Skip to main content
CVE-2026-24696 HIGH This Week

Remote denial-of-service and credential brute-force attacks against Everon's api.everon.io WebSocket interface allow unauthenticated attackers to disrupt electric vehicle charging infrastructure by overwhelming the authentication endpoint with unlimited login attempts, suppressing or mis-routing charger telemetry data, or compromising accounts through password guessing. EPSS score is low (0.06%, 20th percentile) indicating limited observed exploitation activity, though the network-accessible, zero-authentication attack vector poses clear operational risk to charging station operators relying on this API for fleet management.

Authentication Bypass Api Everon Io
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-29063 HIGH PATCH GHSA This Week

Immutable.js provides many Persistent Immutable data structures. versions up to 3.8.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution).

Prototype Pollution Information Disclosure Immutable
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-29062 HIGH PATCH This Week

Uncontrolled-recursion denial of service in FasterXML jackson-core 3.0.0 through 3.0.x lets a remote attacker crash JSON-processing services by submitting a deeply nested JSON document. The UTF8DataInputJsonParser (DataInput sources) and ReaderBasedJsonParser fail to enforce the StreamReadConstraints maxNestingDepth limit (default 500), so excessive nesting drives a StackOverflowError. No public exploit identified at time of analysis and EPSS is low (0.06%), but the bug is trivially triggerable against any service that parses untrusted JSON with these parsers; fixed in 3.1.0.

Denial Of Service Jackson Core
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-15602 HIGH PATCH This Week

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset,...

Information Disclosure Snipe It
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-28683 HIGH PATCH This Week

Stored XSS in Gokapi through malicious SVG file uploads enables authenticated attackers to execute arbitrary JavaScript in users' browsers via hotlinked files. An attacker with valid credentials can craft SVG payloads that persist in the application and compromise other users accessing the shared links. No patch is currently available for versions prior to 2.2.3.

XSS Gokapi Suse
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-28508 HIGH PATCH This Week

Idno prior to version 1.6.4 contains an authentication bypass in the URL unfurl API endpoint that allows unauthenticated attackers to trigger arbitrary outbound HTTP requests from the server. An attacker can exploit this to access internal network addresses and cloud metadata services, potentially exposing sensitive configuration and credentials. No patch is currently available for affected installations.

CSRF SSRF Known
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-30242 HIGH PATCH This Week

Plane is an an open-source project management tool. [CVSS 8.5 HIGH]

SSRF Plane
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-29075 HIGH PATCH This Week

Unsafe checkout of untrusted code in Mesa's benchmarks.yml GitHub Actions workflow prior to version 3.5.1 enables arbitrary code execution with elevated privileges on CI/CD runners. An attacker can exploit this by submitting malicious pull requests to execute commands in the privileged runner environment, potentially compromising the build pipeline and downstream users. A patch is available in commit c35b8cd.

Python AI / ML Mesa
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-29046 HIGH This Week

TinyWeb versions prior to 2.04 fail to properly sanitize control characters and encoded sequences (CR, LF, NUL) in HTTP request headers, allowing attackers to inject malicious values into CGI environment variables and bypass parser validation. This network-accessible vulnerability enables header injection attacks that could lead to data corruption or denial of service without requiring authentication. No patch is currently available for affected deployments.

Information Disclosure Tinyweb
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-30845 HIGH PATCH This Week

Wekan versions 8.31.0 through 8.33 expose webhook URLs and authentication tokens to all board members through unfiltered publication of integration data, allowing any user with board access—including read-only members and users on public boards—to retrieve sensitive credentials. Attackers can leverage these exposed tokens to make unauthorized requests to connected external services and trigger unintended actions. The vulnerability affects Wekan's board composite publication mechanism and has been patched in version 8.34.

Information Disclosure Wekan
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-28677 HIGH This Week

OpenSift versions prior to 1.6.3-alpha are vulnerable to server-side request forgery (SSRF) attacks through the URL ingest pipeline, which fails to properly validate credentialed URLs, non-standard ports, and cross-host redirects in non-localhost deployments. An unauthenticated remote attacker can exploit this to access internal resources and potentially exfiltrate sensitive data from the affected system. No patch is currently available for this vulnerability.

SSRF Opensift
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-30230 HIGH This Week

self-hostable file sharing platform that integrates with screenshot tools. versions up to 1.7.2 is affected by authorization bypass through user-controlled key.

Authentication Bypass Red Hat
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-30241 HIGH PATCH This Week

Mercurius versions prior to 16.8.0 fail to validate GraphQL subscription query depth limits over WebSocket connections, allowing remote attackers to bypass depth restrictions that are properly enforced for HTTP queries. An attacker can exploit this to submit arbitrarily nested subscription queries that cause denial of service through exponential data resolution on schemas with recursive types. A patch is available in version 16.8.0.

Denial Of Service Mercurius
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-29091 HIGH PATCH This Week

Remote code execution in Locutus prior to version 3.0.0 allows unauthenticated remote attackers to execute arbitrary JavaScript code through improper validation in the call_user_func_array function, which unsafely passes user-controlled callback parameters to eval(). Applications using the vulnerable versions of this JavaScript standard library implementation are at risk of complete compromise through network-based attacks. No patch is currently available for affected deployments.

RCE Code Injection Locutus
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-28681 HIGH PATCH This Week

Host header injection in Internet Routing Registry daemon (IRRd) 4.4.0-4.4.4 and 4.5.0 allows remote attackers to redirect password reset and account creation confirmation links to attacker-controlled domains, enabling account takeover of IRR database maintainer accounts. Successfully exploited accounts can modify routing policy objects (RPSL) in the IRR database. EPSS score of 0.06% (18th percentile) indicates low predicted exploitation probability. Vendor patches available in versions 4.4.5 and 4.5.1.

Open Redirect
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-29093 HIGH This Week

Memcached session storage exposure in AVideo prior to version 24.0 allows unauthenticated remote attackers to read, modify, or delete user sessions by accessing the publicly exposed memcached service on port 11211. An attacker with network access to this port can hijack admin accounts, impersonate users, or destroy all active sessions without any authentication. This affects the official Docker deployment configuration for PHP, Docker, and AVideo products.

PHP Docker Authentication Bypass Avideo
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-30844 HIGH PATCH This Week

Server-Side Request Forgery in Wekan 8.32-8.33 allows authenticated users to force the server to make arbitrary HTTP requests by supplying malicious attachment URLs during board imports from JSON data or Trello. An attacker could exploit this to access internal network services, cloud metadata endpoints, or expose sensitive credentials without any URL validation occurring on the server side.

SSRF Wekan
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-59541 HIGH This Week

Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. [CVSS 8.1 HIGH]

CSRF Chamilo Lms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28727 HIGH This Week

Acronis Cyber Protect and Cloud Agent on macOS before specific builds contain an insecure Unix socket permissions vulnerability that allows local authenticated users to escalate privileges and gain complete system control. An attacker with local access can exploit this misconfiguration to read sensitive data, modify system files, and execute arbitrary commands with elevated rights. No patch is currently available for this HIGH severity vulnerability.

Privilege Escalation Apple
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-29178 HIGH PATCH This Week

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/{filename} endpoint is vulnerable to unauthenticated SSRF through parameter injection in the file_type query parameter. An attacker can inject arbitrary query parameters into the internal request to pict-rs, including the proxy parameter which causes pict-rs...

SSRF
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-28429 HIGH This Week

Remote unauthenticated attackers can read arbitrary files from Talishar (Flesh and Blood fan-made game) servers via path traversal in the ParseGamestate.php script's gameName parameter. The vulnerability affects all versions prior to commit 6be3871 and allows direct access to sensitive server files without authentication (CVSS 7.5, AV:N/PR:N). While EPSS exploitation probability is relatively low (0.47%, 64th percentile), the unauthenticated remote attack vector and confirmed patch availability make this a priority for exposed deployments. No active exploitation or public POC identified at time of analysis.

PHP Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-30846 HIGH PATCH This Week

Wekan versions 8.31.0 through 8.33 expose global webhook configurations including sensitive URLs and authentication tokens through an unauthenticated server-side publication, allowing any network-based attacker to retrieve webhook credentials without authentication. An attacker exploiting this vulnerability could hijack webhook integrations and gain unauthorized access to connected external services. The vulnerability has been patched in version 8.34.

Authentication Bypass Information Disclosure Wekan
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-29783 HIGH PATCH This Week

Arbitrary code execution in GitHub Copilot CLI versions <=0.0.422 allows attackers to bypass the agent's shell command safety classifier using bash parameter expansion operators (${var@P}, ${var=value}, ${!var}, and nested $(cmd)/<(cmd)). Attackers influencing agent inputs via prompt injection through repository files, MCP server responses, or user instructions can execute hidden commands disguised as read-only operations on the user's workstation. A detailed proof-of-concept is published in the GHSA advisory; EPSS is low (0.10%, 28th percentile) and the issue is not in CISA KEV, so no public exploit identified at time of analysis beyond the vendor-published PoC.

RCE Command Injection Copilot Command Line Interface
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-28718 HIGH This Week

Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Linux Windows Denial Of Service Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2753 HIGH This Week

Navtor NavBox exposes an unauthenticated path traversal vulnerability in its HTTP service that allows remote attackers to read arbitrary files from the server by submitting requests with absolute filesystem paths. Successful exploitation enables unauthorized disclosure of sensitive configuration files and system information, limited only by the service process privileges. No patch is currently available.

Path Traversal Navbox Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25679 HIGH PATCH This Week

Denial of service in Go's net/url package allows remote unauthenticated attackers to crash applications via malformed URLs with invalid host/authority components. The url.Parse function fails to properly validate authority sections, enabling resource exhaustion attacks against any Go application parsing untrusted URLs. EPSS score of 0.07% (22nd percentile) suggests low probability of widespread exploitation despite the network attack vector. Vendor patch available with multiple Red Hat security advisories issued.

Information Disclosure Go
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70363 HIGH This Week

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs. [CVSS 7.5 HIGH]

Authentication Bypass Information Disclosure Ez Platform
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2754 HIGH This Week

Navtor NavBox devices allow unauthenticated remote attackers to retrieve sensitive operational data including ECDIS information, device identifiers, and service logs by sending HTTP requests to the unprotected API on port 8080. An attacker with network access can obtain this configuration and system information without any credentials, potentially facilitating further attacks against maritime navigation systems. No patch is currently available for this vulnerability.

Authentication Bypass Navbox Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-29068 HIGH PATCH This Week

PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.

Buffer Overflow Pjsip Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28799 HIGH PATCH This Week

PJSIP versions prior to 2.17 contain a heap use-after-free vulnerability in the event subscription framework that can be triggered through presence unsubscription requests, allowing remote attackers without authentication to cause denial of service. The vulnerability resides in the evsub.c component and is exploitable over the network with no user interaction required. A patch is available in version 2.17 and later.

Use After Free Pjsip Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-29087 HIGH PATCH This Week

@hono/node-server versions prior to 1.19.10 contain an authorization bypass in static file serving due to inconsistent URL decoding between routing middleware and file resolution logic. An unauthenticated remote attacker can bypass route-based access controls by crafting requests with encoded slashes (%2F) to access protected static resources that should be restricted by middleware. Organizations running affected versions should upgrade immediately as no workaround is available.

Node.js Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3589 HIGH This Week

WooCommerce plugin versions 5.4.0 through 10.5.2 fail to properly validate batch requests, enabling unauthenticated attackers to execute administrative actions through CSRF attacks, including creation of arbitrary admin accounts. The vulnerability affects all WordPress installations running vulnerable WooCommerce versions and requires user interaction to exploit. No patch is currently available.

WordPress CSRF
NVD WPScan
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27137 HIGH PATCH This Week

X.509 certificate chain validation in Go 1.26.0 improperly enforces email address constraints when multiple constraints share local parts but differ in domain parts, causing all but the last constraint to be ignored. This CWE-295 (Improper Certificate Validation) flaw allows attackers to bypass intended certificate usage restrictions through specially crafted certificate chains, potentially enabling unauthorized access to services relying on Go's TLS implementation for email-based certificate validation. EPSS score of 0.03% (9th percentile) indicates low predicted exploitation likelihood, and no active exploitation or public exploit code has been identified at time of analysis.

Information Disclosure Go
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30244 HIGH This Week

Unauthenticated attackers can enumerate workspace members and harvest sensitive information including email addresses, user roles, and internal identifiers from Plane prior to version 1.2.2 due to misconfigured Django REST Framework permissions. The vulnerability requires no authentication or user interaction and allows remote attackers to directly access protected endpoints over the network. No patch is currently available for affected Golang and Django deployments.

Golang Django Plane
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69654 HIGH This Week

A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during runtime cleanup. [CVSS 7.5 HIGH]

Denial Of Service Quickjs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28722 HIGH This Week

Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-28721 HIGH This Week

Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2025-11792 HIGH This Week

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. [CVSS 7.3 HIGH]

Privilege Escalation Agent Windows
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-28507 HIGH PATCH This Week

Unauthenticated attackers can achieve remote code execution in Idno social publishing platform versions before 1.6.4 by exploiting a chain of import file write and template path traversal vulnerabilities. An attacker with high privileges can leverage command injection to execute arbitrary code on affected systems. A patch is available in version 1.6.4 and should be applied immediately as this vulnerability carries a 7.2 CVSS score.

RCE Path Traversal Command Injection Known
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-29182 HIGH PATCH This Week

Parse Server's readOnlyMasterKey incorrectly permits write operations on Cloud Hooks and Cloud Jobs despite being documented to deny mutations, allowing authenticated attackers with knowledge of the key to create, modify, and delete hooks or trigger jobs for potential data exfiltration. This vulnerability affects all Parse Server deployments using the readOnlyMasterKey option and has been patched in versions 8.6.4 and 9.4.1-alpha.3.

Node.js Parse Server
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-30229 HIGH PATCH This Week

Improper authorization in Parse Server versions prior to 8.6.6 and 9.5.0-alpha.4 allows read-only master key holders to bypass access controls via the /loginAs endpoint and obtain valid session tokens for arbitrary users. An attacker with readOnlyMasterKey credentials can impersonate any user and gain full read and write access to their data. All Parse Server deployments utilizing readOnlyMasterKey functionality are affected, and no patch is currently available.

Node.js Parse Server
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-28713 HIGH This Week

Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. An attacker exploiting this could achieve privilege escalation and lateral movement within virtualized environments.

Information Disclosure Cyber Protect Agent
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2025-11791 HIGH This Week

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 5.5 MEDIUM]

Information Disclosure Authentication Bypass Cyber Protect Agent Windows +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27764 MEDIUM This Month

WebSocket session handling in charging station backends allows multiple connections to use identical session identifiers, enabling attackers to hijack active sessions and impersonate legitimate stations without authentication. An adversary can intercept backend commands intended for a target charging station or launch denial-of-service attacks by flooding the backend with spoofed session requests. This vulnerability affects any system relying on this WebSocket implementation and currently lacks an available patch.

Authentication Bypass Mobiliti E Mobi Hu
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-20748 MEDIUM This Month

WebSocket session management in charging station backends allows multiple connections using identical session identifiers, enabling attackers to hijack legitimate sessions and intercept commands or impersonate authorized stations. Unauthenticated remote attackers can exploit this predictable identifier scheme to displace active connections, redirect backend communications, or launch denial-of-service attacks against the charging infrastructure. The vulnerability affects any deployment relying on this WebSocket backend without an available patch.

Authentication Bypass Api Everon Io
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-24912 MEDIUM This Month

WebSocket session handling in charging station backends accepts duplicate session identifiers, allowing attackers to hijack active sessions and intercept commands intended for legitimate stations or impersonate authenticated users. An unauthenticated remote attacker can exploit this predictable session management to displace legitimate connections, redirect backend communications, or launch denial-of-service attacks by flooding the system with valid session requests. No patch is currently available.

Authentication Bypass Epower Ie
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-28801 MEDIUM This Month

Natro Macro versions prior to 1.1.0 execute arbitrary AutoHotkey code embedded in shared pattern and path files, allowing attackers to achieve code execution with the privileges of the logged-in user. Since these configuration files are commonly distributed among users, malicious actors can inject code that executes silently in the background alongside legitimate macro functionality. The vulnerability affects users who load untrusted pattern or path files from external sources.

RCE Code Injection Natro Macro
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-27777 MEDIUM This Month

Charging station authentication credentials are exposed through publicly accessible web-based mapping platforms, allowing unauthenticated remote attackers to obtain valid authentication identifiers. An attacker with these credentials could gain unauthorized access to charging station networks and potentially manipulate charging operations or access connected infrastructure. No patch is currently available for this vulnerability.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27770 MEDIUM This Month

Charging station authentication credentials are exposed through public web-based mapping platforms, allowing unauthenticated remote attackers to obtain sensitive authentication identifiers. This exposure enables attackers to potentially gain unauthorized access to charging infrastructure and associated systems. No patch is currently available for this vulnerability.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27027 MEDIUM This Month

Charging station authentication credentials are exposed through publicly accessible web-based mapping platforms, allowing unauthenticated remote attackers to obtain sensitive authentication identifiers. An attacker with these credentials could potentially gain unauthorized access to charging infrastructure management systems or perform unauthorized operations on affected stations. No patch is currently available for this vulnerability.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy