CSA Security Bulletin: NIST Vulnerabilities

SecurityBulletin18March2026

Generatedon18March2026

SingCERT'sSecurityBulletinsummarisesthelistofvulnerabilitiescollatedfromtheNationalInstituteofStandardsandTechnology(NIST)'sNationalVulnerability Database(NVD)inthepastweek. Thevulnerabilitiesaretabledbasedonseverity,inaccordancetotheirCVSSv3basescores: vulnerabilitieswithabasescoreof9.0toCritical 10.0 vulnerabilitieswithabasescoreof7.0toHigh 8.9 vulnerabilitieswithabasescoreof4.0toMedium 6.9 vulnerabilitieswithabasescoreof0.1toLow 3.9 None vulnerabilitieswithabasescoreof0.0 ForthosevulnerabilitieswithoutassignedCVSSscores,pleasevisitNVDfortheupdatedCVSSvulnerabilityentries.

CRITICALVULNERABILITIES

BaseCVENumber Description ReferenceScore

SandboxJSisaJavaScriptsandboxinglibrary.Priorto0.8.34,itispossibletoobtainarrayscontainingFunction,whichallowsCVE-2026-escapingthesandbox.GivenanarraycontainingFunction,andObject.fromEntries,itispossibletoconstruct{[p]:Function} 10.0 MoreDetails26954wherepisanyconstructibleproperty.Thisvulnerabilityisfixedin0.8.34. TheHoneywellIQ4xbuildingmanagementcontroller,exposesitsfullweb-basedHMIwithoutauthenticationinitsfactory- defaultconfiguration.Withnousermoduleconfigured,securityisdisabledbydesignandthesystemoperatesunderaSystem Guest(level100)context,grantingread/writeprivilegestoanypartyabletoreachtheHTTPinterface.AuthenticationcontrolsCVE-2026-areonlyenforcedafterawebuseriscreatedviaU.htm,whichdynamicallyenablestheusermodule.Becausethisfunctionis 10.0 MoreDetails3611accessiblepriortoauthentication,aremoteusercancreateanewaccountwithadministrativeread/writepermissionsenabling theusermoduleandimposingauthenticationunderattacker-controlledcredentials.Thisactioncaneffectivelylocklegitimate operatorsoutoflocalandweb-basedconfigurationandadministration. HimmelblauisaninteroperabilitysuiteforMicrosoftAzureEntraIDandIntune.From3.0.0tobefore3.1.0,ifHimmelblauis deployedwithoutaconfiguredtenantdomaininhimmelblau.conf,authenticationisnottenant-scoped.Inthismode,CVE-2026-HimmelblaucanacceptauthenticationattemptsforarbitraryEntraIDdomainsbydynamicallyregisteringprovidersatruntime. 10.0 MoreDetails31957Thisbehaviorisintendedforinitial/localbootstrapscenarios,butitcancreateriskinremoteauthenticationenvironments.This vulnerabilityisfixedin3.1.0. Vociferousprovidescross-platform,offlinespeech-to-textwithlocalAIrefinement.Priorto4.4.2,thevulnerabilityexistsin src/api/system.pywithintheexportfileroute.TheapplicationacceptsaJSONpayloadcontainingafilenameandcontent.While thedeveloperintendedforanativeUIdialogtohandlethefilepath,theAPIdoesnotvalidatethefilenamestringbeforeitisCVE-2026-processedbythebackendsfilesystemlogic.BecausetheAPIisunauthenticatedandtheCORSconfigurationinapp.pyisoverly 10.0 MoreDetails27897permissive(alloworigins=["*"]orallowinglocalhost),anexternalattackercanbypasstheUIentirely.Byusingdirectory traversalsequences(../),anattackercanforcetheapptowritearbitrarydatatoanylocationaccessiblebythecurrentuser's permissions.Thisvulnerabilityisfixedin4.4.2. Jellyfinisanopen-sourcemediasystem.Thecode-quality.ymlGitHubActionsworkflowinjellyfin/jellyfin-iosisvulnerableto arbitrarycodeexecutionviapullrequestsfromforkedrepositories.Duetotheworkflow'selevatedpermissions(nearlyallwrite CVE-2026-permissions),thisvulnerabilityenablesfullrepositorytakeoverofjellyfin/jellyfin-ios,exfiltrationofhighlyprivilegedsecrets, 10.0 MoreDetails31852AppleAppStoresupplychainattack,GitHubContainerRegistry(ghcr.io)packagepoisoning,andfulljellyfinorganization compromiseviacross-repositorytokenusage.Note:Thisisnotacodevulnerability,butavulnerabilityintheGitHubActions workflows.NonewversionisrequiredforthisGHSAandendusersdonotneedtotakeanyactions. ApolloFederationisanarchitecturefordeclarativelycomposingAPIsintoaunifiedgraph.Priorto2.9.6,2.10.5,2.11.6,2.12.3, and2.13.2,avulnerabilityexistsinqueryplanexecutionwithinthegatewaythatmayallowpollutionofObject.prototypein CVE-2026-certainscenarios.AmaliciousclientmaybeabletopolluteObject.prototypeingatewaydirectlybycraftingoperationswithfield 9.9 MoreDetails32621aliasesand/orvariablenamesthattargetprototype-inheritableproperties.Alternatively,ifasubgraphweretobecompromised byamaliciousactor,theymaybeabletopolluteObject.prototypeingatewaybycraftingJSONresponsepayloadsthattarget prototype-inheritableproperties.Thisvulnerabilityisfixedin2.9.6,2.10.5,2.11.6,2.12.3,and2.13.2. OneUptimeisasolutionformonitoringandmanagingonlineservices.Priorto10.0.23,thetelemetryaggregationAPIaccepts user-controlledaggregationType,aggregateColumnName,andaggregationTimestampColumnNameparametersand CVE-2026-interpolatesthemdirectlyintoClickHouseSQLqueriesviathe.append()method(documentedas"trustedSQL").Thereisno 9.9 MoreDetails32306allowlist,noparameterizedquerybinding,andnoinputvalidation.AnauthenticatedusercaninjectarbitrarySQLinto ClickHouse,enablingfulldatabaseread(includingtelemetrydatafromalltenants),datamodification,andpotentialremote codeexecutionviaClickHousetablefunctions.Thisvulnerabilityisfixedin10.0.23. CVE-2025-InsecureAccessControlinContactPlan,E-Mail,SMSandFaxcomponentsinAssecoSEELive2.0allowsremoteattackersto 9.9 MoreDetails66956accessandexecuteattachmentsviaacomputableURL. Winterisafree,open-sourcecontentmanagementsystem(CMS)basedontheLaravelPHPframework.Priorto1.0.477,1.1.12,

and1.2.12,WinterCMSallowedauthenticatedbackenduserstoescalatetheiraccountslevelofaccesstothesystembyCVE-2026- 9.9 MoreDetailsmodifyingtheroles/permissionsassignedtotheiraccountthroughspeciallycraftedrequeststothebackendwhileloggedin.27591 Toactivelyexploitthissecurityissue,anattackerwouldneedaccesstotheBackendwithauseraccountwithanylevelof access.Thisvulnerabilityisfixedin1.0.477,1.1.12,and1.2.12. CVE-2026-AvulnerabilityallowingaBackupViewertoperformremotecodeexecution(RCE)asthepostgresuser. 9.9 MoreDetails21708 CVE-2026-Avulnerabilityallowinganauthenticateddomainusertoperformremotecodeexecution(RCE)ontheBackupServer. 9.9 MoreDetails21666 CVE-2026-Avulnerabilityallowinganauthenticateddomainusertoperformremotecodeexecution(RCE)ontheBackupServer. 9.9 MoreDetails21667 CVE-2026-Avulnerabilityallowinganauthenticateddomainusertoperformremotecodeexecution(RCE)ontheBackupServer. 9.9 MoreDetails21669 ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.12 and8.6.38,anunauthenticatedattackercantakeoveranyuseraccountthatwascreatedwithanauthenticationproviderthat doesnotvalidatetheformatoftheuseridentifier(e.g.anonymousauthentication).Bysendingacraftedloginrequest,theCVE-2026-attackercancausetheservertoperformapattern-matchingqueryinsteadofanexact-matchlookup,allowingtheattackerto32248matchanexistinguserandobtainavalidsessiontokenforthatuser'saccount.BothMongoDBandPostgreSQLdatabase backendsareaffected.AnyParseServerdeploymentthatallowsanonymousauthentication(enabledbydefault)isvulnerable. Thisvulnerabilityisfixedin9.6.0-alpha.12and8.6.38. HMSNetworksEwonFlexywithfirmwarebefore15.0s4,Cosy+withfirmware22.xxbefore22.1s6,andCosy+withfirmwareCVE-2026-23.xxbefore23.0s3haveastackbufferoverflowthatleadstoaDenialofService,whichcanalsobeexploitedtoachieve25823UnauthenticatedRemoteCodeExecution. ZKTecoZKBioSecurity3.0containshardcodedcredentialsinthebundledApacheTomcatserverthatallowunauthenticatedCVE-2016-attackerstoaccessthemanagerapplication.Attackerscanauthenticatewithhardcodedcredentialsstoredintomcat-users.xml20026touploadmaliciousWARarchivescontainingJSPapplicationsandexecutearbitrarycodewithSYSTEMprivileges. CVE-2026-GL-iNetGL-AR300M16v4.3.11wasdiscoveredtocontainacommandinjectionvulnerabilityviathesetconfigfunction.This 9.826793vulnerabilityallowsattackerstoexecutearbitrarycommandsviaacraftedinput. CVE-2025-StackbufferoverflowvulnerabilityinD-LinkDIR-513v1.10viathecurTimeparametertogoform/formSetWizardSelectMode. 9.8 MoreDetails70245 FreeRDPisafreeimplementationoftheRemoteDesktopProtocol.Priorto3.24.0,thegdisurfacebits()functionprocesses SURFACEBITSCOMMANDmessagessentbytheRDPserver.WhenthecommandishandledusingNSCodec,thebmp.width andbmp.heightvaluesprovidedbytheserverarenotproperlyvalidatedagainsttheactualdesktopdimensions.AmaliciousCVE-2026-RDPservercansupplycraftedbmp.widthandbmp.heightvaluesthatexceedtheexpectedsurfacesize.Becausethesevalues31806areusedduringbitmapdecodingandmemoryoperationswithoutproperboundschecking,thiscanleadtoaheapbuffer overflow.Sincetheattackercanalsocontroltheassociatedpixeldatatransmittedbytheserver,theoverflowmaybe exploitabletooverwriteadjacentheapmemory.Thisvulnerabilityisfixedin3.24.0. LocutusbringsstdlibsofotherprogramminglanguagestoJavaScriptforeducationalpurposes.Priorto3.0.14,the CVE-2026-createfunction(args,code)functionpassesbothparametersdirectlytotheFunctionconstructorwithoutanysanitization, 32304allowingarbitrarycodeexecution.ThisisdistinctfromCVE-2026-29091whichwascalluserfuncarrayusingeval()inv2.x. ThisfindingaffectscreatefunctionusingnewFunction()inv3.x.Thisvulnerabilityisfixedin3.0.14. CVE-2026-telnetdinGNUinetutilsthrough2.7allowsanout-of-boundswriteintheLINEMODESLC(SetLocalCharacters)suboption 32746handlerbecauseaddslcdoesnotcheckwhetherthebufferisfull. GL-iNetGL-AR300M16v4.3.11wasdiscoveredtocontainmultiplecommandinjectionvulnerabilitiesinthesetupgradefunctionCVE-2026-viathemodemurl,targetversion,currentversion,firmwareupload,hashtype,hashvalue,andupgradetypeparameters.26792Thesevulnerabilitiesallowattackerstoexecutearbitrarycommandsviaacraftedinput. ThePixforWooCommercepluginforWordPressisvulnerabletoarbitraryfileuploadsduetomissingcapabilitycheckand CVE-2026-missingfiletypevalidationinthe'lknpixforwoocommercec6savesettings'functioninallversionsupto,andincluding, 38911.5.0.Thismakesitpossibleforunauthenticatedattackerstouploadarbitraryfilesontheaffectedsite'sserverwhichmay makeremotecodeexecutionpossible. ZKTecoZKTime.Net3.0.1.6containsaninsecurefilepermissionsvulnerabilitythatallowsunprivilegeduserstoescalateCVE-2016-privilegesbymodifyingexecutablefiles.Attackerscanexploitworld-writablepermissionsontheZKTimeNet3.0directoryandits20024contentstoreplaceexecutablefileswithmaliciousbinariesforprivilegeescalation. Avulnerabilityhasbeenidentifiedintheweb-basedmanagementinterfaceofAOS-CXswitchesthatcouldpotentiallyallowanCVE-2026-unauthenticatedremoteactortocircumventexistingauthenticationcontrols.Insomecasesthiscouldenableresettingthe23813adminpassword. ZKTecoZKBioSecurity3.0containsauserenumerationvulnerabilitythatallowsunauthenticatedattackerstodiscovervalidCVE-2016-usernamesbysubmittingpartialcharactersviatheusernameparameter.Attackerscansendrequeststothe20030authLoginAction!login.doscriptwithvaryingusernameinputstoenumeratevaliduseraccountsbasedonapplicationresponses. CVE-2026-GL-iNetGL-AR300M16v4.3.11wasdiscoveredtocontainacommandinjectionvulnerabilityviathestringportparameterinthe 26791enableechoserverfunction.Thisvulnerabilityallowsattackerstoexecutearbitrarycommandsviaacraftedinput. CVE-2026-GCB/FCBAuditSoftwaredevelopedbyDrangSofthasaMissingAuthenticationvulnerability,allowingunauthenticatedremote 4312attackerstodirectlyaccesscertainAPIstocreateanewadministrativeaccount. CVE-2025-Acommandinjectionvulnerabilityintheminimalwrapper.pycomponentofkubectl-mcp-serverv1.2.0allowsattackersto 69902executearbitrarycommandsviainjectingarbitraryshellmetacharacters. CraftCMSisacontentmanagementsystem(CMS).Fromversion4.0.0-RC1tobeforeversion4.17.6andfromversion5.0.0-RC1 CVE-2026-tobeforeversion5.9.12,alow-privilegeuser(oranunauthenticateduserwhohasbeensentasharedURL)canescalatetheir 32267privilegestoadminbyabusingUsersController->actionImpersonateWithToken.Thisissuehasbeenpatchedinversions4.17.6 and5.9.12.

ChamiloLMSisalearningmanagementsystem.Priortoversion1.11.34,thereisanunauthenticatedSQLinjectionvulnerability whichallowsremoteattackerstoexecutearbitrarySQLcommandsviathecustomdatesparameter.BychainingthiswithaCVE-2026- predictablelegacypasswordresetmechanism,anattackercanachievefulladministrativeaccounttakeoverwithoutanyprior 9.828430 credentials.Thevulnerabilityalsoexposestheentiredatabase,includingPIIandsystemconfigurations.Thisissuehasbeen patchedinversion1.11.34. CVE-2025-Awrite-what-whereconditioninp2r3Bareironcommit8e4d40allowsunauthenticatedattackerstowritearbitraryvaluesto 69809memory,enablingarbitrarycodeexecutionviaacraftedpacket. AweaknesshasbeenidentifiedinTendaAC8upto16.03.50.11.ThisvulnerabilityaffectsthefunctiondoSystemCmdofthefile CVE-2026-/goform/SysToolChangePwdofthecomponentHTTPEndpoint.Thismanipulationoftheargumentlocal2ccausesstack-based 4254bufferoverflow.Theattackcanbeinitiatedremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedfor attacks. AvulnerabilitywasidentifiedinTendaAC816.03.50.11.Affectedbythisissueisthefunctioncheckisipv6ofthecomponentCVE-2026-IPv6Handler.Themanipulationleadstorelianceonipaddressforauthentication.Itispossibletoinitiatetheattackremotely.4252Theexploitispubliclyavailableandmightbeused. Boolean-BasedSQLInjectionisatypeofblindSQLinjectionwhereanattackermanipulatesSQLqueriesbyinjectingBoolean CVE-2025-conditions(TRUEorFALSE)intoapplicationinputfields.Insteadofreturningdatabaseerrorsorvisibledata,theapplication 62319respondsdifferentlydependingonwhethertheinjectedconditionevaluatestotrueorfalse.Thisallowsanattackertoinject arbitrarySQLintobackendconfigurationqueriesexecutedwithintheapplication. AvulnerabilitywasdetectedinD-LinkDIR-8161.10CNB05.Affectedbythisvulnerabilityisanunknownfunctionalityofthefile CVE-2026-/goform/form2Wl5BasicSetup.cgiofthecomponentgoahead.PerformingamanipulationoftheargumentpskValueresultsin 4184stack-basedbufferoverflow.Theattackispossibletobecarriedoutremotely.Theexploitisnowpublicandmaybeused.This vulnerabilityonlyaffectsproductsthatarenolongersupportedbythemaintainer. AsecurityvulnerabilityhasbeendetectedinD-LinkDIR-8161.10CNB05.Affectedisanunknownfunctionofthefile CVE-2026-/goform/form2WlanBasicSetup.cgiofthecomponentgoahead.SuchmanipulationoftheargumentpskValueleadstostack- 4183basedbufferoverflow.Theattackcanbeexecutedremotely.Theexploithasbeendisclosedpubliclyandmaybeused.This vulnerabilityonlyaffectsproductsthatarenolongersupportedbythemaintainer. AweaknesshasbeenidentifiedinD-LinkDIR-8161.10CNB05.Thisimpactsanunknownfunctionofthefile /goform/form2Wl5RepeaterStep2.cgiofthecomponentgoahead.ThismanipulationoftheargumentCVE-2026-key1/key2/key3/key4/pskValuecausesstack-basedbufferoverflow.Remoteexploitationoftheattackispossible.Theexploit4182hasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thisvulnerabilityonlyaffectsproductsthatarenolonger supportedbythemaintainer. AsecurityflawhasbeendiscoveredinD-LinkDIR-8161.10CNB05.Thisaffectsanunknownfunctionofthefile CVE-2026-/goform/form2RepeaterStep2.cgiofthecomponentgoahead.Themanipulationoftheargumentkey1/key2/key3/key4/pskValue 4181resultsinstack-basedbufferoverflow.Theattackmaybelaunchedremotely.Theexploithasbeenreleasedtothepublicand maybeusedforattacks.Thisvulnerabilityonlyaffectsproductsthatarenolongersupportedbythemaintainer. AweaknesshasbeenidentifiedinTopsecTopACM3.0.Affectedbythisvulnerabilityisanunknownfunctionalityofthefile /view/systemConfig/management/nmcsync.phpofthecomponentHTTPRequestHandler.ExecutingamanipulationoftheCVE-2026-argumenttemplatepathcanleadtooscommandinjection.Theattackcanbeexecutedremotely.Theexploithasbeenmade4170availabletothepublicandcouldbeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespond inanyway. AflawhasbeenfoundinWavlinkWL-WN578W2221110.ImpactedisthefunctionDeleteMaclist/SetName/GuestWifiofthefile CVE-2026-/cgi-bin/wireless.cgiofthecomponentPOSTRequestHandler.Executingamanipulationcanleadtocommandinjection.Itis 4164possibletolaunchtheattackremotely.Theexploithasbeenpublishedandmaybeused.Itisrecommendedtoupgradethe affectedcomponent. AvulnerabilitywasdetectedinWavlinkWL-WN579A3220323.ThisissueaffectsthefunctionSetName/GuestWifiofthefile/cgi-CVE-2026-bin/wireless.cgiofthecomponentPOSTRequestHandler.Performingamanipulationresultsincommandinjection.Itispossible4163toinitiatetheattackremotely.Theexploitisnowpublicandmaybeused.Upgradingtheaffectedcomponentisrecommended. CVE-2025-RaythaCMSdoesnothaveanybruteforceprotectionmechanismimplemented.Itallowsanattackertosendmultiple 69246automatedlogonrequestswithouttriggeringlockout,throttling,orstep-upchallenges.Thisissuewasfixedinversion1.4.6. TelesquareSKTLTERouterSDT-CS3B1version1.2.0containsanarbitraryfileuploadvulnerabilitythatallowsunauthenticated CVE-2017-attackerstouploadmaliciouscontentbyexploitingenabledWebDAVHTTPmethods.AttackerscanusePUT,DELETE,MKCOL, 20224MOVE,COPY,andPROPPATCHmethodstouploadexecutablecode,deletefiles,ormanipulateservercontentforremotecode executionordenialofservice. TelesquareSKTLTERouterSDT-CS3B1firmwareversion1.2.0containsaninsecuredirectobjectreferencevulnerabilitythat CVE-2017-allowsattackerstobypassauthorizationandaccessresourcesbymanipulatinguser-suppliedinputparameters.Attackerscan 20223directlyreferenceobjectsinthesystemtoretrievesensitiveinformationandaccessfunctionalitieswithoutproperaccess controls. CVE-2026-GL-iNetGL-AR300M16v4.3.11wasdiscoveredtocontainacommandinjectionvulnerabilityviathemoduleparameterinthe 26795M.getsystemlogfunction.Thisvulnerabilityallowsattackerstoexecutearbitrarycommandsviaacraftedinput. VulnerabilityintheOracleEdgeCloudInfrastructureDesignerandVisualisationToolkitproductofOracleOpenSourceProjects (component:Desktop).Thesupportedversionthatisaffectedis0.3.0.Easilyexploitablevulnerabilityallowsunauthenticated CVE-2026-attackerwithnetworkaccessviaHTTPtocompromiseOracleEdgeCloudInfrastructureDesignerandVisualisationToolkit. 21994SuccessfulattacksofthisvulnerabilitycanresultintakeoverofOracleEdgeCloudInfrastructureDesignerandVisualisation Toolkit.CVSS3.1BaseScore9.8(Confidentiality,IntegrityandAvailabilityimpacts).CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.ASQLinjection vulnerabilityexistsinthePostgreSQLstorageadapterwhenprocessingIncrementoperationsonnestedobjectfieldsusingdot CVE-2026-notation(e.g.,stats.counter).TheamountvalueisinterpolateddirectlyintotheSQLquerywithoutparameterizationortype 31856validation.AnattackerwhocansendwriterequeststotheParseServerRESTAPIcaninjectarbitrarySQLsubqueriestoread anydatafromthedatabase,bypassingCLPsandACLs.MongoDBdeploymentsarenotaffected.Thisvulnerabilityisfixedin

9.6.0-alpha.3and8.6.29. EprossAVCON6systemsmanagementplatformcontainsanobject-graphnavigationlanguage(OGNL)injectionvulnerability CVE-2018-thatallowsunauthenticatedattackerstoexecutearbitrarycommandsbyinjectingmaliciousOGNLexpressions.Attackerscan 25159sendcraftedrequeststothelogin.actionendpointwithOGNLpayloadsintheredirectparametertoinstantiateProcessBuilder objectsandexecutesystemcommandswithrootprivileges. ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.2 and8.6.28,anattackercanuseadot-notationfieldnameincombinationwiththesortqueryparametertoinjectSQLintotheCVE-2026-PostgreSQLdatabasethroughanimproperescapingofsub-fieldvaluesindot-notationqueries.Thevulnerabilitymayalsoaffect31840queriesthatusedot-notationfieldnameswiththedistinctandwherequeryparameters.Thisvulnerabilityonlyaffects deploymentsusingaPostgreSQLdatabase.Thisvulnerabilityisfixedin9.6.0-alpha.2and8.6.28. NetGainEMPlus10.1.68containsaremotecodeexecutionvulnerabilitythatallowsunauthenticatedattackerstoexecuteCVE-2019-arbitrarysystemcommandsbysubmittingmaliciousparameterstothescripttest.jspendpoint.AttackerscansendPOST25468requestswithshellcommandsembeddedinthe'content'parametertoexecutecodeandretrievecommandoutput. FileThingie2.5.7containsanarbitraryfileuploadvulnerabilitythatallowsattackerstouploadmaliciousfilesbysendingZIPCVE-2019-archivesthroughtheft2.phpendpoint.AttackerscanuploadZIPfilescontainingPHPshells,usetheunzipfunctionalityto25471extractthemintoaccessibledirectories,andexecutearbitrarycommandsthroughtheextractedPHPfiles. SAPIDORB-1732V2.0.43containsaremotecommandexecutionvulnerabilitythatallowsunauthenticatedattackerstoexecuteCVE-2019-arbitrarysystemcommandsbysubmittingmaliciousinputtotheformSysCmdendpoint.AttackerscansendPOSTrequestswith25487thesysCmdparametercontainingshellcommandstoexecutecodeonthedevicewithrouterprivileges. TaskosaurisanopensourceprojectmanagementplatformwithconversationalAIfortaskexecutionin-app.In1.0.0,the applicationdoesnotproperlyvalidateorrestricttheroleparameterduringtheuserregistrationprocess.Anattackercan CVE-2026-manuallymodifytherequestpayloadandassignthemselveselevatedprivileges.Becausethebackenddoesnotenforcerole 31874assignmentrestrictionsorignoreclient-suppliedroleparameters,theserveracceptsthemanipulatedvalueandcreatesthe accountwithSUPERADMINprivileges.Thisallowsanyunauthenticatedattackertoregisterafullyprivilegedadministrative account. Frappeisafull-stackwebapplicationframework.Priorto15.84.0and14.99.0,aspeciallycraftedrequestmadetoacertainCVE-2026-endpointcouldresultinSQLinjection,allowinganattackertoextractinformationtheywouldn'totherwisebeableto.This31877vulnerabilityisfixedin15.84.0and14.99.0. CVE-2025-AnissueinLantronixEDS3000PSv.3.1.0.0R2allowsanattackertoexecutearbitrarycodeandobtainsensitiveinformationvia 70082theltrxevocomponent WeGIAisawebmanagerforcharitableinstitutions.Priortoversion3.6.6,acriticalSQLinjectionvulnerabilityexistsinthe WeGIAapplication.Theremoverprodutoocultar.phpscriptusesextract($REQUEST)topopulatelocalvariablesandthenCVE-2026-directlyconcatenatesthesevariablesintoaSQLqueryexecutedviaPDO::query.Thisallowsanauthenticated(orauth-31896bypassed)attackertoexecutearbitrarySQLcommands.Thiscanbeusedtoexfiltratesensitivedatafromthedatabaseor,as demonstratedinthisPoC,causeatime-baseddelay(denialofservice).Thisvulnerabilityisfixedin3.6.6. BlackistheuncompromisingPythoncodeformatter.BlackprovidesaGitHubactionforformattingcode.Thisactionsupportsan option,use_pyproject:true,forreadingtheversionofBlacktousefromtherepositorypyproject.toml.AmaliciouspullrequestCVE-2026-couldeditpyproject.tomltouseadirectURLreferencetoamaliciousrepository.Thiscouldleadtoarbitrarycodeexecutionin31900thecontextoftheGitHubAction.Attackerscouldthengainaccesstosecretsorpermissionsavailableinthecontextofthe action.Version26.3.0fixesthisvulnerability. xygeni-actionistheGitHubActionforXygeniScanner.OnMarch3,2026,anattackerwithaccesstocompromisedcredentials createdaseriesofpullrequests(#46,#47,#48)injectingobfuscatedshellcodeintoaction.yml.ThePRswereblockedby branchprotectionrulesandnevermergedintothemainbranch.However,theattackerusedthecompromisedGitHubApp CVE-2026-credentialstomovethemutablev5tagtopointatthemaliciouscommit(4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12) 31976fromoneoftheunmergedPRs.Thiscommitremainedintherepository'sgitobjectstore,andanyworkflowreferencing@v5 wouldfetchandexecuteit.Thisisasupplychaincompromiseviatagpoisoning.AnyGitHubActionsworkflowreferencing xygeni/xygeni-action@v5duringtheaffectedwindow(approximatelyMarch3–10,2026)executedaC2implantthatgrantedthe attackerarbitrarycommandexecutionontheCIrunnerforupto180secondsperworkflowrun. AnissuewasdiscoveredinLantronixEDS3000PS3.1.0.0R2.ThehostparameteroftheTFTPclientintheFilesystemBrowserCVE-2025-pageisnotproperlysanitized.Thiscanbeexploitedtoescapefromtheoriginalcommandandexecuteanarbitraryonewith67041rootprivileges. AnissuewasdiscoveredinLantronixEDS50002.1.0.0R3.TheHTTPRPCmoduleexecutesashellcommandtowritelogswhenCVE-2025-user'sauthanticationfails.Theusernameisdirectlyconcatenatedwiththecommandwithoutanysanitization.Thisallow67038attackerstoinjectarbitraryOScommandsintotheusernameparameter.Injectedcommandsareexecutedwithrootprivileges. CVE-2025-AnissuepertainingtoCWE-89:ImproperNeutralizationofSpecialElementsusedinanSQLCommandwasdiscoveredin 70024benkeengeneratedata4.0.14. AnissuewasdiscoveredinLantronixEDS50002.1.0.0R3.TheSSHClientandSSHServerpagesareaffectedbymultipleOSCVE-2025-injectionvulnerabilitiesduetomissingsanitizationofinputparameters.Anattackercaninjectarbitrarycommandsindelete67035actionsofvariousobjects,suchasserverkeys,users,andknownhosts.Commandsareexecutedwithrootprivileges. CVE-2026-Aremotecodeexecution(RCE)vulnerabilityinOpenClawAgentPlatformv2026.2.6allowsattackerstoexecutearbitrarycode 9.830741viaaRequest-Sidepromptinjectionattack. CVE-2025-AnissuepertainingtoCWE-259:UseofHard-codedPasswordwasdiscoveredinoslabs-betaThermaKubemaster. 9.8 MoreDetails70041 ArgoWorkflowsisanopensourcecontainer-nativeworkflowenginefororchestratingparalleljobsonKubernetes.Priorto4.0.2 CVE-2026-and3.7.11,WorkflowtemplatesendpointsallowanyclienttoretrieveWorkflowTemplates(andClusterWorkflowTemplates).Any 28229requestwithaAuthorization:Bearernothingtokencanleaksensitivetemplatecontent,includingembeddedSecretmanifests. Thisvulnerabilityisfixedin4.0.2and3.7.11. AdGuardHomeisanetwork-widesoftwareforblockingadsandtracking.Priorto0.107.73,anunauthenticatedremoteattacker canbypassallauthenticationinAdGuardHomebysendinganHTTP/1.1requestthatrequestsanupgradetoHTTP/2cleartextCVE-2026-

