{"count":50,"items":[{"entity_id":"ENT-2026-013594","severity":"LOW","category":"code","title":"CVE-2026-14685: A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the compon","summary":"A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.","date":"2026-07-05T00:17:35.610000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013594"},{"entity_id":"ENT-2026-013592","severity":"LOW","category":"code","title":"CVE-2026-14684: A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java.","summary":"A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.","date":"2026-07-05T00:17:35.457000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013592"},{"entity_id":"ENT-2026-013590","severity":"LOW","category":"code","title":"CVE-2026-14683: A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHist","summary":"A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.","date":"2026-07-04T23:16:55.590000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013590"},{"entity_id":"ENT-2026-013588","severity":"HIGH","category":"code","title":"CVE-2026-14660: A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results i","summary":"A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.","date":"2026-07-04T23:16:55.437000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013588"},{"entity_id":"ENT-2026-013586","severity":"MEDIUM","category":"code","title":"CVE-2026-14659: A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to","summary":"A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.","date":"2026-07-04T23:16:55.280000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013586"},{"entity_id":"ENT-2026-013584","severity":"MEDIUM","category":"code","title":"CVE-2026-14658: A vulnerability was detected in code-projects Assessment Management 1.0. This vulnerability affects unknown code of the file /lecturer/marking-scheme.php. The manipulation of the argument smarksrange[","summary":"A vulnerability was detected in code-projects Assessment Management 1.0. This vulnerability affects unknown code of the file /lecturer/marking-scheme.php. The manipulation of the argument smarksrange[] results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.","date":"2026-07-04T23:16:54.607000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013584"},{"entity_id":"ENT-2026-013582","severity":"MEDIUM","category":"code","title":"CVE-2026-14657: A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This mani","summary":"A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions[] causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.","date":"2026-07-04T22:16:42.707000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013582"},{"entity_id":"ENT-2026-013580","severity":"MEDIUM","category":"code","title":"CVE-2026-14656: A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cro","summary":"A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.","date":"2026-07-04T22:16:42.553000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013580"},{"entity_id":"ENT-2026-013578","severity":"LOW","category":"code","title":"CVE-2026-14655: A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argume","summary":"A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.","date":"2026-07-04T22:16:42.397000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013578"},{"entity_id":"ENT-2026-013576","severity":"HIGH","category":"code","title":"CVE-2026-14654: A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argu","summary":"A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument user_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.","date":"2026-07-04T21:17:15.193000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013576"},{"entity_id":"ENT-2026-013574","severity":"HIGH","category":"code","title":"CVE-2026-14653: A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argu","summary":"A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument user_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.","date":"2026-07-04T21:17:15.043000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013574"},{"entity_id":"ENT-2026-013572","severity":"HIGH","category":"code","title":"CVE-2026-14652: A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of th","summary":"A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.","date":"2026-07-04T21:17:14.840000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013572"},{"entity_id":"ENT-2026-013570","severity":"LOW","category":"code","title":"CVE-2026-14651: A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to den","summary":"A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The project maintainer explains: \"DoS vulnerabilities are generally fine in Sass compilers -- they are trivially possible with recursive functions, infinite loops, nested mixins, etc. The description here is wrong. Compile time is not expected to be linear relative to the input, and the algorithm is definitionally exponential.\"","date":"2026-07-04T21:17:14.690000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013570"},{"entity_id":"ENT-2026-013568","severity":"MEDIUM","category":"code","title":"CVE-2024-1248: The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username wi","summary":"The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user. Exploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator.","date":"2026-07-04T21:17:13.793000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013568"},{"entity_id":"ENT-2026-013566","severity":"LOW","category":"code","title":"CVE-2026-14650: A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grass_compiler::raw_to_parse_error of the component UTF-8 Character Handler. Executing a manipulation can","summary":"A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grass_compiler::raw_to_parse_error of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been published and may be used. In Issue #117 with similar structure the project maintainer explains: \"DoS vulnerabilities are generally fine in Sass compilers -- they are trivially possible with recursive functions, infinite loops, nested mixins, etc. The description here is wrong. Compile time is not expected to be linear relative to the input, and the algorithm is definitionally exponential.