THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — February 23, 2026

93 CVEs tracked today. 8 Critical, 36 High, 37 Medium, 7 Low.

CVE-2026-24494 CRITICAL CVSS 9.8
SQL injection in Order Up Online Ordering System 1.0 via /api/integrations/getintegrations endpoint allows unauthenticated database compromise.

SQLi
CVE-2026-23693 CRITICAL CVSS 10.0
Critical vulnerability in ElementsKit Elementor Addons WordPress plugin allows unauthenticated access to critical functions. CVSS 10.0 affecting a widely-used WordPress plugin with 1M+ installations.

WordPress
CVE-2026-23552 CRITICAL CVSS 9.1
Cross-realm token acceptance bypass in Apache Camel Keycloak security policy. The KeycloakSecurityPolicy fails to properly validate token issuers, accepting tokens from different Keycloak realms. PoC available.

Apache Camel
CVE-2026-3062 CRITICAL CVSS 9.8
Out-of-bounds read and write in Chrome Tint shader compiler on Mac before 145.0.7632.116. More severe than CVE-2026-3061 due to additional write capability enabling potential code execution.

Chrome Google
CVE-2026-3061 CRITICAL CVSS 9.1
Out-of-bounds read in Google Chrome Media component before 145.0.7632.116 allows remote attackers to perform memory reads via crafted media content.

Google Chrome
CVE-2026-2588 CRITICAL CVSS 9.1
Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts a size_t to int, causing overflow that could compromise cryptographic operations.

Integer Overflow
CVE-2025-70327 CRITICAL CVSS 9.8
Argument injection in TOTOLINK X5000R router v9.1.0cu via setDiagnosisCfg handler allows unauthenticated remote code execution. EPSS 2.0% with PoC available.

Denial Of Service X5000r Firmware TOTOLINK
CVE-2025-70043 CRITICAL CVSS 9.1
Improper certificate validation in Ayms node-To master Node.js module. The application does not properly validate TLS certificates, enabling man-in-the-middle attacks.

Tls
CVE-2026-27623 HIGH CVSS 7.5
Denial of service in Valkey 9.0.0 through 9.0.2 allows unauthenticated network attackers to crash the server by exploiting improper networking state handling after empty requests. An attacker can trigger an assertion failure that causes the Valkey process to abort, impacting availability for all users. No patch is currently available; network isolation is recommended as a mitigation.

Code Injection Valkey Redhat Suse
CVE-2026-25747 HIGH CVSS 8.8
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. [CVSS 8.8 HIGH]

Apache Java Deserialization Camel Redhat
CVE-2026-25649 HIGH CVSS 7.3
Traccar GPS tracking system through version 6.11.1 allows authenticated users to hijack OAuth 2.0 authorization codes through unvalidated redirect URIs in OIDC endpoints, enabling account takeover on integrated applications. The vulnerability stems from missing whitelist validation on the redirect_uri parameter, permitting attackers to exfiltrate authorization codes to attacker-controlled servers. Public exploit code exists for this HIGH severity flaw, and no patch is currently available.

Open Redirect Traccar
CVE-2026-25648 HIGH CVSS 8.7
Traccar versions 6.11.1 and later allow authenticated users to inject malicious JavaScript into other users' browsers by uploading unsanitized SVG files as device images, exploiting improper Content-Type handling. Public exploit code exists for this reflected cross-site scripting vulnerability, which could enable session hijacking or credential theft with no patch currently available.

File Upload RCE XSS Traccar
CVE-2026-22567 HIGH CVSS 7.6
Zscaler Internet Access Admin Portal allows authenticated administrators to execute arbitrary backend functions through insufficient input validation in the web UI. This high-severity vulnerability requires administrative privileges and currently lacks a patch, limiting exposure but leaving affected organizations vulnerable until remediation is available. An attacker with admin credentials could bypass intended restrictions to perform unauthorized backend operations with cross-system impact.

Code Injection Zscaler Internet Access Admin Portal
CVE-2026-21863 HIGH CVSS 7.5
Out-of-bounds read in Valkey clusterbus port processing allows network-adjacent attackers to crash affected systems by sending specially crafted packets that bypass buffer validation checks. This vulnerability affects Valkey versions prior to 9.0.2, 8.1.6, 8.0.7, and 7.2.12, impacting any deployment exposing the clusterbus port to untrusted networks. Patches are available and administrators should restrict clusterbus access with network ACLs as an immediate mitigation.

Denial Of Service Valkey Redhat Suse
CVE-2026-21420 HIGH CVSS 7.3
Dell Repository Manager versions before 3.4.8 suffer from an uncontrolled search path vulnerability that allows local attackers with low privileges to execute arbitrary code and escalate their access. An attacker with local system access and user interaction can exploit improper path handling to inject malicious code into the application's execution flow. A patch is available to remediate this HIGH severity issue affecting the repository management functionality.

Privilege Escalation Repository Manager
CVE-2026-3026 HIGH CVSS 7.3
Jeewms 3.7 contains a server-side request forgery vulnerability in the UEditor plugin's getRemoteImage.jsp file, where the upfile parameter can be manipulated to make the server perform unintended network requests. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Remote attackers can exploit this without authentication to conduct SSRF attacks with low complexity.

SSRF Jeewms
CVE-2026-3025 HIGH CVSS 7.3
Smart Heating Integrated Management Platform versions up to 1.0.0 is affected by improper access control (CVSS 7.3).

File Upload Authentication Bypass Smart Heating Integrated Management Platform
CVE-2026-3016 HIGH CVSS 8.8
Remote code execution in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated attackers to achieve full system compromise through a buffer overflow in the P2P limit configuration function. The vulnerability exists due to unsafe use of strcpy() in the /goform/formP2PLimitConfig endpoint and is exploitable over the network with public exploit code currently available. No patch has been released, making this a critical risk for deployed devices.

Buffer Overflow 810g Firmware
CVE-2026-3015 HIGH CVSS 8.8
Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated remote attackers to achieve code execution by supplying an oversized GroupName parameter to the /goform/formPolicyRouteConf endpoint. Public exploit code exists for this vulnerability and no patch is currently available.

Buffer Overflow 810g Firmware
CVE-2026-2998 HIGH CVSS 7.8
eAI Technologies' ERP application is vulnerable to DLL hijacking attacks that enable authenticated local users to achieve arbitrary code execution by placing a malicious DLL in the application directory. The vulnerability affects any system where non-administrative users have local access and can write to the ERP installation folder. No patch is currently available to remediate this issue.

Privilege Escalation RCE
CVE-2026-2983 HIGH CVSS 7.3
SourceCodester Student Result Management System 1.0 contains improper access controls in the bulk user import functionality that allows unauthenticated remote attackers to manipulate file parameters and gain unauthorized access. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires no user interaction and can be exploited over the network with basic complexity.

PHP Student Result Management System
CVE-2026-2981 HIGH CVSS 8.8
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 allows authenticated remote attackers to execute arbitrary code by exploiting a buffer overflow in the /goform/formTaskEdit_ap endpoint. An attacker can trigger the vulnerability by crafting a malicious txtMin2 parameter that overflows the strcpy function, and public exploit code exists for this flaw. No patch is currently available for affected devices.

Buffer Overflow 810g Firmware
CVE-2026-2980 HIGH CVSS 7.2
Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-1711 allows remote attackers with high privileges to execute arbitrary code through the passwd1 parameter in the /goform/setSysAdm function. Public exploit code exists for this vulnerability and no patch is currently available. An authenticated attacker can leverage this flaw to achieve complete system compromise with high impact on confidentiality, integrity, and availability.

