THREAT ALERT

ACT NOW CVE-2026-22200 7.5 Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled. | EMERGENCY CVE-2026-21891 9.4 ZimaOS (fork of CasaOS) through 1.5.0 has an authentication bypass where passwords for system service accounts are not properly validated during login. Attackers can access the system using known service account names with any password. PoC available, EPSS 13.6%. | ACT NOW CVE-2025-66376 7.2 Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to execute arbitrary JavaScript through CSS @import directives in HTML emails. KEV-listed, this vulnerability (CVE-2025-66376) enables session hijacking and account takeover when administrators or users view malicious emails, making it a high-value target for email-based espionage campaigns. | ACT NOW CVE-2025-43529 8.8 WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 12, 2026

88 CVEs tracked today. 20 Critical, 29 High, 26 Medium, 3 Low.

CVE-2026-22794 CRITICAL CVSS 9.6
Appsmith before 1.93 allows attackers to control the Origin header value used as the base URL in password reset and email verification links. Attackers can redirect authentication tokens to their domain, enabling account takeover. PoC available, patch available.

CSRF Appsmith
CVE-2026-22785 CRITICAL CVSS 9.8
orval (TypeScript API client generator) before 7.18.0 has code injection via OpenAPI specification summary fields in MCP server generation. Malicious API specs can inject arbitrary code into generated TypeScript. PoC available, patch available.

Command Injection RCE Orval
CVE-2026-22783 CRITICAL CVSS 9.6
DFIR-IRIS incident response platform before 2.4.24 allows authenticated users to delete arbitrary filesystem paths through mass assignment of the file_local_name field combined with path trust in the delete operation. Scope change with high integrity/availability impact. Patch available.

Information Disclosure Iris
CVE-2026-22781 CRITICAL CVSS 9.8
TinyWeb HTTP Server before 1.98 has OS command injection via CGI ISINDEX query parameters. The query string is passed as command-line arguments to CGI executables through Windows CreateProcess(), allowing unauthenticated RCE. Patch available.

Windows Command Injection Tinyweb
CVE-2026-22252 CRITICAL CVSS 9.1
LibreChat before v0.8.2-rc2 allows any authenticated user to execute shell commands as root inside the container through the MCP stdio transport. A single API request is sufficient for root code execution. PoC available, patch available.

Authentication Bypass AI / ML Librechat
CVE-2026-22214 CRITICAL CVSS 9.8
RIOT OS ethos utility has a stack buffer overflow in _handle_char() due to missing bounds checking on serial frame data. Incoming frame bytes overflow a fixed-size stack buffer.

IoT Buffer Overflow Stack Overflow Memory Corruption Denial Of Service
CVE-2026-22213 CRITICAL CVSS 9.8
RIOT OS (IoT operating system) tapslip6 utility has a stack buffer overflow due to unbounded strcpy/strcat with user-controlled device name input. PoC available.

IoT Buffer Overflow Stack Overflow Memory Corruption Denial Of Service
CVE-2026-22200 HIGH CVSS 7.5
Arbitrary file disclosure in osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7 allows unauthenticated attackers to read sensitive server files by injecting malicious PHP filter expressions into ticket descriptions that are processed during PDF export. The vulnerability exploits insufficient sanitization in the mPDF library integration, enabling attackers to embed arbitrary file contents as images in generated PDFs when exporting tickets. Public exploit code exists and the issue affects default configurations where guest ticket creation is enabled.

PHP Osticket
CVE-2025-69270 CRITICAL CVSS 9.8
Broadcom DX NetOps Spectrum (24.3.8 and earlier) exposes session tokens in URL query strings, enabling session hijacking through browser history, referer headers, or proxy logs.

Broadcom Linux Windows Information Disclosure Dx Netops Spectrum
CVE-2025-69269 CRITICAL CVSS 9.8
Broadcom DX NetOps Spectrum (23.3.6 and earlier) has unauthenticated OS command injection on both Windows and Linux platforms. As a network management system, compromise gives attackers visibility and control over the entire monitored infrastructure.

Broadcom Linux Windows Command Injection Dx Netops Spectrum
CVE-2025-67147 CRITICAL CVSS 9.8
Gym Management System PHP 1.0 has multiple SQL injection vulnerabilities across three files (submit_contact.php, secure_login.php, change_s_pwd.php) through seven parameters. Authentication bypass and data extraction possible.

PHP SQLi Authentication Bypass
CVE-2025-67146 CRITICAL CVSS 9.4
GYM-MANAGEMENT-SYSTEM 1.0 has multiple SQL injection vulnerabilities in search and payment endpoints (member_search, trainer_search, gym_search, payment_search). PoC available.

PHP SQLi Authentication Bypass Gym Management System
CVE-2025-66802 CRITICAL CVSS 9.8
Sourcecodester Covid-19 Contact Tracing System 1.0 allows unauthenticated RCE through unrestricted PHP file upload in the user image functionality. PoC available.

RCE Covid 19 Contact Tracing System
CVE-2025-65552 CRITICAL CVSS 9.8
D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on its 433 MHz sensor channel. No rolling codes, authentication, or anti-replay protection – attackers can record and replay alarm/control frames to trigger false alarms or disable sensors.

Information Disclosure Zx G12 Firmware
CVE-2025-63314 CRITICAL CVSS 10.0
Acora CMS v10.7.1 uses a static, predictable password reset token. Attackers can replay this token to reset any user's password and take over their account, including admin accounts. Maximum CVSS 10.0 with scope change.

Authentication Bypass Session Fixation Cm3 Acora Cms
CVE-2025-52694 CRITICAL CVSS 10.0
Critical SQL injection vulnerability in an internet-exposed service enabling unauthenticated extraction and manipulation of the entire database. CVSS 10.0 with scope change, EPSS 12.9% indicating high exploitation activity.

SQLi Iotsuite Starter Linux Docker Iot Edge Windows Iotsuite Growth Linux Docker Iotsuite Saas Composer
CVE-2025-51567 CRITICAL CVSS 9.1
Kashipara Online Exam System V1.0 has SQL injection in profile.php through five POST parameters (rname, rcollage, rnumber, rgender, rpassword). PoC available.

PHP SQLi Online Exam System
CVE-2025-46070 CRITICAL CVSS 9.8
Automai BotManager v25.2.0 allows unauthenticated remote code execution via the BotManager.exe component due to improper certificate validation. Attackers can execute arbitrary code on systems running the bot management agent.

Authentication Bypass RCE Botmanager
CVE-2025-46066 CRITICAL CVSS 9.9
Automai Director v25.2.0 allows authenticated users to escalate to full administrative privileges with scope change (CVSS 9.9). Low-privileged users can take complete control of the automation platform.

Privilege Escalation Director
CVE-2025-29329 CRITICAL CVSS 9.8
Sagemcom F@st 3686 cable modem/router has a buffer overflow in the IPP printing service that allows unauthenticated remote code execution via crafted HTTP requests. PoC available.

Buffer Overflow
CVE-2025-12420 CRITICAL CVSS 9.8
ServiceNow AI Platform has a user impersonation vulnerability allowing unauthenticated attackers to impersonate any user and perform their authorized actions. ServiceNow has deployed patches to hosted instances and self-hosted updates are available.

Privilege Escalation AI / ML Virtual Agent Api Now Assist Ai Agents
CVE-2026-22812 HIGH CVSS 8.8
Opencode versions up to 1.0.216 is affected by missing authentication for critical function (CVSS 8.8).

Authentication Bypass RCE AI / ML Opencode
CVE-2026-22804 HIGH CVSS 8.0
Stored XSS in Termix File Manager (versions 1.7.0-1.9.0) allows attackers with SSH server access to execute arbitrary JavaScript by uploading malicious SVG files that bypass content sanitization. When a Termix user previews the crafted file, the payload executes within the application context with full access to sensitive operations. Public exploit code exists and no patch is currently available.

Ssh XSS Termix
CVE-2026-22799 HIGH CVSS 8.8
Remote code execution in Emlog v2.6.1 and earlier allows authenticated attackers to upload arbitrary files through an insufficiently validated REST API endpoint (/index.php?rest-api=upload), enabling malicious PHP execution on the server. Attackers can exploit this by obtaining valid API credentials through administrator access or information disclosure flaws, then uploading executable scripts to achieve full system compromise. Public exploit code exists for this vulnerability, and affected administrators should apply available patches immediately.

PHP RCE Information Disclosure Emlog
CVE-2026-22788 HIGH CVSS 8.2
WebErpMesV2 versions prior to 1.19 expose unauthenticated API endpoints that allow remote attackers to read sensitive manufacturing and business data including orders, quotes, and tasks without credentials. Public exploit code exists for this vulnerability, and attackers can additionally create company records and manipulate collaboration whiteboards. A patch is available in version 1.19 and should be applied immediately to restrict API access.

Authentication Bypass Wem
CVE-2026-22786 HIGH CVSS 7.2
Gin-vue-admin versions 2.8.7 and earlier contain a path traversal vulnerability in the breakpoint resume upload API that allows authenticated attackers to write arbitrary files to any directory on the system. Public exploit code exists for this vulnerability, which affects administrators and users with file upload privileges. An attacker can bypass directory restrictions by injecting traversal sequences (../) into the fileName parameter to escape the intended fileDir location.

Golang Path Traversal Gin Vue Admin Suse
CVE-2026-22776 HIGH CVSS 7.5
cpp-httplib versions prior to 0.30.1 are vulnerable to denial of service attacks due to insufficient validation of decompressed HTTP request body sizes. An unauthenticated remote attacker can send a malicious gzip or brotli-compressed request that decompresses to an arbitrarily large payload in memory, exhausting server resources. Public exploit code exists for this vulnerability, and a patch is available in version 0.30.1 and later.

Denial Of Service Cpp Httplib Redhat Suse
CVE-2026-22771 HIGH CVSS 8.8
Credential theft via Lua script execution in Envoy Gateway versions before 1.5.7 and 1.6.2 allows authenticated attackers to extract proxy credentials and subsequently access the control plane and all associated secrets including TLS private keys. Public exploit code exists for this vulnerability. Affected organizations running vulnerable Envoy Gateway instances should immediately upgrade as no patch is currently available for intermediate versions.

Kubernetes Tls Gateway Redhat Suse
CVE-2026-0855 HIGH CVSS 8.8
Merit LILIN IP Camera models contain an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands on affected devices with high privileges. The vulnerability requires valid credentials but no user interaction, enabling complete compromise of device confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Command Injection
CVE-2026-0854 HIGH CVSS 8.8
Merit LILIN DVR/NVR devices allow authenticated remote attackers to execute arbitrary operating system commands through command injection, enabling complete system compromise. An attacker with valid credentials can bypass application controls and gain full control over the affected device without user interaction. No patch is currently available for this vulnerability, leaving deployed systems at significant risk.

Command Injection
CVE-2026-0852 HIGH CVSS 7.3
SQL injection in Online Music Site 1.0's AdminUpdateUser.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable unauthorized data access, modification, or deletion with confidentiality, integrity, and availability impact.

PHP SQLi Online Music Site
CVE-2026-0851 HIGH CVSS 7.3
SQL injection in code-projects Online Music Site 1.0 via the txtusername parameter in AdminAddUser.php enables unauthenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

PHP SQLi Online Music Site
CVE-2025-71063 HIGH CVSS 8.2
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers. [CVSS 8.2 HIGH]

Tls Errands
CVE-2025-69276 HIGH CVSS 8.8
Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. [CVSS 8.8 HIGH]

Broadcom Linux Windows Deserialization Dx Netops Spectrum
CVE-2025-69274 HIGH CVSS 8.8
Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 8.8 HIGH]

Broadcom Linux Windows Privilege Escalation Dx Netops Spectrum
CVE-2025-69273 HIGH CVSS 7.5
Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 7.5 HIGH]

Broadcom Linux Windows Authentication Bypass Dx Netops Spectrum
CVE-2025-69272 HIGH CVSS 7.5
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier. [CVSS 7.5 HIGH]

Broadcom Linux Windows Dx Netops Spectrum
CVE-2025-69271 HIGH CVSS 7.5
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. [CVSS 7.5 HIGH]

Broadcom Linux Windows Dx Netops Spectrum
CVE-2025-68472 HIGH CVSS 8.1
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. [CVSS 8.1 HIGH]

Path Traversal AI / ML Mindsdb
CVE-2025-46068 HIGH CVSS 8.8
Director versions up to 25.2.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload RCE Director
CVE-2025-46067 HIGH CVSS 8.2
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file [CVSS 8.2 HIGH]

Authentication Bypass Director
CVE-2025-41078 HIGH CVSS 8.1
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents. [CVSS 8.1 HIGH]

Authentication Bypass Documents Documents Compose
CVE-2025-41077 HIGH CVSS 8.1
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. [CVSS 8.1 HIGH]

Authentication Bypass Inbox
CVE-2025-15514 HIGH CVSS 7.5
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service AI / ML Ollama Redhat
CVE-2025-14279 HIGH CVSS 8.1
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. [CVSS 8.1 HIGH]

