Author: Mohammed Idrees Banyamer

Country:

Reported research: 35

Advisories

Risk
Topic & Details
Med.
Discourse <= 2026.2.1 Authenticated Missing Authorization (CVE assigned)
 Remote | 2026-03-21
Med.
Kanboard <= 1.2.50 Authenticated SQL Injection (CVE assigned)
 Remote | 2026-03-18
High
Glances <= 4.5.2 OS Command Injection via Mustache Template Fields (CVE assigned)
 Remote | 2026-03-18
High
LB-LINK BL-WR9000 V2.4.9 - Stack-based Buffer Overflow in /goform/get_hidessid_cfg (CVE assigned)
 Remote | 2026-03-17
High
LB-LINK BL-WR9000 V2.4.9 - Unauthenticated / Post-Auth Stack-based Buffer Overflow (CVE assigned)
 Remote | 2026-03-17
High
zumba/json-serializer zumba/json-serializer < 3.2.3 RCE (CVE assigned)
 Remote | 2026-03-15
Med.
Wekan 8.31.0 - 8.33Meteor DDP notificationUsers Sensitive Data Leak (CVE assigned)
 Remote | 2026-03-15
Med.
Frappe Framework <14.99.0 and <15.84.0 Unauthenticated SQL Injection (CVE assigned)
 Remote | 2026-03-14
Low
PyJWT < 2.12.0 crit header bypass / Insufficient crit validation (CVE assigned)
 Remote | 2026-03-14
High
WeGIA <= 3.6.4 Unauthenticated Admin Authentication Bypass (CVE assigned)
 Remote | 2026-03-08
High
NocoDB <= 0.301.2 User Enumeration via Password Reset Endpoint (CVE assigned)
 Remote | 2026-03-08
Med.
Craft CMS 4.x & 5.x RCE via Blocklist Bypass (CVE assigned)
 Remote | 2026-03-08
High
pac4j-jwt < 4.5.9, < 5.7.9, < 6.3.3 JwtAuthenticator Authentication Bypass via JWE-wrapped PlainJWT (CVE assigned)
 Remote | 2026-03-08
High
WeGIA <= 3.6.4 Remote Code Execution via OS Command Injection (CVE assigned)
 Remote | 2026-03-03
High
MaxSite CMS <= 109.1 unauthenticated RCE via run_php plugin (CVE assigned)
 Remote | 2026-03-02
Low
OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution (CVE assigned)
 Remote | 2026-03-02
Low
Statamic CMS < 5.73.11 & < 6.4.0 Stored XSS via SVG Upload Leading to Privilege Escalation (CVE assigned)
 Remote | 2026-03-02
High
OpenStack Vitrage < 12.0.1 / 13.0.1 Eval Injection Remote Code Execution (CVE assigned)
 Remote | 2026-03-02
Low
Tenda F453 v1.0.0.3 frmL7ImForm Buffer Overflow (CVE assigned)
 Remote | 2026-03-02
High
MLX <= 0.29.3 - Heap-based Buffer Overflow in .npy Parser (CVE assigned)
 Remote | 2026-02-26
High
Azure AI Language Conversations Authoring SDK < 1.0.0b4 - Remote Code Execution (CVE assigned)
 Remote | 2026-02-26
Med.
FileBrowser ≤ v2.57.0 - Path-Based Access Control Bypass via Multiple Leading Slashes in URL (Authenticated Authorization Bypass) (CVE assigned)
 Remote | 2026-02-23
Med.
LangGraph SQLite Checkpoint - SQL Injection via Metadata Filter Key (CVE assigned)
 Remote | 2026-02-23
Low
Hyland OnBase Timer Service Unauthenticated .NET Remoting RCE (CVE assigned)
 Remote | 2026-02-19
Low
Repetier-Server <= 1.4.10 - Unauthenticated Path Traversal / Local File Inclusion (CVE assigned)
 Remote | 2026-02-19
Low
Roundcube Webmail DOM-based XSS Exploit via SVG href Attribute (CVE assigned)
 Remote | 2026-02-15
High
deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS
 Remote | 2026-02-02
High
LangChain Core - Serialization Injection to Jinja2 SSTI/RCE (CVE assigned)
 Remote | 2026-01-26
High
Microsoft PowerPoint 2019 Remote Code Execution (RCE) (CVE assigned)
 Remote | 2025-07-24
Low
Parrot and DJI variants Drone OSes Kernel Panic Exploit (CVE assigned)
 Local | 2025-06-26

Do you know.. we can display your:

- Twitter Link
- Website Link
- Zone-H Link
- Description of profile
- email (let us know if you want show public)

Let's us know! submit@cxsec.org

Copyright 2026, cxsecurity.com

 

Back to Top