(h2c).Oncetheupgradeisaccepted,theresultingHTTP/2connectionishandledbytheinnermux,whichhasnoauthentication32136 middlewareattached.AllsubsequentHTTP/2requestsonthatconnectionareprocessedasfullyauthenticated,regardlessof whetheranycredentialswereprovided.Thisvulnerabilityisfixedin0.107.73. CVE-2026-IFTOPdevelopedbyWellChoosehasaLocalFileInclusionvulnerability,allowingunauthenticatedremoteattackerstoexecute arbitrarycodeontheserver. Auseofhard-codedpasswordvulnerabilityhasbeenreportedtoaffectHyperDataProtector.TheremoteattackerscanthenCVE-2025-exploitthevulnerabilitytogainunauthorizedaccess.Wehavealreadyfixedthevulnerabilityinthefollowingversion:Hyper59388DataProtector2.3.1.455andlater CVE-2026-SGLang'smultimodalgenerationmoduleisvulnerabletounauthenticatedremotecodeexecutionthroughtheZMQbroker, 3059whichdeserializesuntrusteddatausingpickle.loads()withoutauthentication. CVE-2026-SGLang'encoderparalleldisaggregationsystemisvulnerabletounauthenticatedremotecodeexecutionthroughthe 3060disaggregationmodule,whichdeserializesuntrusteddatausingpickle.loads()withoutauthentication. TheDatalogicsEcommerceDeliveryWordPresspluginbefore2.6.60exposesanunauthenticatedRESTendpointthatallowsany CVE-2026-remoteusertomodifytheoptiondatalogics_tokenwithoutverification.Thistokenissubsequentlyusedforauthenticationina 2631protectedendpointthatallowsuserstoperformarbitraryWordPressupdate_option()operations.Attackerscanusethisto enableregistartionandtosetthedefaultroleasAdministrator. ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.5 and8.6.31,aSQLinjectionvulnerabilityexistsinthePostgreSQLstorageadapterwhenprocessingIncrementoperationson CVE-2026-nestedobjectfieldsusingdotnotation(e.g.,stats.counter).Thesub-keynameisinterpolateddirectlyintoSQLstringliterals 31871withoutescaping.AnattackerwhocansendwriterequeststotheParseServerRESTAPIcaninjectarbitrarySQLviaacrafted sub-keynamecontainingsinglequotes,potentiallyexecutingcommandsorreadingdatafromthedatabase,bypassingCLPs andACLs.OnlyPostgresdeploymentsareaffected.Thisvulnerabilityisfixedin9.6.0-alpha.5and8.6.31. CVE-2026-ExternalControlofFileNameorPathintheMailfeatureofZoomWorkplaceforWindowsbefore6.6.0mayallowan 9.6 MoreDetails30903unauthenticatedusertoconductanescalationofprivilegevianetworkaccess. Tinaisaheadlesscontentmanagementsystem.Priorto2.1.8,theTinaCMSCLIdevservercombinesapermissiveCORS configuration(Access-Control-Allow-Origin:*)withthepathtraversalvulnerability(previouslyreported)toenableabrowser-CVE-2026-baseddrive-byattack.Aremoteattackercanenumeratethefilesystem,writearbitraryfiles,anddeletearbitraryfileson 9.6 MoreDetails28792developer'smachinesbysimplytrickingthemintovisitingamaliciouswebsitewhiletinacmsdevisrunning.Thisvulnerabilityis fixedin2.1.8. AnythingLLMisanapplicationthatturnspiecesofcontentintocontextthatanyLLMcanuseasreferencesduringchatting.In 1.11.1andearlier,AnythingLLMDesktopcontainsaStreamingPhaseXSSvulnerabilityinthechatrenderingpipelinethat escalatestoRemoteCodeExecutiononthehostOSduetoinsecureElectronconfiguration.ThisworkswithdefaultsettingsandCVE-2026-requiresnouserinteractionbeyondnormalchatusage.Thecustommarkdown-itimagerendererin 9.6 MoreDetails32626frontend/src/utils/chat/markdown.jsinterpolatestoken.contentdirectlyintothealtattributewithoutHTMLentityescaping.The PromptReplycomponentrendersthisoutputviadangerouslySetInnerHTMLwithoutDOMPurifysanitization—unlike HistoricalMessagewhichcorrectlyappliesDOMPurify.sanitize(). CVE-2026-OutofboundsreadinWebSpeechinGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyperforma 9.6 MoreDetails3916sandboxescapeviaacraftedHTMLpage.(Chromiumsecurityseverity:High) Plunkisanopen-sourceemailplatformbuiltontopofAWSSES.Priorto0.7.0,aServer-SideRequestForgery(SSRF) CVE-2026-vulnerabilityexistedintheSNSwebhookhandler.Anunauthenticatedattackercouldsendacraftedrequestthatcausedthe 9.3 MoreDetails32096servertomakeanarbitraryoutboundHTTPGETrequesttoanyhostaccessiblefromtheserver.Thisvulnerabilityisfixedin 0.7.0. Centrifugoisanopen-sourcescalablereal-timemessagingserver.Priorto6.7.0,CentrifugoisvulnerabletoServer-SideRequest Forgery(SSRF)whenconfiguredwithadynamicJWKSendpointURLusingtemplatevariables(e.g.{{tenant}}).AnCVE-2026-unauthenticatedattackercancraftaJWTwithamaliciousissoraudclaimvaluethatgetsinterpolatedintotheJWKSfetchURL 9.3 MoreDetails32301beforethetokensignatureisverified,causingCentrifugotomakeanoutboundHTTPrequesttoanattacker-controlled destination.Thisvulnerabilityisfixedin6.7.0. CVE-2026-AvulnerabilityallowinganauthenticateduserwiththeBackupAdministratorroletoperformremotecodeexecution(RCE)in 9.1 MoreDetails21671highavailability(HA)deploymentsofVeeamBackup&Replication. CVE-2026-TheAngeetES3KVMdoesnotproperlysanitizeuser-suppliedvariablesparsedbythe'cfg.lua'script,allowinganauthenticated 9.1 MoreDetails32298attackertoexecuteOS-levelcommands. Wazuhisafreeandopensourceplatformusedforthreatprevention,detection,andresponse.Startinginversion3.9.0and priortoversion4.14.3,aprivilegeescalationvulnerabilityexistsintheWazuhManager'sclustersynchronizationprotocol.The wazuh-clusterdserviceallowsauthenticatednodestowritearbitraryfilestothemanager’sfilesystemwiththepermissionsof CVE-2026-thewazuhsystemuser.Duetoinsecuredefaultpermissions,thewazuhuserhaswriteaccesstothemanager'smain 9.1 MoreDetails25770configurationfile(/var/ossec/etc/ossec.conf).Byleveragingtheclusterprotocoltooverwriteossec.conf,anattackercan injectamaliciouscommandblock.Thewazuh-logcollectorservice,whichrunsasroot,parsesthisconfiguration andexecutestheinjectedcommand.ThischainallowsanattackerwithclustercredentialstogainfullRootRemoteCode Execution,violatingtheprincipleofleastprivilegeandbypassingtheintendedsecuritymodel.Version4.14.3fixestheissue. Wazuhisafreeandopensourceplatformusedforthreatprevention,detection,andresponse.Versions4.0.0through4.14.2 haveaRemoteCodeExecution(RCE)vulnerabilityduetoDeserializationofUntrustedData).AllWazuhdeploymentsusingCVE-2026-clustermode(master/workerarchitecture)andanyorganizationwithacompromisedworkernode(e.g.,throughinitialaccess, 9.1 MoreDetails25769insiderthreat,orsupplychainattack)areimpacted.Anattackerwhogainsaccesstoaworkernode(throughanymeans)can achievefullRCEonthemasternodewithrootprivileges.Version4.14.3fixestheissue. ###ImpactSpinnakerupdatedURLValidationlogiconuserinputtoprovidesanitationonuserinputtedURLsforclouddriver. However,theymissedthatJavaURLobjectsdonotcorrectlyhandleunderscoresonparsing.Thisledtoabypassofthe CVE-2026-previousCVE(CVE-2025-61916)throughtheuseofcarefullycraftedURLs.Note,SpinnakerfoundthisnotjustinthatCVE,but 9.1 MoreDetails25534intheexistingURLvalidationsinOrcafromUrlexpressionhandling.ThisCVEimpactsBOTHartifactsasaresult.###Patches Thishasbeenmergedandwillbeavailableinversions2025.4.1,2025.3.1,2025.2.4and2026.0.0.###WorkaroundsYoucan disablethevariousartifactsonthissystemtoworkaroundtheselimits.

YAML::Syckversionsthrough1.36forPerlhasseveralpotentialsecurityvulnerabilitiesincludingahigh-severityheapbuffer CVE-2026-overflowintheYAMLemitter.Theheapoverflowoccurswhenclassnamesexceedtheinitial512-byteallocation.Thebase64 9.1 MoreDetailsdecodercouldreadpastthebufferendontrailingnewlines.strtokmutatedn->typeidinplace,corruptingsharednodedata.A memoryleakoccurredinsyckhdlraddanchorwhenanodealreadyhadananchor.Theincominganchorstring'a'wasleaked onearlyreturn. HMSNetworksEwonFlexywithfirmwarebefore15.0s4,Cosy+withfirmware22.xxbefore22.1s6,andCosy+withfirmwareCVE-2026-23.xxbefore23.0s3haveweakentropyforauthenticationcookies,allowinganattackerwithastolensessioncookietofindthe 9.1 MoreDetails25818userpasswordbybrute-forcinganencryptionparameter. CloudCLI(akaClaudeCodeUI)isadesktopandmobileUIforClaudeCode,CursorCLI,Codex,andGemini-CLI.Priorto1.24.0,CVE-2026-multipleGit-relatedAPIendpointsuseexecAsync()withstringinterpolationofuser-controlledparameters(file,branch, 9.1 MoreDetails31862message,commit),allowingauthenticatedattackerstoexecutearbitraryOScommands.Thisvulnerabilityisfixedin1.24.0. Daguisaworkflowenginewithabuilt-inWebuserinterface.Priorto2.2.4,thedagRunIdrequestfieldacceptedbytheinline DAGexecutionendpointsispasseddirectlyintofilepath.Jointoconstructatemporarydirectorypathwithoutanyformat validation.Go'sfilepath.Joinresolves..segmentslexically,soacallercansupplyavaluesuchas".."toredirectthecomputed directoryoutsidetheintended/tmp/ / path.Adeferredcleanupfunctionthatcallsos.RemoveAllonthatdirectoryCVE-2026-thenrunsunconditionallywhentheHTTPhandlerreturns,deletingwhateverdirectorythetraversalresolvedto.WithdagRunId 9.1 MoreDetails31886setto"..",theresolveddirectoryisthesystemtemporarydirectory(/tmponLinux).Onnon-rootdeployments, os.RemoveAll("/tmp")removesallfilesin/tmpownedbythedaguprocessuser,disruptingeveryconcurrentdagurunthathas livetempfiles.OnrootorDockerdeployments,thecallremovestheentirecontentsof/tmp,causingasystem-widedenialof service.Thisvulnerabilityisfixedin2.2.4. CVE-2025-Anout-of-boundsmemoryaccess(OOB)inp2r3Bareironcommit8e4d40allowsunauthenticatedattackerstoaccesssensitive 9.1 MoreDetails69808informationandcauseaDenialofService(DoS)viasupplyingacraftedpacket. AuthlibisaPythonlibrarywhichbuildsOAuthandOpenIDConnectservers.Priortoversion1.6.9,aJWKHeaderInjection vulnerabilityinauthlib'sJWSimplementationallowsanunauthenticatedattackertoforgearbitraryJWTtokensthatpass CVE-2026-signatureverification.Whenkey=NoneispassedtoanyJWSdeserializationfunction,thelibraryextractsandusesthe 9.1 MoreDetails27962cryptographickeyembeddedintheattacker-controlledJWTjwkheaderfield.Anattackercansignatokenwiththeirown privatekey,embedthematchingpublickeyintheheader,andhavetheserveraccepttheforgedtokenascryptographically valid—bypassingauthenticationandauthorizationentirely.Thisissuehasbeenpatchedinversion1.6.9. CVE-2026-FieldsisaGLPIpluginthatallowsuserstoaddcustomfieldsonGLPIitemsforms.Priortoversion1.23.3,itispossibleto 9.1 MoreDetails23489executearbitraryPHPcodefromusersthatareallowedtocreatedropdowns.Thisissuehasbeenpatchedinversion1.23.3. CVE-2025-AnissuewasdiscoveredinLantronixEDS3000PS3.1.0.0R2.Theauthenticationonmanagementpagescanbebypassedby 9.1 MoreDetails67039appendingaspecificsuffixtotheURLandbysendinganAuthorizationheaderthatuses"admin"astheusername. CVE-2026-ImproperControlofGenerationofCode('CodeInjection')vulnerabilityinYannickLefebvreModalDialogmodal-dialogallows 9.1 MoreDetails32367RemoteCodeInclusion.ThisissueaffectsModalDialog:fromn/athrough<=3.5.16. UnityCatalogisanopen,multi-modalCatalogfordataandAI.In0.4.0andearlier,acriticalauthenticationbypassvulnerability CVE-2026-existsintheUnityCatalogtokenexchangeendpoint(/api/1.0/unity-control/auth/tokens).Theendpointextractstheissuer(iss) 9.1 MoreDetails27478claimfromincomingJWTsandusesittodynamicallyfetchtheJWKSendpointforsignaturevalidationwithoutvalidatingthatthe issuerisatrustedidentityprovider. 2FAuthisawebapptomanageTwo-FactorAuthentication(2FA)accountsandgeneratetheirsecuritycodes.Priorto6.1.0,a blindSSRFvulnerabilityexistsin2FAuththatallowsauthenticateduserstomakearbitraryHTTPrequestsfromtheservertoCVE-2026-internalnetworksandcloudmetadataendpoints.TheimageparameterinOTPURLisnotproperlyvalidatedforinternal/ 9.1 MoreDetails32133privateIPaddressesbeforemakingHTTPrequests.Whilethepreviousfixaddedresponsevalidationtoensureonlyvalidimages arestoredbutHTTPrequestisstillmadetoarbitraryURLsbeforethisvalidationoccurs.Thisvulnerabilityisfixedin6.1.0. netbox-dockerbefore2.5.0hasasuperuseraccountwithdefaultcredentials(adminpasswordfortheadminaccount,and 0123456789abcdef0123456789abcdef01234567valueforSUPERUSERAPITOKEN).InpracticeonthepublicInternet,almost alluserschangedthepasswordbutonlyabout90%changedthetoken.HavingadefaulttokenvaluewasintentionalandwasCVE-2023-valuableforthemainintendedusecaseofthenetbox-dockerproduct(isolateddevelopmentnetworks).Someusersengagedin 9.0 MoreDetails27573anefforttorepurposenetbox-dockerforproduction.Thedocumentationforthiseffortstatedthatthedefaultsmustnotbe used.However,installationdidnotensurenon-defaultvalues.TheSupplierwasawareoftheCVEIDassignmentanddidnot objecttotheassignment. CVE-2026-AconditioninScreenConnectmayallowanactorwithaccesstoserver-levelcryptographicmaterialusedforauthenticationto 9.0 MoreDetails3564obtainunauthorizedaccess,includingelevatedprivileges,incertainscenarios.

