Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
6 articles

#CVSS 9.1

All CosmicBytez Labs articles tagged #CVSS 9.1, across news, security advisories, how-to guides, and projects.

  • SecurityJun 1, 2026

    CVE-2026-48188: OTRS Database Layer SQL Injection — Authentication Bypass

    A critical SQL injection vulnerability (CVSS 9.1) in OTRS and ((OTRS)) Community Edition allows unauthenticated attackers to bypass authentication entirely when MySQL or MariaDB is configured with the NO_BACKSLASH_ESCAPES SQL mode.

  • SecurityMay 30, 2026

    CVE-2026-4290: WP Travel Pro Arbitrary User Deletion via Broken REST API Access Control

    A critical CVSS 9.1 access control flaw in the WP Travel Pro WordPress plugin allows unauthenticated attackers to delete any user account — including...

  • SecurityMay 22, 2026

    UniFi OS Command Injection via Improper Input Validation

    A CVSS 9.1 command injection vulnerability in UniFi OS devices allows a network-adjacent attacker with high privileges to execute arbitrary commands on...

  • SecurityMay 22, 2026

    CVE-2026-5433: Honeywell CNM Critical Command Injection RCE

    A CVSS 9.1 critical command injection vulnerability in Honeywell's Control Network Module web interface allows remote attackers to execute arbitrary...

  • SecurityMay 20, 2026

    CVE-2026-31986: Apache OFBiz Hard-Coded Cryptographic Key

    Apache OFBiz versions before 24.09.06 contain a hard-coded cryptographic key vulnerability (CVSS 9.1) that allows attackers to forge authentication tokens...

  • SecurityApr 7, 2026

    CVE-2026-26026: GLPI Template Injection Enables

    GLPI versions 11.0.0 through 11.0.5 contain a server-side template injection vulnerability in the administrator interface that allows authenticated admins...