Vulnerabilities

GitHub RCE Vulnerability (CVE-2026-3854)

A recently disclosed vulnerability (CVE-2026-3854) affects GitHub.com and GitHub Enterprise Server and may allow unauthenticated attackers to achieve remote code execution (RCE)on GitHub Infrastructure.Severity levelCVSS Score: 8.8/High.Description:CVE‑2026‑3854 is a sever security vulnerability caused by improper sanitization of user‑supplied git push options within GitHub’s internal Git processing pipeline. During a git push operation, certain user-controlled push […]

ASP.NET Core Privilege Escalation Vulnerability (CVE-2026-40372)

A recently disclosed vulnerability (CVE-2026-40372) affects a Windows-based application and may allow unauthenticated remote attackers to escalate privileges. Severity level  CVSS Score: 9.1/Critical. Description:-  CVE‑2026‑40372 is a critical security vulnerability that arises from improper control of file names or file paths within a Windows-based application. The affected component processes user-supplied file path inputs without adequately […]

Adobe Acrobat security vulnerability (CVE-2026-34621)

A recently disclosed high‑severity vulnerability in Adobe Acrobat and Acrobat Reader (CVE‑2026‑34621) allows attackers to execute arbitrary code on affected systems by tricking users into opening a specially crafted PDF file. Severity level  CVSS Score: 8.6/High. Description:-  Adobe Acrobat and Acrobat Reader contain an improperly controlled modification of object prototype attributes (Prototype Pollution) vulnerability. The […]

Ninja Forms WordPress Plugin Vulnerability (CVE-2026-0740)

A recently disclosed critical vulnerability in the Ninja Forms – File Uploads plugin for WordPress (CVE‑2026‑0740) allows unauthenticated remote attackers to upload arbitrary files, potentially leading to remote code execution and full site compromise. Severity level:- CVSS Score: 9.8/Critical. Description:-  The Ninja Forms – File Uploads plugin for WordPress fails to properly validate uploaded file […]

Zoom Workplace for Windows Vulnerability (CVE-2026-30903)

A recently disclosed vulnerability in Zoom Workplace for Windows ( CVE‑2026‑30903) allows unauthenticated remote attackers to escalate privileges by exploiting improper control of file names or paths. Severity level:- CVSS Score: 9.6/Critical Description:-  Zoom Workplace for Windows includes a Mail feature that processes user-supplied file references. In vulnerable versions, this component fails to properly validate […]

Apple Memory Corruption Vulnerability (CVE‑2026‑20700)

A newly disclosed Apple zero‑day vulnerability (CVE‑2026‑20700) allows attackers with memory‑write capabilities to execute arbitrary code on affected devices. Severity level:- CVSS Score: 7.8/high Description:-  CVE‑2026‑20700 is a memory corruption vulnerability affecting Apple’s dyld (Dynamic Link Editor) component. Dyld is responsible for loading dynamic libraries and linking application code within Apple operating systems. Improper state […]

Ingress‑NGINX Configuration Injection Vulnerability (CVE-2026-24512)

A recently discovered vulnerability in the Kubernetes ingress-nginx controller (CVE‑2026‑24512) allows attackers to execute arbitrary code by exploiting improper sanitization of user‑supplied ingress path data. Severity level:- CVSS Score: 8.8/high Description:-  Ingress‑NGINX is a widely used open‑source Kubernetes ingress controller responsible for managing inbound traffic to cluster services. A vulnerability exists in ingress‑nginx where the […]

Notepad ++ Vulnerability (CVE-2025-15556)

A recently discovered Notepad++ vulnerability (CVE‑2025‑15556) allows attackers to execute arbitrary code by exploiting insecure update integrity verification. Severity level  CVSS Score: 7.7/high Description:-  Notepad++ is a free and open-source source code editor. A vulnerability exists in Notepad++ versions prior to 8.8.9 involving the WinGUp updater, which fails to cryptographically verify downloaded update metadata and […]

GNU InetUtils telnetd authentication bypass (CVE-2026-24061)

A critical remote authentication bypass vulnerability (CVE-2026-24061) has been disclosed in the GNU InetUtils telnetd server, affecting versions 1.9.3 through 2.7. Severity level  CVSS Score: 9.8/Critical. Description:- CVE-2026-24061 is an argument injection / authentication-bypass vulnerability in the telnetd component of GNU InetUtils. During Telnet NEW-ENVIRON negotiation, telnetd passes the attacker-controlled USER environment variable directly to […]

CVE-2025-14847 - MongoBleed - Vulnerability Affecting MongoDB

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client.  Severity level  CVSS Score: 8.7/High Description:- CVE-2025-14847, known as MongoBleed, is a heap-memory disclosure vulnerability in MongoDB Server. It arises in the server’s zlib compression handling logic, specifically in how it parses compressed network messages. By […]