OTHERVULNERABILITIES

CVE Number

CVE- Shopwareisanopencommerceplatform.Priorto6.6.10.15and6.7.8.1,avulnerabilityintheShopwareappregistrationflowthatcould,underspecificconditions,allowattackerstotakeoverthecommunicationchannelbetweenashopandanapp.ThelegacyappregistrationflowusedHMAC‑basedauthenticationwithoutsufficientlybindingashopinstallationtoitsoriginaldomain.Duringre‑registration,theshop-urlcouldbeupdatedwithoutprovingcontroloverthepreviouslyregisteredshopordomain.Thismadetargetedhijackingofappcommunicationfeasibleifan2026- attackerpossessedtherelevantapp‑sidesecret.Byabusingappre‑registration,anattackercouldredirectapptraffictoanattacker‑controlleddomainandpotentiallyobtainAPIcredentialsintendedforthelegitimateshop.Thisvulnerabilityisfixedin6.6.10.15and6.7.8.1.31889 CVE- 2026- HimmelblauisaninteroperabilitysuiteforMicrosoftAzureEntraIDandIntune.Priorto3.1.0and2.3.8,thehimmelblaud-tasksdaemon,runningasroot,writesKerberoscachefilesunder/tmp/krb5cc_ withoutsymlinkprotections.Sincecommit87a51ee,PrivateTmpisexplicitlyremovedfromthetasksdaemon'ssystemdhardening,exposingittothehost/tmp.Alocalusercanexploitthisviasymlinkattackstochownoroverwritearbitraryfiles,achievinglocalprivilegeescalation.Thisvulnerabilityisfixedin3.1.0and2.3.8. 31979 CVE- 2026- AsecurityvulnerabilityhasbeendetectedinLB-LINKBL-WR90002.4.9.Theimpactedelementisthefunctionsub44D844ofthefile/goform/gethidessid_cfg.Themanipulationleadstobufferoverflow.Itispossibletoinitiatetheattackremotely.Theexploithasbeendisclosedpubliclyandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4227 CVE- arduino-TuyaOpenbeforeversion1.2.1containsaheap-basedbufferoverflowvulnerabilityintheDnsServercomponent.AnattackeronthesamelocalareanetworkwhocontrolstheLANDNSservercansendmaliciousDNSresponsestooverflowtheheapbuffer,potentiallyallowingexecutionofarbitrarycodeonaffectedembeddeddevices. 28519 CVE-

AweaknesshasbeenidentifiedinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.AffectedbythisissueisthefunctionLocalBackupInfoofthefile/cgi-bin/localbackupmgr.cgi.Thismanipulationoftheargumentf_idxcausesstack-basedbufferoverflow.Theattackcanbeinitiatedremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedfor attacks.

CVE- GL-iNetGL-AR300M16v4.3.11wasdiscoveredtocontainaSQLinjectionvulnerabilityviatheaddgroup()function.ThisvulnerabilityallowsattackerstoexecutearbitrarySQLdatabaseoperationsviaacraftedHTTPrequest. 26794 CVE- 2026- AsecurityvulnerabilityhasbeendetectedinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.ThisaffectsthefunctionDownloadsScheduleInfoofthefile/cgi-bin/downloadmgr.cgi.Suchmanipulationleadstostack-basedbufferoverflow.Theattackcanbelaunchedremotely.Theexploithasbeendisclosedpubliclyandmaybeused. 4212 CVE- 2026- AvulnerabilitywasdetectedinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Thisvulnerabilityaffectsthefunctioncgimyfavoritedeluser/cgimyfavoriteverifyofthefile/cgi-bin/guimgr.cgi.Performingamanipulationresultsinstack-basedbufferoverflow.Theattackmaybeinitiatedremotely.Theexploitisnowpublicandmaybeused. 4213 CVE- TheExactMetrics–GoogleAnalyticsDashboardforWordPresspluginisvulnerabletoImproperPrivilegeManagementinversions7.1.0through9.0.2.Thisisduetotheupdate_settings()functionacceptingarbitrarypluginsettingnameswithoutawhitelistofallowedsettings.Thismakesitpossibleforauthenticatedattackerswiththeexactmetrics_save_settingscapabilitytomodifyanypluginsetting,includingthesave_settingsoptionthatcontrolswhichuserroleshaveaccesstopluginfunctionality.Theadminintendedtodelegateconfigurationaccesstoatrusted2026- user,notenablethatusertodelegateaccesstoeveryone.Bysettingsave_settingstoincludesubscriber,anattackercangrantpluginadministrativeaccesstoallsubscribersonthesite.1993 CVE- TheExactMetrics–GoogleAnalyticsDashboardforWordPresspluginisvulnerabletoInsecureDirectObjectReferenceinversions8.6.0through9.0.2.Thisisduetothestore_settings()methodintheExactMetrics_Onboardingclassacceptingauser-suppliedtriggered_byparameterthatisusedinsteadofthecurrentuser'sIDtocheckpermissions.Thismakesitpossibleforauthenticatedattackerswiththeexactmetrics_save_settingscapabilitytobypasstheinstall_pluginscapabilitycheckbyspecifyinganadministrator'suserIDinthetriggered_byparameter,2026- allowingthemtoinstallarbitrarypluginsandachieveRemoteCodeExecution.Thisvulnerabilityonlyaffectssitesonwhichadministratorhasgivenotherusertypesthepermissiontoviewreportsandcanonlybeexploitedbyusersofthattype.1992 CVE- 2026- AflawhasbeenfoundinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.ThisissueaffectsthefunctionUPnPAVServerPathSettingofthefile/cgi-bin/appmgr.cgi.Executingamanipulationcanleadtostack-basedbufferoverflow.Theattackmaybelaunchedremotely.Theexploithasbeenpublishedandmaybeused. 4214 CVE- CloudCLI(akaClaudeCodeUI)isadesktopandmobileUIforClaudeCode,CursorCLI,Codex,andGemini-CLI.Priorto1.24.0,The/api/user/git-configendpointconstructsshellcommandsbyinterpolatinguser-suppliedgitNameandgitEmailvaluesintocommandstringspassedtochildprocess.exec().Theinputisplacedwithindoublequotesandonly"isescaped,butbackticks(),$()commandsubstitution,and\sequencesareallinterpretedwithindouble-quotedstringsinbash.ThisallowsauthenticatedattackerstoexecutearbitraryOScommandsviathegit2026- configurationendpoint.Thisvulnerabilityisfixedin1.24.0.31861 CVE- 2026- AvulnerabilityallowinganauthenticateddomainusertobypassrestrictionsandmanipulatearbitraryfilesonaBackupRepository. 21668 CVE- 2026- AweaknesshasbeenidentifiedinLB-LINKBL-WR90002.4.9.Theaffectedelementisthefunctionsub_44E8D0ofthefile/goform/get_virtual_cfg.Executingamanipulationcanleadtostack-basedbufferoverflow.Theattackmaybeperformedfromremote.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4226 CVE- 2026- AnauthenticatedSQLInjectionvulnerability(CWE-89)existsintheKohastaffinterfaceinthe/cgi-bin/koha/suggestion/suggestion.plendpointduetoimpropervalidationofthedisplaybyparameterusedbytheGetDistinctValuesfunctionality.Alow-privilegedstaffusercaninjectarbitrarySQLqueriesviacraftedrequeststothisparameter,allowingexecutionofunintendedSQLstatementsandexposureofsensitivedatabaseinformation.Successfulexploitationmayleadtofullcompromiseofthebackenddatabase,includingdisclosureormodificationofstoreddata. 31844 CVE- 2026- UseafterfreeinWebViewinGoogleChromeonAndroidpriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium) 3936 CVE- 2026- DeserializationofUntrustedDatavulnerabilityinCrocoblockJetEnginejet-engineallowsObjectInjection.ThisissueaffectsJetEngine:fromn/athrough<3.8.4.1. 32355 CVE- AvulnerabilityintaskgroupassignmentforaspecificCLIcommandinCiscoIOSXRSoftwarecouldallowanauthenticated,localattackertoelevateprivilegesandgainfulladministrativecontrolofanaffecteddevice.2026- withoutauthorizationchecks.20046 CVE- 2023- Theissuewasaddressedwithimprovedmemoryhandling.ThisissueisfixediniOS17.2andiPadOS17.2,macOSSonoma14.2,Safari17.2,iOS16.7.15andiPadOS16.7.15,iOS15.8.7andiPadOS15.8.7.Processingmaliciouslycraftedwebcontentmayleadtomemorycorruption. 43010 CVE- 2025- RaythaCMSallowsanattackertospoofX-Forwarded-HostorHost`headerstoattackercontrolleddomain.Theattacker(whoknowsthevictim'semailaddress)canforcetheservertosendanemailwithpasswordresetlinkpointingtothedomainfromspoofedheader.Whenvictimclicksthelink,browsersendsrequesttotheattacker’sdomainwiththetokeninthepathallowingtheattackertocapturethetoken.Thisallowstheattackertoresetvictim'spasswordandtakeoverthevictim'saccount. 69240 CVE- 2026- AflawhasbeenfoundinTendai31.0.0.6(2204).AffectedisthefunctionformwrlSSIDgetofthefile/goform/wifiSSIDget.Executingamanipulationoftheargumentindexcanleadtostack-basedbufferoverflow.Theattackmaybelaunchedremotely.Theexploithasbeenpublishedandmaybeused. 3970 ThisissueaffectsApacheSpark:before3.5.7and4.0.1.Usersarerecommendedtoupgradetoversion3.5.7or4.0.1andabove,whichfixestheissue.SummaryApacheSpark3.5.4andearlierversionscontainacodeexecutionvulnerabilityintheSparkHistoryWebUIduetooverlypermissiveJacksondeserializationofeventlogdata.ThisallowsanattackerwithaccesstotheSparkeventlogsdirectorytoinjectmaliciousJSONpayloadsthattriggerdeserializationofarbitraryclasses,enablingcommandexecutiononthehostrunningtheSparkHistoryServer.CVE- vulnerabilityarisesbecausetheSparkHistoryServerusesJacksonpolymorphicdeserializationwith@JsonTypeInfo.Id.CLASSonSparkListenerEventobjects,allowinganattackertospecifyarbitraryclassnamesintheeventJSON.Thisbehaviorpermitsinstantiatingunintendedclasses,suchasorg.apache.hive.jdbc.HiveConnection,whichcanperformnetworkcallsorothermaliciousactionsduringdeserialization.2025- eventlogs.Forexample,theattackercanforcetheHistoryServertoopenaJDBCconnectiontoaremoteattacker-controlledserver,demonstratingremotecommandinjectioncapability.54920 4.TheSparkHistoryServerinitiatesaJDBCconnectiontotheattacker’sserver,confirmingtheinjection.ImpactAnattackerwithwriteaccesstoSparkeventlogscanexecutearbitrarycodeontheserverrunningtheHistoryServer,potentiallycompromisingtheentiresystem. CVE- 2026- AvulnerabilityhasbeenfoundinTendai31.0.0.6(2204).AffectedbythisvulnerabilityisthefunctionformwrlSSIDsetofthefile/goform/wifiSSIDset.Themanipulationoftheargumentindex/GOleadstostack-basedbufferoverflow.Remoteexploitationoftheattackispossible.Theexploithasbeendisclosedtothepublicandmaybeused. 3971 CVE- 2025- "Functions"moduleinRaythaCMSallowsprivilegeduserstowritecustomcodetoaddfunctionalitytoapplication.Duetoalackofsandboxingoraccessrestrictions,JavaScriptcodeexecutedthroughRaytha’s“functions”featurecaninstantiate.NETcomponentsandperformarbitraryoperationswithintheapplication’shostingenvironment. 15540 CVE- 2025- TheRoyalAddonsforElementorpluginforWordPressisvulnerabletoarbitraryfileuploadinallversionsupto,andincluding,1.7.1049.Thisisduetoinsufficientfiletypevalidationdetectingfilesnamedmain.php,allowingafilewithsuchanametobypasssanitization.Thismakesitpossibleforauthenticatedattackers,withauthor-levelaccessandabove,touploadarbitraryfilesontheaffectedsite'sserverwhichmaymakeremotecodeexecutionpossible. 13067 CVE- Alocal,non-privilegedattackercanabuseavulnerableIOCTLinterfaceexposedbytheOpenEDR2.5.1.0kerneldrivertomodifytheDLLinjectionpathusedbytheproduct.Byredirectingthispathtoauser-writablelocation,anattackercancauseOpenEDRtoloadanattacker-controlledDLLintohigh-privilegeprocesses.ThisresultsinarbitrarycodeexecutionwithSYSTEMprivileges,leadingtofullcompromiseoftheaffectedsystem. 69784

CVE- AvulnerabilitywasfoundinTendaW31.0.0.3(2204).AffectedbythisissueisthefunctionformSetCfmofthefile/goform/setcfmofthecomponentHTTPHandler.Themanipulationoftheargumentfuncpara1resultsinstack-basedbufferoverflow.Theattackcanonlybeperformedfromthelocalnetwork.Theexploithasbeenmadepublicandcouldbeused.

CVE- Craftisacontentmanagementsystem(CMS).TheElementSearchController::actionSearch()endpointismissingtheunset()protectionthatwasaddedtoElementIndexesControllerinCVE-2026-25495.TheexactsameSQLinjectionvulnerability(includingcriteria[orderBy],theoriginaladvisoryvector)worksonthiscontrollerbecausethefixwasneverappliedtoit.Anyauthenticatedcontrolpaneluser(noadminrequired)caninjectarbitrarySQLviacriteria[where],criteria[orderBy],orotherqueryproperties,andextractthefulldatabasecontentsviaboolean-basedblind injection.Usersshouldupdatetothepatched5.9.9releasetomitigatetheissue.31858 CVE- 2026- OpenClawversion2026.2.22-2priorto2026.2.23tools.exec.safeBinsvalidationforsortcommandfailstoproperlyvalidateGNUlong-optionabbreviations,allowingattackerstobypassdenied-flagchecksviaabbreviatedoptions.Remoteattackerscanexecutesortcommandswithabbreviatedlongoptionstoskipapprovalrequirementsinallowlistmode. 32059 CVE- 2026- AvulnerabilityinthecommandparametersofacertainAOS-CXCLIcommandcouldallowalow-privilegeauthenticatedremoteattackertoinjectmaliciouscommandsresultinginunwantedbehavior. 23814 CVE- 2026- OpenClawversionspriorto2026.2.14containapathtraversalvulnerabilityinapplypatchthatallowsattackerstowriteordeletefilesoutsidetheconfiguredworkspacedirectory.Whenapplypatchisenabledwithoutfilesystemsandboxcontainment,attackerscanexploitcraftedpathsincludingdirectorytraversalsequencesorabsolutepathstoescapeworkspaceboundariesandmodifyarbitraryfiles. 32060 CVE- 2026- AnythingLLMisanapplicationthatturnspiecesofcontentintocontextthatanyLLMcanuseasreferencesduringchatting.In1.11.1andearlier,aSQLinjectionvulnerabilityinthebuilt-inSQLAgentpluginallowsanyuserwhocaninvoketheagenttoexecutearbitrarySQLcommandsonconnecteddatabases.ThegetTableSchemaSql()methodinallthreedatabaseconnectors(MySQL,PostgreSQL,MSSQL)constructsSQLqueriesusingdirectstringconcatenationofthetable_nameparameterwithoutsanitizationorparameterization. 32628 CVE- InMicrosoftDirectXEnd-UserRuntimeWebInstaller9.29.1974.0,alow-privilegeusercanreplaceanexecutablefileduringtheinstallationprocess,whichmayresultinunintendedelevationofprivileges.Duringinstallation,theinstallerrunswithHIGHintegrityanddownloadsexecutablesandDLLstothe%TEMP%folder-writablebystandardusers.Subsequently,theinstallerexecutesthedownloadedexecutablewithHIGHintegritytocompletetheapplicationinstallation.However,anattackercanreplacethedownloadedexecutablewithamalicious,user-controlled2025- executable.Whentheinstallerexecutesthisreplacedfile,itrunstheattacker'scodewithHIGHintegrity.SincecoderunningatHIGHintegritycanescalatetoSYSTEMlevelbyregisteringandexecutingaservice,thiscreatesacompleteprivilegeescalationchainfromstandardusertoSYSTEM.NOTE:TheSupplierdisputesthisrecordstatingthattheyhavedeterminedthistobethebehaviorasdesigned.68623 CVE- 2025- AnissuewasdiscoveredinLantronixEDS50002.1.0.0R3.AnauthenticatedattackercaninjectOScommandsintothe"tunnel"parameterwhenkillingatunnelconnection.Injectedcommandsareexecutedwithrootprivileges. 67037 CVE- 2025- AnissuewasdiscoveredinLantronixEDS50002.1.0.0R3.TheLogInfopageallowsuserstoseelogfilesbyspecifyingtheirnames.Duetoamissingsanitizationinthefilenameparameter,anauthenticatedattackercaninjectarbitraryOScommandsthatareexecutedwithrootprivileges. 67036 CVE- 2025- AnissuewasdiscoveredinLantronixEDS50002.1.0.0R3.AnauthenticatedattackercaninjectOScommandsintothe"name"parameterwhendeletingSSLcredentialsthroughthemanagementinterface.Injectedcommandsareexecutedwithrootprivileges. 67034 CVE- 2026- OpenEMRisafreeandopensourceelectronichealthrecordsandmedicalpracticemanagementapplication.Priorto8.0.0.1,OpenEMRcontainsaSQLinjectionvulnerabilityintheajaxgraphslibrarythatcanbeexploitedbyauthenticatedattackers.Thevulnerabilityexistsduetoinsufficientinputvalidationintheajaxgraphslibrary.Thisvulnerabilityisfixedin8.0.0.1. 32127 CVE- 2026- HeapbufferoverflowinWebMLinGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:Critical) 3913 CVE- 2026- AvulnerabilityallowinglocalprivilegeescalationonWindows-basedVeeamBackup&Replicationservers. 21672 CVE- 2026- AvulnerabilitywasdeterminedinBelkinF9K11221.00.33.ThisaffectsthefunctionformRebootofthefile/goform/formReboot.Thismanipulationoftheargumentwebpagecausesstack-basedbufferoverflow.Theattackmaybeinitiatedremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4167 CVE- 2026- IntegeroverflowinWebMLinGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3914 CVE- 2026- HeapbufferoverflowinWebMLinGoogleChromepriorto146.0.7680.71allowedaremoteattackertoperformanoutofboundsmemoryreadviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3915 CVE- 2026- UseafterfreeinAgentsinGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3917 CVE- 2026- UseafterfreeinWebMCPinGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3918 CVE- 2026- UseafterfreeinExtensionsinGoogleChromepriorto146.0.7680.71allowedanattackerwhoconvincedausertoinstallamaliciousextensiontopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3919 CVE- 2026- AsecurityflawhasbeendiscoveredinD-LinkDIR-619L2.06B01.TheaffectedelementisthefunctionformScheduleofthefile/goform/formScheduleofthecomponentboa.PerformingamanipulationoftheargumentcurTimeresultsinstack-basedbufferoverflow.Theattackmaybeinitiatedremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Thisvulnerabilityonlyaffectsproductsthatarenolongersupportedbythemaintainer. 4188 CVE- 2026- OutofboundsmemoryaccessinWebMLinGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3920 CVE- UseafterfreeinTextEncodinginGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:High)

CVE-

UseafterfreeinMediaStreaminGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:High)

CVE- UseafterfreeinWebMIDIinGoogleChromepriorto146.0.7680.71allowedaremoteattackertopotentiallyexploitheapcorruptionviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3923 CVE- 2026- OutofboundsreadinV8inGoogleChromepriorto146.0.7680.71allowedaremoteattackertoperformoutofboundsmemoryaccessviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium) 3926 CVE- 2026- AsecurityvulnerabilityhasbeendetectedinTendai121.0.0.6(2204).TheimpactedelementisthefunctionformwrlSSIDgetofthefile/goform/wifiSSIDget.Suchmanipulationoftheargumentindexleadstostack-basedbufferoverflow.Theattackmaybelaunchedremotely.Theexploithasbeendisclosedpubliclyandmaybeused. 4043 CVE- 2026- HeapbufferoverflowinSkiainGoogleChromepriorto146.0.7680.71allowedaremoteattackertoperformoutofboundsmemoryaccessviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium) 3931 CVE- Craftisacontentmanagementsystem(CMS).Priorto5.9.9and4.17.4,aRemoteCodeExecutionvulnerabilityexistsintheCraftCMS5conditionssystem.TheBaseElementSelectConditionRule::getElementIds()methodpassesuser-controlledstringinputthroughrenderObjectTemplate()--anunsandboxedTwigrenderingfunctionwithescapingdisabled.AnyauthenticatedControlPaneluser(includingnon-adminrolessuchasAuthororEditor)canachievefullRCEbysendingacraftedconditionruleviastandardelementlistingendpoints.Thisvulnerabilityrequiresnoadmin2026- privileges,nospecialpermissionsbeyondbasiccontrolpanelaccess,andbypassesallproductionhardeningsettings(allowAdminChanges:false,devMode:false,enableTwigSandbox:true).Usersshouldupdatetothepatched5.9.9or4.17.4releasetomitigatetheissue.31857 CVE- 2026- AvulnerabilitywasdeterminedinTendaW31.0.0.3(2204).ThisaffectsthefunctionformSetAutoPingofthefile/goform/setAutoPingofthecomponentPOSTParameterHandler.Thismanipulationoftheargumentping1/ping2causesstack-basedbufferoverflow.Theattackispossibletobecarriedoutremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized. 3973 CVE- 2026- AvulnerabilityintheCLIofCiscoIOSXRSoftwarecouldallowanauthenticated,localattackertoexecutearbitrarycommandsasrootontheunderlyingoperatingsystemofanaffecteddevice. 20040 CVE- 2026- AvulnerabilitywasdeterminedinUTTHiPER810Gupto1.7.7-171114.Affectedisthefunctionstrcpyofthefile/goform/formApLbConfig.ThismanipulationoftheargumentloadBalanceNameOldcausesbufferoverflow.Theattackcanbeinitiatedremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized. 4318 CVE- 2026- AvulnerabilitywasdetectedinD-LinkDIR-5131.10.Theimpactedelementisanunknownfunctionofthefile/goform/formEasySetupWizard3.Themanipulationoftheargumentwanconnectedresultsinstack-basedbufferoverflow.Theattackcanbelaunchedremotely.Theexploitisnowpublicandmaybeused. 3978 CVE- 2026- Ause-after-freevulnerabilitycanbetriggeredinshardedclustersbyanauthenticateduserwiththereadrolewhoissuesaspeciallycrafted$lookupor$graphLookupaggregationpipeline. 4148 CVE- 2026- HMSNetworksEwonFlexywithfirmwarebefore15.0s4,Cosy+withfirmware22.xxbefore22.1s6,andCosy+withfirmware23.xxbefore23.0s3haveimproperneutralizationofspecialelementsusedinanOScommandallowingremotecodeexecutionbyattackerswithlowprivilegeaccessonthegateway,providedtheattackerhascredentials. 25817 CVE- AweaknesshasbeenidentifiedinTendai121.0.0.6(2204).TheaffectedelementisthefunctionformWifiMacFilterGetofthefile/goform/WifiMacFilterGet.Thismanipulationoftheargumentindexcausesstack-basedbufferoverflow.Theattackmaybeinitiatedremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.2026- 4042 CVE- 2026- Dataeaseisanopensourcedatavisualizationanalysistool.Priorto2.10.20,Thetableparameterfor/de2api/datasource/previewDataisdirectlyconcatenatedintotheSQLstatementwithoutanyfilteringorparameterization.SincetableNameisauser-controllablestring,attackerscaninjectmaliciousSQLstatementsbyconstructingmalicioustablenames.Thisvulnerabilityisfixedin2.10.20. 32137 CVE- 2026- AflawhasbeenfoundinTendaW31.0.0.3(2204).Thisissueaffectssomeunknownprocessingofthefile/goform/wifiSSIDsetofthecomponentPOSTParameterHandler.Executingamanipulationoftheargumentindex/GOcanleadtostack-basedbufferoverflow.Itispossibletolaunchtheattackremotely.Theexploithasbeenpublishedandmaybeused. 4008 CVE- 2016- ZKTecoZKAccessProfessional3.5.3containsaninsecurefilepermissionsvulnerabilitythatallowsauthenticateduserstoescalateprivilegesbymodifyingexecutablefiles.AttackerscanleveragetheModifypermissiongrantedtotheAuthenticatedUsersgrouptoreplaceexecutablebinarieswithmaliciouscodeforprivilegeescalation. 20025 CVE- 2026- AvulnerabilitywasdetectedinTendaW31.0.0.3(2204).Thisvulnerabilityaffectsunknowncodeofthefile/goform/wifiSSIDgetofthecomponentPOSTParameterHandler.Performingamanipulationoftheargumentindexresultsinstack-basedbufferoverflow.Itispossibletoinitiatetheattackremotely.Theexploitisnowpublicandmaybeused. 4007 CVE- 2026- AsecurityflawhasbeendiscoveredinTendai121.0.0.6(2204).Impactedisthefunctionvosstrcpyofthefile/goform/exeCommand.Themanipulationoftheargumentcmdinputresultsinstack-basedbufferoverflow.Theattackcanbelaunchedremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks. 4041 CVE- Dataeaseisanopensourcedatavisualizationanalysistool.Priorto2.10.20,BycontrollingtheIniFileparameter,anattackercanforcetheJDBCdrivertoloadanattacker-controlledconfigurationfile.ThisconfigurationfilecaninjectdangerousJDBCproperties,leadingtoremotecodeexecution.TheRedshiftJDBCdriverexecutionflowreachesamethodnamedgetJdbcIniFile.ThegetJdbcIniFilemethodimplementsanaggressiveautomaticconfigurationfilediscoverymechanism.Ifnotexplicitlyrestricted,itsearchesforafilenamedrsjdbc.ini.InaJDBCURLcontext,userscan2026- explicitlyspecifytheconfigurationfileviaURLparameters,whichallowsarbitraryfilesontheservertobeloadedasJDBCconfigurationfiles.WithintheRedshiftJDBCdriverproperties,theparameterIniFileisexplicitlysupportedandusedtoloadanexternalconfigurationfile.Thisvulnerabilityisfixedin2.10.20.32140 CVE- 2016- WowzaStreamingEngine4.5.0containsaprivilegeescalationvulnerabilitythatallowsauthenticatedread-onlyuserstoelevateprivilegestoadministratorbymanipulatingPOSTparameters.AttackerscansendPOSTrequeststotheusereditendpointwithaccessLevelsetto'admin'andadvUserparameterssetto'true'and'on'togainadministrativeaccess. 20034 CVE- 2026- WeGIAisawebmanagerforcharitableinstitutions.Priortoversion3.6.6,WeGIA(Webgerenciadorparainstituiçõesassistenciais)containsaSQLinjectionvulnerabilityinhtml/matPat/restaurarproduto.php.Theidprodutoparameterfrom$GETisdirectlyinterpolatedintoSQLquerieswithoutparameterizationorsanitization.Thisvulnerabilityisfixedin3.6.6. 31895 CVE- ChamiloLMSisalearningmanagementsystem.Version1.11.34andpriorcontainsaSQLInjectionvulnerabilityinthestatisticsAJAXendpoint.Theparametersdatestartanddateendfrom$REQUESTareembeddeddirectlyintoarawSQLstringwithoutpropersanitization.AlthoughDatabase::escapestring()iscalleddownstream,itsoutputisimmediatelyneutralizedbystrreplace("\'","'",...),whichrestoresanyinjectedsinglequotes—effectivelybypassingtheescapingmechanismentirely.ThisallowsanauthenticatedattackertoinjectarbitrarySQLstatementsinto thedatabasequery,enablingblindtime-basedandconditionaldataextraction.Thisissuehasbeenpatchedinversion1.11.36.30881 CVE-

ChamiloLMSisalearningmanagementsystem.Priortoversion1.11.36,anarbitraryfileuploadvulnerabilityintheH5PImportfeatureallowsauthenticateduserswithTeacherroletoachieveRemoteCodeExecution(RCE).TheH5Ppackagevalidationonlychecksifh5p.jsonexistsbutdoesn'tblock.htaccessorPHPfileswithalternativeextensions.AnattackeruploadsacraftedH5Ppackagecontainingawebshelland.htaccessthatenablesPHPexecutionfor.txtfiles,bypassingsecuritycontrol.Thisissuehasbeenpatchedinversion1.11.36. 30875 CVE-Theflow/admin/moniteur.phpscriptinUseItFlowadministrationwebsitebefore10.0.0isvulnerabletoRemoteCodeExecution.WhenhandlingGETrequests,thescripttakesuser-suppliedinputfromtheactionURLparameter,performsinsufficientvalidation,andincorporatesthisinputintoastringthatissubsequentlyexecutedbytheeval()function.Althoughamethod_exists()checkisperformed,itonlyvalidatesthepartoftheuserinputbeforethefirstparenthesis(,allowinganattackertoappendarbitraryPHPcodeafteravalidmethodcallstructure. SuccessfulexploitationallowsanunauthenticatedortriviallyauthenticatedattackertoexecutearbitraryPHPcodeontheserverwiththeprivilegesofthewebserverprocess.50881 CVE- 2026-AsecurityflawhasbeendiscoveredinTendaW31.0.0.3(2204).ThisissueaffectsthefunctionformWifiMacFilterGetofthefile/goform/WifiMacFilterGetofthecomponentPOSTParameterHandler.Performingamanipulationoftheargumentwlradioresultsinstack-basedbufferoverflow.Itispossibletoinitiatetheattackremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks. 3975 CVE- 2026-PingPongisaplatformforusinglargelanguagemodels(LLMs)forteachingandlearning.Priorto7.27.2,anauthenticatedusermaybeabletoretrieveordeletefilesoutsidetheintendedauthorizationscope.Thisissuecouldresultinretrievalordeletionofprivatefiles,includinguser-uploadedfilesandmodel-generatedoutputfiles.Exploitationrequiredauthenticationandpermissiontoviewatleastonethreadforretrieval,andauthenticationandpermissiontoparticipateinatleastonethreadfordeletion.Thisvulnerabilityisfixedin7.27.2. 32097 CVE- OutofboundswriteinSkiainGoogleChromepriorto146.0.7680.75allowedaremoteattackertoperformoutofboundsmemoryaccessviaacraftedHTMLpage.(Chromiumsecurityseverity:High)2026- 3909 CVE- 2026-InappropriateimplementationinV8inGoogleChromepriorto146.0.7680.75allowedaremoteattackertoexecutearbitrarycodeinsideasandboxviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3910 CVE- 2026-AvulnerabilitywasidentifiedinTendaW31.0.0.3(2204).ThisvulnerabilityaffectsthefunctionformexeCommandofthefile/goform/exeCommandofthecomponentHTTPHandler.Suchmanipulationoftheargumentcmdinputleadstostack-basedbufferoverflow.Theattackmaybeperformedfromremote.Theexploitispubliclyavailableandmightbeused. 3974 CVE- 2026-AweaknesshasbeenidentifiedinTendaW31.0.0.3(2204).ImpactedisthefunctionformWifiMacFilterSetofthefile/goform/WifiMacFilterSetofthecomponentPOSTParameterHandler.Executingamanipulationoftheargumentindex/GOcanleadtostack-basedbufferoverflow.Itispossibletolaunchtheattackremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks. 3976 CVE- 2026-GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom10.6before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticateduser,whenthe`markdownplaceholders`featureflagwasenabled,toinjectJavaScriptinabrowserduetoimpropersanitizationofplaceholdercontentinmarkdownprocessing. 1090 CVE-AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyalow-privilegedattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield.Asuccessfulattackercanabusethistoachievesessiontakeover,increasingtheconfidentiality,andintegrityimpacttohigh.Exploitationofthisissuerequiresuserinteractioninthata2026-victimmustbrowsetothepagecontainingthevulnerablefield.21290 CVE-cpp-httplibisaC++11single-fileheader-onlycrossplatformHTTP/HTTPSlibrary.Priorto0.37.2,whenacpp-httplibclientisconfiguredwithaproxyandsetfollowlocation(true),anyHTTPSredirectitfollowswillhaveTLScertificateandhostnameverificationsilentlydisabledonthenewconnection.Theclientwillacceptanycertificatepresentedbytheredirecttarget—expired,self-signed,orforged—withoutraisinganerrorornotifyingtheapplication.Anetworkattackerinapositiontoreturnaredirectresponsecanfullyinterceptthefollow-upHTTPSconnection,2026-includinganycredentialsorsessiontokensinflight.Thisvulnerabilityisfixedin0.37.2.32627 CVE- 2026-ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinrobfeltyCollapsingCategoriescollapsing-categoriesallowsBlindSQLInjection.ThisissueaffectsCollapsingCategories:fromn/athrough<=3.0.9. 32366 CVE- 2026-ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityincodepeopleCPContactFormwithPaypalcp-contact-form-with-paypalallowsBlindSQLInjection.ThisissueaffectsCPContactFormwithPaypal:fromn/athrough<=1.3.61. 32433 CVE- 2026-ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityindelphiknightGeotoLatgeo-to-latallowsBlindSQLInjection.ThisissueaffectsGeotoLat:fromn/athrough<=1.0.19. 32368 CVE- 2026-Tinyauthisanauthenticationandauthorizationserver.Priorto5.0.3,theOIDCauthorizationendpointallowsuserswithaTOTP-pendingsession(passwordverified,TOTPnotyetcompleted)toobtainauthorizationcodes.Anattackerwhoknowsauser'spasswordbutnottheirTOTPsecretcanobtainvalidOIDCtokens,completelybypassingthesecondfactor.Thisvulnerabilityisfixedin5.0.3. 32246 CVE- 2026-ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinflycartUpsellWPcheckout-upsell-and-order-bumpsallowsBlindSQLInjection.ThisissueaffectsUpsellWP:fromn/athrough<=2.2.4. 32459 CVE- 2026-ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinlevelfourdevelopmentWPEasyCartwp-easycartallowsBlindSQLInjection.ThisissueaffectsWPEasyCart:fromn/athrough<=5.8.13. 32422 CVE- 2026-ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinrobfeltyCollapsingArchivescollapsing-archivesallowsBlindSQLInjection.ThisissueaffectsCollapsingArchives:fromn/athrough<=3.0.7. 32365 CVE- ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinweDevsWPERPerpallowsSQLInjection.ThisissueaffectsWPERP:fromn/athrough<=1.16.10.2026- 31917 CVE- 2026-ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinDavidLingrenMediaLIbraryAssistantmedia-library-assistantallowsBlindSQLInjection.ThisissueaffectsMediaLIbraryAssistant:fromn/athrough<=3.32. 32399 CVE- 2026-ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinAysProFoxLMSfox-lmsallowsBlindSQLInjection.ThisissueaffectsFoxLMS:fromn/athrough<=1.0.6.3. 31922 CVE- arduino-TuyaOpenbeforeversion1.2.1containsasingle-bytebufferoverflowvulnerabilityintheWiFiMulticomponent.Whenthevictim'ssmarthardwareconnectstoanattacker-controlledAPhotspot,theattackercanexploittheoverflowtoexecutearbitrarycodeontheaffectedembeddeddevice. 28520 CVE- EasyFileSharingWebServer7.2containsalocalstructuredexceptionhandlingbufferoverflowvulnerabilitythatallowslocalattackerstoexecutearbitrarycodebycreatingamalicioususername.Attackerscancraftausernamewithapayloadcontaining4059bytesofpaddingfollowedbyansehvalueandsehpointertotriggertheoverflowwhenaddinganewuseraccount.

25466

CVE- Tinaisaheadlesscontentmanagementsystem.Priorto2.1.8,theTinaCMSCLIdevelopmentserverexposesmediaendpointsthatarevulnerabletopathtraversal,allowingattackerstoreadandwritearbitraryfilesonthefilesystemoutsidetheintendedmediadirectory.Whenrunningtinacmsdev,theCLIstartsalocalHTTPserver(defaultport4001)exposingendpointssuchas/media/list/,/media/upload/,and/media/*.Theseendpointsprocessuser-controlledpathsegmentsusingdecodeURI()andpath.join()withoutvalidatingthattheresolvedpathremainswithinthe configuredmediadirectory.Thisvulnerabilityisfixedin2.1.8.28793 CVE- 2019- ComtrendAR-5310GE31-412SSG-C01R10.A2pG039u.d24kcontainsarestrictedshellescapevulnerabilitythatallowslocaluserstobypasscommandrestrictionsbyusingthecommandsubstitutionoperator$().Attackerscaninjectarbitrarycommandsthroughthe$()syntaxwhenpassedasargumentstoallowedcommandslikepingtoexecuteunrestrictedshellaccess. 25483 CVE- 2019- VerypdfdocPrintPro8.0containsastructuredexceptionhandlingbufferoverflowvulnerabilitythatallowslocalattackerstoexecutearbitrarycodebysupplyinganoversizedalphanumericencodedpayloadintheUserPasswordorMasterPasswordfields.AttackerscancraftamaliciouspayloadwithencodedshellcodeandSEHchainmanipulationtobypassprotectionsandexecuteaMessageBoxproof-of-conceptwhenthepasswordfieldsareprocessedduringPDFencryption. 25467 CVE- 2026- MissingauthorizationchecksonmultiplegRPCserviceendpointsinPowerShellUniversalbefore2026.1.4allowsanauthenticateduserwithanyvalidtokentobypassrole-basedaccesscontrolsandperformprivilegedoperations—includingreadingsensitivedata,creatingordeletingresources,anddisruptingserviceoperations—viacraftedgRPCrequests. 4064 CVE- 2026- SiYuanisapersonalknowledgemanagementsystem.Priorto3.6.0,the/api/network/forwardProxyendpointallowsauthenticateduserstomakearbitraryHTTPrequestsfromtheserver.Theendpointacceptsauser-controlledURLandmakesHTTPrequeststoit,returningthefullresponsebodyandheaders.ThereisnoURLvalidationtopreventrequeststointernalnetworks,localhost,orcloudmetadataservices.Thisvulnerabilityisfixedin3.6.0. 32110 CVE- 2026- Aflawwasfoundinlibucl.AremoteattackercouldexploitthisbyprovidingaspeciallycraftedUniversalConfigurationLanguage(UCL)inputthatcontainsakeywithanembeddednullbyte.Thiscancauseasegmentationfault(SEGVfault)inthe`uclobjectemit`functionwhenparsingandemittingtheobject,leadingtoaDenialofService(DoS)fortheaffectedsystem. 0708 CVE- 2025- MissingauthenticationforcriticalfunctionvulnerabilityinABBAWINGW100rev.2,ABBAWINGW120.ThisissueaffectsAWINGW100rev.2:2.0-0,2.0-1;AWINGW120:1.2-0,1.2-1. 13779 CVE- 2025- Authenticationbypassbycapture-replayvulnerabilityinABBAWINGW100rev.2,ABBAWINGW120.ThisissueaffectsAWINGW100rev.2:2.0-0,2.0-1;AWINGW120:1.2-0,1.2-1. 13777 CVE- 2019- XooGalleryLatestcontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthegalidparameter.AttackerscansendGETrequeststogal.phpwithmaliciousgalidvaluestoextractsensitivedatabaseinformationormodifydatabasecontents. 25521 CVE- SipeedNanoKVMbefore2.3.1exposesaWi-Ficonfigurationendpointwithoutpropersecuritychecks,allowinganunauthenticatedattackerwithnetworkaccesstochangethesavedconfiguredWi-Finetworktooneoftheattacker'schoosing,orcraftarequesttoexhaustthesystemmemoryandterminatetheKVMprocess.2026- 32296 CVE- 2019- NetartmediaPHPCarDealercontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstoexecutearbitrarySQLqueriesbyinjectingmaliciouscodethroughthefeatures[]parameter.AttackerscansubmitPOSTrequeststoindex.phpwithcraftedSQLpayloadsinthefeatures[]parametertoextractsensitivedatabaseinformationormanipulatedatabasequeries. 25534 CVE- 2019- XooGalleryLatestcontainsmultipleSQLinjectionvulnerabilitiesthatallowunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthephotoidparameter.AttackerscansendGETrequeststophoto.phpwithmaliciousphotoidvaluestoextractsensitivedata,bypassauthentication,ormodifydatabasecontents. 25522 CVE- 2026- NEXULEANisacybersecurityportfolio&serviceplatformforanEthicalHacker,AIEnthusiast,andPenetrationTester.Priorto2.0.0,asecurityvulnerabilitywasidentifiedwhereFirebaseandWeb3FormsAPIkeyswereexposed.Anattackercouldusethesekeystointeractwithbackendserviceswithoutauthentication,potentiallyleadingtounauthorizedaccesstoapplicationresourcesanduserdata.Thisvulnerabilityisfixedin2.0.0. 32138 CVE- 2019- NetartmediaPHPDatingSitecontainsaSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheEmailparameter.AttackerscansendPOSTrequeststologinaction.phpwithtime-basedSQLinjectionpayloadsintheEmailfieldtoextractsensitivedatabaseinformation. 25535 CVE- 2019- NetartmediaPHPRealEstateAgency4.0containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstoexecutearbitrarySQLqueriesbyinjectingmaliciouscodethroughthefeatures[]parameter.AttackerscansendPOSTrequeststoindex.phpwithcraftedSQLpayloadsinthefeatures[]parametertoextractsensitivedatabaseinformationormanipulatedatabasequeries. 25536 CVE- 2019- 202CMSv10betacontainsablindSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheloguserparameter.AttackerscansendPOSTrequeststoindex.phpwithcraftedSQLpayloadsusingtime-basedblindinjectiontechniquestoextractsensitivedatabaseinformation. 25539 CVE- 2019- NetartmediaPHPMall4.1containsmultipleSQLinjectionvulnerabilitiesthatallowunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughvariousparameters.AttackerscancraftmaliciousrequestswithSQLpayloadstoextractsensitivedatabaseinformationincludingusercredentialsandsystemdata. 25540 CVE- 2019- NetartmediaPHPMall4.1containsmultipleSQLinjectionvulnerabilitiesthatallowunauthenticatedattackerstomanipulatedatabasequeriesthroughunvalidatedparameters.Attackerscaninjecttime-basedblindSQLpayloadsviathe'id'parameterinindex.phporthe'Email'parameterinloginaction.phptoextractsensitivedatabaseinformation. 25541 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV1containsanauthenticationbypassvulnerabilityintheadministrationpanelthatallowsunauthenticatedattackerstogainadministrativeaccessbyexploitingimproperSQLqueryvalidation.AttackerscansubmitSQLinjectionpayloadsintheusernameandpasswordfieldsoftheadmingiris.phploginformtobypassauthenticationandaccesstheadministrativeinterface. 25520 CVE- 2019- NetartmediaEventPortal2.0containsatime-basedblindSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheEmailparameter.AttackerscansendPOSTrequeststologinaction.phpwithmaliciousSQLpayloadsintheEmailfieldtoextractsensitivedatabaseinformation. 25537 CVE- Striaeisafirearmsexaminer'scomparisoncompanion.Ahigh-severityintegritybypassvulnerabilityexistedinStriae'sdigitalconfirmationworkflowpriortov3.0.0.Hash-onlyvalidationtrustedmanifesthashfieldsthatcouldbemodifiedtogetherwithpackagecontent,allowingtamperedconfirmationpackagestopassintegritychecks.Thisvulnerabilityisfixedin3.0.0. 31839 CVE- xml-securityisalibrarythatimplementsXMLsignaturesandencryption.Priortoversions2.3.1and1.13.9,XMLnodesencryptedwitheitheraes-128-gcm,aes-192-gcm,oraes-256-gcmlackvalidationoftheauthenticationtaglength.Anattackercanusethistobrute-forceanauthenticationtag,recovertheGHASHkey,anddecrypttheencryptednodes.Italsoallowstoforgearbitraryciphertextswithoutknowingtheencryptionkey.Thisvulnerabilityisfixedin2.3.1and1.13.9.

32600

CVE- Pigeonisamessageboard/notepad/socialsystem/blog.Priorto1.0.201,theapplicationuses$SERVER['HTTPHOST']withoutvalidationtoconstructemailverificationURLsintheregisterandresendmailflows.AnattackercanmanipulatetheHostheaderintheHTTPrequest,causingtheverificationlinksenttotheuser'semailtopointtoanattacker-controlleddomain.Thiscanleadtoaccounttakeoverbystealingtheemailverificationtoken.Thisvulnerabilityisfixedin1.0.201. 32616 CVE- 2026- xmlseclibsisalibrarywritteninPHPforworkingwithXMLEncryptionandSignatures.Priorto3.1.5,XMLnodesencryptedwitheitheraes-128-gcm,aes-192-gcm,oraes-256-gcmlackvalidationoftheauthenticationtaglength.Anattackercanusethistobrute-forceanauthenticationtag,recovertheGHASHkey,anddecrypttheencryptednodes.Italsoallowstoforgearbitraryciphertextswithoutknowingtheencryptionkey.Thisvulnerabilityisfixedin3.1.5. 32313 CVE- 2019- JettwebPhpHazirIlanSitesiScriptiV2containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthe'kat'parameter.AttackerscansendGETrequeststothekatgetir.phpendpointwithmalicious'kat'valuestoextractsensitivedatabaseinformation. 25508 CVE- 2019- NetartmediaRealEstatePortal5.0containsaSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheuseremailparameter.AttackerscansendPOSTrequeststoindex.phpwithmaliciouspayloadsintheuseremailfieldtobypassauthentication,extractsensitivedata,ormodifydatabasecontents. 25542 CVE- 2019- 202CMSv10betacontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheloguserparameter.AttackerscansendcraftedrequestswithmaliciousSQLstatementsintheloguserfieldtoextractsensitivedatabaseinformationormodifydatabasecontents. 25538 CVE- 2019- InoutEasyRoomsUltimateEditionv1.0containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthelocationparameter.AttackerscansendPOSTrequeststothesearch/searchdetailedendpointwithmaliciousSQLpayloadsinthelocationfieldtoextractsensitivedataormodifydatabasecontents. 25526 CVE- 2019- NetartmediaRealEstatePortal5.0containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthepageparameter.AttackerscansubmitPOSTrequeststoindex.phpwithmaliciousSQLpayloadsinthepagefieldtobypassauthentication,extractsensitivedata,ormodifydatabasecontents. 25543 CVE- 2019- InoutEasyRoomsUltimateEditionv1.0containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthenumguestparameter.AttackerscansendPOSTrequeststothesearch/searchdetailedendpointwithmaliciousSQLpayloadstobypassauthentication,extractsensitivedata,ormodifydatabasecontents. 25527 CVE- 2019- XooDigitalLatestcontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthe'p'parameter.AttackerscansendGETrequeststoresults.phpwithmalicious'p'valuestoextractsensitivedatabaseinformation. 25509 CVE- 2019- InoutEasyRoomsUltimateEditionv1.0containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheproperty1parameter.AttackerscansendPOSTrequeststothesearch/searchdetailedendpointwithmaliciousSQLpayloadstoextractsensitivedataormodifydatabasecontents. 25528 CVE- 2019- uHotelBookingSystemcontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthesystempageGETparameter.Attackerscansendcraftedrequeststoindex.phpwithmalicioussystempagevaluesusingtime-basedblindSQLinjectiontechniquestoextractsensitivedatabaseinformation. 25530 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV2containsanauthenticationbypassvulnerabilityintheadministrationpanelthatallowsunauthenticatedattackerstogainadministrativeaccessbyexploitingimproperSQLqueryvalidation.AttackerscansubmitSQLinjectionpayloadsintheusernameandpasswordfieldsoftheadmingiris.phploginformtobypassauthenticationandaccesstheadministrativeinterface. 25510 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV3containsanSQLinjectionvulnerabilitythatallowsattackerstoinjectmaliciousSQLcommandsthroughthekelimeparameterinPOSTrequests.AttackerscanmanipulatethekelimeparameterwithUNION-basedSQLinjectionpayloadstoextractsensitivedatabaseinformationormodifydatabasecontents. 25512 CVE- 2019- NetartmediaDealsPortalcontainsanSQLinjectionvulnerabilityintheEmailparameterofloginaction.phpthatallowsunauthenticatedattackerstomanipulatedatabasequeries.AttackerscansubmitcraftedSQLpayloadsthroughPOSTrequeststoextractsensitiveinformationorbypassauthenticationmechanisms. 25531 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV3containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthe'q'parameter.AttackerscansendGETrequeststodatagetir.phpwithmalicious'q'valuesusingtime-basedblindSQLinjectiontechniquestoextractsensitivedatabaseinformationorbypassauthentication. 25513 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV3containsanSQLinjectionvulnerabilitythatallowsattackerstoinjectmaliciousSQLcommandsthroughthekelimeparameterinPOSTrequests.AttackerscanmanipulatethekelimeparameterwithUNION-basedSQLinjectionpayloadstoextractsensitivedatafromthedatabaseorbypassauthenticationcontrols. 25514 CVE- 2019- JettwebHazirRentACarScriptiV4containsmultipleSQLinjectionvulnerabilitiesintheadminpanelthatallowunauthenticatedattackerstomanipulatedatabasequeriesthroughGETparameters.AttackerscaninjectSQLcodeintothe'tur','id',and'ozellikdil'parametersoftheadmin/index.phpendpointtoextractsensitivedatabaseinformationorcausedenialofservice. 25488 CVE- 2019- JettwebPHPHazirRentACarSitesiScriptiV2containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthearackategoriidparameter.AttackerscansendPOSTrequeststotheendpointwithmaliciousSQLpayloadstoextractsensitivedatabaseinformation. 25482 CVE- 2019- InoutEasyRoomsUltimateEditionv1.0containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheguestsparameter.AttackerscansendPOSTrequeststothesearch/rentalsendpointwithmaliciousSQLpayloadstobypassauthentication,extractsensitivedata,ormodifydatabasecontents. 25525 CVE- 2019- XooGalleryLatestcontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthe'p'parameter.AttackerscansendGETrequeststoresults.phpwithmalicious'p'valuestobypassauthentication,extractsensitivedata,ormodifydatabasecontents. 25524 CVE- JettwebPHPHazirHaberSitesiScriptiV1containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthegalleryidparameter.AttackerscansendGETrequeststogallery.phpwithmaliciousgalleryidvaluesusingUNION-basedSQLinjectiontoextractsensitivedatabaseinformation. 25516 CVE- 2019- iScriptsReserveLogiccontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthejqSearchDestinationparameter.AttackerscansendPOSTrequeststothesearchendpointwithcraftedSQLpayloadstoextractsensitivedatabaseinformation.

25481 CVE- NetartmediaJobsPortal6.1containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheEmailparameter.AttackerscansendPOSTrequeststologinaction.phpwithcraftedSQLpayloadsintheEmailfieldtoextractsensitivedatabaseinformationorbypassauthentication. 25532 CVE- 2019- InoutRealEstatecontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthecityparameter.AttackerscansendPOSTrequeststotheagents/agentlistdetailsendpointwithmaliciousSQLpayloadsinthecityparametertoextractsensitivedatabaseinformation. 25479 CVE- 2019- NetartmediaPHPBusinessDirectory4.2containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheEmailparameter.AttackerscansendPOSTrequeststotheloginaction.phpendpointwithcraftedSQLpayloadsintheEmailfieldtoextractsensitivedatabaseinformationorbypassauthentication. 25533 CVE- 2019- Varient1.6.1containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughtheuseridparameter.AttackerscansubmitPOSTrequestswithcraftedSQLpayloadsintheuseridfieldtobypassauthenticationandextractsensitivedatabaseinformation. 25486 CVE- 2015- NextClickVenturesRealtyScript4.0.2containsSQLinjectionvulnerabilitiesthatallowunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingarbitrarySQLcodethroughtheGETparameter'uid'in/admin/users.phpandthePOSTparameter'agent[]'in/admin/mailer.php.Attackerscanexploittime-basedblindSQLinjectiontechniquestoextractsensitivedatabaseinformationorcausedenialofservicethroughsleep-basedpayloads. 20121 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV1containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthecidparameter.Attackerscansendrequeststohaberarsiv.phpwithmaliciouscidvaluesusingUNION-basedinjectiontoextractsensitivedatabaseinformationormodifydatabasecontents. 25517 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV1containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthepollparameter.AttackerscansendPOSTrequeststoarama.phpwithmaliciousSQLpayloadsinthepollparametertoextractsensitivedataormodifydatabasecontents. 25518 CVE- 2026- ZeptoClawisapersonalAIassistant.Priorto0.7.6,thegenericwebhookchanneltrustscaller-suppliedidentityfields(sender,chatid)fromtherequestbodyandappliesauthorizationcheckstothoseuntrustedvalues.Becauseauthenticationisoptionalanddefaultstodisabled(authtoken:None),anattackerwhocanreachPOST/webhookcanspoofanallowlistedsenderandchoosearbitrarychatidvalues,enablinghigh-riskmessagespoofingandpotentialIDOR-stylesession/chatroutingabuse.Thisvulnerabilityisfixedin0.7.6. 32231 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV1containsanSQLinjectionvulnerabilitythatallowsattackerstomanipulatedatabasequeriesbyinjectingmaliciousSQLcodethroughtheoptionparameter.AttackerscansendPOSTrequeststouyelik.phpwithcraftedpayloadsintheoptionparametertoexecutetime-basedSQLinjectionattacksandextractsensitivedatabaseinformation. 25519 CVE- 2015- NextClickVenturesRealtyScript4.0.2containsmultipletime-basedblindSQLinjectionvulnerabilitiesthatallowunauthenticatedattackerstoextractdatabaseinformationbyinjectingSQLcodeintoapplicationparameters.Attackerscancraftrequestswithtime-delaypayloadstoinferdatabasecontentscharacterbycharacterbasedonresponsetimingdifferences. 20120 CVE- 2019- XooGalleryLatestcontainsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthecatidparameter.AttackerscansendGETrequeststocat.phpwithmaliciouscatidvaluestobypassauthentication,extractsensitivedata,ormodifydatabasecontents. 25523 CVE- 2019- JettwebPHPHazirHaberSitesiScriptiV3containsanSQLinjectionvulnerabilitythatallowsunauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthevideoidparameter.AttackerscansendGETrequeststofonksiyonlar.phpwithmaliciousvideoidvaluesusingUNION-basedinjectiontoextractsensitivedatabaseinformation. 25511 CVE- 2026- PostalisanopensourceSMTPserver.Postalversionslessthan3.3.5hadaHTMLinjectionvulnerabilitythatallowedunescapeddatatobeincludedintheadmininterface.TheprimarywayforunescapeddatatobeaddedisviatheAPI's"send/raw"method.ThiscouldallowarbitraryHTMLtobeinjectedintothepagewhichmaymodifythepageinamisleadingwayorallowforunauthorisedjavascripttobeexecuted.Fixedin3.3.5andhigher. 25529 CVE- 2026- OpenClawisapersonalAIassistant.Priorto2026.3.11,browser-originatedWebSocketconnectionscouldbypassoriginvalidationwhengateway.auth.modewassettotrusted-proxyandtherequestarrivedwithproxyheaders.Apageservedfromanuntrustedorigincouldconnectthroughatrustedreverseproxy,inheritproxy-authenticatedidentity,andestablishaprivilegedoperatorsession.Thisvulnerabilityisfixedin2026.3.11. 32302 CVE- 2025- AnissueinClasroomIObeforev.0.2.6allowsaremoteattackertoescalateprivilegesviatheendpoints/api/verifyand/rest/v1/profile 67298 CVE- 2026- EdimaxGS-5008PLfirmwareversion1.00.54andpriorcontainanauthenticationbypassvulnerabilitythatallowsunauthenticatedattackerstoaccessthemanagementinterface.Attackerscanexploittheglobalauthenticationflagmechanismtogainadministrativeaccesswithoutcredentialsafteranyuserauthenticates,enablingunauthorizedpasswordchanges,firmwareuploads,andconfigurationmodifications. 32841 CVE- GraphitiisaframeworkforbuildingandqueryingtemporalcontextgraphsforAIagents.Graphitiversionsbefore0.28.2containedaCypherinjectionvulnerabilityinsharedsearch-filterconstructionfornon-Kuzubackends.Attacker-controlledlabelvaluessuppliedthroughSearchFilters.nodelabelswereconcatenateddirectlyintoCypherlabelexpressionswithoutvalidation.InMCPdeployments,thiswasexploitablenotonlythroughdirectuntrustedaccesstotheGraphitiMCPserver,butalsothroughpromptinjectionagainstanLLMclientthatcouldbeinducedtocall2026- searchnodeswithattacker-controlledentitytypesvalues.TheMCPservermappedentitytypestoSearchFilters.nodelabels,whichthenreachedthevulnerableCypherconstructionpath.AffectedbackendsincludedNeo4j,FalkorDB,andNeptune.Kuzuwasnotaffectedbythelabel-injectionissuebecauseitusedparameterizedlabelhandlingratherthanstring-interpolatedCypherlabels.Thisissuewasmitigatedin0.28.2.32247 CVE- 2026- MagicWormholemakesitpossibletogetarbitrary-sizedfilesanddirectoriesfromonecomputertoanother.From0.21.0tobefore0.23.0,receivingafile(wormholereceive)fromamaliciouspartycouldresultinoverwritingcriticallocalfiles,including~/.ssh/authorizedkeysand.bashrc.Thiscouldbeusedtocompromisethereceiver'scomputer.Onlythesenderofthefile(thepartywhorunswormholesend)canmounttheattack.Otherparties(includingthetransit/relayservers)areexcludedbythewormholeprotocol.Thisvulnerabilityisfixedin0.23.0. 32116 CVE- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyastoredCross-SiteScripting(XSS)vvulnerabilitythatcouldbeabusedbyahigh-privilegedattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield.Asuccessfulattackercanabusethistoachievesessiontakeover,increasingtheconfidentiality,andintegrityimpacttohigh.Exploitationofthisissuerequiresuserinteractioninthat2026- avictimmustbrowsetothepagecontainingthevulnerablefield.21361 CVE- TheProfilePresspluginforWordPressisvulnerabletoInsecureDirectObjectReferenceinallversionsupto,andincluding,4.16.11.Thisisduetomissingownershipvalidationonthechangeplansubidparameterintheprocesscheckout()function.TheppressprocesscheckoutAJAXhandleracceptsauser-controlledsubscriptionIDintendedforplanupgrades,loadsthesubscriptionrecord,andcancels/expiresitwithoutverifyingthesubscriptionbelongstotherequestinguser.Thismakesitpossibleforauthenticatedattackers,withSubscriber-levelaccessandabove,to2026- cancelandexpireanyotheruser'sactivesubscriptionviathechangeplansub_idparameterduringcheckout,causingimmediatelossofpaidaccessforvictims.3453 CVE- ApacheAirflowversions3.1.0through3.1.7missingauthorizationvulnerabilityintheExecutionAPI'sHuman-in-the-Loop(HITL)endpointsthatallowsanyauthenticatedtaskinstancetoread,approve,orrejectHITLworkflowsbelongingtoanyothertaskinstance. 30911