Dns AI / ML Mlflow
CVE-2024-58340 HIGH CVSS 7.5
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). [CVSS 7.5 HIGH]

Denial Of Service AI / ML Langchain Redhat
CVE-2024-58339 HIGH CVSS 7.5
LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. [CVSS 7.5 HIGH]

Denial Of Service AI / ML Llamaindex
CVE-2024-14021 HIGH CVSS 7.8
LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. [CVSS 7.8 HIGH]

Deserialization AI / ML Llamaindex
CVE-2023-36331 HIGH CVSS 8.2
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId. [CVSS 8.2 HIGH]

Authentication Bypass Xmall
CVE-2026-22813 MEDIUM CVSS 6.1
OpenCode's markdown renderer fails to sanitize HTML input in LLM responses, allowing attackers who control the chat output to inject arbitrary JavaScript that executes in the localhost:4096 origin without Content Security Policy protections. Public exploit code exists for this cross-site scripting vulnerability, affecting users of the AI coding agent through versions prior to 1.1.10. An attacker can achieve session compromise or local code execution by manipulating LLM responses to inject malicious scripts.

XSS AI / ML Opencode
CVE-2026-22801 MEDIUM CVSS 6.8
Libpng versions 1.6.26 through 1.6.53 contain an integer truncation flaw in the simplified write API functions that triggers a heap buffer over-read when processing images with negative row strides or strides exceeding 65535 bytes. Local attackers can exploit this to read sensitive heap memory, potentially disclosing application data. No patch is currently available; users should avoid processing untrusted PNG images with these vulnerable libpng versions.

Buffer Overflow Libpng Redhat Suse
CVE-2026-22798 MEDIUM CVSS 5.9
Hermes versions up to 0.9.1 is affected by insertion of sensitive information into log file (CVSS 5.9).

Information Disclosure Hermes
CVE-2026-22789 MEDIUM CVSS 5.4
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. [CVSS 5.4 MEDIUM]

PHP RCE Wem
CVE-2026-22784 MEDIUM CVSS 4.3
Lychee photo management tool versions before 7.1.0 contain an authorization bypass in the album password unlock mechanism that allows authenticated users to access multiple password-protected albums by unlocking just one that shares the same password. Public exploit code exists for this vulnerability. Administrators should upgrade to version 7.1.0 or later to prevent unauthorized access to protected photo collections.

Authentication Bypass Lychee
CVE-2026-22772 MEDIUM CVSS 5.8
Fulcio versions prior to 1.8.5 allow unauthenticated attackers to bypass MetaIssuer URL validation through unanchored regex patterns, enabling blind SSRF attacks against internal services. Although the vulnerability is limited to read-only GET requests with no response exfiltration, attackers can probe internal networks to discover active services and infrastructure. Public exploit code exists for this medium-severity issue, and a patch is available in version 1.8.5.

SSRF Fulcio Redhat Suse
CVE-2026-22695 MEDIUM CVSS 6.1
Libpng versions 1.6.51-1.6.53 contain a heap buffer over-read in the simplified API function png_image_finish_read when processing interlaced 16-bit PNG images with 8-bit output and non-minimal row stride, allowing local attackers to read out-of-bounds memory through a malicious image file. Public exploit code exists for this regression, which was introduced by a previous security fix. Upgrade to version 1.6.54 to remediate.

Buffer Overflow Libpng Redhat Suse
CVE-2026-22251 MEDIUM CVSS 5.3
Wlc versions prior to 1.17.0 fail to restrict unscoped API keys, allowing them to be transmitted to unintended Weblate servers and potentially leaked to attackers with local access or through compromised credentials. A local attacker with user privileges could exploit this information disclosure to gain unauthorized access to Weblate instances across multiple servers. A patch is available in version 1.17.0 and later.

Information Disclosure Wlc
CVE-2026-22050 MEDIUM CVSS 4.3
Ontap versions up to 9.16.1 is affected by authorization bypass through user-controlled key (CVSS 4.3).

Authentication Bypass Ontap
CVE-2026-22033 MEDIUM CVSS 5.4
Stored XSS in Label Studio's custom_hotkeys feature allows authenticated attackers to inject malicious JavaScript that executes in other users' browsers, potentially enabling API token theft and account takeover due to insufficient CSRF protections. Public exploit code exists for this vulnerability affecting Label Studio 1.22.0 and earlier. An attacker could abuse this to gain unauthorized API access or perform actions on behalf of compromised users.

