Login[webapps] FortiWeb 8.0.2 - Remote Code Execution
8 April 2026 at 00:00
FortiWeb 8.0.2 - Remote Code Execution
Normal view
Received β 9 April 2026
β
Vulnerabilities
[local] 7-Zip 24.00 - Directory Traversal
8 April 2026 at 00:00
7-Zip 24.00 - Directory Traversal
[webapps] xibocms 3.3.4 - RCE
8 April 2026 at 00:00
xibocms 3.3.4 - RCE
[local] SQLite 3.50.1 - Heap Overflow
8 April 2026 at 00:00
SQLite 3.50.1 - Heap Overflow
[local] Microsoft MMC MSC EvilTwin - Local Admin Creation
8 April 2026 at 00:00
Microsoft MMC MSC EvilTwin - Local Admin Creation
[webapps] Horilla v1.3 - RCE
8 April 2026 at 00:00
Horilla v1.3 - RCE
Received β 7 April 2026
β
Vulnerabilities
[local] is-localhost-ip 2.0.0 - SSRF
6 April 2026 at 00:00
is-localhost-ip 2.0.0 - SSRF
[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
6 April 2026 at 00:00
Fortinet FortiWeb v8.0.1 - Auth Bypass
[local] Windows Kernel - Elevation of Privilege
6 April 2026 at 00:00
Windows Kernel - Elevation of Privilege
[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
6 April 2026 at 00:00
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
[webapps] ASP.net 8.0.10 - Bypass
6 April 2026 at 00:00
ASP.net 8.0.10 - Bypass
[webapps] Grafana 11.6.0 - SSRF
6 April 2026 at 00:00
Grafana 11.6.0 - SSRF
[webapps] Zhiyuan OA - arbitrary file upload leading
6 April 2026 at 00:00
Zhiyuan OA - arbitrary file upload leading
[webapps] WBCE CMS 1.6.4 - Remote Code Execution
6 April 2026 at 00:00
WBCE CMS 1.6.4 - Remote Code Execution
[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
6 April 2026 at 00:00
RiteCMS 3.1.0 - Authenticated Remote Code Execution
[webapps] WordPress Madara - Local File Inclusion
6 April 2026 at 00:00
WordPress Madara - Local File Inclusion
Received β 3 April 2026
β
Vulnerabilities
SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI
3 April 2026 at 03:55
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02
SEC Consult Vulnerability Lab Security Advisory < 20260401-0 >=======================================================================
title: Broken Access Control
Β Β Β Β Β Β product: Open WebUI
Β vulnerable version: <v0.8.11
Β Β Β fixed version: v0.8.11
CVE number: CVE-2026-34222
Β Β Β Β Β Β Β impact: high
homepage:https://openwebui.com
Β Β Β Β Β Β Β found: 2026-02-06...
-
Full Disclosure
- SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library
SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library
3 April 2026 at 03:55
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02
SEC Consult Vulnerability Lab Security Advisory < 20260326-0 >=======================================================================
title: Local Privilege Escalation
product: Vienna Assistant (MacOS) - Vienna Symphonic Library
Β vulnerable version: 1.2.542
fixed version: -
CVE number: CVE-2026-24068
Β Β Β Β Β Β Β impact: high
homepage:https://www.vsl.co.at/
Β Β Β Β Β ...
Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility
3 April 2026 at 03:54
Posted by Joseph Goydish II via Fulldisclosure on Apr 02
SUMMARYApple's Oblivious HTTP relay for Live Caller ID Lookup (iOS 18+) routes
traffic through 14 third-party endpoints across six countries. These include
an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint
(Yandex), and a Swiss GmbH whose privacy policy names "The Legal Entity to
be Confirmed" as its data controller. None of this is disclosed to users.
This is shared infrastructure. All devices using Live...
-
- [KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability
[KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability
3 April 2026 at 03:53
Posted by Egidio Romano on Apr 02
---------------------------------------------------------------------------MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability
---------------------------------------------------------------------------
[-] Software Link:
https://www.metinfo.cn
[-] Affected Versions:
Versions 7.9, 8.0, and 8.1.
[-] Vulnerability Description:
The vulnerable code is located into the...
