228 CVEs tracked today. 68 Critical, 66 High, 90 Medium, 3 Low.
-
CVE-2026-27593
CRITICAL
CVSS 9.3
Password reset poisoning in Statamic CMS before 6.3.3/5.73.10 allows attackers to steal password reset tokens by manipulating the Host header in reset requests. Patch available.
Laravel
Statamic
-
CVE-2026-27590
CRITICAL
CVSS 9.8
FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.
PHP
Tls
RCE
Caddy
Suse
-
CVE-2026-27588
CRITICAL
CVSS 9.1
Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casing in the Host header. PoC available.
Tls
Caddy
Suse
-
CVE-2026-27587
CRITICAL
CVSS 9.1
Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using alternate casing on case-insensitive filesystems. PoC available.
Tls
Caddy
Suse
-
CVE-2026-27586
CRITICAL
CVSS 9.1
TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in ClientCAs handling are silenced, potentially accepting invalid client certificates. PoC available.
Tls
Caddy
Suse
-
CVE-2026-27515
CRITICAL
CVSS 9.1
Predictable session identifiers in Binardat 10G08-0800GSM network switch. Numeric session IDs are easily guessable, enabling session hijacking.
Information Disclosure
10g08 0800gsm Firmware
-
CVE-2026-27507
CRITICAL
CVSS 9.8
Hardcoded admin credentials in Binardat 10G08-0800GSM network switch firmware V300SP10260209 and prior. Known credentials provide full administrative access.
Authentication Bypass
10g08 0800gsm Firmware
-
CVE-2026-27208
CRITICAL
CVSS 9.2
OS command injection in bleon-ethical/api-gateway-deploy npm package version 1.0.0. Attack chain enables remote code execution through crafted API gateway deployment configuration.
Docker
Privilege Escalation
Command Injection
Api Gateway Deploy
-
CVE-2026-26342
CRITICAL
CVSS 9.8
Persistent authentication token in Tattile ANPR cameras firmware 1.181.5 and prior. Authentication tokens never expire, enabling indefinite session reuse. PoC available.
Authentication Bypass
Vega33 Firmware
Basic Mk2 Firmware
Axle Counter Firmware
Vega53 Firmware
-
CVE-2026-26341
CRITICAL
CVSS 9.8
Default credentials in Tattile Smart+, Vega, and Basic ANPR camera families firmware 1.181.5 and prior. License plate recognition cameras ship with known default credentials. PoC available.
Authentication Bypass
Vega11 Firmware
Axle Counter Firmware
Vega33 Firmware
Anpr Mobile Firmware
-
CVE-2026-26222
CRITICAL
CVSS 9.8
Insecure .NET Remoting deserialization in Altec DocLink (Beyond Limits) 4.0.336.0. Exposed TCP endpoints allow unauthenticated remote code execution via .NET Remoting deserialization attacks.
Dotnet
RCE
Denial Of Service
Altec Doclink
-
CVE-2026-26198
CRITICAL
CVSS 9.8
SQL injection in Ormar async ORM for Python versions 0.9.9 through 0.22.0. Aggregate queries pass unsanitized input to SQL, enabling database compromise through the ORM abstraction. PoC and patch available.
Python
Ormar
-
CVE-2026-22553
CRITICAL
CVSS 9.8
OS command injection in InSAT MasterSCADA BUK-TS through MMadmServ web interface. Unauthenticated RCE on SCADA management server. EPSS 1.26%.
Scada
RCE
Command Injection
Masterscada
-
CVE-2026-21410
CRITICAL
CVSS 9.8
SQL injection in InSAT MasterSCADA BUK-TS through the main web interface. ICS/SCADA system with unauthenticated SQL injection enabling full database compromise.
Scada
RCE
SQLi
Masterscada
-
CVE-2026-2807
CRITICAL
CVSS 9.8
Memory safety bugs in Firefox 147 and Thunderbird 147 with evidence of memory corruption. Mainline-only bugs not present in ESR branches.
Memory Corruption
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2806
CRITICAL
CVSS 9.1
Uninitialized memory read in Firefox Graphics Text component before 148. Text rendering may expose uninitialized memory contents.
Mozilla
Information Disclosure
Firefox
Thunderbird
Redhat
-
CVE-2026-2805
CRITICAL
CVSS 9.8
Invalid pointer in Firefox DOM Core & HTML before 148. Incorrect pointer computation leads to memory access errors.
Buffer Overflow
Mozilla
Thunderbird
Firefox
Redhat
-
CVE-2026-2800
CRITICAL
CVSS 9.8
Spoofing in Firefox for Android WebAuthn component before 148. Allows phishing attacks through WebAuthn UI manipulation.
Android
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2799
CRITICAL
CVSS 9.8
Use-after-free in Firefox DOM Core & HTML before 148. DOM object lifecycle error.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2797
CRITICAL
CVSS 9.8
Use-after-free in Firefox JavaScript GC before 148. Second GC UAF, different from CVE-2026-2795.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2796
CRITICAL
CVSS 9.8
JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.
Buffer Overflow
Mozilla
Firefox
Thunderbird
Redhat
-
CVE-2026-2795
CRITICAL
CVSS 9.8
Use-after-free in Firefox JavaScript GC component before 148. GC-specific UAF affecting only mainline Firefox and Thunderbird.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2793
CRITICAL
CVSS 9.8
Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792.
Memory Corruption
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2792
CRITICAL
CVSS 9.8
Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability.
Memory Corruption
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2791
CRITICAL
CVSS 9.8
Cache-based mitigation bypass in Firefox Networking before 148. Caching mechanism can be exploited to bypass security mitigations.
Mozilla
Authentication Bypass
Thunderbird
Firefox
Redhat
-
CVE-2026-2790
CRITICAL
CVSS 9.8
Same-origin policy bypass in Firefox Networking JAR component before 148. Allows cross-origin data access through JAR protocol handling.
CSRF
Mozilla
Firefox
Thunderbird
Redhat
-
CVE-2026-2789
CRITICAL
CVSS 9.8
Use-after-free in Firefox ImageLib graphics component before 148. Image processing triggers use of freed memory.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2788
CRITICAL
CVSS 9.8
Boundary error in Firefox Audio/Video GMP (Gecko Media Plugins) component before 148. Media plugin processing triggers memory corruption.
Buffer Overflow
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2787
CRITICAL
CVSS 9.8
Use-after-free in Firefox DOM Window and Location component before 148. Window/Location lifecycle management error.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2786
CRITICAL
CVSS 9.8
Use-after-free in Firefox JavaScript Engine before 148. Fourth distinct JS engine UAF in this release.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2785
CRITICAL
CVSS 9.8
Invalid pointer in Firefox JavaScript Engine before 148. Incorrect pointer computation leads to memory corruption.
Buffer Overflow
Mozilla
Thunderbird
Firefox
Redhat
-
CVE-2026-2784
CRITICAL
CVSS 9.8
DOM Security mitigation bypass in Firefox before 148. Security mechanisms protecting DOM operations can be circumvented.
Mozilla
Authentication Bypass
Thunderbird
Firefox
Redhat
-
CVE-2026-2782
CRITICAL
CVSS 9.8
Privilege escalation in Firefox Netmonitor component before 148. Second Netmonitor privilege escalation, separate from CVE-2026-2780.
Privilege Escalation
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2781
CRITICAL
CVSS 9.8
Integer overflow in Firefox NSS (Network Security Services) Libraries component before 148. Overflow in the cryptographic library could affect TLS and certificate operations.
Integer Overflow
Mozilla
Buffer Overflow
Firefox
Thunderbird
-
CVE-2026-2780
CRITICAL
CVSS 9.8
Privilege escalation in Firefox Netmonitor component before 148. Developer tools component allows escalation from content to higher privileges.
Privilege Escalation
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2779
CRITICAL
CVSS 9.8
Boundary error in Firefox Networking JAR component before 148. Processing JAR (Java Archive) content triggers memory corruption.
Buffer Overflow
Mozilla
Firefox
Thunderbird
Redhat
-
CVE-2026-2778
CRITICAL
CVSS 10.0
Sandbox escape via DOM Core & HTML component in Firefox before 148. CVSS 10.0 — fifth sandbox escape in this release.