XSS CSRF Label Studio
CVE-2026-0853 MEDIUM CVSS 5.3
A-Plus Video Technologies NVR devices expose an unauthenticated debug page that allows remote attackers to retrieve sensitive device status information without authentication. The vulnerability requires no user interaction and can be exploited over the network, enabling reconnaissance attacks against affected systems. No patch is currently available to remediate this exposure.

Information Disclosure
CVE-2025-69275 MEDIUM CVSS 6.1
Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier. [CVSS 6.1 MEDIUM]

Broadcom Linux Windows Dx Netops Spectrum XSS
CVE-2025-69268 MEDIUM CVSS 6.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.1 MEDIUM]

Broadcom Linux Windows XSS Dx Netops Spectrum
CVE-2025-69267 MEDIUM CVSS 6.5
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.5 MEDIUM]

Broadcom Linux Windows Path Traversal Dx Netops Spectrum
CVE-2025-68657 MEDIUM CVSS 6.4
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. [CVSS 6.4 MEDIUM]

Information Disclosure Usb Host Hid Driver
CVE-2025-68656 MEDIUM CVSS 6.8
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. [CVSS 6.8 MEDIUM]

Use After Free Usb Host Hid Driver
CVE-2025-68622 MEDIUM CVSS 6.8
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class (UVC) device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC configuration-descriptor printing is enabled, the host prints detailed descriptor information provided by the connected USB device. A specially crafted UVC descriptor may advertise an excessively large length...

Buffer Overflow Usb Host Uvc Class Driver
CVE-2025-68471 MEDIUM CVSS 6.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart. [CVSS 6.5 MEDIUM]

Denial Of Service Avahi Redhat Suse
CVE-2025-68468 MEDIUM CVSS 6.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. [CVSS 6.5 MEDIUM]

Denial Of Service Avahi Redhat Suse
CVE-2025-68276 MEDIUM CVSS 5.5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. [CVSS 5.5 MEDIUM]

Denial Of Service Avahi Redhat Suse
CVE-2025-67813 MEDIUM CVSS 5.3
Kace Desktop Authority versions up to 11.3.1 is affected by incorrect default permissions (CVSS 5.3).

Privilege Escalation Kace Desktop Authority
CVE-2025-66939 MEDIUM CVSS 5.4
Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file [CVSS 5.4 MEDIUM]

XSS 66biolinks
CVE-2025-66689 MEDIUM CVSS 6.5
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Path Traversal Pal Mcp Server
CVE-2025-65553 MEDIUM CVSS 6.5
Xz-G12 Firmware versions up to 2.1.17 contains a vulnerability that allows attackers to undetected intrusions or failure to trigger safety alerts (CVSS 6.5).

Denial Of Service Xz G12 Firmware
CVE-2025-14579 MEDIUM CVSS 4.8
Quiz Maker WordPre versions up to 6.7.0.89 contains a vulnerability that allows attackers to high privilege users such as admin to perform Stored Cross-Site Scripting attack (CVSS 4.8).

WordPress XSS PHP
CVE-2021-41074 MEDIUM CVSS 5.4
A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document. [CVSS 5.4 MEDIUM]

PHP CSRF Qloapps
CVE-2026-22805 LOW CVSS 2.1
Metabase is an open-source data analytics platform. versions up to 55.13 is affected by server-side request forgery (ssrf).

SSRF
CVE-2026-22800 LOW CVSS 2.4
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. [CVSS 2.4 LOW]

CSRF
CVE-2026-22250 LOW CVSS 2.5
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. [CVSS 2.5 LOW]

Tls
CVE-2026-22212 None
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery.

Buffer Overflow Stack Overflow Memory Corruption Denial Of Service
CVE-2025-41006 None
Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’.

PHP SQLi
CVE-2025-41005 None
Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’.

PHP SQLi
CVE-2025-41004 None
Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter.

PHP SQLi
CVE-2025-41003 None
Imaster's Patient Record Management System contains a stored Cross-Site Scripting (XSS) vulnerability in the endpoint ‘/projects/hospital/admin/edit_patient.php’.

PHP XSS
CVE-2025-40978 None
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘reply_description’ parameter.

Golang XSS
CVE-2025-40977 None
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters.

Golang XSS
CVE-2025-40976 None
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter.

XSS
CVE-2025-40975 None
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter.

XSS
CVE-2025-14470 None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities