVE-2026-0035
UNKNOWN
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of priv...
CVE-2026-0037
UNKNOWN
In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed....
CVE-2026-0038
UNKNOWN
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional executio...
CVE-2026-0047
UNKNOWN
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege...
CVE-2026-0995
UNKNOWN
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.
CVE-2026-20416
UNKNOWN
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User in...
CVE-2026-20423
UNKNOWN
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is n...
CVE-2026-20424
UNKNOWN
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User i...
CVE-2026-20425
UNKNOWN
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User...
CVE-2026-20426
UNKNOWN
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User...
CVE-2026-20427
UNKNOWN
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. ...
CVE-2026-20428
UNKNOWN
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User...
CVE-2026-20429
UNKNOWN
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User i...
CVE-2026-20430
UNKNOWN
In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges n...
CVE-2026-20434
UNKNOWN
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the atta...
CVE-2026-20435
UNKNOWN
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no add...
CVE-2026-20436
UNKNOWN
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System pri...
CVE-2026-20437
UNKNOWN
In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not neede...
CVE-2026-20438
UNKNOWN
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti...
CVE-2026-20439
UNKNOWN
In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne...
CVE-2026-20440
UNKNOWN
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User int...
CVE-2026-20441
UNKNOWN
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User int...
CVE-2026-20442
UNKNOWN
In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not n...
CVE-2026-20443
UNKNOWN
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti...
CVE-2026-20444
UNKNOWN
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User i...
CVE-2026-20445
UNKNOWN
In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne...
CVE-2026-2256
UNKNOWN
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived inp...
CVE-2026-24101
UNKNOWN
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 ...
CVE-2026-24105
UNKNOWN
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into do...
CVE-2026-24107
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabil...
CVE-2026-24108
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and conc...
CVE-2026-24109
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable...
CVE-2026-24110
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule,...
CVE-2026-24111
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and pr...
CVE-2026-24112
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function...
CVE-2026-24113
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and conc...
CVE-2026-24114
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
CVE-2026-24115
UNKNOWN
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
CVE-2026-26694
UNKNOWN
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
CVE-2026-26695
UNKNOWN
code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
CVE-2026-26696
UNKNOWN
code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
CVE-2026-26697
UNKNOWN
code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.
CVE-2026-26698
UNKNOWN
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php.
CVE-2026-26699
UNKNOWN
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.
CVE-2026-26700
UNKNOWN
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.
CVE-2026-26701
UNKNOWN
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.
CVE-2026-26702
UNKNOWN
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.
CVE-2026-26703
UNKNOWN
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.
CVE-2026-26704
UNKNOWN
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php.
CVE-2026-26705
UNKNOWN
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php.
CVE-2026-26706
UNKNOWN
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php.
CVE-2026-26707
UNKNOWN
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php.
CVE-2026-26708
UNKNOWN
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php.
CVE-2026-26709
UNKNOWN
code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php.
CVE-2026-26710
UNKNOWN
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.
CVE-2026-26711
UNKNOWN
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.
CVE-2026-26712
UNKNOWN
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php.
CVE-2026-26713
UNKNOWN
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.
CVE-2026-26720
UNKNOWN
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
Latest Headlines
27 articles
RSS Feed Sources
The Register
Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery
2026-03-03 00:33
BleepingComputer
CyberStrikeAI tool adopted by hackers for AI-powered attacks
2026-03-03 00:06
Dark Reading
Critical OpenClaw Vulnerability Exposes AI Agent Risks
2026-03-02 22:34
The Record
Cyber Command disrupted Iranian comms, sensors, top general says
2026-03-02 21:07
The Register
Iran's cyberwar has begun
2026-03-02 20:52
Dark Reading
30 Alleged Members of 'The Com' Arrested in Project Compass
2026-03-02 20:32
BleepingComputer
Fake Google Security site uses PWA app to steal credentials, MFA codes
2026-03-02 20:23
The Record
University of Hawaiʻi Cancer Center confirms data leak following ransomware attack
2026-03-02 19:13
BleepingComputer
Alabama man pleads guilty to hacking, extorting hundreds of women
2026-03-02 18:54
The Register
UK Businesses told to brace cyber defenses amid Iran conflict risk
2026-03-02 18:44
BleepingComputer
Florida woman imprisoned for massive Microsoft license fraud scheme
2026-03-02 17:30
The Hacker News
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
2026-03-02 17:08
The Hacker News
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
2026-03-02 16:52
The Record
Alleged India-linked espionage campaign targeted Pakistan, Bangladesh, Sri Lanka
2026-03-02 16:26
BleepingComputer
UK warns of Iranian cyberattack risks amid Middle-East conflict
2026-03-02 15:54
BleepingComputer
How Deepfakes and Injection Attacks Are Breaking Identity Verification
2026-03-02 15:01
The Record
German court convicts alleged mastermind behind global investment scam network
2026-03-02 14:00
The Register
Memory scalpers hunt scarce DRAM with bot blitz
2026-03-02 14:00
The Record
British organizations urged to be alert to threat of Iranian cyberattacks
2026-03-02 13:52
The Register
Scammers try to SIM-swap Dubai citizens hours after Iranian missile strikes
2026-03-02 13:42
The Hacker News
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
2026-03-02 13:26
BleepingComputer
Anthropic confirms Claude is down in a worldwide outage
2026-03-02 12:23
The Hacker News
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
2026-03-02 11:55
The Record
Cyberattack briefly disrupts Russian internet regulator and defense ministry websites
2026-03-02 10:47
The Hacker News
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
2026-03-02 10:36
Dark Reading
Bug in Google's Gemini AI Panel Opens Door to Hijacking
2026-03-02 10:27
The Hacker News
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
2026-03-02 08:44