CVE-2026-3000
published 2026-03-02CVE-2026-3000: IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.51%
39.4th percentile
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| changing | idexpert_windows_logon_agent | 2.7.3.230719 – 2.8.4.250925 | — |
| changingtec | idexpert | 2.7.3.230719 – 2.8.4.250925 | — |
| gogs.io | gogs | >= 0 < 0.13.4 | 0.13.4 |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6pfp-2fqc-3jh4: IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the s
ghsa_unreviewed·2026-03-02
CVE-2026-3000 [CRITICAL] CWE-494 GHSA-6pfp-2fqc-3jh4: IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the s
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.
GHSA
Gogs has a Denial of Service issue
ghsa·2026-02-06
CVE-2026-22592 [MEDIUM] CWE-862 Gogs has a Denial of Service issue
Gogs has a Denial of Service issue
### Summary
An authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash.
### Details
If GetMirrorByRepoID fails, the error log dereferencing null pointer. This happens if the repository no longer exits.
https://github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.go#L333-L337
if `err != nil` `m` is alwasa `nil`
https://github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.go#L269-L278
### PoC
Spam mirror-sync on repo and delete this repo
code python spam mirror-sync
```py
import requests
url = "http://gogs.lan:3000/superuser/gobypass403/settings"
headers = {
"Cookie": "lang=en-US; i_like_gogs=
Chrome
Stable Channel Update for Desktop: CVE-2026-13792
vendor_chrome·2026-06-30
CVE-2026-13792 [HIGH] Stable Channel Update for Desktop: CVE-2026-13792
Stable Channel Update for Desktop
CVE-2026-13792: Use after free in Touchbar. Reported by Weipeng Jiang (@Krace) of VRI on 2026-03-25 [$3000][ 510829679 ] High CVE-2026-13793: Insufficient policy enforcement in SVG
Reported by pakhunov
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2026-11214
vendor_chrome·2026-06-02
CVE-2026-11214 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-11214
Stable Channel Update for Desktop
CVE-2026-11214: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-30 [N/A][ 513446116 ] Medium CVE-2026-11215: Inappropriate implementation in Cronet
Reported by Google on 2026-05-15 [$3000][ 474583539 ] Low CVE-2026-11216: Incorrect security UI in File Input
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2026-10989
vendor_chrome·2026-06-02
CVE-2026-10989 [HIGH] Stable Channel Update for Desktop: CVE-2026-10989
Stable Channel Update for Desktop
CVE-2026-10989: Inappropriate implementation in V8. Reported by Google on 2026-05-25 [$4000][ 506311914 ] Medium CVE-2026-10990: Use after free in Glic
Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-25 [$3000][ 503553614 ] Medium CVE-2026-10991: Use after free in V8
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2026-9893
vendor_chrome·2026-05-27
CVE-2026-9893 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-9893
Stable Channel Update for Desktop
CVE-2026-9893: Use after free in Skia. Reported by Google on 2026-05-17 [$25000][ 507707838 ] High CVE-2026-9894: Use after free in GPU
Reported by tohafrit on 2026-04-29 [$3000][ 491685406 ] High CVE-2026-9895: Out of bounds read in GPU
Severity: critical
Chrome
Stable Channel Update for Desktop: CVE-2026-10016
vendor_chrome·2026-05-27
CVE-2026-10016 [HIGH] Stable Channel Update for Desktop: CVE-2026-10016
Stable Channel Update for Desktop
CVE-2026-10016: Use after free in DOM. Reported by pwn2addr on 2026-05-20 [$3000][ 504156069 ] Medium CVE-2026-10017: Out of bounds read in Headless
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-19 [$2000][ 504175501 ] Medium CVE-2026-10018: Integer overflow in ANGLE
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2026-7339
vendor_chrome·2026-04-28
CVE-2026-7339 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-7339
Stable Channel Update for Desktop
CVE-2026-7339: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19 [$3000][ 497896137 ] Medium CVE-2026-7340: Integer overflow in ANGLE
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-30 [TBD][ 498285711 ] Medium CVE-2026-7355: Use after free in Media
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2026-3925
vendor_chrome·2026-03-10·CVSS 4.3
CVE-2026-3925 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-3925
Stable Channel Update for Desktop
CVE-2026-3925: Incorrect security UI in LookalikeChecks. Reported by NDevTK and Alesandro Ortiz on 2025-05-17 [$7000][ 478659010 ] Medium CVE-2026-3926: Out of bounds read in V8
Reported by qymag1c on 2026-01-26 [$3000][ 474948986 ] Medium CVE-2026-3927: Incorrect security UI in PictureInPicture
Severity: medium
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-28342 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-28342 [HIGH] CVE-2026-28342 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28342 :
vulnerability analysis and mitigation
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacker can exhaust available container memory, leading to service degradation or complete denial of service (DoS). The issue occurs because the endpoint performs computationally and memory-intensive hashing operations without request throttling, authentication requirements, or resource limits. This issue has been patched in version 3000.10.2.
Source : NVD
## 7.5
Score
Published March 5, 2026
Severity HIGH
CNA Score 7.5
Has Public Explo
Wiz
CVE-2019-25549 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2019-25549 [HIGH] CVE-2019-25549 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2019-25549 :
VeryPDF PDF Editor vulnerability analysis and mitigation
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the application to crash when processing PCL files.
Source : NVD
## 6.9
Score
Published March 21, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
VeryPDF PDF Editor
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:verypdf:verypdf
2026-03-02
Published