Vulnerability Notes
- CVE-2026-11967 - Arbitrary code execution in MobaXterm Personal Edition (Portable)
- CVE-2026-11879 - Arbitrary code execution in MobaXterm Personal Edition (Portable)
- CVE-2026-6211 - Arbitrary File Upload in Global IT's WEOLL
- CVE-2026-10557 - Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials
- CVE-2026-7368 - Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization
- CVE-2026-53787 - Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
- CVE-2026-6853 - OTP Bypass in Başbelen Group's Pause+ Mobile App
- CVE-2026-47196 - Quest Bot: Empty automod rule causes every guild message to be deleted
- CVE-2026-11849 - IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials
- CVE-2026-11846 - IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion
- CVE-2026-11535 - PcSuite Bluetooth Information Leakage Vulnerability
- CVE-2026-12059 - Cellopoint|CelloOS - Improper Access Control
- CVE-2026-45169 - Idira Privileged Access Manager (PAM) Self-Hosted Vault: Denial of Service due to Unexpected Input Processing
- CVE-2026-48612 - Okta OAuth Account Linking Vulnerability
- CVE-2026-48611 - Google OAuth Account Hijacking Vulnerability
- CVE-2026-47367 - UID Enterprise Agent Command Injection
- CVE-2026-47365 - WordPress Toolkit Argument Injection
- CVE-2026-11933 - Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
- CVE-2026-42846 - ClipBucket: Remote Play URL Command Injection