CEAarab

2 exploits Active since Feb 2026
CVE-2026-26336 NOMISEC HIGH WORKING POC
Hyland Alfresco Content Services < 25.3 - Unauthenticated Arbitrary File Read via Resource Endpoint
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
CVSS 7.5
CVE-2026-26026 NOMISEC CRITICAL WORKING POC
GLPI 11.0.0-11.0.5 Templates - Admin Remote Code Execution
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
CVSS 9.1