Skip to main content
CVE-2026-2794 HIGH PATCH This Week

Uninitialized memory in Firefox and Firefox Focus for Android versions prior to 148 enables remote attackers to read sensitive data without authentication or user interaction. The vulnerability allows information disclosure through memory that was not properly cleared before use, potentially exposing confidential user information to network-based attackers.

Information Disclosure Mozilla Google
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27519 HIGH This Week

Binardat 10G08-0800GSM network switches version V300SP10260209 and earlier expose a hardcoded RC4 encryption key in client-side JavaScript, allowing unauthenticated remote attackers to decrypt sensitive configuration data and compromise network confidentiality. The static key weakness eliminates the intended cryptographic protection for protected values transmitted to and from the device.

Information Disclosure 10g08 0800gsm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27520 HIGH This Week

Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 expose user credentials by storing passwords as reversible Base64-encoded values in web interface cookies, allowing unauthenticated attackers with cookie access to recover plaintext passwords. This high-severity vulnerability affects confidentiality of administrative credentials with no available patch, creating significant risk for network infrastructure compromise.

Information Disclosure 10g08 0800gsm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27516 HIGH This Week

Binardat 10G08-0800GSM network switch firmware prior to V300SP10260209 stores administrative credentials in plaintext within the web interface and HTTP responses, enabling unauthenticated attackers to extract valid user passwords. This information disclosure vulnerability affects network administrators and can lead to unauthorized access to critical network infrastructure. No patch is currently available.

Information Disclosure 10g08 0800gsm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25967 HIGH PATCH This Week

Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. No patch is currently available for this HIGH severity issue (CVSS 7.4).

Buffer Overflow Stack Overflow Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-2459 HIGH This Week

Authenticated users with Installer role in REB500 firmware can bypass directory access controls to read and modify files outside their authorized scope. This privilege escalation affects systems where installer accounts are provisioned, enabling unauthorized data access and manipulation. No patch is currently available.

Information Disclosure Reb500 Firmware
NVD
CVSS 4.0
7.4
EPSS
0.0%
CVE-2025-33181 HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 7.3 HIGH]

Linux Privilege Escalation Nvos Cumulus Linux
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-22766 HIGH PATCH This Week

Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privileged attackers with network access to execute arbitrary commands on affected systems. The vulnerability stems from insufficient validation of uploaded file types, enabling attackers to bypass security controls and gain code execution. A patch is available for affected organizations to remediate this risk.

File Upload Dell Wyse Management Suite
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-1459 HIGH This Week

Zyxel VMG3625-T50B, DX5401 B1, and EMG5523 T50B devices with firmware through version 5.50(ABPM.9.7)C0 contain a post-authentication command injection vulnerability in the TR-369 certificate download function that allows authenticated administrators to execute arbitrary operating system commands. An attacker with admin credentials could leverage this to gain complete control over the affected device. No patch is currently available.

Zyxel Command Injection Dx5401 B1 Firmware Emg5523 T50b Firmware Vmg3625 T50b Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-13776 HIGH This Week

Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. [CVSS 7.1 HIGH]

Authentication Bypass Finka Magazyn Finka Place Finka Stw Finka Fk +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy