Skip to main content
CVE-2025-36428 MEDIUM PATCH This Month

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 5.3).

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22626 MEDIUM This Month

Insufficient input validation in HIKSEMI NAS devices allows authenticated users to trigger denial of service conditions through malformed messages. An attacker with valid credentials can exploit this flaw to cause abnormal device behavior and availability disruptions without requiring user interaction. No patch is currently available to address this vulnerability.

Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-9226 MEDIUM This Month

Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. [CVSS 4.6 MEDIUM]

XSS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-22625 MEDIUM This Month

HIKSEMI NAS devices improperly validate filenames, allowing attackers with physical access to traverse directory structures and read sensitive system files. This vulnerability affects confidentiality but requires local presence and no authentication, making it a risk primarily in physically accessible environments. No patch is currently available for this issue.

Path Traversal
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-22624 MEDIUM This Month

Authenticated users of HIKSEMI NAS products can access and modify file resources belonging to other users due to insufficient access control checks. This allows any logged-in attacker to manipulate arbitrary files across user accounts without authorization, though a valid account is required to exploit the vulnerability. No patch is currently available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15322 MEDIUM This Month

Tanium addressed an improper access controls vulnerability in Tanium Server. [CVSS 4.3 MEDIUM]

Authentication Bypass Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-25211 LOW PATCH Monitor

Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. [CVSS 3.2 LOW]

Information Disclosure
NVD GitHub
CVSS 3.1
3.2
EPSS
0.0%
CVE-2026-1685 LOW Monitor

Dir-823X Firmware versions up to 250416 is affected by improper restriction of excessive authentication attempts (CVSS 3.7).

D-Link Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-1638 LOW Monitor

Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-1705 LOW Monitor

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. [CVSS 2.4 LOW]

D-Link XSS
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-1723 This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

Command Injection
NVD GitHub
EPSS
0.5%
CVE-2026-24728 This Week

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions up to 2025 is affected by missing authentication for critical function.

Authentication Bypass
NVD
EPSS
0.3%
CVE-2025-26385 Monitor

LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 versions up to 14.1 is affected by command injection.

Command Injection
NVD
EPSS
0.2%
CVE-2026-24729 This Week

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions up to 2025 is affected by unrestricted upload of file with dangerous type.

File Upload RCE
NVD
EPSS
0.2%
CVE-2026-1498 Monitor

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface.

LDAP
NVD
EPSS
0.1%
CVE-2025-7964 Monitor

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.

Information Disclosure
NVD
EPSS
0.1%
CVE-2025-15497 Monitor

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 versions up to 2.7 is affected by reachable assertion.

Openvpn Denial Of Service
NVD
EPSS
0.1%
CVE-2026-23835 PATCH Monitor

LobeHub is an open source human-and-AI-agent network. versions up to 1.143.3 contains a vulnerability that allows attackers to a discrepancy between actual resource consumption and billing calculations, caus.

Industrial Denial Of Service
NVD GitHub
EPSS
0.0%
CVE-2025-6723 This Week

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls.

Windows
NVD
EPSS
0.0%
CVE-2025-11175 Monitor

Wikimedia Foundation Mediawiki - DiscussionTools Extension is affected by improper neutralization of special elements used in an expression language statement.

Mediawiki
NVD
EPSS
0.0%
CVE-2025-13176 This Week

Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.

Privilege Escalation
NVD
EPSS
0.0%
CVE-2024-9432 Monitor

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.

Information Disclosure
NVD
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy