275
Total CVEs
2
KEV Entries
15
Critical
79
High
98
Medium
35
Articles
CVE Feed
275 CVEs
CVE-2026-25449
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1.
CVE-2026-2991
CRITICAL
9.8
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin(...
CVE-2026-21994
CRITICAL
9.8
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0....
CVE-2026-30884
CRITICAL
9.6
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who hol...
CVE-2026-31938
CRITICAL
9.6
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) i...
CVE-2026-32292
CRITICAL
9.3
The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
CVE-2026-32295
CRITICAL
9.3
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
CVE-2026-32297
CRITICAL
9.3
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an ...
CVE-2026-4312
CRITICAL
9.3
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative accou...
CVE-2026-32841
CRITICAL
9.2
Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the g...
CVE-2026-32633
CRITICAL
9.1
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList....
CVE-2026-25534
CRITICAL
9.1
### Impact
Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle undersc...
CVE-2026-25769
CRITICAL
9.1
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of U...
CVE-2026-25770
CRITICAL
9.1
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the ...
CVE-2026-3564
CRITICAL
9.0
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scen...
CVE-2026-1463
HIGH
8.8
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in...
CVE-2026-22171
HIGH
8.8
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensio...
CVE-2026-22730
HIGH
8.8
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.
The vulnerability ...
CVE-2026-27811
HIGH
8.8
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the `/config/compare/<service>/<server_ip>/...
CVE-2026-27894
HIGH
8.8
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF e...
CVE-2026-31962
HIGH
8.8
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quali...
CVE-2026-31963
HIGH
8.8
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses refer...
CVE-2026-31968
HIGH
8.8
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For ...
CVE-2026-32693
HIGH
8.8
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updati...
CVE-2026-32296
HIGH
8.8
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network...
CVE-2026-32268
HIGH
8.7
The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the...
CVE-2026-32596
HIGH
8.7
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensit...
CVE-2026-3207
HIGH
8.7
Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.
CVE-2026-32838
HIGH
8.7
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept manageme...
CVE-2026-32981
HIGH
8.7
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file...
CVE-2026-4148
HIGH
8.7
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
CVE-2026-22729
HIGH
8.6
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-control...
CVE-2026-28500
HIGH
8.6
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improp...
CVE-2026-21570
HIGH
8.6
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.
This RCE (Remote Co...
CVE-2026-23759
HIGH
8.6
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command doe...
CVE-2026-32298
HIGH
8.5
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
CVE-2026-4295
HIGH
8.5
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted proj...
CVE-2026-33058
HIGH
8.4
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a proje...
CVE-2026-0708
HIGH
8.3
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can ...
CVE-2026-24063
HIGH
8.2
When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, m...
CVE-2026-2992
HIGH
8.2
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-json/kivicare/v1/setup-wizard/clinic` REST A...
CVE-2026-2603
HIGH
8.1
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated...
CVE-2026-31898
HIGH
8.1
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript a...
CVE-2026-32610
HIGH
8.1
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combine...
CVE-2026-32634
HIGH
8.1
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address ...
CVE-2026-24901
HIGH
8.1
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to u...
CVE-2025-41258
HIGH
8.0
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
CVE-2026-24062
HIGH
7.8
The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to co...
CVE-2025-64301
HIGH
7.8
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds ...
CVE-2025-66342
HIGH
7.8
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitra...
CVE-2026-3888
HIGH
7.8
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up thi...
CVE-2026-2092
HIGH
7.7
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An atta...
CVE-2026-31891
HIGH
7.7
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the Mo...
CVE-2026-4208
HIGH
7.7
The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to ...
CVE-2026-4258
HIGH
7.7
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a...
CVE-2026-32606
HIGH
7.6
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physic...
CVE-2026-32692
HIGH
7.6
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret re...
CVE-2026-22179
HIGH
7.5
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper par...
CVE-2026-27135
HIGH
7.5
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_sessio...
CVE-2026-29112
HIGH
7.5
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to ...
CVE-2026-30922
HIGH
7.5
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deep...
CVE-2026-32256
HIGH
7.5
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infini...
CVE-2026-32609
HIGH
7.5
Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the `/api/v4/config` endpoints by introd...
CVE-2025-14031
HIGH
7.5
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to se...
CVE-2026-1376
HIGH
7.5
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
CVE-2026-22727
HIGH
7.5
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replac...
CVE-2026-2579
HIGH
7.5
The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insuffic...
CVE-2026-3278
HIGH
7.4
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow a...
CVE-2026-4318
HIGH
7.4
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buf...
CVE-2026-22317
HIGH
7.2
A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution ...
CVE-2026-27459
HIGH
7.2
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value ...
CVE-2026-28673
HIGH
7.2
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containi...
CVE-2026-28674
HIGH
7.2
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the `AdminPaymentPluginUpload` endpoint lets admins upload any file to...
CVE-2026-3090
HIGH
7.2
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘event_type’...
CVE-2026-22168
HIGH
7.1
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c whi...
CVE-2026-22169
HIGH
7.1
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When ...
CVE-2026-22175
HIGH
7.1
OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers lik...
CVE-2026-22322
HIGH
7.1
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript...
CVE-2026-22323
HIGH
7.1
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by lur...
CVE-2026-26001
HIGH
7.1
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from rep...
CVE-2026-27522
HIGH
7.1
OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from loca...
CVE-2026-31969
HIGH
7.1
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. Whe...
CVE-2026-31970
HIGH
7.1
HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was...
CVE-2026-31971
HIGH
7.1
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When...
CVE-2026-32254
HIGH
7.1
Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node'...
CVE-2026-1264
HIGH
7.1
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view ...
CVE-2026-32842
HIGH
7.1
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup fil...
CVE-2026-4147
HIGH
7.1
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.
CVE-2026-29056
HIGH
7.0
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters an...
CVE-2026-32608
HIGH
7.0
Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These...
CVE-2026-32611
HIGH
7.0
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use par...
CVE-2026-32290
HIGH
7.0
The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corr...
CVE-2026-32291
HIGH
7.0
The GL-iNet Comet (GL-RM1) KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.
CVE-2026-32294
HIGH
7.0
JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 has...
CVE-2026-22177
MEDIUM
6.9
OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE...
CVE-2026-22178
MEDIUM
6.9
OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers...
CVE-2026-27523
MEDIUM
6.9
OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existen...
CVE-2026-27545
MEDIUM
6.9
OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writab...
CVE-2026-27979
MEDIUM
6.9
Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the `next-resume: 1` header (corresponding with a PP...
CVE-2026-27980
MEDIUM
6.9
Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did no...
CVE-2026-28499
MEDIUM
6.9
LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This...
CVE-2026-31964
MEDIUM
6.9
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. Whi...
CVE-2026-31965
MEDIUM
6.9
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while readin...
CVE-2026-31966
MEDIUM
6.9
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses refer...
CVE-2026-31967
MEDIUM
6.9
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while readin...
CVE-2026-32265
MEDIUM
6.9
The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The `Buc...
CVE-2026-32836
MEDIUM
6.9
dr_libs version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplyi...
CVE-2026-4287
MEDIUM
6.9
A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpo...
CVE-2026-4288
MEDIUM
6.9
A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoi...
CVE-2026-4289
MEDIUM
6.9
A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipu...
CVE-2026-4319
MEDIUM
6.9
A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the arg...
CVE-2025-13406
MEDIUM
6.8
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
CVE-2025-15584
MEDIUM
6.8
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trig...
CVE-2026-2809
MEDIUM
6.7
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger...
CVE-2026-32694
MEDIUM
6.6
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. ...
CVE-2026-22316
MEDIUM
6.5
A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.
CVE-2026-22320
MEDIUM
6.5
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized...
CVE-2026-25937
MEDIUM
6.5
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their...
CVE-2026-31865
MEDIUM
6.5
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototyp...
