Aggregator

CVE-2026-33371 | Zimbra Collaboration Suite 10.0/10.1 Exchange Web Service xml external entity reference (EUVD-2026-13696)

VulDB Recent Entries
1 month ago
A vulnerability labeled as problematic has been found in Zimbra Collaboration Suite 10.0/10.1. Impacted is an unknown function of the component Exchange Web Service. Such manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2026-33371. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2026-4516 | Foundation Agents MetaGPT up to 0.8.1 DataInterpreter write_analysis_code.py injection

VulDB Recent Entries
1 month ago
A vulnerability categorized as critical has been discovered in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. This vulnerability is known as CVE-2026-4516. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-4515 | Foundation Agents MetaGPT up to 0.8.1 operator.py code_generate code injection

VulDB Recent Entries
1 month ago
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. It has been rated as critical. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. This vulnerability is traded as CVE-2026-4515. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

New VoidStealer Variant Bypasses Chrome ABE Without Injection or Privilege Escalation

Cyber Security News
1 month ago

A newly identified variant of the VoidStealer infostealer has drawn serious attention from the security community after it became the first malware known to bypass Google Chrome’s Application-Bound Encryption (ABE) without requiring code injection or elevated system privileges. The variant, introduced in VoidStealer version 2.0 on March 13, 2026, uses a debugger-based technique to silently […]

The post New VoidStealer Variant Bypasses Chrome ABE Without Injection or Privilege Escalation appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-4514 | PbootCMS up to 3.2.12 Backend UserController.php Field access control

VulDB Recent Entries
1 month ago
A vulnerability was found in PbootCMS up to 3.2.12. It has been declared as critical. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. This vulnerability appears as CVE-2026-4514. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2026-4513 | vanna-ai vanna up to 2.0.2 base.py ask sql injection

VulDB Recent Entries
1 month ago
A vulnerability was found in vanna-ai vanna up to 2.0.2. It has been classified as critical. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-4513. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-4511 | vanna-ai vanna up to 2.0.2 /src/vanna/legacy exec injection

VulDB Recent Entries
1 month ago
A vulnerability was found in vanna-ai vanna up to 2.0.2 and classified as critical. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. This vulnerability is documented as CVE-2026-4511. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-4510 | PbootCMS up to 3.2.12 Parameter MemberController.php alert_location backurl cross site scripting

VulDB Recent Entries
1 month ago
A vulnerability has been found in PbootCMS up to 3.2.12 and classified as problematic. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. This vulnerability is registered as CVE-2026-4510. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2026-4509 | PbootCMS up to 3.2.12 File Upload core/function/file.php black incomplete blacklist

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as critical, was found in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. This vulnerability is cataloged as CVE-2026-4509. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-4508 | PbootCMS up to 3.2.12 Member Login MemberController.php checkUsername sql injection

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as critical, has been found in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. This vulnerability is listed as CVE-2026-4508. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

Managed ad