Buffer Overflow 810g Firmware
CVE-2026-2962 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2961 HIGH CVSS 8.8
Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2960 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2959 HIGH CVSS 8.8
Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-2958 HIGH CVSS 8.8
Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
CVE-2026-1367 HIGH CVSS 8.3
Authenticated SQL injection in Zohocorp ManageEngine ADSelfService Plus version 6522 and earlier allows logged-in attackers to execute arbitrary SQL queries through the search report functionality, potentially leading to unauthorized data access and modification. With no patch currently available, organizations running affected versions face significant risk of data exfiltration and system compromise by authenticated users.

SQLi
CVE-2025-71056 HIGH CVSS 8.1
Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. [CVSS 8.1 HIGH]

Authentication Bypass
CVE-2025-70329 HIGH CVSS 8.0
X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by os command injection (CVSS 8.0).

Command Injection X5000r Firmware TOTOLINK
CVE-2025-70328 HIGH CVSS 8.8
X6000R Firmware versions up to 9.4.0cu.1498_b20250826 is affected by os command injection (CVSS 8.8).

Command Injection X6000r Firmware TOTOLINK
CVE-2025-70058 HIGH CVSS 7.4
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests [CVSS 7.4 HIGH]

Tls Yapi
CVE-2025-70045 HIGH CVSS 7.4
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true [CVSS 7.4 HIGH]

Tls Jxm
CVE-2025-69700 HIGH CVSS 7.5
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Fh1203 Firmware Tenda
CVE-2025-69248 HIGH CVSS 7.5
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Amf
CVE-2025-69247 HIGH CVSS 7.5
free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]

Buffer Overflow Heap Overflow Denial Of Service Go Upf
CVE-2025-69232 HIGH CVSS 7.5
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]

Denial Of Service Smf Go Upf
CVE-2025-68930 HIGH CVSS 7.1
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/socket` endpoint. The application fails to validate the `Origin` header during the WebSocket handshake. [CVSS 7.1 HIGH]

Authentication Bypass Traccar
CVE-2025-67733 HIGH CVSS 8.5
Valkey is a distributed key-value database. [CVSS 8.5 HIGH]

RCE Valkey Redhat Suse
CVE-2025-63946 HIGH CVSS 7.4
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition Pcmanager
CVE-2025-63945 HIGH CVSS 7.4
A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition Ioa
CVE-2025-61144 HIGH CVSS 7.3
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. [CVSS 7.3 HIGH]

Stack Overflow Libtiff Redhat Suse
CVE-2025-14905 HIGH CVSS 7.2
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. [CVSS 7.2 HIGH]

RCE Buffer Overflow Heap Overflow Denial Of Service
CVE-2026-27742 MEDIUM CVSS 5.4
Stored XSS in Bludit 3.16.2 allows authenticated users to inject malicious JavaScript into post content that executes when viewed by other users, enabling session hijacking and credential theft. The vulnerability exists because the application relies solely on client-side input validation while failing to sanitize or encode content server-side. Public exploit code is available, though no patch has been released yet.

XSS Bludit
CVE-2026-27741 MEDIUM CVSS 4.3
Bludit 3.16.1 lacks CSRF protections on administrative endpoints, allowing attackers to trick authenticated admins into uninstalling plugins or installing malicious themes via crafted web requests. Public exploit code exists for this vulnerability, enabling unauthorized modification of site functionality and potential code execution through untrusted theme installation.

CSRF Bludit
CVE-2026-27514 MEDIUM CVSS 6.5
F3 Firmware contains a vulnerability that allows attackers to the response to be stored in client-side caches and recovered by other local use (CVSS 6.5).

Information Disclosure F3 Firmware
CVE-2026-27513 MEDIUM CVSS 4.3
The Tenda F3 Wireless Router firmware lacks CSRF protections in its administrative interface, enabling attackers to trick authenticated administrators into making unauthorized configuration changes through crafted requests. An unauthenticated attacker can exploit this to modify router settings by socially engineering an admin into visiting a malicious webpage. No patch is currently available for this vulnerability.

CSRF F3 Firmware
CVE-2026-27512 MEDIUM CVSS 6.1
Tenda F3 Wireless Router firmware V12.01.01.55_multi is vulnerable to reflected cross-site scripting (XSS) in its administrative interface due to missing MIME-sniffing protections and insufficient input validation. An unauthenticated attacker can inject malicious scripts that execute in the context of the admin interface when a user visits a crafted link, potentially leading to administrative account compromise. No patch is currently available for this vulnerability.

XSS F3 Firmware
CVE-2026-27511 MEDIUM CVSS 4.3
Tenda F3 Wireless Router firmware V12.01.01.55_multi lacks clickjacking protections in its web administrative interface, enabling attackers to embed configuration pages in iframes and manipulate authenticated administrators into making unauthorized changes. Public exploit code exists for this vulnerability, affecting administrators who access the router's management interface. While the impact is limited to configuration tampering rather than direct compromise, the lack of available patches leaves affected devices vulnerable.

XSS F3 Firmware
CVE-2026-26464 MEDIUM CVSS 6.1
Society Management System Portal versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 6.1).

PHP XSS Society Management System Portal
CVE-2026-26365 MEDIUM CVSS 4.0
HTTP request smuggling in Akamai Ghost CDN edge servers before 2026-02-06 allows remote attackers to craft malicious requests with conflicting hop-by-hop headers that cause improper message framing when forwarded to origin servers. An attacker can exploit this to inject unauthorized requests or bypass security controls by manipulating how the origin server interprets the request body. No patch is currently available.

Code Injection
CVE-2026-23521 MEDIUM CVSS 6.5
Traccar GPS tracking system through version 6.11.1 allows authenticated users to conduct arbitrary file writes by setting device identifiers to absolute paths, which bypass path validation during image uploads. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with device management privileges could write files outside the intended media directory, potentially compromising system integrity.

Path Traversal Traccar
CVE-2026-22568 MEDIUM CVSS 5.5
Zscaler Internet Access Admin Portal contains an input validation flaw that enables authenticated administrators to retrieve sensitive internal information through specially crafted requests in specific configurations. The vulnerability requires high-level admin privileges and does not impact confidentiality or availability broadly, though it poses a risk in multi-tenant environments where privilege boundaries matter. Currently, no patch is available.

Code Injection Zscaler Internet Access Admin Portal
CVE-2026-3075 MEDIUM CVSS 5.3
Simple Ajax Chat through version 20251121 exposes sensitive system information to unauthorized access due to improper data protection controls. An unauthenticated remote attacker can retrieve embedded sensitive data from the application with minimal effort. No patch is currently available to remediate this vulnerability.

Information Disclosure
CVE-2026-3063 MEDIUM CVSS 5.4
Google Chrome versions prior to 145.0.7632.116 allow attackers to inject malicious scripts or HTML into privileged pages through a compromised DevTools extension if a user can be tricked into installing it. The vulnerability requires user interaction to install a malicious extension but could enable unauthorized script execution in sensitive browser contexts. No patch is currently available.

Google Chrome
CVE-2026-3040 MEDIUM CVSS 4.7
Command injection in DrayTek Vigor 300B firmware up to version 1.5.1.6 allows authenticated remote attackers to execute arbitrary OS commands via the File parameter in the web management interface. Public exploit code exists for this vulnerability, though the vendor has confirmed the product is end-of-life and no patch will be released. This affects only unsupported installations with administrative access.

Command Injection Vigor300b Firmware
CVE-2026-3028 MEDIUM CVSS 4.3
Cross-site scripting (XSS) in the doAdd function of Jeewms up to version 3.7 allows unauthenticated remote attackers to inject malicious scripts through the Name parameter. Public exploit code exists for this vulnerability, and the vendor has not released patches or responded to disclosure attempts. An attacker can exploit this via a user interaction to perform actions in the context of the affected application.

