137 CVEs tracked today. 33 Critical, 45 High, 38 Medium, 19 Low.
-
CVE-2026-27971
CRITICAL
CVSS 9.8
RCE in Qwik JavaScript framework <= 1.19.0 via unsafe deserialization in server$ Runtime. EPSS 13.4% with PoC available.
RCE
Deserialization
Qwik
-
CVE-2026-28289
CRITICAL
CVSS 10.0
File upload bypass in FreeScout 1.8.206 — patch bypass for CVE-2026-27636. PoC and patch available. CVSS 10.0.
PHP
RCE
Laravel
Race Condition
Freescout
-
CVE-2026-27012
CRITICAL
CVSS 9.8
Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.
PHP
Authentication Bypass
Privilege Escalation
Openstamanager
-
CVE-2026-26279
CRITICAL
CVSS 9.1
Command injection in Froxlor server admin before 2.3.4 due to typo (== instead of =) disabling input validation entirely. PoC and patch available.
RCE
Froxlor
-
CVE-2026-26266
CRITICAL
CVSS 9.3
Stored XSS in AliasVault password manager. Patch available.
XSS
Aliasvault
-
CVE-2026-25146
CRITICAL
CVSS 9.6
Information disclosure in OpenEMR 5.0.2 to before 8.0.0 exposes sensitive data. PoC and patch available.
Information Disclosure
Openemr
-
CVE-2026-24898
CRITICAL
CVSS 10.0
Unauthenticated token disclosure in OpenEMR before 8.0.0. CVSS 10.0. PoC and patch available.
PHP
Authentication Bypass
Information Disclosure
Openemr
-
CVE-2026-24848
CRITICAL
CVSS 9.9
Path traversal in OpenEMR 7.0.4 disposeDocument() allows file access. PoC available.
PHP
RCE
Openemr
-
CVE-2026-24103
CRITICAL
CVSS 9.8
Buffer overflow in Tenda AC15V1.0 via formSetMacFilterCfg. PoC available.
Buffer Overflow
Ac15 Firmware
-
CVE-2026-22891
CRITICAL
CVSS 9.8
Heap overflow in libbiosig 3.9.2 Intan CLP parsing. PoC available.
Buffer Overflow
Heap Overflow
Libbiosig
-
CVE-2026-22886
CRITICAL
CVSS 9.8
Default admin credentials in OpenMQ message broker. Shipped with known default admin password.
Information Disclosure
-
CVE-2026-3485
CRITICAL
CVSS 9.8
Command injection in D-Link DIR-868L via SSDP service. PoC available.
Command Injection
D-Link
Dir 868l Firmware
-
CVE-2026-3266
CRITICAL
CVSS 9.8
Missing authorization in OpenText Filr allows auth bypass via XSRF tokens.
Authentication Bypass
Filr
-
CVE-2026-3224
CRITICAL
CVSS 9.8
Azure AD auth bypass in Devolutions Server 2025.3.15.0 and earlier.
Authentication Bypass
Azure
Devolutions Server
-
CVE-2026-3204
CRITICAL
CVSS 9.8
Input validation flaw in Devolutions Server error message page enables remote spoofing attacks.
Code Injection
Devolutions Server
-
CVE-2026-3136
CRITICAL
CVSS 9.8
Improper authorization in Google Cloud Build GitHub Trigger allowing unauthenticated build execution. EPSS 0.19%.
Google
Github
Cloud Build
-
CVE-2026-3130
CRITICAL
CVSS 9.8
Behavioral control bypass in Devolutions Server 2025.3.15 allows authenticated users to exploit delete permissions.
Information Disclosure
Devolutions Server
-
CVE-2026-2628
CRITICAL
CVSS 9.8
Auth bypass in All-in-One Microsoft 365 SSO WordPress plugin.
WordPress
Authentication Bypass
Microsoft
-
CVE-2026-2590
CRITICAL
CVSS 9.8
Insecure password saving enforcement in Devolutions Remote Desktop Manager 2025.3.
Information Disclosure
Hashicorp
-
CVE-2026-1492
CRITICAL
CVSS 9.8
Privilege escalation in User Registration & Membership WordPress plugin.
