THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — March 09, 2026

116 CVEs tracked today. 11 Critical, 61 High, 38 Medium, 2 Low.

CVE-2026-31816 CRITICAL CVSS 9.1
Authorization bypass in Budibase 3.31.4 and earlier. The authorized() middleware can be bypassed, enabling injection attacks. PoC available.

CSRF Budibase
CVE-2026-30240 CRITICAL CVSS 9.6
Path traversal in Budibase low-code platform 3.31.5 and earlier allows attackers to read arbitrary files through the application builder.

Path Traversal Budibase
CVE-2026-24713 CRITICAL CVSS 9.8
Input validation vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Second critical CVE affecting the IoT database.

Apache Iotdb
CVE-2026-24015 CRITICAL CVSS 9.8
Vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Critical severity issue in the IoT time-series database platform.

Apache Iotdb
CVE-2026-3630 CRITICAL CVSS 9.8
Stack-based buffer overflow in Delta Electronics COMMGR2 communication management software. ICS vulnerability enabling remote code execution on industrial communication gateways.

Industrial Buffer Overflow Stack Overflow Commgr2
CVE-2025-70046 CRITICAL CVSS 9.8
Inclusion of functionality from untrusted control sphere in Miazzy oa-front-service allows executing code from untrusted sources.

Information Disclosure Oa Font Service
CVE-2025-70042 CRITICAL CVSS 9.8
SSRF vulnerability in ThermaKube Kubernetes monitoring tool allows server-side requests to internal services.

SSRF Thermakube
CVE-2025-70039 CRITICAL CVSS 9.8
OS command injection in Linagora Twake v2023.Q1.1223 allows unauthenticated remote code execution.

Command Injection Twake
CVE-2025-41765 CRITICAL CVSS 9.1
Unauthorized file upload via wwwupload.cgi endpoint. Same product as CVE-2025-41764 — second unauthorized upload vector.

Authentication Bypass Universal Bacnet Router Firmware
CVE-2025-41764 CRITICAL CVSS 9.1
Unauthorized firmware upload via wwwupdate.cgi endpoint due to insufficient authorization. Remote attackers can upload and apply arbitrary firmware updates.

Authentication Bypass Universal Bacnet Router Firmware
CVE-2025-40639 CRITICAL CVSS 9.8
SQL injection in Eventobot event management application allows unauthenticated attackers to perform complete database operations including data retrieval, creation, update, and deletion.

PHP SQLi Eventobot
CVE-2025-14558 HIGH CVSS 7.2
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. [CVSS 7.2 HIGH]

Information Disclosure Freebsd
CVE-2026-30896 HIGH CVSS 7.8
Arbitrary code execution with administrative privileges in Qsee Client 1.0.1 and earlier through insecure DLL loading in the installer. An attacker can exploit this by placing a malicious DLL in the same directory as the installer and tricking a user into executing it. No patch is currently available.

Privilege Escalation RCE Qsee Client
CVE-2026-30140 HIGH CVSS 7.5
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. [CVSS 7.5 HIGH]

Information Disclosure Authentication Bypass W15e Firmware
CVE-2026-29023 HIGH CVSS 7.3
Keygraph Shannon's router component exposes a hard-coded API key that allows unauthenticated network attackers to intercept and proxy requests through the application when the router is enabled and accessible. Attackers can leverage this static credential to abuse upstream provider API resources and potentially access sensitive request/response data belonging to legitimate users. No patch is currently available for this vulnerability.

Authentication Bypass
CVE-2026-25960 HIGH CVSS 7.1
vLLM 0.17.0 contains a Server-Side Request Forgery (SSRF) vulnerability where inconsistent URL parsing between the validation layer (urllib3) and the HTTP client (aiohttp/yarl) allows authenticated attackers to bypass SSRF protections and make requests to internal resources. An attacker with valid credentials can craft malicious URLs to access restricted endpoints or internal services that should be blocked by the SSRF mitigation implemented in version 0.15.1.

SSRF Vllm Redhat
CVE-2026-25866 HIGH CVSS 7.8
Arbitrary code execution in MobaXterm prior to version 26.1 allows local attackers to hijack the application's search path when it launches Notepad++ without a fully qualified path, enabling malicious executable injection. An authenticated user can exploit this flaw by placing a crafted executable earlier in the system PATH to achieve code execution with the privileges of the MobaXterm user. No patch is currently available.

RCE
CVE-2026-25737 HIGH CVSS 8.9
Arbitrary file upload in Budibase 3.24.0 and earlier allows authenticated attackers to bypass UI-level file extension restrictions and upload malicious files by directly manipulating requests. An attacker with valid credentials can circumvent the intended upload controls to potentially execute arbitrary code or compromise system integrity. No patch is currently available for this vulnerability.

File Upload Budibase
CVE-2026-25045 HIGH CVSS 8.8
Budibase suffers from missing server-side role validation in user management APIs, allowing Creator-level users to escalate privileges and perform unauthorized actions reserved for Tenant Admins and Owners. An authenticated attacker with Creator permissions can promote themselves to Tenant Admin, demote existing administrators, modify owner accounts, and manipulate organizational orders, resulting in complete tenant compromise. No patch is currently available for this high-severity vulnerability.

Privilege Escalation Authentication Bypass Budibase
CVE-2026-25041 HIGH CVSS 7.2
Command injection in Budibase 3.23.22 and earlier allows authenticated attackers with high privileges to execute arbitrary system commands by injecting malicious values into PostgreSQL connection parameters that are unsanitized in shell command construction. An attacker with administrative access can exploit this vulnerability to gain complete control over the underlying server hosting the Budibase instance. No patch is currently available for this vulnerability.

PostgreSQL Command Injection Budibase
CVE-2026-3823 HIGH CVSS 8.8
Unauthenticated remote attackers can exploit a stack-based buffer overflow in Atop EHG2408 series switches to achieve arbitrary code execution and full system compromise. The vulnerability requires only network access and no user interaction, allowing attackers to completely control affected devices. No patch is currently available for this high-severity flaw affecting network infrastructure.

Buffer Overflow Stack Overflow Atop Ehg2408 2sfp Firmware Atop Ehg2408 Firmware
CVE-2026-3818 HIGH CVSS 7.3
SQL injection in Tiandy Easy7 CMS 7.17.0 allows unauthenticated remote attackers to manipulate the strTBName parameter in GetDBData.jsp, potentially accessing or modifying sensitive database information. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Windows SQLi Easy7 Cms
CVE-2026-3815 HIGH CVSS 8.8
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 via a buffer overflow in the /goform/formApMail handler allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at elevated risk. The attack requires network access but no user interaction, making it a significant threat to organizations using this device.

Buffer Overflow 810g Firmware
CVE-2026-3814 HIGH CVSS 8.8
Unauthenticated remote attackers can achieve complete system compromise (code execution, data theft, and denial of service) against UTT HiPER 810G firmware versions up to 1.7.7-1711 through a buffer overflow in the /goform/getOneApConfTempEntry endpoint. Public exploit code is available and actively being leveraged in attacks. No patch is currently available for affected devices.

Buffer Overflow 810g Firmware
CVE-2026-3811 HIGH CVSS 8.8
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated remote attackers to achieve complete system compromise through a malformed page parameter in the /goform/P2pListFilter endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk of code execution and data theft.

Buffer Overflow Stack Overflow Fh1202 Firmware
CVE-2026-3810 HIGH CVSS 8.8
Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated attackers to achieve remote code execution through a malicious page parameter in the /goform/DhcpListClient endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for deployed devices. This affects both the Tenda FH1202 router and Stack Overflow services with high severity impact on confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Fh1202 Firmware
CVE-2026-3809 HIGH CVSS 8.8
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve complete system compromise through manipulation of the page parameter in the /goform/NatStaticSetting function. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires valid credentials but can be exploited over the network with no user interaction.

Buffer Overflow Stack Overflow Fh1202 Firmware
CVE-2026-3808 HIGH CVSS 8.8
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve full system compromise through manipulation of the webSiteId parameter in the /goform/webtypelibrary function. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the potential for complete confidentiality, integrity, and availability impact.

Buffer Overflow Stack Overflow Fh1202 Firmware
CVE-2026-3807 HIGH CVSS 8.8
Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote attackers with low privileges to execute arbitrary code through crafted mit_ssid parameters sent to the AdvSetWrlsafeset function. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it readily exploitable in affected deployments.

Buffer Overflow Stack Overflow Fh1202 Firmware
CVE-2026-3804 HIGH CVSS 8.8
Remote code execution in Tenda i3 1.0.0.6(2204) firmware allows unauthenticated attackers to achieve full system compromise through a stack-based buffer overflow in the WifiMacFilterSet function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring immediate mitigation through network segmentation or device isolation.

Buffer Overflow Stack Overflow I3 Firmware
CVE-2026-3803 HIGH CVSS 8.8
Remote code execution in Tenda i3 firmware versions up to 1.0.0.6(2204) via stack-based buffer overflow in the WiFi MAC filter function allows unauthenticated attackers to achieve full system compromise over the network. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires only low complexity to exploit and affects the confidentiality, integrity, and availability of affected devices.

Buffer Overflow Stack Overflow I3 Firmware
CVE-2026-3802 HIGH CVSS 8.8
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve code execution by manipulating the cmdinput parameter in the /goform/exeCommand function. Public exploit code exists for this vulnerability and no patch is currently available, placing affected devices at immediate risk.

Buffer Overflow Stack Overflow I3 Firmware
CVE-2026-3801 HIGH CVSS 8.8
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of ping parameters in the setAutoPing function. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Buffer Overflow Stack Overflow I3 Firmware
CVE-2026-3799 HIGH CVSS 8.8
Stack overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through a malformed funcpara1 parameter in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow I3 Firmware
CVE-2026-3794 HIGH CVSS 7.3
DoraCMS 3.0.x Email API endpoint /api/v1/mail/send contains an authentication bypass vulnerability that allows unauthenticated remote attackers to send emails and potentially access sensitive functionality. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The flaw carries a CVSS score of 7.3 with moderate confidentiality, integrity, and availability impact.

Authentication Bypass Doracms
CVE-2026-3631 HIGH CVSS 7.5
Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. [CVSS 7.5 HIGH]

Industrial Buffer Overflow Denial Of Service Commgr2
CVE-2026-3588 HIGH CVSS 7.5
IKEA Dirigera v2.866.4 contains a server-side request forgery vulnerability that enables authenticated attackers with high privileges to extract private cryptographic keys through specially crafted requests. The vulnerability impacts the confidentiality of sensitive authentication material while also introducing integrity and availability risks, though no patch is currently available.

SSRF
CVE-2026-3288 HIGH CVSS 8.8
Arbitrary code execution in ingress-nginx controllers via malicious rewrite-target annotations allows authenticated attackers to execute commands and exfiltrate cluster secrets. Kubernetes administrators using ingress-nginx are at risk, particularly in default configurations where the controller has cluster-wide secret access. No patch is currently available.

Nginx Kubernetes
CVE-2026-3038 HIGH CVSS 7.5
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. [CVSS 7.5 HIGH]

Buffer Overflow Privilege Escalation Memory Corruption Freebsd
CVE-2026-2261 HIGH CVSS 7.5
FreeBSD's blocklistd service leaks socket descriptors on each adverse event report, causing progressive service degradation until it can no longer block malicious IP addresses or process new reports. An attacker can exploit this by generating numerous fraudulent adverse events from disposable IP addresses to exhaust socket resources and disable the blocking mechanism before launching an actual attack. The vulnerability has a high severity rating (CVSS 7.5) and currently lacks a patch.

Denial Of Service Freebsd
CVE-2026-0846 HIGH CVSS 8.6
Unsafe path handling in NLTK's filestring() function enables attackers to read arbitrary files on affected iOS and AI/ML systems through improper input validation. An unauthenticated attacker can exploit this over the network by supplying directory traversal or absolute paths to access sensitive data, with particular risk in deployments exposing the function through web APIs. No patch is currently available for this high-severity vulnerability (CVSS 8.6).

AI / ML Redhat Suse
CVE-2025-70250 HIGH CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
CVE-2025-70243 HIGH CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
CVE-2025-70238 HIGH CVSS 7.5
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. [CVSS 7.5 HIGH]

D-Link Buffer Overflow Dir 513 Firmware
CVE-2025-70059 HIGH CVSS 7.5
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. [CVSS 7.5 HIGH]

Denial Of Service Yapi
CVE-2025-70048 HIGH CVSS 7.5
An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2. [CVSS 7.5 HIGH]

Information Disclosure Nexusinterface
CVE-2025-70047 HIGH CVSS 7.5
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2. [CVSS 7.5 HIGH]

Denial Of Service Nexusinterface
CVE-2025-70038 HIGH CVSS 8.8
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code. [CVSS 8.8 HIGH]

RCE XSS Twake
CVE-2025-70034 HIGH CVSS 7.5
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0. [CVSS 7.5 HIGH]

Denial Of Service Redhat
CVE-2025-70031 HIGH CVSS 8.8
An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 8.8 HIGH]

CSRF
CVE-2025-70030 HIGH CVSS 7.5
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 7.5 HIGH]

Denial Of Service
CVE-2025-70028 HIGH CVSS 7.5
An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 7.5 HIGH]

Path Traversal
CVE-2025-69279 HIGH CVSS 7.5
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

Denial Of Service Android Google
CVE-2025-69278 HIGH CVSS 7.5
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

Denial Of Service Android Google
CVE-2025-69219 HIGH CVSS 8.8
Airflow Providers Http is affected by improper control of dynamically-managed code resources (CVSS 8.8).

RCE Airflow Providers Http
CVE-2025-62166 HIGH CVSS 7.5
self-hostable RSS aggregator. versions up to 1.28.0 is affected by improper access control (CVSS 7.5).

Authentication Bypass Freshrss
CVE-2025-61616 HIGH CVSS 7.5
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

Denial Of Service Android Google
CVE-2025-61615 HIGH CVSS 7.5
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

Denial Of Service Android Google
CVE-2025-61614 HIGH CVSS 7.5
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

Denial Of Service Android Google
CVE-2025-61613 HIGH CVSS 7.5
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

Denial Of Service Android Google
CVE-2025-61612 HIGH CVSS 7.5
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

Denial Of Service Android Google
CVE-2025-61611 HIGH CVSS 7.5
In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. [CVSS 7.5 HIGH]

Denial Of Service Yocto
CVE-2025-41772 HIGH CVSS 7.5
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR. [CVSS 7.5 HIGH]

Information Disclosure Universal Bacnet Router Firmware
CVE-2025-41767 HIGH CVSS 7.2
Universal Bacnet Router Firmware is affected by improper verification of cryptographic signature (CVSS 7.2).

Authentication Bypass Universal Bacnet Router Firmware
CVE-2025-41766 HIGH CVSS 8.8
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. [CVSS 8.8 HIGH]

Buffer Overflow Stack Overflow Universal Bacnet Router Firmware
CVE-2025-41761 HIGH CVSS 7.8
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo. [CVSS 7.8 HIGH]

Ssh Privilege Escalation Universal Bacnet Router Firmware
CVE-2025-41758 HIGH CVSS 8.8
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise. [CVSS 8.8 HIGH]

Path Traversal Universal Bacnet Router Firmware
CVE-2025-41757 HIGH CVSS 8.8
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system. [CVSS 8.8 HIGH]

Path Traversal Universal Bacnet Router Firmware
CVE-2025-41756 HIGH CVSS 8.1
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system. [CVSS 8.1 HIGH]

Information Disclosure Universal Bacnet Router Firmware
CVE-2025-15576 HIGH CVSS 7.5
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. [CVSS 7.5 HIGH]

Privilege Escalation Microsoft Freebsd
CVE-2025-15547 HIGH CVSS 8.8
By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. [CVSS 8.8 HIGH]

Privilege Escalation Freebsd
CVE-2025-14769 HIGH CVSS 7.5
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Freebsd
CVE-2026-25604 MEDIUM CVSS 5.4
AWS Airflow Providers with Auth Manager fail to validate SAML response origins against the actual instance URL, allowing attackers with valid credentials from one instance to authenticate to other instances with potentially different access controls. This cross-instance authentication bypass requires low privileges and network access but does not directly compromise confidentiality or integrity. Users should upgrade to version 9.22.0 or later to remediate this vulnerability.

Aws Airflow Providers Amazon
CVE-2026-21736 MEDIUM CVSS 4.4
Improper GPU system call handling in the DDK allows non-privileged users to bypass memory protections on user-mode wrapped memory regions and gain unauthorized write access. An attacker with local access could exploit this to modify read-only memory structures, potentially compromising system integrity or escalating privileges. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Ddk
CVE-2026-3822 MEDIUM CVSS 6.5
The Taipower Android application fails to validate TLS/SSL certificates during HTTPS connections, enabling unauthenticated attackers to conduct man-in-the-middle attacks against users. This vulnerability allows adversaries to intercept and modify network traffic without user awareness. No patch is currently available for this medium-severity issue (CVSS 6.5).

Tls Taipower App
CVE-2026-3817 MEDIUM CVSS 5.3
Patients Waiting Area Queue Management System versions up to 1.0 contains a security vulnerability (CVSS 5.3).

PHP Patients Waiting Area Queue Management System
CVE-2026-3816 MEDIUM CVSS 4.3
DefectDojo versions up to 2.55.4 contain a denial of service vulnerability in the SonarQubeParser and MSDefenderParser components where improper handling of ZIP file input allows authenticated remote attackers to crash the service. Public exploit code exists for this vulnerability, and administrators should upgrade to version 2.56.0 or later to remediate the issue.

Denial Of Service Defectdojo
CVE-2026-3813 MEDIUM CVSS 6.3
Injection vulnerability in JFlow's WF_CCForm Calculate function allows authenticated remote attackers to perform injection attacks with limited impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, though no patch is currently available from the project maintainers.

Java Jflow
CVE-2026-3812 MEDIUM CVSS 4.3
Stored cross-site scripting in itsourcecode Payroll Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the ID parameter in /manage_employee_allowances.php. Public exploit code exists for this vulnerability, though no patch is currently available. Successful exploitation could enable credential theft or unauthorized actions within the payroll system.

PHP XSS Payroll Management System
CVE-2026-3806 MEDIUM CVSS 6.3
SourceCodester Resort Reservation System 1.0 contains SQL injection in the /room_rates.php endpoint via the q parameter, allowing authenticated remote attackers to execute arbitrary database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be performed over the network with minimal complexity.

PHP SQLi Resort Reservation System
CVE-2026-3800 MEDIUM CVSS 6.3
Unrestricted file upload in SourceCodester Resort Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /controller.php?action=add, potentially leading to remote code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The issue affects PHP-based installations of the affected resort reservation software.

PHP Resort Reservation System
CVE-2026-3798 MEDIUM CVSS 4.7
Command injection in Comfast CF-AC100 firmware via the ping_config request handler allows remote attackers with high privileges to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Command Injection Comfast Cf Ac100 Firmware
CVE-2026-3797 MEDIUM CVSS 6.3
Video Surveillance System Firmware versions up to 7.17.0 is affected by improper access control (CVSS 6.3).

Java Video Surveillance System Firmware
CVE-2026-3796 MEDIUM CVSS 5.3
Qax Internet Control Gateway versions up to 2025-10 contains a vulnerability that allows attackers to improper access controls (CVSS 5.3).

Information Disclosure Qax Internet Control Gateway
CVE-2026-3795 MEDIUM CVSS 6.3
DoraCMS 3.0.x contains a path traversal vulnerability in the createFileBypath function that allows authenticated attackers to read, write, or delete arbitrary files on the server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Path Traversal Doracms
CVE-2026-3793 MEDIUM CVSS 6.3
SQL injection in SourceCodester Sales and Inventory System 1.0 via the sellid GET parameter in sales_invoice1.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems can suffer data exposure, modification, or loss depending on database permissions.

PHP SQLi Sales And Inventory System
CVE-2026-3792 MEDIUM CVSS 6.3
SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated remote attackers to manipulate the purchaseid parameter in purchase_invoice.php, enabling unauthorized data access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at risk.

PHP SQLi Sales And Inventory System
CVE-2026-3791 MEDIUM CVSS 6.3
SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated attackers to execute arbitrary SQL queries through the searchtxt parameter in dashboard.php. Public exploit code exists for this vulnerability, enabling remote exploitation by users with login credentials to read, modify, or delete database contents. No patch is currently available.

PHP SQLi Sales And Inventory System
CVE-2026-3790 MEDIUM CVSS 6.3
Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi Sales And Inventory System
CVE-2026-3789 MEDIUM CVSS 6.3
Server-side request forgery in Bytedesk versions up to 1.3.9 allows authenticated attackers to manipulate the apiUrl parameter in the SpringAIGiteeRestService component, enabling them to make arbitrary network requests from the affected server. Public exploit code exists for this vulnerability, which requires valid user credentials to exploit. Users should upgrade to version 1.4.5.4 or later to remediate the issue.

Java SSRF AI / ML Bytedesk
CVE-2026-3788 MEDIUM CVSS 6.3
Server-side request forgery in Bytedesk versions up to 1.3.9 allows authenticated attackers to manipulate the apiUrl parameter in the SpringAIOpenrouterRestController, enabling arbitrary HTTP requests from the affected server. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. Upgrading to version 1.4.5.4 or later resolves this issue.

Java SSRF AI / ML Bytedesk
CVE-2026-3638 MEDIUM CVSS 5.9
Improper access control in Devolutions Server 2025.3.11.0 and earlier allows authenticated low-privileged users to restore deleted users and roles through crafted API requests, potentially enabling unauthorized account recovery and privilege escalation. Organizations running affected versions are at risk as attackers with basic authentication credentials can manipulate user and role restoration without proper authorization checks. No patch is currently available.

Authentication Bypass
CVE-2026-3089 MEDIUM CVSS 5.3
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions up to 26.3.0 is affected by path traversal.

Path Traversal
CVE-2026-2919 MEDIUM CVSS 4.3
Domain spoofing in Focus for iOS versions prior to 148.2 allows remote attackers to display malicious content under trusted domain names through navigation stalling and iframe redirection techniques, without requiring user interaction beyond the initial page load. An attacker can leverage this to conduct phishing attacks or distribute misleading content by presenting spoofed trusted domains in the browser UI. No patch is currently available for this vulnerability.
CVE-2025-70973 MEDIUM CVSS 4.8
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. [CVSS 4.8 MEDIUM]

Session Fixation Information Disclosure
CVE-2025-70060 MEDIUM CVSS 5.4
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. [CVSS 5.4 MEDIUM]

XSS Yapi
CVE-2025-70050 MEDIUM CVSS 6.5
An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information. [CVSS 6.5 MEDIUM]

Information Disclosure Lesspass
CVE-2025-70040 MEDIUM CVSS 5.3
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information. [CVSS 5.3 MEDIUM]

Information Disclosure
CVE-2025-70037 MEDIUM CVSS 6.1
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code. [CVSS 6.1 MEDIUM]

RCE Open Redirect Twake
CVE-2025-70033 MEDIUM CVSS 5.4
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 5.4 MEDIUM]

XSS
CVE-2025-70032 MEDIUM CVSS 6.1
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 6.1 MEDIUM]

Open Redirect
CVE-2025-69648 MEDIUM CVSS 6.2
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. [CVSS 6.2 MEDIUM]

RCE Denial Of Service Buffer Overflow Binutils Redhat
CVE-2025-69647 MEDIUM CVSS 6.2
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. [CVSS 6.2 MEDIUM]

Denial Of Service Binutils Redhat Suse
CVE-2025-41763 MEDIUM CVSS 6.5
A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files. [CVSS 6.5 MEDIUM]

Information Disclosure Universal Bacnet Router Firmware
CVE-2025-41762 MEDIUM CVSS 6.2
An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates. [CVSS 6.2 MEDIUM]

Authentication Bypass Information Disclosure Universal Bacnet Router Firmware
CVE-2025-41760 MEDIUM CVSS 4.9
An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered. [CVSS 4.9 MEDIUM]

Information Disclosure Universal Bacnet Router Firmware
CVE-2025-41759 MEDIUM CVSS 4.9
An administrator may attempt to block all networks by specifying "\*" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. [CVSS 4.9 MEDIUM]

Information Disclosure Universal Bacnet Router Firmware
CVE-2025-41755 MEDIUM CVSS 6.5
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Path Traversal Information Disclosure Universal Bacnet Router Firmware
CVE-2025-41754 MEDIUM CVSS 6.5
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Information Disclosure Universal Bacnet Router Firmware
CVE-2025-40638 MEDIUM CVSS 6.1
A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. [CVSS 6.1 MEDIUM]

XSS Eventobot
CVE-2026-3819 LOW CVSS 3.5
A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. [CVSS 3.5 LOW]

XSS
CVE-2025-68402 None
FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64.

Authentication Bypass
CVE-2025-33022 None
Rejected reason: The reporter agreed to not assign CVE ID. No vendor patch available.

Information Disclosure
CVE-2025-15603 LOW CVSS 3.7
A security vulnerability has been detected in open-webu versions up to 0.6.16. is affected by cryptographic issues (CVSS 3.7).

Windows
CVE-2025-15568 None
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap.

RCE Command Injection
CVE-2024-14027 None
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument.

Linux Linux Kernel

Today's Vulnerabilities Vulnerabilities