Java XSS Jeewms
CVE-2026-3027 MEDIUM CVSS 4.3
Reflected cross-site scripting in Jeewms up to version 3.7 exists in the UEditor component's getContent.jsp file through unsanitized input in the myEditor parameter, allowing remote attackers to inject malicious scripts. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification.

XSS Jeewms
CVE-2026-2997 MEDIUM CVSS 5.4
Tronclass by WisdomGarden contains an insecure direct object reference flaw that allows authenticated attackers to bypass access controls and obtain course invitation codes by manipulating course ID parameters. An attacker exploiting this vulnerability can enroll in arbitrary courses without authorization. No patch is currently available for this medium-severity issue.

Authentication Bypass
CVE-2026-2985 MEDIUM CVSS 6.3
Server-side request forgery in Tiandy Video Surveillance System 7.17.0 allows authenticated remote attackers to manipulate the urlPath parameter in the downloadImage function, enabling arbitrary network requests from the affected server. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires valid credentials but no user interaction, posing a medium-severity risk to organizations deploying this surveillance platform.

Java SSRF
CVE-2026-2984 MEDIUM CVSS 6.5
Student Result Management System versions up to 1.0 is affected by improper resource shutdown or release (CVSS 6.5).

PHP Denial Of Service Student Result Management System
CVE-2026-2979 MEDIUM CVSS 6.3
FastApiAdmin up to 2.2.0 contains an unrestricted file upload vulnerability in the user avatar upload endpoint that allows authenticated remote attackers to upload arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could leverage this to compromise system integrity and potentially execute malicious code.

File Upload Authentication Bypass Fastapiadmin
CVE-2026-2978 MEDIUM CVSS 6.3
Unrestricted file upload in FastApiAdmin up to version 2.2.0 allows authenticated remote attackers to upload arbitrary files through the Scheduled Task API endpoint. Public exploit code exists for this vulnerability, enabling potential remote code execution or system compromise. Affected organizations should immediately upgrade beyond version 2.2.0 or implement access controls on the upload functionality until a patch is released.

File Upload Authentication Bypass Fastapiadmin
CVE-2026-2977 MEDIUM CVSS 6.3
FastApiAdmin versions up to 2.2.0 contain an unrestricted file upload vulnerability in the Scheduled Task API's upload controller that allows authenticated attackers to upload arbitrary files remotely. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could leverage this to achieve unauthorized file write access and potentially further compromise the application.

File Upload Authentication Bypass Fastapiadmin
CVE-2026-2976 MEDIUM CVSS 4.3
FastApiAdmin versions up to 2.2.0 contain an information disclosure vulnerability in the file download endpoint that allows authenticated attackers to read arbitrary files through path traversal manipulation. Public exploit code exists for this vulnerability, enabling remote exploitation by users with valid credentials. The vulnerability affects the download_controller function and currently has no available patch.

Information Disclosure Fastapiadmin
CVE-2026-2975 MEDIUM CVSS 5.3
FastApiAdmin versions up to 2.2.0 expose sensitive information through the reset_api_docs function in the Custom Documentation Endpoint, allowing unauthenticated remote attackers to access confidential data. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available to remediate this issue.

Information Disclosure Fastapiadmin
CVE-2026-2971 MEDIUM CVSS 4.3
Smart SSO up to version 2.1.1 contains a reflected cross-site scripting vulnerability in the login page's redirectUri parameter that allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early disclosure notification.

XSS Smart Sso
CVE-2026-2970 MEDIUM CVSS 4.6
Unsafe deserialization in the RedisCache component of datapizza-ai 0.0.2 allows authenticated local network attackers to achieve limited information disclosure and integrity compromise through manipulation of cache operations. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Exploitation requires local network access and elevated privileges, making practical attacks difficult but feasible in trusted environments.

Redis Deserialization AI / ML Datapizza Ai
CVE-2026-2969 MEDIUM CVSS 4.7
Improper input sanitization in Datapizza AI 0.0.2's Jinja2 template handler allows remote attackers with high privileges to inject malicious template syntax through the ChatPromptTemplate function, potentially enabling code execution or information disclosure. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Information Disclosure AI / ML Datapizza Ai
CVE-2026-2964 MEDIUM CVSS 5.0
Prototype pollution in Webaudiorecorder.js versions 0.1 and 0.1.1 allows authenticated remote attackers to modify object properties through the extend function in Dynamic Config Handling, potentially leading to information disclosure or data manipulation. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific preconditions. The vendor has not released a patch and did not respond to disclosure attempts.

RCE Code Injection Webaudiorecorder.Js
CVE-2026-2963 MEDIUM CVSS 6.3
SQL injection in Jinher OA C6 through version 20260210 allows authenticated remote attackers to execute arbitrary SQL queries via the id and offsnum parameters in the OfficeSupplyTypeRight.aspx endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. Successful exploitation could enable data exfiltration, modification, or deletion depending on database permissions.

SQLi
CVE-2026-2698 MEDIUM CVSS 6.5
Security Center's access control implementation fails to properly restrict authenticated users to their authorized scope, allowing privilege escalation to view sensitive data. An attacker with valid credentials can bypass authorization checks to access confidential information outside their assigned permissions. No patch is currently available for this vulnerability.

Authentication Bypass Security Center
CVE-2026-2697 MEDIUM CVSS 6.3
Authenticated users of Security Center can manipulate the 'owner' parameter to gain unauthorized elevated privileges through an indirect object reference flaw. This network-accessible vulnerability requires valid credentials but no user interaction, enabling privilege escalation attacks with moderate impact on confidentiality, integrity, and availability. No patch is currently available.

Authentication Bypass Security Center
CVE-2025-70044 MEDIUM CVSS 6.5
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3. [CVSS 6.5 MEDIUM]

Authentication Bypass Utools Quickcommand
CVE-2025-69208 MEDIUM CVSS 5.3
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. [CVSS 5.3 MEDIUM]

Information Disclosure Udr
CVE-2025-61147 MEDIUM CVSS 6.2
strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). [CVSS 6.2 MEDIUM]

Buffer Overflow
CVE-2025-61146 MEDIUM CVSS 4.0
saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. [CVSS 4.0 MEDIUM]

Denial Of Service Libsixel Suse
CVE-2025-61145 MEDIUM CVSS 5.0
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. [CVSS 5.0 MEDIUM]

Information Disclosure Libtiff Redhat Suse
CVE-2025-61143 MEDIUM CVSS 5.5
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. [CVSS 5.5 MEDIUM]

Null Pointer Dereference Libtiff Redhat Suse
CVE-2025-59873 MEDIUM CVSS 5.9
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . [CVSS 5.9 MEDIUM]

Information Disclosure
CVE-2026-23694 None
Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions.

WordPress PHP CSRF
CVE-2026-21665 None
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data.

Dotnet RCE Deserialization
CVE-2026-3041 LOW CVSS 2.4
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and ...

XSS
CVE-2026-2974 LOW CVSS 2.5
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler. [CVSS 2.5 LOW]

Android
CVE-2026-2972 LOW CVSS 2.4
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. [CVSS 2.4 LOW]

Java XSS
CVE-2026-2968 LOW CVSS 3.7
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this di...

Authentication Bypass
CVE-2026-2967 LOW CVSS 3.7
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. [CVSS 3.7 LOW]

Information Disclosure
CVE-2026-2966 LOW CVSS 3.7
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. [CVSS 3.7 LOW]

Dns
CVE-2026-2965 LOW CVSS 2.4
A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. [CVSS 2.4 LOW]

XSS
CVE-2025-41002 None
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'.

PHP SQLi
CVE-2025-40986 None
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/<XSS>'.

PHP XSS
CVE-2025-40701 None
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim.

XSS

Today's Vulnerabilities Vulnerabilities