WordPress
Privilege Escalation
-
CVE-2025-70821
CRITICAL
CVSS 9.8
SQL injection in renren-security before v5.5.0 in BaseServiceImpl.java. PoC available.
Java
SQLi
Renren Security
-
CVE-2025-70241
CRITICAL
CVSS 9.8
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. Part of a family of 15+ critical buffer overflows in this router.
Buffer Overflow
D-Link
Dir 513 Firmware
-
CVE-2025-70240
CRITICAL
CVSS 9.8
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. Part of a family of 15+ critical buffer overflows in this router.
Buffer Overflow
D-Link
Dir 513 Firmware
-
CVE-2025-70239
CRITICAL
CVSS 9.8
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. Part of a family of 15+ critical buffer overflows in this router.
Buffer Overflow
D-Link
Dir 513 Firmware
-
CVE-2025-70237
CRITICAL
CVSS 9.8
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. Part of a family of 15+ critical buffer overflows in this router.
Buffer Overflow
D-Link
Dir 513 Firmware
-
CVE-2025-70236
CRITICAL
CVSS 9.8
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. Part of a family of 15+ critical buffer overflows in this router.
Buffer Overflow
D-Link
Dir 513 Firmware
-
CVE-2025-70234
CRITICAL
CVSS 9.8
Stack buffer overflow in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. Part of a family of 15+ critical buffer overflows in this router.
Buffer Overflow
D-Link
Dir 513 Firmware
-
CVE-2025-66945
CRITICAL
CVSS 9.1
Zip slip to arbitrary file write in Zdir Pro 4.x ZIP extraction API. PoC available.
RCE
Path Traversal
Zdir
-
CVE-2025-59059
CRITICAL
CVSS 9.8
RCE in Apache Ranger <= 2.7.0 via NashornScriptEngineCreator. EPSS 0.42%.
RCE
Apache
Ranger
-
CVE-2025-57622
CRITICAL
CVSS 9.8
Pickle deserialization RCE in Step-Video-T2V via API endpoints.
Deserialization
AI / ML
-
CVE-2024-55026
CRITICAL
CVSS 9.8
Command execution via reset_pj.cgi in Weintek cMT-3072XH2.
RCE
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2024-55024
CRITICAL
CVSS 9.8
Auth bypass in Weintek cMT-3072XH2 authorization mechanism.
Authentication Bypass
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2024-55020
CRITICAL
CVSS 9.8
Command injection in Weintek cMT-3072XH2 HMI DHCP activation. EPSS 0.30%.
Command Injection
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2026-29022
HIGH
CVSS 7.3
Heap buffer overflow in dr_libs 0.14.4 and earlier allows attackers to corrupt memory by supplying maliciously crafted WAV files to any application using drwav_init_*_with_metadata() functions. The vulnerability exploits inconsistent validation of sample loop counts between processing passes, enabling 36 bytes of attacker-controlled data to overflow heap allocations. Public exploit code exists for this vulnerability.
Buffer Overflow
Heap Overflow
Suse
-
CVE-2026-28518
HIGH
CVSS 8.4
OpenViking 0.2.1 and earlier contain a path traversal vulnerability in .ovpack file imports that enables local attackers to write arbitrary files outside the intended directory by crafting malicious ZIP archives with traversal sequences or absolute paths. An attacker with user interaction can overwrite or create files with the privileges of the importing process, potentially leading to code execution or system compromise. No patch is currently available for this vulnerability.
Path Traversal
-
CVE-2026-27981
HIGH
CVSS 7.4
Homebox prior to version 0.24.0 fails to validate the TrustProxy configuration setting, allowing attackers to bypass authentication rate limiting by forging the X-Real-IP header on direct connections. This enables an attacker to attempt unlimited authentication attempts by spoofing a different IP address for each request, compromising both confidentiality and integrity of the system. The vulnerability affects all Homebox installations where the TrustProxy option is disabled or misconfigured.
Authentication Bypass
Homebox
-
CVE-2026-27932
HIGH
CVSS 7.5
Joserfc versions 1.6.2 and earlier fail to validate the PBES2 iteration count parameter in JWE tokens, allowing unauthenticated attackers to trigger CPU exhaustion by specifying arbitrarily large values in the p2c header field. An attacker can exploit this resource exhaustion vulnerability to cause denial of service against any system using the library to decrypt JWE tokens. Public exploit code exists for this vulnerability, and a patch is available.
Denial Of Service
Python
Joserfc
Suse
-
CVE-2026-27905
HIGH
CVSS 7.8
Arbitrary file write in BentoML prior to version 1.4.36 allows local attackers to write files to arbitrary locations on the host system by crafting malicious tar archives containing symlinks that point outside the extraction directory. The vulnerability exists because the safe_extract_tarfile() function fails to validate symlink targets, only validating the symlink path itself, enabling attackers to bypass directory traversal protections. Public exploit code exists for this vulnerability; users should upgrade to version 1.4.36 or later.
Python
AI / ML
Bentoml
-
CVE-2026-27622
HIGH
CVSS 7.8
Buffer overflow in OpenEXR's CompositeDeepScanLine::readPixels function allows local attackers to achieve code execution by crafting malicious EXR files that trigger integer wraparound in sample count calculations, resulting in undersized memory allocation followed by heap buffer overrun during decompression. Public exploit code exists for this vulnerability, and patches are available in versions 3.2.6, 3.3.8, and 3.4.6. Organizations using OpenEXR for image processing should prioritize updating to patched versions immediately.
Buffer Overflow
Red Hat
Openexr
Suse
-
CVE-2026-27601
HIGH
CVSS 8.2
Unbounded recursion in Underscore.js versions before 1.13.8 enables denial of service attacks when the _.flatten or _.isEqual functions process deeply nested untrusted data structures. An attacker can trigger stack overflow conditions by supplying specially crafted recursive input, causing affected applications to crash. Public exploit code exists for this vulnerability, and patches are available.
Denial Of Service
-
CVE-2026-26892
HIGH
CVSS 7.2
Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 7.2).
PHP
SQLi
-
CVE-2026-25906
HIGH
CVSS 7.3
Optimizer versions up to 6.3.1 is affected by improper link resolution before file access (CVSS 7.3).
Path Traversal
Dell
Optimizer
-
CVE-2026-25673
HIGH
CVSS 7.5
Django URL field validation triggers excessive Unicode normalization on Windows when processing certain malicious Unicode characters, enabling remote attackers to cause denial of service through crafted URL inputs. Affected versions include Django 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29, with potential impact to unsupported series 5.0.x, 4.1.x, and 3.2.x. A patch is available for all affected supported versions.
Windows
Denial Of Service
Python
Golang
Red Hat
-
CVE-2026-24502
HIGH
CVSS 8.8
Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8).
Privilege Escalation
Dell
-
CVE-2026-20777
HIGH
CVSS 8.1
Arbitrary code execution in libbiosig 3.9.2 and Master Branch can be triggered by parsing malicious Nicolet WFT files through a heap buffer overflow in the WFT parsing functionality. An attacker can exploit this vulnerability by supplying a crafted .wft file to execute arbitrary code on affected systems. Public exploit code exists for this vulnerability, though no patch is currently available.
Buffer Overflow
Heap Overflow
Libbiosig
-
CVE-2026-3437
HIGH
CVSS 7.8
Portwell Engineering Toolkits 4.8.2 contains a buffer overflow in its driver that allows authenticated local attackers to read and write arbitrary memory locations. An attacker exploiting this vulnerability can escalate privileges or trigger denial-of-service conditions. No patch is currently available for this high-severity issue affecting the Engineering Toolkits product line.
Privilege Escalation
Engineering Toolkits
-
CVE-2026-3342
HIGH
CVSS 7.2
WatchGuard Fireware OS contains an out-of-bounds write vulnerability in its management interface that permits authenticated administrators to achieve root-level code execution. The flaw affects versions 11.9 through 11.12.4_Update1, 12.0 through 12.11.7, and 2025.1 through 2026.1.1, with no patch currently available. While exploitation requires high-level administrative privileges, successful attacks grant complete system compromise.
RCE
Buffer Overflow
Fireware
-
CVE-2026-2915
HIGH
CVSS 7.1
HP System Event Utility versions prior to 3.2.16 allow local authenticated users to corrupt system integrity and cause denial of service through arbitrary file writes with elevated privileges. An attacker with local access and valid credentials can leverage this vulnerability to modify critical files and disrupt system availability. No patch is currently available for affected installations.
Denial Of Service
System Event Utility
-
CVE-2026-2637
HIGH
CVSS 8.5
Local privilege escalation in iBoysoft NTFS for Mac 8.0.0 allows authenticated macOS users to gain root access through the ntfshelperd privileged helper daemon. The daemon exposes an unauthenticated NSConnection service running as root, enabling any local user with standard privileges to communicate directly with the root-level service and execute privileged operations. EPSS probability is very low (0.02%, 6th percentile) with no confirmed active exploitation or public POC at time of analysis, suggesting limited real-world targeting despite high technical severity.
Privilege Escalation
-
CVE-2026-2568
HIGH
CVSS 7.2
Stored cross-site scripting in WP Zendesk for Contact Form 7 and related WordPress plugins through version 1.1.5 allows unauthenticated attackers to inject malicious scripts into form submissions that execute in other users' browsers. The vulnerability stems from inadequate input sanitization and output escaping on submitted form data. No patch is currently available.
WordPress
XSS
-
CVE-2026-2448
HIGH
CVSS 8.8
Page Builder by SiteOrigin (WordPress plugin) versions up to 2.33.5 is affected by path traversal (CVSS 8.8).
PHP
WordPress
RCE
Information Disclosure
Path Traversal
-
CVE-2026-2269
HIGH
CVSS 7.2
Server-Side Request Forgery in the Uncanny Automator WordPress plugin up to version 7.0.0.3 allows authenticated administrators to make arbitrary web requests from the affected server and store remote file contents locally, potentially enabling remote code execution. The vulnerability requires administrator-level privileges and has no available patch. Attackers can exploit this to interact with internal services and upload arbitrary files to the web server.
WordPress
RCE
SSRF
File Upload
-
CVE-2026-1876
HIGH
CVSS 8.7
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all is affected by improper resource shutdown or release.
Information Disclosure
-
CVE-2026-1875
HIGH
CVSS 8.7
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all is affected by improper resource shutdown or release.
Information Disclosure
-
CVE-2026-1874
HIGH
CVSS 8.7
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP is affected by always-incorrect control flow implementation.
Information Disclosure
-
CVE-2026-1567
HIGH
CVSS 7.1
Infosphere Information Server versions up to 11.7.1.6 is affected by improper restriction of xml external entity reference (CVSS 7.1).
IBM
XXE
Infosphere Information Server
-
CVE-2026-1566
HIGH
CVSS 8.8
Authenticated agents in the LatePoint WordPress plugin versions up to 5.2.7 can arbitrarily link customer accounts to any user ID during account creation, enabling privilege escalation to administrator accounts. An attacker with agent-level access can exploit this to reset an administrator's password and gain full site control. No patch is currently available.
WordPress
Privilege Escalation
-
CVE-2026-0869
HIGH
CVSS 8.8
Brocade Active Support Connectivity Gateway versions up to 3.4.0 contains a vulnerability that allows attackers to an unauthorized user to perform ASCG operations related to Brocade Support Link( (CVSS 8.8).
Authentication Bypass
Brocade Active Support Connectivity Gateway
-
CVE-2025-69765
HIGH
CVSS 7.5
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. [CVSS 7.5 HIGH]
RCE
Memory Corruption
Stack Overflow
Tenda
Ax3 Firmware
-
CVE-2025-67840
HIGH
CVSS 7.2
Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). [CVSS 7.2 HIGH]
RCE
Command Injection
Tranzman
-
CVE-2025-66680
HIGH
CVSS 7.1
An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request. [CVSS 7.1 HIGH]
Path Traversal
Wise Force Deleter
-
CVE-2025-66363
HIGH
CVSS 7.5
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. [CVSS 7.5 HIGH]
Samsung
Exynos 2200 Firmware
-
CVE-2025-63912
HIGH
CVSS 7.5
Tranzman versions up to 4.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).
Information Disclosure
-
CVE-2025-63911
HIGH
CVSS 7.2
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability. [CVSS 7.2 HIGH]
Command Injection
Tranzman
-
CVE-2025-63910
HIGH
CVSS 7.2
Tranzman versions up to 4.0 is affected by insufficient verification of data authenticity (CVSS 7.2).
Authentication Bypass
RCE
File Upload
Tranzman
-
CVE-2025-63909
HIGH
CVSS 7.2
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. [CVSS 7.2 HIGH]
Authentication Bypass
Privilege Escalation
Tranzman
-
CVE-2025-62817
HIGH
CVSS 7.5
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. [CVSS 7.5 HIGH]
Denial Of Service
Null Pointer Dereference
Samsung
Exynos 1280 Firmware
Exynos 1380 Firmware
-
CVE-2025-62814
HIGH
CVSS 7.5
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service. [CVSS 7.5 HIGH]
Denial Of Service
Null Pointer Dereference
Samsung
Exynos 1280 Firmware
Exynos 1380 Firmware
-
CVE-2025-52365
HIGH
CVSS 7.8
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). [CVSS 7.8 HIGH]
Command Injection
-
CVE-2025-15595
HIGH
CVSS 7.8
A privilege escalation vulnerability in Inno Setup 6.2.1 and earlier versions allows local attackers to gain elevated privileges through DLL hijacking. This vulnerability requires user interaction but no authentication, enabling attackers to execute arbitrary code with higher privileges by placing a malicious DLL in a location searched by the installer. While not currently listed in CISA KEV, the vulnerability has a moderate EPSS score of 0.043% and affects a widely-used Windows installer creation tool.
Privilege Escalation
Inno Setup
-
CVE-2025-12345
HIGH
CVSS 7.4
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. [CVSS 8.8 HIGH]
Buffer Overflow
-
CVE-2024-55027
HIGH
CVSS 7.5
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. [CVSS 7.5 HIGH]
Information Disclosure
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2024-55022
HIGH
CVSS 8.8
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. [CVSS 8.8 HIGH]
Command Injection
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2024-55021
HIGH
CVSS 7.5
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. [CVSS 7.5 HIGH]
Authentication Bypass
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2024-55019
HIGH
CVSS 7.5
Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. [CVSS 7.5 HIGH]
Authentication Bypass
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2021-35486
HIGH
CVSS 8.1
Impact Mobile versions up to 19.11.2.10-20210118042150283 is affected by cross-site request forgery (csrf) (CVSS 8.1).
CSRF
Impact Mobile
-
CVE-2021-35485
HIGH
CVSS 8.0
Impact versions up to 19.11.2.10-20210118042150283 is affected by unrestricted upload of file with dangerous type (CVSS 8.0).
File Upload
Impact
-
CVE-2021-35484
HIGH
CVSS 8.2
Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. [CVSS 8.2 HIGH]
SQLi
Impact
-
CVE-2026-27600
MEDIUM
CVSS 5.0
Homebox prior to 0.24.0-rc.1 allows authenticated users to trigger HTTP POST requests to arbitrary destinations through the notifier feature without host or port validation, enabling attackers to enumerate internal services by observing application behavior differences based on network responses. The vulnerability affects all users with authentication access to the notifier functionality and carries a medium risk due to its reliance on behavioral side-channels rather than direct information disclosure.
SSRF
Homebox
-
CVE-2026-26272
MEDIUM
CVSS 4.6
Stored XSS in Homebox prior to 0.24.0-rc.1 allows authenticated users to upload malicious HTML or SVG files containing executable JavaScript that runs in the application's security context when accessed by other users. An attacker with valid credentials can exploit improper file type validation in the attachment upload feature to execute arbitrary scripts against victims viewing the malicious files. The vulnerability has been patched in version 0.24.0-rc.1.
XSS
Homebox
-
CVE-2026-25590
MEDIUM
CVSS 4.5
GLPI Inventory Plugin versions prior to 1.6.6 contain a reflected cross-site scripting vulnerability in task jobs that allows authenticated attackers with high privileges to execute malicious scripts in users' browsers. An attacker can exploit this by crafting a malicious link to inject arbitrary HTML or JavaScript when a user clicks it, potentially leading to session hijacking or credential theft. No patch is currently available for affected installations.
XSS
Glpi Inventory
-
CVE-2026-24415
MEDIUM
CVSS 6.1
Reflected cross-site scripting in OpenSTAManager v2.9.8 and earlier allows unauthenticated attackers to inject malicious scripts through unsanitized GET parameters in invoice/order/contract modification interfaces. Public exploit code exists for this vulnerability, affecting all users of the software. An attacker can steal session tokens, perform unauthorized actions, or compromise user browsers when victims interact with crafted malicious links.
XSS
Openstamanager
-
CVE-2026-21866
MEDIUM
CVSS 5.4
Dify versions prior to 1.11.2 contain a stored cross-site scripting vulnerability in Mermaid diagram rendering due to insecure default security configurations, allowing authenticated attackers with user interaction to inject and execute malicious scripts with cross-site impact. Public exploit code exists for this vulnerability, affecting users and developers of the Dify LLM application development platform. A patch is available in version 1.11.2 and later.
XSS
AI / ML
Dify
-
CVE-2026-20801
MEDIUM
CVSS 5.6
in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams.
This issue affects all versions of Gallagher NxWitness VMS integration versions up to 9.10.017 is affected by cleartext transmission of sensitive information (CVSS 5.6).
Information Disclosure
-
CVE-2026-3494
MEDIUM
CVSS 4.3
MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.
Information Disclosure
MariaDB
Red Hat
Aurora Mysql
Relational Database Service
-
CVE-2026-3484
MEDIUM
CVSS 6.3
Command injection in PhialsBasement nmap-mcp-server allows authenticated remote attackers to execute arbitrary system commands through the Nmap CLI Command Handler component due to improper input sanitization in child_process.exec. Public exploit code exists for this vulnerability, and affected users should apply the available patch to remediate the risk.
Command Injection
Mcp Nmap Server
-
CVE-2026-3351
MEDIUM
CVSS 4.3
Canonical LXD 6.6 on Linux contains an authorization bypass in the GET /1.0/certificates API endpoint that allows authenticated users with restricted privileges to enumerate all certificate fingerprints trusted by the server. Public exploit code exists for this vulnerability. While this enables information disclosure with limited impact, it could facilitate further attacks by revealing trust relationships on the system.
Linux
Lxd
Suse
-
CVE-2026-3344
MEDIUM
CVSS 4.9
WatchGuard Fireware OS contains a filesystem integrity bypass vulnerability in versions 12.0-12.11.7, 12.5.9-12.5.16, and 2025.1-2026.1.1 that allows authenticated attackers with high privileges to deploy malicious firmware updates and establish limited persistence on affected appliances. An attacker could circumvent security checks designed to validate firmware authenticity, though currently no patch is available.
Authentication Bypass
Fireware
-
CVE-2026-3343
MEDIUM
CVSS 6.1
Fireware OS Web UI contains a reflected XSS vulnerability that allows attackers to execute arbitrary JavaScript in authenticated administrators' browsers through crafted links, affecting versions 12.7-12.11.7 and 2025.1-2026.1.1. An attacker can leverage this to perform administrative actions or steal session credentials from targeted management users who click malicious links. No patch is currently available.
XSS
Fireware
-
CVE-2026-2606
MEDIUM
CVSS 6.5
Improper input validation in IBM webMethods API Gateway and API Management allows authenticated attackers to read arbitrary files on the server by supplying a file:// URI to the /createapi endpoint instead of the expected https:// schema. Affected versions include webMethods API Gateway 10.11 through 11.1_Fix7 and webMethods API Management on-premises installations. No patch is currently available for this medium-severity vulnerability.
IBM
Webmethods Api Gateway
-
CVE-2026-1713
MEDIUM
CVSS 5.0
Improper use of cryptographic functions in IBM MQ versions 9.1 through 9.4 allows local attackers with user privileges to modify message integrity through user interaction. The vulnerability affects multiple LTS and CD releases across the supported product line, with no patch currently available. An attacker could manipulate messages in transit to alter their content without detection.
IBM
Mq
-
CVE-2026-1487
MEDIUM
CVSS 6.5
Calendar Booking Plugin for Appointments and Event versions up to 5.2.7 is affected by sql injection (CVSS 6.5).
WordPress
SQLi
-
CVE-2026-1336
MEDIUM
CVSS 5.3
AI ChatBot with ChatGPT and Content Generator by AYS (WordPress plugin) is affected by missing authorization (CVSS 5.3).
WordPress
Authentication Bypass
-
CVE-2026-1265
MEDIUM
CVSS 4.3
Infosphere Information Server versions up to 11.7.1.6 is affected by insertion of sensitive information into log file (CVSS 4.3).
IBM
Infosphere Information Server
-
CVE-2026-0540
MEDIUM
CVSS 5.3
DOMPurify versions 2.5.3-2.5.8 and 3.1.3-3.3.1 fail to sanitize attribute values within certain rawtext HTML elements (noscript, xmp, noembed, noframes, iframe), allowing attackers to inject malicious scripts that execute when sanitized content is rendered in these contexts. An attacker can exploit this by embedding JavaScript payloads in HTML attributes, bypassing DOMPurify's sanitization to achieve cross-site scripting. A patch is available in commit 729097f.
XSS
Red Hat
Suse
-
CVE-2025-64736
MEDIUM
CVSS 6.1
An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. [CVSS 6.1 MEDIUM]
Buffer Overflow
Information Disclosure
Libbiosig
-
CVE-2025-62816
MEDIUM
CVSS 5.5
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service. [CVSS 5.5 MEDIUM]
Denial Of Service
Samsung
Exynos 1280 Firmware
Exynos 1380 Firmware
Exynos 1480 Firmware
-
CVE-2025-62815
MEDIUM
CVSS 5.5
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service. [CVSS 5.5 MEDIUM]
Denial Of Service
Null Pointer Dereference
Samsung
Exynos 1380 Firmware
Exynos 1480 Firmware
-
CVE-2025-59060
MEDIUM
CVSS 5.3
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. [CVSS 5.3 MEDIUM]
Apache
Ranger
-
CVE-2025-47147
MEDIUM
CVSS 5.7
s mobile device to extract the session token and exploit access for a limited duration.
This issue affects Command Centre Mobile Client versions up to 9.40.123. is affected by cleartext storage of sensitive information (CVSS 5.7).
Android
-
CVE-2025-36364
MEDIUM
CVSS 6.2
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. [CVSS 6.2 MEDIUM]
IBM
Devops Plan
-
CVE-2025-36363
MEDIUM
CVSS 5.9
Devops Plan versions up to 3.0.5 is affected by improper restriction of excessive authentication attempts (CVSS 5.9).
IBM
Devops Plan
-
CVE-2025-15599
MEDIUM
CVSS 6.1
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. [CVSS 6.1 MEDIUM]
XSS
Red Hat
Dompurify
-
CVE-2025-14923
MEDIUM
CVSS 4.7
Websphere Application Server versions up to 26.0.0.2 is affected by use of hard-coded cryptographic key (CVSS 4.7).
IBM
Websphere Application Server
-
CVE-2025-14604
MEDIUM
CVSS 6.6
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. [CVSS 6.6 MEDIUM]
IBM
Storage Scale
-
CVE-2025-14480
MEDIUM
CVSS 5.1
Aspera Faspio Gateway versions up to 1.3.6 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.1).
IBM
Aspera Faspio Gateway
-
CVE-2025-14456
MEDIUM
CVSS 5.9
Mq Appliance versions up to 9.4.4.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).
IBM
Mq Appliance
-
CVE-2025-13734
MEDIUM
CVSS 5.4
Engineering Requirements Management Doors Next versions up to 7.1 is affected by missing authorization (CVSS 5.4).
IBM
Engineering Requirements Management Doors Next
-
CVE-2025-13688
MEDIUM
CVSS 6.3
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component. [CVSS 6.3 MEDIUM]
IBM
Datastage On Cloud Pak For Data
-
CVE-2025-13687
MEDIUM
CVSS 6.3
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component. [CVSS 6.3 MEDIUM]
IBM
Datastage On Cloud Pak For Data
-
CVE-2025-13686
MEDIUM
CVSS 6.3
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component. [CVSS 6.3 MEDIUM]
IBM
Datastage On Cloud Pak For Data
-
CVE-2025-13616
MEDIUM
CVSS 6.5
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. [CVSS 6.5 MEDIUM]
IBM
Datastage On Cloud Pak For Data
-
CVE-2025-13490
MEDIUM
CVSS 5.9
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive...
IBM
App Connect Enterprise Certified Containers Operands
App Connect Operator
-
CVE-2024-55025
MEDIUM
CVSS 6.5
Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. [CVSS 6.5 MEDIUM]
Authentication Bypass
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2024-55023
MEDIUM
CVSS 5.3
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. [CVSS 5.3 MEDIUM]
Authentication Bypass
Cmt 3072xh2 Firmware
Easyweb
-
CVE-2021-35483
MEDIUM
CVSS 4.1
Impact versions up to 19.11.2.10-20210118042150283 is affected by cross-site scripting (xss) (CVSS 4.1).
XSS
Impact
-
CVE-2026-26891
LOW
CVSS 2.7
Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
PHP
SQLi
-
CVE-2026-26890
LOW
CVSS 2.7
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. [CVSS 2.7 LOW]
PHP
SQLi
-
CVE-2026-26889
LOW
CVSS 2.7
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. [CVSS 2.7 LOW]
PHP
SQLi
-
CVE-2026-26888
LOW
CVSS 2.7
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. [CVSS 2.7 LOW]
PHP
SQLi
-
CVE-2026-26887
LOW
CVSS 2.7
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. [CVSS 2.7 LOW]
PHP
SQLi
-
CVE-2026-26886
LOW
CVSS 2.7
Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
PHP
SQLi
-
CVE-2026-26885
LOW
CVSS 2.7
Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
PHP
SQLi
-
CVE-2026-26884
LOW
CVSS 2.7
Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
PHP
SQLi
-
CVE-2026-26883
LOW
CVSS 2.7
Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).
PHP
SQLi
-
CVE-2026-25674
LOW
CVSS 3.7
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. [CVSS 3.7 LOW]
Golang
Race Condition
Django
-
CVE-2026-20757
LOW
CVSS 2.5
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. [CVSS 2.5 LOW]
Race Condition
-
CVE-2026-3487
LOW
CVSS 2.0
SQL injection in itsourcecode College Management System 1.0 allows authenticated remote attackers to manipulate the course_code parameter in /admin/class-result.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.
PHP
SQLi
-
CVE-2026-3486
LOW
CVSS 2.0
SQL injection in itsourcecode College Management System 1.0 via the roll_no parameter in /admin/student-fee.php allows authenticated administrators to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but poses a risk to confidentiality, integrity, and availability of student records.
PHP
SQLi
-
CVE-2026-3465
LOW
CVSS 1.3
A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. [CVSS 3.1 LOW]
Denial Of Service
Google
-
CVE-2026-3463
LOW
CVSS 1.9
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. [CVSS 3.3 LOW]
Buffer Overflow
-
CVE-2026-3455
LOW
CVSS 2.0
Versions of the package mailparser versions up to 3.9.3 is affected by cross-site scripting (xss) (CVSS 6.1).
XSS
-
CVE-2026-3449
LOW
CVSS 1.9
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded app...
Information Disclosure
-
CVE-2026-1775
None
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device.
Authentication Bypass
-
CVE-2026-0754
None
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.
Information Disclosure
-
CVE-2025-15598
LOW
CVSS 2.9
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns use...
Information Disclosure
-
CVE-2023-31044
LOW
CVSS 2.0
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. [CVSS 2.0 LOW]
RCE
Code Injection