CVE-2026-1267
MEDIUM
6.5
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.
CVE-2026-21886
MEDIUM
6.5
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to all...
CVE-2026-25936
MEDIUM
6.5
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.
CVE-2026-2512
MEDIUM
6.4
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization func...
CVE-2026-4268
MEDIUM
6.4
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza_custom_js’ parameter in all versions up to, and including, 10.0.05 due to ins...
CVE-2026-22170
MEDIUM
6.3
OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restr...
CVE-2026-29057
MEDIUM
6.3
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a...
CVE-2026-33265
MEDIUM
6.3
In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.
CVE-2026-32293
MEDIUM
6.3
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker...
CVE-2026-4349
MEDIUM
6.3
A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the ...
CVE-2026-1780
MEDIUM
6.1
The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and out...
CVE-2026-22181
MEDIUM
6.1
OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured...
CVE-2026-3512
MEDIUM
6.1
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sani...
CVE-2025-47873
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-58427
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-61952
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-61979
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-62403
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-62500
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-64733
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-64735
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-64776
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-65119
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-66000
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-66042
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-66503
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-66617
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2025-66633
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2026-20726
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2026-22882
MEDIUM
6.1
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r...
CVE-2026-4358
MEDIUM
6.1
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when a...
CVE-2026-22174
MEDIUM
5.9
OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token...
CVE-2026-32632
MEDIUM
5.9
Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI applicati...
CVE-2026-22217
MEDIUM
5.8
OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix ...
CVE-2026-4366
MEDIUM
5.8
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an...
CVE-2026-26004
MEDIUM
5.7
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEv...
CVE-2025-14806
MEDIUM
5.7
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.
CVE-2026-1217
MEDIUM
5.4
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone_bulk_action_handler() and republish_request() functions ...
CVE-2026-4324
MEDIUM
5.4
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into...
CVE-2025-12518
MEDIUM
5.3
beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder functionality. Malicious attacker can inject arbitrary HTML and JS into template, which will be rendered/...
CVE-2026-1926
MEDIUM
5.3
The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wps_sfw_admin_cancel_susbcription()` function in all...
CVE-2026-22321
MEDIUM
5.3
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thre...
CVE-2026-2559
MEDIUM
5.3
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `handle_office365_oauth_redirect()` function in all versions up to, and i...
CVE-2026-2575
MEDIUM
5.3
A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. ...
CVE-2026-26945
MEDIUM
5.3
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to...
CVE-2026-27978
MEDIUM
5.3
Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, `origin: null` was treated as a "missing" origin during Server Action CSR...
CVE-2026-32565
MEDIUM
5.3
Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a...
CVE-2026-32691
MEDIUM
5.3
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juj...
CVE-2026-2373
MEDIUM
5.3
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_query...
CVE-2026-25771
MEDIUM
5.3
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in t...
CVE-2026-32586
MEDIUM
5.3
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a bef...
CVE-2026-3856
MEDIUM
5.3
IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmis...
CVE-2026-4271
MEDIUM
5.3
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by send...
CVE-2026-4307
MEDIUM
5.3
A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path trave...
CVE-2026-4308
MEDIUM
5.3
A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side requ...
CVE-2026-1323
MEDIUM
5.2
The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploi...
CVE-2026-4354
MEDIUM
5.1
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of t...
CVE-2026-4355
MEDIUM
5.1
A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of t...
CVE-2026-32837
MEDIUM
5.1
miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WA...
CVE-2026-32839
MEDIUM
5.1
Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in...
CVE-2026-32840
MEDIUM
5.1
Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the system_name_set.cgi script that allows attackers to inject arbitrary script code by manip...
CVE-2026-4285
MEDIUM
5.1
A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-...
CVE-2026-22318
MEDIUM
4.9
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an intern...
CVE-2026-22319
MEDIUM
4.9
A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal ...
CVE-2026-26948
MEDIUM
4.9
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug...
CVE-2026-25772
MEDIUM
4.9
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists ...
CVE-2026-25790
MEDIUM
4.9
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the ...
CVE-2026-22180
MEDIUM
4.8
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient ...
CVE-2026-4356
MEDIUM
4.8
A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add_result.php. Executing a manipulation of the argument vr can lead to cross site ...
CVE-2025-62320
MEDIUM
4.7
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML co...
CVE-2026-27895
MEDIUM
4.3
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly vali...
CVE-2026-33003
MEDIUM
4.3
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or...
CVE-2026-28506
MEDIUM
4.3
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It ...
CVE-2026-3632
LOW
3.9
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be ...
CVE-2026-3633
LOW
3.9
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability...
CVE-2026-3634
LOW
3.9
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `sou...
CVE-2025-31966
LOW
2.7
HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restriction...
CVE-2025-31703
LOW
2.4
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's a...
CVE-2026-32266
LOW
2.4
The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the `DefaultController->actionLoadBucketData()` e...
CVE-2026-27524
LOW
2.3
OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject __proto...
CVE-2026-27977
LOW
2.3
Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in `next dev`, cross-site protection for internal websocket endpoints cou...
CVE-2026-3237
LOW
2.3
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that h...
CVE-2026-4202
LOW
2.3
The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.
CVE-2026-3479
LOW
2.1
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
CVE-2026-4359
LOW
2.0
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
CVE-2026-27448
LOW
1.7
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled ex...
CVE-2025-15363
UNKNOWN
The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks under certain server configur...
CVE-2025-55040
UNKNOWN
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CS...
CVE-2025-55041
UNKNOWN
MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management (cUsers.cfc addToGroup method) that allows attackers to escalate privileges by adding any us...
CVE-2025-55043
UNKNOWN
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create a...
CVE-2025-55044
UNKNOWN
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore functio...
CVE-2025-55045
UNKNOWN
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token val...
CVE-2025-55046
UNKNOWN
MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.em...
CVE-2025-58112
UNKNOWN
Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; thi...
CVE-2025-67829
UNKNOWN
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.
CVE-2025-67830
UNKNOWN
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.
CVE-2025-71265
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
We found an infinite loop bug in the ntfs3 file syst...
CVE-2025-71266
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: check return value of indx_find to avoid infinite loop
We found an infinite loop bug in the ntfs3 file system that can ...
CVE-2025-71267
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
We found an infinite loop bug in the ntfs3 file system that can lea...
CVE-2025-71268
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix reservation leak in some error paths when inserting inline extent
If we fail to allocate a path or join a transaction, ...
CVE-2025-71269
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not free data reservation in fallback from inline due to -ENOSPC
If we fail to create an inline extent due to -ENOSPC, w...
CVE-2025-71270
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Enable exception fixup for specific ADE subcode
This patch allows the LoongArch BPF JIT to handle recoverable memory
ac...
CVE-2026-23242
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
RDMA/siw: Fix potential NULL pointer dereference in header processing
If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(...
CVE-2026-23243
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umad: Reject negative data_len in ib_umad_write
ib_umad_write computes data_len from user-controlled count and the
MAD header...
CVE-2026-23244
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix memory allocation in nvme_pr_read_keys()
nvme_pr_read_keys() takes num_keys from userspace and uses it to
calculate the ...
CVE-2026-23245
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_gate: snapshot parameters with RCU on replace
The gate action can be replaced while the hrtimer callback or dump pa...
CVE-2026-23246
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration
link_id is taken from the ML Reconfiguration element (control...
CVE-2026-23247
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
tcp: secure_seq: add back ports to TS offset
This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets")
tc...
CVE-2026-23248
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Fix refcount bug and potential UAF in perf_mmap
Syzkaller reported a refcount_t: addition on 0; use-after-free warning
...
CVE-2026-23249
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
xfs: check for deleted cursors when revalidating two btrees
The free space and inode btree repair functions will rebuild both btre...
CVE-2026-23250
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
xfs: check return value of xchk_scrub_create_subord
Fix this function to return NULL instead of a mangled ENOMEM, then fix
the cal...
CVE-2026-23251
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
xfs: only call xf{array,blob}_destroy if we have a valid pointer
Only call the xfarray and xfblob destructor if we have a valid po...
CVE-2026-23252
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
xfs: get rid of the xchk_xfile_*_descr calls
The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate
memory if th...
CVE-2026-23253
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader o...
CVE-2026-23254
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
net: gro: fix outer network offset
The udp GRO complete stage assumes that all the packets inserted the RX
have the `encapsulation...
CVE-2026-23255
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
net: add proper RCU protection to /proc/net/ptype
Yin Fengwei reported an RCU stall in ptype_seq_show() and provided
a patch.
Rea...
CVE-2026-23256
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
In setup_nic_devices(), the initialization loop jumps to the...
CVE-2026-23257
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
In setup_nic_devices(), the initialization loop jumps to the...
CVE-2026-23258
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
net: liquidio: Initialize netdev pointer before queue setup
In setup_nic_devices(), the netdev is allocated using alloc_etherdev_m...
CVE-2026-23259
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rw: free potentially allocated iovec on cache put failure
If a read/write request goes through io_req_rw_cleanup() and ha...
CVE-2026-23260
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
regmap: maple: free entry on mas_store_gfp() failure
regcache_maple_write() allocates a new block ('entry') to merge
adjacent rang...
CVE-2026-23261
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
nvme-fc: release admin tagset if init fails
nvme_fabrics creates an NVMe/FC controller in following path:
nvmf_dev_write()
...
CVE-2026-23262
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
gve: Fix stats report corruption on queue count change
The driver and the NIC share a region in memory for stats reporting.
The NI...
CVE-2026-23263
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix page array leak
d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed
a page leakage but didn...
CVE-2026-23264
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
This reverts commit 7294863a6f01248d72b61d38478978d638641bee.
This...
CVE-2026-23265
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on node footer in {read,write}_end_io
-----------[ cut here ]------------
kernel BUG at fs/f2fs/data....
CVE-2026-23266
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
fbdev: rivafb: fix divide error in nv3_arb()
A userspace program can trigger the RIVA NV3 arbitration code by calling
the FBIOPUT_...
CVE-2026-23267
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
During SPO tests, when...
CVE-2026-23268
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix unprivileged local user can do privileged policy management
An unprivileged local user can load, replace, and remove...
CVE-2026-23269
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
apparmor: validate DFA start states are in bounds in unpack_pdb
Start states are read from untrusted data and used as indexes into...
CVE-2026-23270
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks
As Paolo said earlier [1]:
"Since the blamed comm...
CVE-2026-26740
UNKNOWN
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validat...
CVE-2026-29856
UNKNOWN
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.
CVE-2026-29858
UNKNOWN
A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.
CVE-2026-29859
UNKNOWN
An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2026-30048
UNKNOWN
A stored cross-site scripting (XSS) vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat convers...
CVE-2026-30345
UNKNOWN
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import.
CVE-2026-30695
UNKNOWN
A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The v...
CVE-2026-30701
UNKNOWN
The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded credential disclosure mechanisms (in the form of Server Side Include) within multiple server-side web...
CVE-2026-30702
UNKNOWN
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, al...
CVE-2026-30703
UNKNOWN
A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi endpoint improperly sanitizes user-supplied input pr...
CVE-2026-30704
UNKNOWN
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB
CVE-2026-33001
UNKNOWN
Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locat...
CVE-2026-33002
UNKNOWN
Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected ...
CVE-2026-33004
UNKNOWN
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2026-4396
UNKNOWN
Improper certificate validation in Devolutions Hub Reporting Service
2025.3.1.1 and earlier allows a network attacker to perform a
man-in-the-middle attack via disabled TLS certificate verification.
CVE-2025-71239
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
audit: add fchmodat2() to change attributes class
fchmodat2(), introduced in version 6.6 is currently not in the change
attribute ...
CVE-2026-20643
UNKNOWN
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS ...
CVE-2026-23241
UNKNOWN
In the Linux kernel, the following vulnerability has been resolved:
audit: add missing syscalls to read class
The "at" variant of getxattr() and listxattr() are missing from the
audit read class. Ca...
CVE-2026-26929
UNKNOWN
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a ...
CVE-2026-28563
UNKNOWN
Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dep...
CVE-2026-28779
UNKNOWN
Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url.
This allows any application co-hoste...
CVE-2026-30707
UNKNOWN
An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypas...
CVE-2026-30911
UNKNOWN
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, ...
CVE-2026-3563
UNKNOWN
Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to overrid...
CVE-2026-4064
UNKNOWN
Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perfo...
Latest Headlines
35 articles
RSS Feed Sources
BleepingComputer
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
2026-03-18 19:57
The Record
Russia-linked hackers use advanced iPhone exploit to target Ukrainians
2026-03-18 19:42
The Record
DHS nominee Mullin pressed on restoring CISA staffing
2026-03-18 18:47
The Record
US intelligence chief grilled on absence of election threats in security assessment
2026-03-18 18:30
BleepingComputer
ConnectWise patches new flaw allowing ScreenConnect hijacking
2026-03-18 18:10
The Register
Amazon security boss says crims abused max-security Cisco firewall flaw weeks before disclosure
2026-03-18 17:40
The Hacker News
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
2026-03-18 17:26
BleepingComputer
Ransomware gang exploits Cisco flaw in zero-day attacks since January
2026-03-18 16:53
The Record
Bank software vendor Marquis says more than 670,000 impacted by August breach
2026-03-18 16:51
The Hacker News
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
2026-03-18 16:00
BleepingComputer
Marquis: Ransomware gang stole data of 672K people in cyberattack
2026-03-18 15:32
Dark Reading
'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
2026-03-18 15:05
The Record
CISA official says agency has not seen uptick in cyber threats amid Iran war
2026-03-18 14:29
BleepingComputer
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
2026-03-18 14:05
BleepingComputer
New “Darksword” iOS exploit used in infostealer attack on iPhones
2026-03-18 14:02
The Register
North Korea's 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un
2026-03-18 13:57
BleepingComputer
Nordstrom's email system abused to send crypto scams to customers
2026-03-18 13:55
Dark Reading
Meta, TikTok Steal Users' Sensitive PII When They Click on Ads
2026-03-18 13:00
Dark Reading
SideWinder Espionage Campaign Expands Across Southeast Asia
2026-03-18 13:00
The Register
Britain's satellite-watching gap to be plugged with £17.5M eyeball in Cyprus
2026-03-18 12:34
The Record
Moscow seeks to limit internet to state-approved websites amid ongoing outages
2026-03-18 12:25
The Hacker News
Claude Code Security and Magecart: Getting the Threat Model Right
2026-03-18 11:58
The Hacker News
9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
2026-03-18 11:42
The Hacker News
Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
2026-03-18 10:30
The Hacker News
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
2026-03-18 08:08
The Register
Iran's cyberattack against med tech firm is 'just the beginning'
2026-03-18 07:32
The Hacker News
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
2026-03-18 06:31
The Hacker News
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
2026-03-18 05:06
The Register
Linux Foundation kicks off effort to shield FOSS maintainers from AI slop bug reports
2026-03-18 04:05
The Register
Japan to allow ‘proactive cyber-defense’ from October 1st
2026-03-18 02:49
The Record
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
2026-03-18 01:54
BleepingComputer
Apple pushes first Background Security Improvements update to fix WebKit flaw
2026-03-18 01:06
Dark Reading
More Attackers Are Logging In, Not Breaking In
2026-03-17 22:04
BleepingComputer
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
2026-03-17 21:42
Dark Reading
Less Lucrative Ransomware Market Makes Attackers Alter Methods
2026-03-17 21:41