\"","date":"2026-07-04T20:16:55.117000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013566"},{"entity_id":"ENT-2026-013564","severity":"HIGH","category":"code","title":"CVE-2026-14649: A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/vo","summary":"A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely.","date":"2026-07-04T20:16:54.950000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013564"},{"entity_id":"ENT-2026-013562","severity":"HIGH","category":"code","title":"CVE-2026-14648: A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such","summary":"A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.","date":"2026-07-04T20:16:54.780000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013562"},{"entity_id":"ENT-2026-013560","severity":"MEDIUM","category":"code","title":"CVE-2026-14647: A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulat","summary":"A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: a7bf3a0f1d18bb62575236ef6e4944980c40e045. It is recommended to apply a patch to fix this issue.","date":"2026-07-04T19:16:53.640000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013560"},{"entity_id":"ENT-2026-013558","severity":"HIGH","category":"code","title":"CVE-2026-14642: A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argum","summary":"A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.","date":"2026-07-04T19:16:53.483000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013558"},{"entity_id":"ENT-2026-013556","severity":"HIGH","category":"code","title":"CVE-2026-14641: A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulatio","summary":"A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.","date":"2026-07-04T19:16:53.333000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013556"},{"entity_id":"ENT-2026-013554","severity":"HIGH","category":"code","title":"CVE-2026-14640: A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument","summary":"A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.","date":"2026-07-04T19:16:53.180000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013554"},{"entity_id":"ENT-2026-013552","severity":"MEDIUM","category":"code","title":"CVE-2026-14639: A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the ar","summary":"A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the argument c_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.","date":"2026-07-04T18:16:28.700000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013552"},{"entity_id":"ENT-2026-013550","severity":"MEDIUM","category":"code","title":"CVE-2026-14638: A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The atta","summary":"A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.","date":"2026-07-04T18:16:28.550000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013550"},{"entity_id":"ENT-2026-013548","severity":"HIGH","category":"code","title":"CVE-2026-14637: A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the libra","summary":"A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shopping_cart leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is 49b20f53de2b7ec34e920b11c863f1491d911a04. It is recommended to apply a patch to fix this issue.","date":"2026-07-04T18:16:28.357000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013548"},{"entity_id":"ENT-2026-013546","severity":"LOW","category":"code","title":"CVE-2026-12746: Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without iss","summary":"Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting token into the session without verifying that the callback corresponds to an authorization request this session initiated. Any application that uses this plugin for OAuth 2.0 login is exposed to login cross-site request forgery: because the callback is not bound to the session that began the flow, an attacker who starts an authorization with their own provider account can deliver the resulting callback to a victim, causing the victim's session to complete the attacker's authorization and associating the attacker's provider identity and access token with that session. Where the application persists this as an account link, the attacker may retain access to the victim's account through their ow","date":"2026-07-04T18:16:28.247000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013546"},{"entity_id":"ENT-2026-013544","severity":"LOW","category":"code","title":"CVE-2026-12740: Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and Acce","summary":"Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session (register_session) without verifying that the callback corresponds to an authorization request this session initiated. Any application that uses this middleware for OAuth 2.0 login is exposed to login cross-site request forgery: because the callback is not bound to the session that began the flow, an attacker who starts an authorization with their own provider account can deliver the resulting callback to a victim, causing the victim's session to complete the attacker's authorization and associating the attacker's provider identity and access token with that session. Where the application persists this as an account link, the attacker may retain access to the victim's account through their own provider ","date":"2026-07-04T18:16:28.133000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013544"},{"entity_id":"ENT-2026-013542","severity":"MEDIUM","category":"code","title":"CVE-2026-14636: A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function do_upload_others_images of the file application/m","summary":"A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function do_upload_others_images of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Image Manager. Executing a manipulation of the argument folder can lead to path traversal. It is possible to launch the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called de1c9e73ccf3bd032d9a0525c4752290d959dd8b. It is best practice to apply a patch to resolve this issue.","date":"2026-07-04T17:16:48.937000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013542"},{"entity_id":"ENT-2026-013540","severity":"HIGH","category":"code","title":"CVE-2026-14635: A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/mo","summary":"A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing a manipulation of the argument folder results in path traversal. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 2a9497ff11f36e573ad99e1c357ff0e6ded49745. Applying a patch is the recommended action to fix this issue.","date":"2026-07-04T17:16:48.780000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013540"},{"entity_id":"ENT-2026-013538","severity":"MEDIUM","category":"code","title":"CVE-2026-14634: A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file a","summary":"A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MY_Controller.php of the component Subscribed Emails Admin Page. Such manipulation of the argument User-Agent leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is 23105f25dadf57b4314fc015a63a7c6e910c89df. It is advisable to implement a patch to correct this issue.","date":"2026-07-04T17:16:48.610000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013538"},{"entity_id":"ENT-2026-013536","severity":"MEDIUM","category":"code","title":"CVE-2026-14633: A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the","summary":"A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. Patch name: d9785f995da77bdc62fb2d34bad5f7a162c9ad23. To fix this issue, it is recommended to deploy a patch.","date":"2026-07-04T16:17:14.300000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013536"},{"entity_id":"ENT-2026-013534","severity":"MEDIUM","category":"code","title":"CVE-2026-14632: A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core","summary":"A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY_Controller.php of the component Trusted Backend Interface. The manipulation of the argument href results in open redirect. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The patch is identified as 213babdbaa949e94557246414db0130e01394517. A patch should be applied to remediate this issue.","date":"2026-07-04T16:17:14.140000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013534"},{"entity_id":"ENT-2026-013517","severity":"MEDIUM","category":"code","title":"🛑 A U.S. government entity paid Kairos about $1 million in #Bitcoin.","summary":"🛑 A U.S. government entity paid Kairos about $1 million in #Bitcoin. The payment was made to keep stolen files from being leaked, according to a Ransom-ISAC case study. This was not a lock-and-key ransomware case. The pressure point was the stolen data itself. Read the story:","date":"2026-07-04T15:58:30+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013517"},{"entity_id":"ENT-2026-013532","severity":"LOW","category":"code","title":"CVE-2026-14630: A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/s","summary":"A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/smart_customer_service.py of the component Memory Recall Handler. The manipulation leads to use of weak hash. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is f57277fdd9ba373ace72d83c272023ec67f720d6. It is suggested to install a patch to address this issue. The project confirms (translated from Chinese): \"We now require session ownership verification in methods such as `username`, `sessionowner`, etc., and we've chat()changed the generation of `sessionowner` to include verified user identity and security context metadata.\"","date":"2026-07-04T15:16:30.740000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013532"},{"entity_id":"ENT-2026-013530","severity":"MEDIUM","category":"code","title":"CVE-2026-14629: A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can","summary":"A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.","date":"2026-07-04T14:16:29.203000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013530"},{"entity_id":"ENT-2026-013528","severity":"HIGH","category":"code","title":"CVE-2026-14535: In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless o","summary":"In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in the shared AnalysisContext.reported_shortened_code set. When the MLAllowlist analysis pass subsequently runs, it calls the same shorten_code() method, receives already_reported=True for every import, and executes a continue statement that skips its allowlist check entirely. This renders MLAllowlist dead code for all imports — it never evaluates whether an import is in the ML allowlist or not. The MLAllowlist pass was designed to catch imports of modules outside the known-safe ML ecosystem (torch, numpy, transformers, etc.) that slip past the UnsafeImports denylist. With MLAllowlist inoperative, any standard library module not in the UNSAFE_IMPORTS denylist can be invoked via pickle deseriali","date":"2026-07-04T14:16:29.063000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013528"},{"entity_id":"ENT-2026-013526","severity":"HIGH","category":"code","title":"CVE-2026-14534: Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because the","summary":"Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeI","date":"2026-07-04T14:16:28.400000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013526"},{"entity_id":"ENT-2026-013523","severity":"MEDIUM","category":"code","title":"CVE-2026-14628: A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Perform","summary":"A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","date":"2026-07-04T13:16:30.413000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013523"},{"entity_id":"ENT-2026-013521","severity":"MEDIUM","category":"code","title":"CVE-2026-14627: A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the componen","summary":"A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","date":"2026-07-04T13:16:30.230000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013521"},{"entity_id":"ENT-2026-013519","severity":"LOW","category":"code","title":"CVE-2025-13475: In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within","summary":"In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing. This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.","date":"2026-07-04T13:16:30.083000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013519"},{"entity_id":"ENT-2026-013515","severity":"LOW","category":"code","title":"CVE-2026-53362: In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken\n(MSG_MORE","summary":"In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken\n(MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are\ncomputed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen; datalen already includes fraggap (datalen = length + fraggap). When\nfraggap is non-zero, this is not the first skb and transhdrlen is zero.\nThe fraggap bytes carried over from the previous skb are copied just past\nthe fragment headers in the new skb's linear area. The linear area is\ntherefore undersized by fraggap bytes while pagedlen is overstated by the\nsame amount, and the copy writes past skb->end into the trailing\nskb_shared_info. An unprivileged user can trigger this via a UDPv6 socket using\nMSG_MORE together with MSG_SPLICE_PAGES. The bad accounting was introduced by commit 773ba4fe9104 (\"ipv6:\navoid partial copy for zc\"). Before commit ce650a","date":"2026-07-04T12:17:02.113000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013515"},{"entity_id":"ENT-2026-013513","severity":"LOW","category":"code","title":"CVE-2026-53361: In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress\nbeing false i","summary":"In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress\nbeing false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unix_schedule_gc() unix_schedule_gc() `- if (!gc_in_progress) `- if (!gc_in_progress) |- gc_in_progress = true | `- queue_work() | unix_gc() <----------------/ | | |- gc_in_progress = true ... `- queue_work() | | `- gc_in_progress = false | | unix_gc() <---------------------------------------------' | ... /* gc_in_progress == false */ | `- gc_in_progress = false unix_peek_fpl() relies on gc_in_progress not to confuse GC\nby MSG_PEEK. Let's set gc_in_progress to true in unix_gc().","date":"2026-07-04T12:17:02.010000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013513"},{"entity_id":"ENT-2026-013511","severity":"LOW","category":"code","title":"CVE-2026-53360: In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratc","summary":"In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area\nto reside in the GHCB's shared buffer. Note, things like Page State Change\n(PSC) requests _rely_ on this behavior, as the guest can't provide a length\nwhen making the request, i.e. the size of the guest payload is bounded by\nthe size of the shared buffer. Failure to force usage of the GHCB, and a slew of other flaws, lets a\nmalicious SNP guest corrupt host kernel heap memory, and leak host heap\nlayout information. setup_vmgexit_scratch() allocates a buffer via kvzalloc(exit_info_2),\nwhere exit_info_2 is guest-controlled. With exit_info_2=24, this yields\na 24-byte allocation in kmalloc-cg-32 (32-byte slab objects). The buffer\nholds an 8-byte psc_hdr followed by 8-byte psc_entry structs, so only\nentries[0] and entries[1] are in-bounds. snp_begin_psc() validates end_entry against VMGEXIT","date":"2026-07-04T12:17:01.880000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013511"},{"entity_id":"ENT-2026-013509","severity":"LOW","category":"code","title":"CVE-2026-53359: In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad (\"KVM: x86: Fix shadow paging use-after-fre","summary":"In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad (\"KVM: x86: Fix shadow paging use-after-free due\nto unexpected GFN\") fixed a shadow paging mismatch between stored and\ncomputed GFNs; the bug could be triggered by changing a PDE mapping from\noutside the guest, and then deleting a memslot. The rmap_remove()\ncall would miss entries created after the PDE change because the GFN\nof the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf\npage. In this case the gfn can be made to match, but the role does not\nmatch: the original large 2MB page creates a kvm_mmu_page with direct=1,\nwhile the new 4KB needs a kvm_mmu_page with direct=0. However,\nkvm_mmu_get_child_sp() does not compare the role, and therefore reuses\nthe page. The next step is installing a leaf (4KB) SPTE on the new path which\nrecords an rmap entry ","date":"2026-07-04T12:17:01.760000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013509"},{"entity_id":"ENT-2026-013507","severity":"MEDIUM","category":"code","title":"CVE-2026-14626: A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This mani","summary":"A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","date":"2026-07-04T12:16:53.903000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013507"},{"entity_id":"ENT-2026-013505","severity":"MEDIUM","category":"code","title":"CVE-2026-14625: A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection","summary":"A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","date":"2026-07-04T12:16:53.740000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013505"},{"entity_id":"ENT-2026-013503","severity":"LOW","category":"code","title":"CVE-2026-12196: HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless s","summary":"HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.","date":"2026-07-04T12:16:53.600000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013503"},{"entity_id":"ENT-2026-013501","severity":"LOW","category":"code","title":"CVE-2026-12195: myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This","summary":"myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.","date":"2026-07-04T12:16:53.300000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013501"},{"entity_id":"ENT-2026-013499","severity":"MEDIUM","category":"code","title":"CVE-2026-14624: A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation","summary":"A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is 34bc6724acc97dba1f8691e586da95b042cb612d. To fix this issue, it is recommended to deploy a patch.","date":"2026-07-04T11:16:47.613000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013499"},{"entity_id":"ENT-2026-013496","severity":"MEDIUM","category":"code","title":"CVE-2026-14623: A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to","summary":"A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue.","date":"2026-07-04T10:16:27.623000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013496"},{"entity_id":"ENT-2026-013494","severity":"HIGH","category":"code","title":"CVE-2026-14622: A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the compo","summary":"A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.","date":"2026-07-04T09:16:27.767000+03:00","url":"https://0x2ed3bb60.xyz/threat/ENT-2026-013494"}]}