Mozilla
Buffer Overflow
Memory Corruption
Privilege Escalation
RCE
-
CVE-2026-2777
CRITICAL
CVSS 9.8
Privilege escalation in Firefox Messaging System component before 148. The inter-process messaging system allows escalation from content to privileged process.
Privilege Escalation
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2776
CRITICAL
CVSS 10.0
Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem.
Buffer Overflow
Memory Corruption
Privilege Escalation
Firefox
Thunderbird
-
CVE-2026-2775
CRITICAL
CVSS 9.8
HTML parser mitigation bypass in Firefox DOM before 148. Bypasses content sanitization protections via alternate authentication path in the HTML parser.
Mozilla
Authentication Bypass
Firefox
Thunderbird
Redhat
-
CVE-2026-2774
CRITICAL
CVSS 9.8
Integer overflow in Firefox Audio/Video component before 148. Overflow in media processing leads to incorrect memory allocations.
Integer Overflow
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2773
CRITICAL
CVSS 9.8
Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.
Buffer Overflow
Mozilla
Thunderbird
Firefox
Redhat
-
CVE-2026-2772
CRITICAL
CVSS 9.8
Use-after-free in Firefox Audio/Video Playback component before 148. Media playback triggers memory corruption.
Use After Free
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2771
CRITICAL
CVSS 9.8
Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.
Buffer Overflow
Mozilla
Information Disclosure
Thunderbird
Firefox
-
CVE-2026-2770
CRITICAL
CVSS 9.8
Use-after-free in Firefox DOM Bindings (WebIDL) component before 148. Memory corruption in the interface between JavaScript and native DOM objects.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2768
CRITICAL
CVSS 10.0
Sandbox escape via IndexedDB in Firefox before 148 and Thunderbird. CVSS 10.0 — the Storage: IndexedDB component allows escaping the content process sandbox.
Authentication Bypass
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2767
CRITICAL
CVSS 9.8
Use-after-free in Firefox JavaScript WebAssembly component before 148. WebAssembly-specific memory management bug.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2766
CRITICAL
CVSS 9.8
Use-after-free in Firefox JavaScript JIT compiler before 148. Second JIT-related UAF in this release, different from CVE-2026-2764.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2765
CRITICAL
CVSS 9.8
Use-after-free in Firefox JavaScript Engine before 148 and Thunderbird ESR 140.8. Separate UAF from CVE-2026-2763 and CVE-2026-2758.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2764
CRITICAL
CVSS 9.8
JIT miscompilation causing use-after-free in Firefox JavaScript JIT compiler before 148. JIT bugs are highly exploitable due to their deterministic nature.
Use After Free
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2763
CRITICAL
CVSS 9.8
Use-after-free in Firefox JavaScript Engine before 148. One of multiple JS engine UAFs fixed in this release.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2762
CRITICAL
CVSS 9.8
Integer overflow in Firefox JavaScript Standard Library before 148 leads to memory corruption through crafted JavaScript operations.
Integer Overflow
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2761
CRITICAL
CVSS 10.0
Second sandbox escape in Firefox WebRender component. CVSS 10.0 — independent path from CVE-2026-2760 to escape the content process sandbox.
Information Disclosure
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2760
CRITICAL
CVSS 10.0
Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges.
Information Disclosure
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2759
CRITICAL
CVSS 9.8
Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.
Mozilla
Information Disclosure
Thunderbird
Firefox
Redhat
-
CVE-2026-2758
CRITICAL
CVSS 9.8
Use-after-free in Firefox JavaScript garbage collector before 148 allows remote code execution through crafted JavaScript.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2757
CRITICAL
CVSS 9.8
Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.
Mozilla
Information Disclosure
Firefox
Thunderbird
Redhat
-
CVE-2026-2634
CRITICAL
CVSS 9.8
Address bar spoofing in Firefox before 148 allows malicious scripts to desynchronize the displayed URL from actual web content before receiving a response, enabling phishing attacks.
iOS
Firefox
Apple
-
CVE-2026-1229
CRITICAL
CVSS 9.8
Incorrect computation in CIRCL cryptographic library's CombinedMult function for secp384r1 (P-384) curve. Produces wrong elliptic curve multiplication results for specific inputs, potentially breaking ECDSA signature verification.
Github
Circl
Suse
-
CVE-2025-69985
CRITICAL
CVSS 9.8
Authentication bypass in FUXA SCADA/HMI system 1.2.8 and prior leading to Remote Code Execution. Unauthenticated attackers can execute arbitrary code on industrial control HMI systems. EPSS 0.64% with PoC available.
Node.js
RCE
Authentication Bypass
Fuxa
-
CVE-2025-40541
CRITICAL
CVSS 9.1
IDOR vulnerability in SolarWinds Serv-U allows accessing objects belonging to other users. Fourth critical Serv-U vulnerability in this batch.
Windows
Serv U
-
CVE-2025-40540
CRITICAL
CVSS 9.1
Second type confusion vulnerability in SolarWinds Serv-U. Different attack vector from CVE-2025-40539 but same impact — arbitrary code execution.
Windows
Serv U
-
CVE-2025-40539
CRITICAL
CVSS 9.1
Type confusion vulnerability in SolarWinds Serv-U enables arbitrary code execution. Second critical Serv-U vulnerability.
Windows
Serv U
-
CVE-2025-40538
CRITICAL
CVSS 9.1
Broken access control in SolarWinds Serv-U allows unauthorized user creation by exploiting privilege assignment flaws. First of four critical Serv-U vulnerabilities.
Windows
Serv U
-
CVE-2025-14577
CRITICAL
CVSS 9.8
PHP function injection in Slican NCP/IPL/IPM/IPU VOIP devices allows unauthenticated remote attackers to execute arbitrary PHP functions. Network telecommunications equipment vulnerability.
PHP
Ipu 14 Firmware
Ipm 032 Firmware
Ipl 256 Firmware
Ncp Firmware
-
CVE-2025-13942
CRITICAL
CVSS 9.8
Command injection in Zyxel EX3510-B0 router UPnP functionality via firmware versions through 5.17. Allows remote code execution through the UPnP service.
Zyxel
Command Injection
Wx5610 B0 Firmware
Ee6510 10 Firmware
Px3321 T1 Firmware
-
CVE-2025-11165
CRITICAL
CVSS 9.9
Sandbox escape in dotCMS Velocity scripting engine (VTools) allows authenticated users to execute arbitrary SQL. CVSS 9.9 with scope change — affects one of the largest Java CMS platforms.
Tomcat
Java
Dotcms
-
CVE-2024-58041
CRITICAL
CVSS 9.1
Insecure random number generation in Smolder 1.51 Perl testing framework. Uses rand() for cryptographic operations instead of a CSPRNG, enabling prediction of security tokens.
Information Disclosure
Smolder
-
CVE-2026-27732
HIGH
CVSS 8.1
Server-side request forgery in AVideo prior to version 22.0 allows authenticated users to make arbitrary outbound requests from the affected server via an unvalidated downloadURL parameter in the aVideoEncoder.json.php endpoint. An attacker can exploit this to probe internal network services, access metadata endpoints, and retrieve sensitive data, potentially leading to further system compromise. This affects PHP deployments running vulnerable AVideo versions.
PHP
SSRF
Avideo
-
CVE-2026-27642
HIGH
CVSS 7.5
Remote attackers can inject control characters into the SUPI parameter of free5GC UDM versions up to 1.4.1, causing URL parsing failures that leak sensitive system error details and enable service fingerprinting. Public exploit code exists for this vulnerability affecting the Nudm_UEAU service across all vulnerable deployments. A patch is available and should be applied immediately, as no application-level workaround exists.
Code Injection
Udm
-
CVE-2026-27584
HIGH
CVSS 7.5
Actual is a local-first personal finance tool. [CVSS 7.5 HIGH]
Authentication Bypass
Information Disclosure
Actual
-
CVE-2026-27572
HIGH
CVSS 7.5
Wasmtime's HTTP header handling in the wasmtime-wasi-http crate crashes when processing excessive header fields, allowing remote attackers to trigger denial of service against applications embedding Wasmtime. The vulnerability affects versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0, and has been patched to return a controlled trap instead of panicking. Embedders should update immediately to mitigate this DoS vector.
Industrial
Denial Of Service
Wasmtime
Redhat
-
CVE-2026-27521
HIGH
CVSS 7.5
10G08-0800Gsm Firmware is affected by improper restriction of excessive authentication attempts (CVSS 7.5).
Authentication Bypass
10g08 0800gsm Firmware
-
CVE-2026-27520
HIGH
CVSS 7.5
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 expose user credentials by storing passwords as reversible Base64-encoded values in web interface cookies, allowing unauthenticated attackers with cookie access to recover plaintext passwords. This high-severity vulnerability affects confidentiality of administrative credentials with no available patch, creating significant risk for network infrastructure compromise.
Information Disclosure
10g08 0800gsm Firmware
-
CVE-2026-27519
HIGH
CVSS 7.5
Binardat 10G08-0800GSM network switches version V300SP10260209 and earlier expose a hardcoded RC4 encryption key in client-side JavaScript, allowing unauthenticated remote attackers to decrypt sensitive configuration data and compromise network confidentiality. The static key weakness eliminates the intended cryptographic protection for protected values transmitted to and from the device.
Information Disclosure
10g08 0800gsm Firmware
-
CVE-2026-27516
HIGH
CVSS 7.5
Binardat 10G08-0800GSM network switch firmware prior to V300SP10260209 stores administrative credentials in plaintext within the web interface and HTTP responses, enabling unauthenticated attackers to extract valid user passwords. This information disclosure vulnerability affects network administrators and can lead to unauthorized access to critical network infrastructure. No patch is currently available.
Information Disclosure
10g08 0800gsm Firmware
-
CVE-2026-27483
HIGH
CVSS 8.8
Remote code execution in MindsDB prior to version 25.9.1.1 allows authenticated attackers to bypass file upload restrictions through path traversal in the /api/files endpoint. An attacker can exploit insufficient filename validation to write arbitrary files to any location on the server, achieving command execution. Public exploit code exists for this vulnerability.
Path Traversal
AI / ML
Mindsdb
-
CVE-2026-27468
HIGH
CVSS 8.2
Unauthenticated attackers can bypass FASP administrator approval in Mastodon 4.4.0-4.4.13 and 4.5.0-4.5.6 to subscribe to account events and request content backfill, affecting only servers with the experimental FASP feature enabled. While individual requests cause minor information disclosure of publicly available URIs, repeated exploitation enables denial-of-service attacks. A patch is available to address this authorization bypass.
Denial Of Service
Authentication Bypass
Mastodon
-
CVE-2026-27195
HIGH
CVSS 7.5
Wasmtime versions 39.0.0 and later experience a denial-of-service panic when async WebAssembly component functions are called and then abandoned by the host before completion, such as when the Future is dropped after a single poll during an async yield. This affects applications using Wasmtime's component model with async support, allowing an attacker to crash the runtime through specially crafted async function invocations. A patch is available to address this stability issue.
Golang
Industrial
Wasmtime
Redhat
-
CVE-2026-26340
HIGH
CVSS 7.5
Unauthenticated RTSP stream access in multiple Tattile and Vega firmware versions allows remote attackers to view live video and audio feeds without credentials, exposing surveillance data across affected devices. Public exploit code exists for this vulnerability, which impacts Axle Counter, Vega11, Vega53, Vega33, and Anpr Mobile firmware lineups version 1.181.5 and earlier. No patch is currently available for this high-severity issue.
Authentication Bypass
Axle Counter Firmware
Vega11 Firmware
Vega53 Firmware
Anpr Mobile Firmware
-
CVE-2026-26331
HIGH
CVSS 8.8
yt-dlp is a command-line audio/video downloader. [CVSS 8.8 HIGH]
Python
Command Injection
Yt Dlp
Redhat
Suse
-
CVE-2026-26025
HIGH
CVSS 7.5
free5GC SMF versions up to 1.4.1 crash when receiving malformed PFCP SessionReportRequest packets on UDP port 8805, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no official patch is currently available, requiring organizations to implement network-level mitigations such as ACL restrictions or PFCP message inspection.
Industrial
Smf
-
CVE-2026-26024
HIGH
CVSS 7.5
free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the UDP/8805 interface, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no upstream patch is currently available. Organizations running affected SMF instances should restrict PFCP interface access to trusted UPF nodes and implement network-level filtering of malformed requests.
Industrial
Smf
-
CVE-2026-25989
HIGH
CVSS 7.5
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to denial of service when processing maliciously crafted SVG files due to an off-by-one error in boundary validation. An unauthenticated remote attacker can trigger an integer underflow by bypassing the flawed size check, causing the application to crash or become unresponsive. No patch is currently available for affected deployments.
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25985
HIGH
CVSS 7.5
Imagemagick versions up to 7.1.2-15 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25968
HIGH
CVSS 7.4
High severity vulnerability in ImageMagick. A stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption.
Buffer Overflow
Memory Corruption
Imagemagick
Redhat
Suse
-
CVE-2026-25967
HIGH
CVSS 7.4
Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. No patch is currently available for this HIGH severity issue (CVSS 7.4).
Buffer Overflow
Stack Overflow
Denial Of Service
Imagemagick
Redhat
-
CVE-2026-25965
HIGH
CVSS 8.6
ImageMagick before versions 7.1.2-15 and 6.9.13-40 allows local attackers to bypass path security policies and disclose sensitive files through path traversal sequences in filenames, as the policy enforcement occurs before filesystem resolution normalizes the paths. An attacker with local access can read restricted files like those in /etc/ even when policy-secure.xml is applied. A patch is not yet available, making this a significant risk for systems relying on ImageMagick's security policies for file access control.
Path Traversal
Imagemagick
Redhat
Suse
-
CVE-2026-25899
HIGH
CVSS 7.5
Unbounded memory allocation in Fiber v3 (prior to 3.1.0) allows unauthenticated remote attackers to trigger denial of service by sending a malicious fiber_flash cookie that forces deserialization of up to 85GB of memory. All v3 endpoints are vulnerable regardless of flash message usage, and public exploit code exists. No patch is currently available.
Deserialization
Fiber
Suse
-
CVE-2026-25891
HIGH
CVSS 7.5
Fiber web framework versions 3.0.0 and earlier on Windows contain a path traversal vulnerability that allows remote attackers to bypass static file middleware protections and read arbitrary files from the server. Public exploit code exists for this vulnerability, which affects applications using the vulnerable Fiber versions. The issue has been patched in Fiber v3.1.0.
Windows
Path Traversal
Fiber
Suse
-
CVE-2026-25882
HIGH
CVSS 7.5
Fiber web framework versions 2 and 3 are vulnerable to denial of service attacks when processing requests to routes containing more than 30 parameters, enabling remote attackers to crash affected applications without authentication. The vulnerability stems from insufficient validation during route registration and unbounded array writes in request matching logic. Public exploit code exists for this high-severity flaw, though patches are available in Fiber v2.52.12 and v3.1.0.
Denial Of Service
Fiber
Suse
-
CVE-2026-25802
HIGH
CVSS 7.6
New API LLM gateway versions before 0.10.8-alpha.9 are vulnerable to stored cross-site scripting through the MarkdownRenderer component, which fails to sanitize script tags in model outputs. An authenticated attacker with user interaction can inject malicious scripts that execute in other users' browsers, potentially compromising session data or performing unauthorized actions. Public exploit code exists for this vulnerability, though a patch is available.
XSS
AI / ML
New Api
Suse
-
CVE-2026-25794
HIGH
CVSS 8.2
Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplying specially crafted images with large dimensions, potentially crashing the application or corrupting heap memory. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and requires no user interaction or authentication to exploit. Organizations using vulnerable versions should upgrade immediately, as no workaround is available.
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25545
HIGH
CVSS 8.6
Astro web framework versions prior to 9.5.4 contain a server-side request forgery vulnerability in error page handling that allows unauthenticated remote attackers to bypass Host header validation and redirect requests to internal services or cloud metadata endpoints. By manipulating the Host header when accessing prerendered error pages, attackers can read response bodies from internal URLs, cloud metadata services, or localhost resources. Public exploit code exists for this vulnerability, which affects applications using custom error pages without proper Host validation.
SSRF
-
CVE-2026-25501
HIGH
CVSS 7.5
free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the PFCP interface, allowing unauthenticated remote attackers to cause denial of service via nil pointer dereference. Public exploit code exists for this vulnerability and no upstream patch is currently available. Network operators should restrict PFCP interface access to trusted UPF sources and consider implementing message validation at network boundaries.
Industrial
Smf
-
CVE-2026-24485
HIGH
CVSS 7.5
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 7.5 HIGH]
Denial Of Service
Magick.Net
Imagemagick
Redhat
Suse
-
CVE-2026-24481
HIGH
CVSS 7.5
Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.
Adobe
Information Disclosure
Imagemagick
Suse
-
CVE-2026-24443
HIGH
CVSS 8.8
Eventsentry versions up to 6.0.1.20 contains a vulnerability that allows attackers to privilege escalation (CVSS 8.8).
Privilege Escalation
Eventsentry
-
CVE-2026-23678
HIGH
CVSS 8.8
Authenticated attackers can achieve remote code execution on Binardat 10G08-0800GSM network switches by injecting the %1a character into the traceroute hostname parameter on the web management interface, allowing arbitrary CLI command execution. The vulnerability affects firmware version V300SP10260209 and earlier, and currently has no available patch. This requires valid web interface credentials but poses significant risk due to its high severity rating and network-accessible attack vector.
Command Injection
10g08 0800gsm Firmware
-
CVE-2026-22766
HIGH
CVSS 7.2
Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privileged attackers with network access to execute arbitrary commands on affected systems. The vulnerability stems from insufficient validation of uploaded file types, enabling attackers to bypass security controls and gain code execution. A patch is available for affected organizations to remediate this risk.
File Upload
Dell
Wyse Management Suite
-
CVE-2026-22765
HIGH
CVSS 8.8
Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote attackers to escalate their privileges. An attacker with low-level credentials can bypass authorization checks to gain high-privilege access to the system, potentially compromising confidentiality, integrity, and availability. No patch is currently available for this vulnerability.
Authentication Bypass
Dell
Wyse Management Suite
-
CVE-2026-3105
HIGH
CVSS 7.6
Mautic's Contact Activity API endpoint is vulnerable to SQL injection due to insufficient validation of the sort direction parameter, allowing authenticated attackers to execute arbitrary SQL queries. This high-severity vulnerability (CVSS 7.6) affects multiple versions and could enable unauthorized data access or modification. No patch is currently available; users should contact security@mautic.org for mitigation guidance.
SQLi
Mautic
-
CVE-2026-3069
HIGH
CVSS 7.3
SQL injection in itsourcecode Document Management System 1.0 via the field1 parameter in /edtlbls.php enables unauthenticated remote attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with minimal complexity.
PHP
SQLi
Document Management System
-
CVE-2026-3068
HIGH
CVSS 7.3
Document Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
PHP
SQLi
Document Management System
-
CVE-2026-3053
HIGH
CVSS 7.3
Dinky versions up to 1.2.5 contain an authentication bypass in the OpenAPI endpoint handler that allows unauthenticated remote attackers to manipulate interceptor configuration. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.
Java
Dinky
-
CVE-2026-3046
HIGH
CVSS 7.3
E-Logbook With Health Monitoring System For Covid-19 versions up to 1.0 contains a security vulnerability (CVSS 7.3).
PHP
SQLi
E Logbook With Health Monitoring System For Covid 19
-
CVE-2026-3044
HIGH
CVSS 8.8
Remote code execution in Tenda AC8 firmware versions up to 16.03.34.06 allows authenticated attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP upload handler. Public exploit code exists for this vulnerability, which has no patch available. An attacker with valid credentials can trigger the overflow by manipulating the boundary parameter in multipart upload requests.
Buffer Overflow
Stack Overflow
Ac8 Firmware
-
CVE-2026-3042
HIGH
CVSS 7.3
SQL injection in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/index.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to access, modify, or delete sensitive data with confidentiality, integrity, and availability impact.
PHP
SQLi
Event Management System
-
CVE-2026-2803
HIGH
CVSS 7.5
The Settings UI component in Firefox and Thunderbird versions prior to 148 fails to properly restrict access to sensitive configuration data, enabling unauthenticated attackers to remotely disclose confidential information without user interaction. This vulnerability bypasses existing security mitigations designed to protect user settings and preferences. No patch is currently available for affected users.
Information Disclosure
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2801
HIGH
CVSS 7.5
Improper boundary condition handling in the JavaScript/WebAssembly engine of Firefox and Thunderbird before version 148 enables remote denial of service attacks without requiring user interaction or privileges. An attacker can crash affected applications or cause service unavailability by sending specially crafted content. No patch is currently available.
Mozilla
Information Disclosure
Thunderbird
Firefox
Redhat
-
CVE-2026-2798
HIGH
CVSS 8.8
A use-after-free vulnerability in Firefox and Thunderbird's DOM processing allows remote attackers to execute arbitrary code through a malicious webpage or email attachment, requiring only user interaction to trigger. This affects Firefox versions below 148 and Thunderbird versions below 148, with no patch currently available.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2794
HIGH
CVSS 7.5
Uninitialized memory in Firefox and Firefox Focus for Android versions prior to 148 enables remote attackers to read sensitive data without authentication or user interaction. The vulnerability allows information disclosure through memory that was not properly cleared before use, potentially exposing confidential user information to network-based attackers.
Android
Information Disclosure
Firefox
Redhat
Suse
-
CVE-2026-2783
HIGH
CVSS 7.5
Unauthenticated attackers can extract sensitive information from Firefox and Thunderbird users through a JavaScript engine JIT compilation flaw, affecting all versions prior to Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The vulnerability requires no user interaction and can be exploited remotely over the network. No patch is currently available for this high-severity flaw.
Information Disclosure
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2769
HIGH
CVSS 8.8
A use-after-free vulnerability in the IndexedDB storage component of Firefox and Thunderbird allows remote attackers to achieve arbitrary code execution through user interaction. Affected versions include Firefox below 148, Firefox ESR below 115.33 and 140.8, and Thunderbird below 148 and 140.8. No patch is currently available for this high-severity flaw.
Use After Free
Thunderbird
Firefox
Redhat
Suse
-
CVE-2026-2664
HIGH
CVSS 7.8
Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.
Linux
Windows
macOS
Docker
Desktop
-
CVE-2026-2460
HIGH
CVSS 8.1
Improper access control in REB500 firmware allows authenticated users with low privileges to read and modify unauthorized directories via the DAC protocol. An attacker with valid credentials can escalate their file system access beyond their intended permissions, potentially compromising sensitive data or system integrity. No patch is currently available for this vulnerability.
Information Disclosure
Reb500 Firmware
-
CVE-2026-2459
HIGH
CVSS 7.4
Authenticated users with Installer role in REB500 firmware can bypass directory access controls to read and modify files outside their authorized scope. This privilege escalation affects systems where installer accounts are provisioned, enabling unauthorized data access and manipulation. No patch is currently available.
Information Disclosure
-
CVE-2026-1773
HIGH
CVSS 7.5
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. [CVSS 7.5 HIGH]
Denial Of Service
Rtu540 Firmware
Rtu530 Firmware
Rtu560 Firmware
Rtu520 Firmware
-
CVE-2026-1459
HIGH
CVSS 7.2
Zyxel VMG3625-T50B, DX5401 B1, and EMG5523 T50B devices with firmware through version 5.50(ABPM.9.7)C0 contain a post-authentication command injection vulnerability in the TR-369 certificate download function that allows authenticated administrators to execute arbitrary operating system commands. An attacker with admin credentials could leverage this to gain complete control over the affected device. No patch is currently available.
Zyxel
Command Injection
Dx5401 B1 Firmware
Emg5523 T50b Firmware
Vmg3625 T50b Firmware
-
CVE-2025-69252
HIGH
CVSS 7.5
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. [CVSS 7.5 HIGH]
Null Pointer Dereference
Denial Of Service
Udm
-
CVE-2025-69250
HIGH
CVSS 7.5
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 7.5 HIGH]
Code Injection
Udm
-
CVE-2025-67445
HIGH
CVSS 7.5
X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by uncontrolled resource consumption (CVSS 7.5).
Denial Of Service
X5000r Firmware
TOTOLINK
-
CVE-2025-63409
HIGH
CVSS 8.8
Gcom Epon 1Ge Firmware versions up to c00r371v00b01 is affected by improper access control (CVSS 8.8).
Privilege Escalation
Gcom Epon 1ge Firmware
-
CVE-2025-33181
HIGH
CVSS 7.3
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 7.3 HIGH]
Linux
Privilege Escalation
Nvos
Cumulus Linux
-
CVE-2025-33180
HIGH
CVSS 8.0
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]
Linux
Privilege Escalation
Nvos
Cumulus Linux
-
CVE-2025-33179
HIGH
CVSS 8.0
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]
Linux
Privilege Escalation
Nvos
Cumulus Linux
-
CVE-2025-15386
HIGH
CVSS 8.8
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved. [CVSS 8.8 HIGH]
WordPress
PHP
-
CVE-2025-14963
HIGH
CVSS 7.8
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. [CVSS 7.8 HIGH]
Windows
Endpoint Security
-
CVE-2025-13943
HIGH
CVSS 8.8
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. [CVSS 8.8 HIGH]
Zyxel
Command Injection
Dx3300 T1 Firmware
Px3321 T1 Firmware
Wx5610 B0 Firmware
-
CVE-2025-13776
HIGH
CVSS 7.1
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. [CVSS 7.1 HIGH]
Authentication Bypass
Finka Magazyn
Finka Place
Finka Stw
Finka Fk
-
CVE-2025-1789
HIGH
CVSS 7.8
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. [CVSS 7.8 HIGH]
Windows
Privilege Escalation
Genetec Update Service
-
CVE-2024-56373
HIGH
CVSS 8.4
DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. [CVSS 8.4 HIGH]
RCE
AI / ML
Airflow
-
CVE-2024-48928
HIGH
CVSS 7.5
Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. [CVSS 7.5 HIGH]
Golang
MySQL
CSRF
Piwigo
-
CVE-2024-1524
HIGH
CVSS 7.7
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. [CVSS 7.7 HIGH]
Authentication Bypass
Api Manager
Identity Server
-
CVE-2026-27729
MEDIUM
CVSS 5.9
Memory exhaustion denial of service in Astro 9.0.0 through 9.5.3 allows remote attackers to crash server processes by sending oversized POST requests to server action endpoints without size restrictions. The framework buffers entire request bodies into memory with no limits, enabling a single large request to exhaust heap memory on affected deployments. Public exploit code exists for this vulnerability, which is particularly impactful in containerized environments where repeated crashes trigger persistent restart loops.
Denial Of Service
-
CVE-2026-27643
MEDIUM
CVSS 5.3
Information disclosure in free5GC UDR versions up to 1.4.1 allows remote attackers to obtain detailed internal parsing error messages through the NEF component's Nnef_PfdManagement service, enabling service fingerprinting and reconnaissance. Public exploit code exists for this vulnerability, and all deployments using the affected service are at risk. A patch is available in pull request 56 and should be applied immediately, as no application-level workarounds exist.
Information Disclosure
Udr
-
CVE-2026-27589
MEDIUM
CVSS 6.5
Caddy versions prior to 2.11.1 allow unauthenticated cross-origin requests to the admin API when origin enforcement is disabled, enabling attackers to remotely reconfigure the server through malicious web content loaded in a victim's browser. Public exploit code exists for this vulnerability, which can be leveraged to modify HTTP server behavior and admin listener settings without user knowledge. The vulnerability affects Caddy and TLS implementations, with no patch currently available for affected versions.
Tls
Caddy
Suse
-
CVE-2026-27585
MEDIUM
CVSS 6.5
Caddy versions prior to 2.11.1 fail to sanitize backslashes in file path matching, allowing attackers to bypass path-based security controls through specially crafted requests. The vulnerability affects systems with specific Caddy configurations and has public exploit code available. Exploitation requires network access with no authentication, resulting in limited information disclosure or modification of restricted resources.
Tls
Caddy
Suse
-
CVE-2026-27571
MEDIUM
CVSS 5.9
NATS Server versions prior to 2.11.2 and 2.12.3 fail to properly limit memory allocation during WebSocket compression, allowing unauthenticated attackers to trigger denial of service through compression bomb attacks that exhaust server memory. The vulnerability is exploitable pre-authentication since compression negotiation occurs before credential validation. A patch is available in versions 2.11.2 and 2.12.3.
Information Disclosure
Nats Server
Redhat
Suse
-
CVE-2026-27568
MEDIUM
CVSS 6.1
Avideo versions prior to 21.0 allow authenticated attackers to inject malicious JavaScript through improperly sanitized Markdown links in video comments, enabling session hijacking, privilege escalation, and data theft when victims click the links. The vulnerability stems from unsafe Parsedown configuration that fails to block javascript: URI schemes. A patch is available in version 21.0.
Privilege Escalation
Avideo
-
CVE-2026-27567
MEDIUM
CVSS 6.5
Payload CMS prior to v3.75.0 contains a Server-Side Request Forgery vulnerability in its external file upload feature that allows authenticated users with upload collection permissions to access internal network resources by exploiting insufficient HTTP redirect validation. An attacker could retrieve sensitive response content from internal services accessible to the Payload server. A patch is available in version 3.75.0.
SSRF
Payload
-
CVE-2026-27518
MEDIUM
CVSS 4.3
Unauthorized configuration changes in Binardat 10G08-0800GSM network switches (firmware V300SP10260209 and prior) result from missing CSRF protections in the administrative interface. An attacker can craft a malicious request to trick an authenticated administrator into modifying switch settings without their knowledge or consent. No patch is currently available for this vulnerability.
CSRF
10g08 0800gsm Firmware
-
CVE-2026-27517
MEDIUM
CVSS 6.1
Stored cross-site scripting in Binardat 10G08-0800GSM network switch firmware through version V300SP10260209 enables attackers to execute arbitrary JavaScript within authenticated user sessions via the web interface. An attacker with network access can inject malicious scripts that execute in the context of legitimate users, potentially leading to session hijacking, credential theft, or unauthorized configuration changes. No patch is currently available.
RCE
XSS
10g08 0800gsm Firmware
-
CVE-2026-27477
MEDIUM
CVSS 5.9
Mastodon servers with the experimental FASP feature enabled are vulnerable to Server-Side Request Forgery (SSRF) attacks, allowing unauthenticated attackers to register accounts with arbitrary base URLs that force the server to make requests to internal or local addresses. While attackers cannot control the full request path or view responses, this exposure of internal systems to external manipulation could facilitate reconnaissance or attacks on backend infrastructure. Affected versions are 4.4.0-4.4.13 and 4.5.0-4.5.6; a patch is available.
SSRF
Mastodon
-
CVE-2026-27461
MEDIUM
CVSS 4.9
Pimcore is an Open Source Data & Experience Management Platform. [CVSS 4.9 MEDIUM]
SQLi
Pimcore
-
CVE-2026-27204
MEDIUM
CVSS 6.5
Uncontrolled resource allocation in Wasmtime's WASI host interfaces allows authenticated guests to trigger denial of service on the host system by exhausting resources without proper limits. Affected versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 require explicit configuration to mitigate this issue, though Wasmtime 42.0.0 and later provide secure defaults. No patch is currently available for older versions, and resource exhaustion protections must be manually enabled.
Denial Of Service
Wasmtime
Redhat
-
CVE-2026-27156
MEDIUM
CVSS 6.1
NiceGUI versions prior to 3.8.0 are vulnerable to stored cross-site scripting (XSS) through multiple APIs that improperly handle user-controlled method names, allowing attackers to inject arbitrary JavaScript that executes in victims' browsers. The vulnerability stems from unsafe use of eval() and string interpolation in Element.run_method(), AgGrid.run_grid_method(), EChart.run_chart_method(), and related functions. A patch is available in version 3.8.0 and later.
Python
Nicegui
-
CVE-2026-27129
MEDIUM
CVSS 6.5
Craft CMS versions 4.5.0 through 4.16.18 and 5.0.0 through 5.8.22 contain an SSRF bypass in GraphQL Asset mutations where IPv6-only hostnames bypass the security blocklist, allowing authenticated users with GraphQL asset editing permissions to perform server-side request forgery attacks. Public exploit code exists for this vulnerability, which is a regression of a previously patched SSRF issue. Authenticated users with appropriate GraphQL schema permissions can exploit this to access internal resources or perform requests to arbitrary IPv6 addresses.
SSRF
Craft Cms
-
CVE-2026-27128
MEDIUM
CVSS 4.8
Multiple usage tokens in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 can be consumed beyond their intended limits due to a race condition in token validation logic where usage checks and database updates are not atomic. An authenticated attacker with access to a valid impersonation token can exploit concurrent requests to bypass usage restrictions and reuse single-use tokens multiple times. Patches are available for affected versions.
Privilege Escalation
Race Condition
Craft Cms
-
CVE-2026-27127
MEDIUM
CVSS 6.3
DNS rebinding attacks in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 allow authenticated attackers to bypass SSRF protections in GraphQL asset mutations by exploiting a Time-of-Check-Time-of-Use race condition between DNS validation and HTTP requests. Attackers with appropriate GraphQL schema permissions can access blocked IP addresses and internal resources that should be restricted. Public exploit code exists for this vulnerability, which represents a bypass of the previous CVE-2025-68437 fix.
Dns
SSRF
Race Condition
Craft Cms
-
CVE-2026-27126
MEDIUM
CVSS 4.8
Stored XSS in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 allows high-privileged administrators to inject malicious scripts into HTML-type table columns that execute in other users' browsers. Exploitation requires admin-level access and the `allowAdminChanges` setting enabled in production, limiting the risk to environments with already-compromised administrative accounts. Patches are available in versions 4.16.19 and 5.8.23.
XSS
Craft Cms
-
CVE-2026-27117
MEDIUM
CVSS 5.5
Bit7z versions prior to 4.0.11 contain a path traversal vulnerability that allows arbitrary file writes outside the intended extraction directory when processing malicious archives through relative paths, absolute paths, or symbolic links. Applications using bit7z to extract untrusted archives are affected, enabling attackers to overwrite critical files with the privileges of the extraction process. Public exploit code exists for this vulnerability.
Path Traversal
Bit7z
-
CVE-2026-26983
MEDIUM
CVSS 5.3
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to denial of service through a use-after-free flaw in the MSL interpreter when processing malformed map elements. An unauthenticated attacker can trigger a crash by crafting a specially formatted image file, disrupting service availability. No patch is currently available, leaving affected systems vulnerable.
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-26981
MEDIUM
CVSS 6.5
OpenEXR versions 3.3.0-3.3.6 and 3.4.0-3.4.4 are vulnerable to a heap buffer overflow in file parsing due to improper integer handling when processing malformed EXR files, allowing attackers to trigger a denial of service through memory-mapped streams. Public exploit code exists for this vulnerability. Patched versions 3.3.7 and 3.4.5 are available.
Buffer Overflow
Openexr
Redhat
Suse
-
CVE-2026-26351
MEDIUM
CVSS 4.8
Stored XSS in GetSimpleCMS Community Edition 3.3.16 allows authenticated administrators to inject malicious JavaScript through the component slug field, which persists in XML storage and executes when other users access the Components page. An attacker with admin privileges can exploit this to hijack sessions, perform unauthorized administrative actions, and persistently compromise the CMS interface for all authenticated users. The vulnerability affects PHP-based GetSimpleCMS installations and currently has no available patch.
PHP
XSS
Getsimple Cms
-
CVE-2026-26284
MEDIUM
CVSS 6.5
Medium severity vulnerability in ImageMagick. The pcd coder lacks proper boundary checking when processing Huffman-coded data. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read.
Buffer Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-26283
MEDIUM
CVSS 6.2
Imagemagick versions up to 7.1.2-15 is affected by loop with unreachable exit condition (infinite loop) (CVSS 6.2).
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-26066
MEDIUM
CVSS 6.2
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to denial of service when processing maliciously crafted image profiles containing invalid IPTC data, which triggers an infinite loop during IPTCTEXT writing operations. An attacker can exploit this by supplying a specially crafted image file to cause the application to hang or consume excessive resources. No patch is currently available for affected systems.
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25988
MEDIUM
CVSS 5.3
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory leak in the MSL parser where improper stack index management causes images to remain allocated after error conditions. An attacker could trigger this vulnerability by supplying a specially crafted image file, potentially leading to denial of service through resource exhaustion. No patch is currently available for affected systems.
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25987
MEDIUM
CVSS 5.3
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Buffer Overflow
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25986
MEDIUM
CVSS 5.3
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to a heap buffer overflow in the YUV image decoder that allows remote attackers to trigger a denial of service condition by processing specially crafted YUV 4:2:2 images. The vulnerability stems from an off-by-one write error in the pixel processing loop that exceeds allocated buffer boundaries. No patch is currently available for affected installations.
Buffer Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-25983
MEDIUM
CVSS 5.3
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to a heap-use-after-free condition when processing specially crafted MSL scripts, allowing unauthenticated remote attackers to cause denial of service. The vulnerability occurs when the operation element handler frees image data while the parser continues accessing it, leading to memory corruption during subsequent parsing operations. No patch is currently available for affected versions.
Use After Free
Imagemagick
Redhat
Suse
-
CVE-2026-25982
MEDIUM
CVSS 6.5
Medium severity vulnerability in ImageMagick. A heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image).
Denial Of Service
Information Disclosure
Imagemagick
Redhat
Suse
-
CVE-2026-25971
MEDIUM
CVSS 6.2
Medium severity vulnerability in ImageMagick. # Magick fails to check for circular references between two MSLs, leading to a stack overflow.
Stack Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-25970
MEDIUM
CVSS 5.3
A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows.
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==143838==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000
#0 0x7f379d5adb53 (/lib/x86_64-linux-gnu/libc.so.6+0xc4b53)
```
Integer Overflow
Memory Corruption
Denial Of Service
Imagemagick
Redhat
-
CVE-2026-25969
MEDIUM
CVSS 5.3
ImageMagick versions prior to 7.1.2-15 contain a memory leak in the ASHLAR image coder where allocated memory fails to release upon exception handling, potentially causing denial of service through resource exhaustion on affected systems. An unauthenticated remote attacker can trigger this condition by processing specially crafted ASHLAR image files. No patch is currently available.
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25966
MEDIUM
CVSS 5.9
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 allow local attackers to bypass the secure policy's stdin/stdout restrictions by using fd:<n> pseudo-filenames (e.g., fd:0, fd:1), enabling unauthorized reading and writing to standard streams. This vulnerability affects systems relying on ImageMagick's default security policies to prevent stream manipulation. No patch is currently available, though administrators can manually update their security policy configuration as a workaround.
Authentication Bypass
Imagemagick
Redhat
Suse
-
CVE-2026-25898
MEDIUM
CVSS 6.5
ImageMagick's UIL and XPM image encoders fail to validate pixel index values before using them as array subscripts, allowing an attacker to craft malicious images that trigger out-of-bounds reads in HDRI builds. Exploitation can result in information disclosure or denial of service through process crashes. Versions prior to 7.1.2-15 and 6.9.13-40 are affected, and no patch is currently available.
Buffer Overflow
Denial Of Service
Information Disclosure
Imagemagick
Redhat
-
CVE-2026-25897
MEDIUM
CVSS 6.5
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain an integer overflow in the SUN image decoder that allows heap buffer overflow on 32-bit systems when processing specially crafted image files. Attackers can trigger this vulnerability remotely without authentication to cause denial of service or potentially achieve code execution. A patch is currently unavailable, leaving affected 32-bit installations at risk until updates are released.
Integer Overflow
Imagemagick
Redhat
Suse
-
CVE-2026-25799
MEDIUM
CVSS 5.3
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25798
MEDIUM
CVSS 5.3
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Null Pointer Dereference
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25797
MEDIUM
CVSS 5.7
Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.
RCE
Code Injection
Imagemagick
Redhat
Suse
-
CVE-2026-25796
MEDIUM
CVSS 5.3
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25795
MEDIUM
CVSS 5.3
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Null Pointer Dereference
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25638
MEDIUM
CVSS 5.3
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory leak in the MSL image coder that allows unauthenticated remote attackers to cause denial of service through resource exhaustion when processing specially crafted MSL image files. The vulnerability exists because the WriteMSLImage function fails to release allocated memory during early function returns. An attacker can exploit this over the network without authentication to exhaust server memory and crash the application.
Denial Of Service
Imagemagick
Redhat
Suse
-
CVE-2026-25637
MEDIUM
CVSS 5.3
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Denial Of Service
Imagemagick
Magick.Net
Redhat
Suse
-
CVE-2026-25603
MEDIUM
CVSS 6.6
Path traversal in Linksys MR9600 and MX4200 firmware allows attackers with physical access to mount arbitrary USB drive partitions into the file system, potentially enabling root-level code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected versions include MR9600 1.0.4.205530 and MX4200 1.0.13.210200.
Path Traversal
Mx4200 Firmware
Mr9600 Firmware
-
CVE-2026-25591
MEDIUM
CVSS 6.5
Denial of service in New API's `/api/token/search` endpoint allows authenticated users to exhaust database resources through SQL wildcard injection in unescaped search parameters. An attacker can craft malicious search patterns that trigger expensive queries, causing service unavailability. Public exploit code exists for this medium-severity vulnerability affecting versions prior to 0.10.8-alpha.10.
Denial Of Service
AI / ML
New Api
Suse
-
CVE-2026-25576
MEDIUM
CVSS 5.1
Heap buffer over-read in ImageMagick and Magick.Net raw image format handlers allows local attackers to read sensitive data from heap memory when processing specially crafted images with mismatched extraction and size parameters. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, potentially exposing confidential information through out-of-bounds memory access. A patch is available for affected users.
Buffer Overflow
Imagemagick
Magick.Net
Redhat
Suse
-
CVE-2026-24484
MEDIUM
CVSS 5.3
ImageMagick and Magick.NET fail to properly validate nested MVG-to-SVG conversions, allowing unauthenticated remote attackers to trigger denial of service conditions. Affected versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to resource exhaustion attacks through specially crafted image files. A patch is available for both products.
Denial Of Service
Imagemagick
Magick.Net
Redhat
Suse
-
CVE-2026-24314
MEDIUM
CVSS 4.3
SAP S/4HANA's Manage Payment Media component contains an information disclosure vulnerability that allows authenticated users to access restricted data through certain application conditions. The vulnerability has low confidentiality impact and requires valid credentials to exploit, with no publicly available patch currently available.
Sap
-
CVE-2026-24241
MEDIUM
CVSS 4.3
NVIDIA Delegated Licensing Service on all appliance platforms contains an authentication bypass that allows adjacent network attackers to access sensitive information without credentials. The vulnerability requires no user interaction and affects the confidentiality of the service, though no patch is currently available.
Information Disclosure
Delegated License Service
-
CVE-2026-23984
MEDIUM
CVSS 6.5
Authenticated users in Apache Superset versions before 6.0.0 can execute write operations against PostgreSQL databases configured as read-only by crafting specially formatted SQL statements that evade validation checks. This allows an attacker with SQLLab access to perform unauthorized data modifications despite read-only protections being in place. No patch is currently available for affected versions.
Apache
PostgreSQL
Superset
-
CVE-2026-23983
MEDIUM
CVSS 6.5
Authenticated users in Apache Superset versions before 6.0.0 can access sensitive user information including password hashes and email addresses through the Tag endpoint API, which improperly exposes user objects without proper field filtering. An attacker with low-privilege credentials (such as Gamma role) can exploit this to retrieve authentication data that should remain hidden. The vulnerability only affects instances with the TAGGING_SYSTEM enabled, which is disabled by default.
Apache
Information Disclosure
Superset
-
CVE-2026-23982
MEDIUM
CVSS 6.5
Apache Superset before version 6.0.0 contains an authorization bypass in dataset management that allows authenticated users with write access to datasets to circumvent data access controls and query unauthorized information. An attacker can exploit this by modifying the SQL query of existing datasets to access restricted data that their role should not permit. No patch is currently available, leaving affected deployments vulnerable until upgrading to version 6.0.0.
Apache
Superset
-
CVE-2026-23980
MEDIUM
CVSS 6.5
Apache Superset before version 6.0.0 contains a SQL injection vulnerability in the sqlExpression and where parameters that allows authenticated users with read access to extract sensitive data through error-based techniques. An attacker with valid credentials could exploit this to bypass query restrictions and access unauthorized database information. A patch is available in version 6.0.0 and later.
Apache
SQLi
Superset
-
CVE-2026-23969
MEDIUM
CVSS 6.5
Insufficient SQL function restrictions in Apache Superset before 4.1.2 allow authenticated users to execute sensitive database functions on ClickHouse engines that should have been blocked. An attacker with database access could leverage the incomplete DISALLOWED_SQL_FUNCTIONS list to bypass security controls and potentially extract or manipulate data. No patch is currently available for affected versions of Apache Superset, PostgreSQL, and related deployments.
Apache
PostgreSQL
Superset
-
CVE-2026-23858
MEDIUM
CVSS 5.4
Dell Wyse Management Suite versions before 5.5 contain a cross-site scripting (XSS) vulnerability that allows authenticated remote attackers to inject malicious scripts into web pages. An attacker with low privileges and user interaction can exploit this to execute arbitrary JavaScript in the context of other users' sessions. A patch is available to remediate this vulnerability.
XSS
Wyse Management Suite
-
CVE-2026-21864
MEDIUM
CVSS 6.5
Denial of service in Valkey-Bloom module allows authenticated attackers to crash the Valkey server by sending a specially crafted RESTORE command that triggers an unhandled assertion. The vulnerability exists because the module failed to set the IO_ERRORS flag during RDB parsing, causing the server to shut down instead of gracefully handling the malformed input. A security patch is available, and administrators can mitigate the issue by disabling the RESTORE command if not required.
Code Injection
Valkey Bloom
-
CVE-2026-3131
MEDIUM
CVSS 6.5
Devolutions Server 2025.3.14.0 and earlier contains insufficient access control in REST API endpoints that enables authenticated view-only users to retrieve sensitive connection data they should not access. An attacker with basic authentication credentials could exploit this to gain unauthorized visibility into protected connection information, compromising confidentiality without requiring user interaction or elevated privileges.
Authentication Bypass
Information Disclosure
Devolutions Server
-
CVE-2026-3102
MEDIUM
CVSS 6.3
Command injection in exiftool's PNG file parser on macOS allows remote attackers to execute arbitrary OS commands by manipulating the DateTimeOriginal argument in the SetMacOSTags function. Public exploit code exists for this vulnerability, and affected users should upgrade to version 13.50 or later to remediate the issue.
macOS
Command Injection
Exiftool
-
CVE-2026-3101
MEDIUM
CVSS 6.3
OS command injection in the Ping Handler component of Intelbras TIP 635G firmware (version 1.12.3.5) enables authenticated attackers to execute arbitrary system commands remotely. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. Affected devices remain exploitable until the vendor releases a security update.
Command Injection
Tip 635g Firmware
-
CVE-2026-3091
MEDIUM
CVSS 6.7
Synology Presto Client versions prior to 2.1.3-0672 are vulnerable to DLL hijacking during installation, enabling local attackers with user privileges to read or write arbitrary files by placing malicious libraries in the installer directory. The vulnerability requires user interaction and local access but grants high-impact capabilities including confidentiality and integrity violations. No patch is currently available.
Synology
Presto Client
-
CVE-2026-3070
MEDIUM
CVSS 4.3
Reflected XSS in SourceCodester Modern Image Gallery App 1.0 allows unauthenticated remote attackers to inject malicious scripts through the filename parameter in upload.php. Public exploit code exists for this vulnerability, though it requires user interaction to succeed. No patch is currently available.
PHP
XSS
Modern Image Gallery App
-
CVE-2026-3067
MEDIUM
CVSS 6.3
HummerRisk versions up to 1.5.0 contain a path traversal vulnerability in the archive extraction functionality that allows authenticated remote attackers to read and write arbitrary files on the system. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability affects the extractTarGZ and extractZip functions in the common utilities library.
Java
Path Traversal
Hummerrisk
-
CVE-2026-3066
MEDIUM
CVSS 6.3
Hummerrisk versions up to 1.5.0. contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Java
Command Injection
Hummerrisk
-
CVE-2026-3065
MEDIUM
CVSS 6.3
Command injection in HummerRisk up to version 1.5.0 allows authenticated remote attackers to execute arbitrary commands through the Cloud Task Dry-run feature by manipulating the fileName parameter in CloudTaskService.java. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can achieve remote code execution with limited impact on confidentiality, integrity, and availability.
Java
Command Injection
Hummerrisk
-
CVE-2026-3064
MEDIUM
CVSS 6.3
HummerRisk versions up to 1.5.0 contain a command injection vulnerability in the Cloud Task Scheduler component where the regionId parameter is insufficiently validated, allowing authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early disclosure notification. An authenticated attacker can exploit this to achieve remote code execution with limited scope impact.
Java
Command Injection
Hummerrisk
-
CVE-2026-3057
MEDIUM
CVSS 6.3
SQL injection in PearProjectApi up to version 2.8.10 allows authenticated attackers to execute arbitrary SQL queries through the projectCode parameter in the dateTotalForProject function. Public exploit code exists for this vulnerability, enabling remote attacks with potential to read, modify, or delete database contents. The vendor has not released a patch despite early notification.
PHP
SQLi
Pearprojectapi
-
CVE-2026-3054
MEDIUM
CVSS 4.3
Cross-site scripting (XSS) via the hint parameter in Alinto SOGo 5.12.3/5.12.4 allows unauthenticated remote attackers to inject malicious scripts through a user-interactive attack vector. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure efforts. The impact is limited to integrity compromise with no confidentiality or availability impact.
Golang
XSS
Sogo
-
CVE-2026-3052
MEDIUM
CVSS 6.3
Server-side request forgery in Dinky up to version 1.2.5 allows authenticated attackers to make arbitrary HTTP requests through the Flink Proxy Controller's proxyUba function. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can leverage this to access internal resources or perform actions on behalf of the affected server.
Java
SSRF
Dinky
-
CVE-2026-3051
MEDIUM
CVSS 6.3
Path traversal in Dinky up to version 1.2.5 allows authenticated remote attackers to access arbitrary files on the system through manipulation of the projectName parameter in the GitRepository component. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can exploit this to read sensitive files or potentially escalate privileges within Java-based Dinky deployments.
Java
Path Traversal
Dinky
-
CVE-2026-3049
MEDIUM
CVSS 4.3
Open redirect in Horilla up to version 1.0.2 allows remote attackers to redirect users to arbitrary external websites by manipulating the prev_url query parameter in the global search functionality. Public exploit code exists for this vulnerability, making it actively exploitable in the wild. Upgrading to version 1.0.3 or applying patch 730b5a44ff060916780c44a4bdbc8ced70a2cd27 resolves the issue.
Open Redirect
Horilla
-
CVE-2026-3043
MEDIUM
CVSS 4.3
Reflected cross-site scripting in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the page parameter in /admin/navbar.php. Public exploit code exists for this vulnerability, enabling attackers to steal session tokens or perform actions on behalf of administrators. No patch is currently available.
PHP
XSS
Event Management System
-
CVE-2026-2804
MEDIUM
CVSS 5.4
A use-after-free vulnerability in Firefox and Thunderbird's JavaScript WebAssembly engine allows remote attackers to achieve information disclosure or data manipulation through a malicious webpage or email attachment that requires user interaction. Affected versions include Firefox below 148 and Thunderbird below 148, with no patch currently available. The vulnerability has a network attack vector with low complexity and carries a CVSS score of 5.4.
Use After Free
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-2802
MEDIUM
CVSS 4.2
Firefox and Thunderbird versions below 148 contain a race condition in the JavaScript garbage collection component that could allow an attacker to access or modify limited data through specially crafted content requiring user interaction. The vulnerability has a CVSS score of 4.2 and currently lacks an available patch.
Race Condition
Firefox
Thunderbird
Redhat
Suse
-
CVE-2026-1772
MEDIUM
CVSS 5.3
Improper access controls in RTU500 series firmware (RTU520, RTU530, RTU540, RTU560) expose sensitive user management data to unauthenticated attackers who leverage browser developer tools to bypass web interface restrictions. An attacker without privileges can read confidential user information that should require authentication, though the vulnerability requires direct access to development utilities rather than simple network requests. No patch is currently available for this medium-severity exposure.
Information Disclosure
Rtu540 Firmware
Rtu560 Firmware
Rtu520 Firmware
Rtu530 Firmware
-
CVE-2026-1768
MEDIUM
CVSS 4.3
Devolutions Server before version 2025.3.15 contains a permission cache poisoning flaw that allows authenticated users to circumvent access controls and retrieve restricted entries. The vulnerability affects any system running the vulnerable version where an attacker with valid credentials can exploit improper permission validation to access data they should not be authorized to view. No patch is currently available to remediate this issue.
Authentication Bypass
Devolutions Server
-
CVE-2026-0402
MEDIUM
CVSS 4.9
SonicOS firewalls are vulnerable to a post-authentication out-of-bounds read that permits authenticated remote attackers to trigger a denial-of-service condition by crashing the device. The medium-severity vulnerability requires high-level privileges and has no available patch, leaving affected deployments potentially exposed until remediation is released.
Denial Of Service
Sonicos
-
CVE-2026-0401
MEDIUM
CVSS 4.9
SonicOS firewalls are vulnerable to denial-of-service attacks when an authenticated remote attacker triggers a null pointer dereference, causing the device to crash. This post-authentication flaw affects firewall availability but requires valid credentials to exploit. No patch is currently available.
Null Pointer Dereference
Denial Of Service
Sonicos
-
CVE-2026-0400
MEDIUM
CVSS 4.9
SonicOS firewalls are vulnerable to a post-authentication format string vulnerability that permits authenticated remote attackers to trigger a denial of service condition and crash the affected device. The attack requires valid credentials but can be executed over the network without user interaction. No patch is currently available for this vulnerability.
Denial Of Service
Sonicos
-
CVE-2026-0399
MEDIUM
CVSS 4.9
SonicOS management interface suffers from stack-based buffer overflow flaws in an API endpoint that allow authenticated administrators to trigger denial of service conditions through improper input validation. The vulnerability affects Stack Overflow and Sonicos products but currently lacks an available patch, leaving deployed systems exposed to authenticated attack vectors with no mitigation path.
Buffer Overflow
Stack Overflow
Sonicos
-
CVE-2025-69253
MEDIUM
CVSS 5.3
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. [CVSS 5.3 MEDIUM]
Information Disclosure
Udr
-
CVE-2025-69251
MEDIUM
CVSS 5.3
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 5.3 MEDIUM]
Code Injection
Udm
-
CVE-2025-62512
MEDIUM
CVSS 5.3
Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. [CVSS 5.3 MEDIUM]
PHP
Golang
Piwigo
-
CVE-2025-47904
MEDIUM
CVSS 5.7
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. [CVSS 4.1 MEDIUM]
Information Disclosure
-
CVE-2025-46320
MEDIUM
CVSS 6.1
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7. [CVSS 6.1 MEDIUM]
RCE
XSS
Filemaker Server
-
CVE-2025-27555
MEDIUM
CVSS 6.5
Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. User...
Information Disclosure
AI / ML
Airflow
-
CVE-2025-11848
MEDIUM
CVSS 4.9
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]
Zyxel
Null Pointer Dereference
Ex3300 T1 Firmware
Emg5523 T50b Firmware
Ex3600 T0 Firmware
-
CVE-2025-11847
MEDIUM
CVSS 4.9
A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]
Zyxel
Null Pointer Dereference
Ex3300 T1 Firmware
Ex3300 T0 Firmware
Ex5601 T0 Firmware
-
CVE-2025-11846
MEDIUM
CVSS 4.9
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]
Zyxel
Null Pointer Dereference
Ex5512 T0 Firmware
Emg5523 T50b Firmware
Ex5601 T0 Firmware
-
CVE-2025-11845
MEDIUM
CVSS 4.9
A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. [CVSS 4.9 MEDIUM]
Zyxel
Null Pointer Dereference
Gm4100 B0 Firmware
Emg3525 T50b Firmware
Scr 50axe Firmware
-
CVE-2025-10010
MEDIUM
CVSS 6.8
Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).
Linux
RCE
Cryptopro Secure Disk
Windows
Linux Kernel
-
CVE-2025-1787
MEDIUM
CVSS 4.2
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. [CVSS 4.2 MEDIUM]
Windows
Privilege Escalation
Genetec Update Service
-
CVE-2026-23859
LOW
CVSS 2.7
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass. [CVSS 2.7 LOW]
Authentication Bypass
Dell
-
CVE-2026-3050
LOW
CVSS 3.5
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. [CVSS 3.5 LOW]
XSS
-
CVE-2025-15589
LOW
CVSS 3.8
A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. [CVSS 3.8 LOW]
PHP
Path Traversal
-
CVE-2025-9120
None
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access.
Code Injection