CVE- Thedivi-boosterWordPresspluginbefore5.0.2doesnothaveauthorizationandCSRFchecksinoneofitsfixingfunction,allowingunauthenticateduserstomodifystoreddivi-boosterWordPresspluginbefore5.0.2options.Furthermore,duetotheuseofunserialize()onthedata,thiscouldbefurtherexploitedwhencombinedwithaPHPgadgetchaintoachievePHPObjectInjection

CVE- Outlineisaservicethatallowsforcollaborativedocumentation.Priorto1.4.0,anInsecureDirectObjectReference(IDOR)vulnerabilityinthedocumentrestorationlogicallowsanyteammembertounauthorizedlyrestore,view,andseizeownershipofdeleteddraftsbelongingtootherusers,includingadministrators.Bybypassingownershipvalidationduringtherestoreprocess,anattackercanaccesssensitiveprivateinformationandeffectivelylocktheoriginalowneroutoftheirowncontent.Version1.4.0fixestheissue. 24901 CVE- DenoisaJavaScript,TypeScript,andWebAssemblyruntime.From2.7.0to2.7.1,AcommandinjectionvulnerabilityexistsinDeno'snode:childprocesspolyfill(shell:truemode)thatbypassesthefixforCVE-2026-27190.Thetwo-stageargumentsanitizationintransformDenoShellCommand(ext/node/polyfills/internal/childprocess.ts)hasaprioritybug:whenanargumentcontainsa$VARpattern,itiswrappedindoublequotes(L1290)insteadofsinglequotes.DoublequotesinPOSIXshdonotsuppressbacktickcommandsubstitution,allowinginjectedcommandsto2026- execute.AnattackerwhocontrolsargumentspassedtospawnSyncorspawnwithshell:truecanexecutearbitraryOScommands,bypassingDeno'spermissionsystem.Thisvulnerabilityisfixedin2.7.2.32260 CVE- 2026- wpDiscuzbefore7.6.47containsacross-siterequestforgeryvulnerabilitythatallowsattackerstodeleteallcommentsassociatedwithanemailaddressbycraftingamaliciousGETrequestwithavalidHMACkey.AttackerscanembedthedeletecommentsactionURLinimagetagsorotherresourcestotriggerpermanentdeletionofcommentswithoutuserconfirmationorPOST-basedCSRFprotection. 22202 CVE- 2026- wpDiscuzbefore7.6.47containsanSQLinjectionvulnerabilityinthegetAllSubscriptions()functionwherestringparameterslackproperquoteescapinginSQLqueries.AttackerscaninjectmaliciousSQLcodethroughemail,activationkey,subscriptiondate,andimportedfromparameterstomanipulatedatabasequeriesandextractsensitiveinformation. 22193 CVE- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyahigh-privilegedattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield.Asuccessfulattackercanabusethistoachievesessiontakeover,increasingtheconfidentiality,andintegrityimpacttohigh.Exploitationofthisissuerequiresuserinteractioninthata2026- victimmustbrowsetothepagecontainingthevulnerablefield.21284 CVE- ArgoWorkflowsisanopensourcecontainer-nativeworkflowenginefororchestratingparalleljobsonKubernetes.From2.9.0tobefore4.0.2and3.7.11,AuserwhocansubmitWorkflowscancompletelybypassallsecuritysettingsdefinedinaWorkflowTemplatebyincludingapodSpecPatchfieldintheirWorkflowsubmission.ThisworksevenwhenthecontrollerisconfiguredwithtemplateReferencing:Strict,whichisspecificallydocumentedasamechanismtorestrictuserstoadmin-approvedtemplates.ThepodSpecPatchfieldonasubmittedWorkflowtakesprecedence2026- overthereferencedWorkflowTemplateduringspecmergingandisapplieddirectlytothepodspecatcreationtimewithnosecurityvalidation.Thisvulnerabilityisfixedin4.0.2and3.7.11.31892 CVE- Runtipiisapersonalhomeserverorchestrator.Priorto4.8.1,TheRuntipi/api/auth/verify-totpendpointdoesnotenforceanyratelimiting,attemptcounting,oraccountlockoutmechanism.Anattackerwhohasobtainedauser'svalidcredentials(viaphishing,credentialstuffing,ordatabreach)canbrute-forcethe6-digitTOTPcodetocompletelybypasstwo-factorauthentication.TheTOTPverificationsessionpersistsfor24hours(defaultcacheTTL),providinganexcessivewindowduringwhichthefull1,000,000-codekeyspace(000000–999999)canbeexhausted.At2026- practicalrequestrates(~500req/s),theattackcompletesinapproximately33minutesintheworstcase.Thisvulnerabilityisfixedin4.8.1.32729 CVE- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyahigh-privilegedattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield.Asuccessfulattackercanabusethistoachievesessiontakeover,increasingtheconfidentiality,andintegrityimpacttohigh.Exploitationofthisissuerequiresuserinteractioninthata2026- victimmustbrowsetothepagecontainingthevulnerablefield.21311 CVE- 2026- GLPIisanopen-sourceassetandITmanagementsoftwarepackagethatprovidesITILServiceDeskfeatures,licensestrackingandsoftwareauditing.From11.0.0tobefore11.0.5,anauthenticatedtechnicianusercanuploadamaliciousfileandtriggeritsexecutionthroughanunsafePHPinstantiation.Thisvulnerabilityisfixedin11.0.5. 22248 CVE- 2026- Thereisamemorycorruptionvulnerabilityduetoanout-of-boundsreadwhenloadingacorruptedfileinDigilentDASYLab.Thisvulnerabilitymayresultininformationdisclosureorarbitrarycodeexecution.Successfulexploitationrequiresanattackertogetausertoopenaspeciallycraftedfile.ThisvulnerabilityaffectsallversionsofDigilentDASYLab. 0956 CVE- 2026- ImproperPrivilegeManagementincertainZoomClientsforWindowsmayallowanauthenticatedusertoconductanescalationofprivilegevialocalaccess. 30902 CVE- 2017- ServiioPRO1.8containsanunquotedsearchpathvulnerabilityintheWindowsservicethatallowslocaluserstoexecutearbitrarycodewithelevatedprivilegesbyplacingmaliciousexecutablesinthesystemrootpath.Additionally,improperdirectorypermissionswithfullaccessfortheUsersgroupallowauthenticateduserstoreplacetheexecutablefilewitharbitrarybinaries,enablingprivilegeescalationduringservicestartuporsystemreboot. 20218 CVE- 2026- DellThinOS10versionspriortoThinOS260210.0573,containanImproperNeutralizationofSpecialElementsusedinaCommand('CommandInjection')vulnerability.Alowprivilegedattackerwithlocalaccesscouldpotentiallyexploitthisvulnerability,leadingtoElevationofPrivileges. 23862 CVE- 2026- PX4autopilotisaflightcontrolsolutionfordrones.Priorto1.17.0-rc2,theZenohuORBsubscriberallocatesastackVLAdirectlyfromtheincomingpayloadlengthwithoutbounds.AremoteZenohpublishercansendanoversizedfragmentedmessagetoforceanunboundedstackallocationandcopy,causingastackoverflowandcrashoftheZenohbridgetask.Thisvulnerabilityisfixedin1.17.0-rc2. 32708 CVE- 2026- llama.cppisaninferenceofseveralLLMmodelsinC/C++.Priortob8146,theggufinitfromfileimpl()ingguf.cppisvulnerabletoanIntegeroverflow,leadingtoanundersizedheapallocation.Usingthesubsequentfread()writes528+bytesofattacker-controlleddatapastthebufferboundary.Thisisabypassofasimilarbuginthesamefile-CVE-2025-53630,butthefixoverlookedsomeareas.Thisvulnerabilityisfixedinb8146. 27940 CVE- 2026- Thereisamemorycorruptionvulnerabilityduetoanout-of-boundswritewhenloadingacorruptedDSBfileinDigilentDASYLab.Thisvulnerabilitymayresultininformationdisclosureorarbitrarycodeexecution.Successfulexploitationrequiresanattackertogetausertoopenaspeciallycrafted.DSBfile.ThisvulnerabilityaffectsallversionsofDigilentDASYLab. 0954 CVE- AlocalattackercanbypassOpenEDR's2.5.1.0self-defensemechanismbyrenamingamaliciousexecutabletomatchatrustedprocessname(e.g.,csrss.exe,edrsvc.exe,edrcon.exe).ThisallowsunauthorizedinteractionwiththeOpenEDRkerneldriver,grantingaccesstoprivilegedfunctionalitysuchasconfigurationchanges,processmonitoring,andIOCTLcommunicationthatshouldberestrictedtotrustedcomponents.WhilethisissuealonedoesnotdirectlygrantSYSTEMprivileges,itbreaksOpenEDR'strustmodelandenablesfurtherexploitationleadingtofulllocal2025- privilegeescalation.69783 CVE- 2026- LocalprivilegeescalationinsnapdonLinuxallowslocalattackerstogetrootprivilegebyre-creatingsnap'sprivate/tmpdirectorywhensystemd-tmpfilesisconfiguredtoautomaticallycleanupthisdirectory.ThisissueaffectsUbuntu16.04LTS,18.04LTS,20.04LTS,22.04LTS,and24.04LTS. 3888 CVE- 2026- Thereisamemorycorruptionvulnerabilityduetoanout-of-boundsreadwhenloadingacorruptedfileinDigilentDASYLab.Thisvulnerabilitymayresultininformationdisclosureorarbitrarycodeexecution.Successfulexploitationrequiresanattackertogetausertoopenaspeciallycraftedfile.ThisvulnerabilityaffectsallversionsofDigilentDASYLab. 0955 CVE- 2025- Anout‑of‑boundswritevulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout‑of‑boundswrite,potentiallyleadingtocodeexecution. 64301 CVE- AcommandinjectionvulnerabilityhasbeenreportedtoaffectseveralQNAPoperatingsystemversions.Ifanattackergainslocalnetworkaccesswhohavealsogainedauseraccount,theycanthenexploitthevulnerabilitytoexecutearbitrarycommands. 14026 CVE- ACodeInjectionvulnerabilityaffectingSOLIDWORKSDesktopfromRelease2025throughRelease2026couldallowanattackertoexecutearbitrarycodeontheuser'smachinewhileopeningaspeciallycraftedfile.

CVE- WowzaStreamingEngine4.5.0containsalocalprivilegeescalationvulnerabilitythatallowsauthenticateduserstoescalateprivilegesbyreplacingexecutablefilesduetoimproperfilepermissionsgrantingfullaccesstotheEveryonegroup.Attackerscanreplacethenssmx64.exebinaryinthemanagerandengineservicedirectorieswithmaliciousexecutablestoexecutecodewithLocalSystemprivilegeswhenservicesrestart. 20033 CVE- AtypeconfusionvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.AspeciallycraftedEMFfilecantriggerthisvulnerability,whichcanleadtomemorycorruptionandresultinarbitrarycodeexecution. 66342 CVE- 2026- ImpropertrustboundaryenforcementinKiroIDEbeforeversion0.8.0onallsupportedplatformsmightallowaremoteunauthenticatedthreatactortoexecutearbitrarycodeviamaliciouslycraftedprojectdirectoryfilesthatbypassworkspacetrustprotectionswhenalocaluseropensthedirectory. 4295 CVE- 2026- SGLangs`replayrequestdump.py`containsaninsecurepickle.load()withoutvalidationandproperdeserialization.Anattackercantakeadvantageofthisbyprovidingamalicious.pklfile,whichwillexecutetheattackerscodeonthedevicerunningthescript. 3989 CVE- 2026- Thereisamemorycorruptionvulnerabilityduetoanout-of-boundswritewhenloadingacorruptedfileinDigilentDASYLab.Thisvulnerabilitymayresultininformationdisclosureorarbitrarycodeexecution.Successfulexploitationrequiresanattackertogetausertoopenaspeciallycraftedfile.ThisvulnerabilityaffectsallversionsofDigilentDASYLab. 0957 CVE- 2026- ImproperCheckofminimumversioninupdatefunctionalityofcertainZoomClientsforWindowsmayallowanauthenticatedusertoconductanescalationofprivilegevialocalaccess. 30900 CVE- 2026- Runtipiisapersonalhomeserverorchestrator.Priorto4.8.0,anunauthenticatedattackercanresettheoperator(admin)passwordwhenapassword-resetrequestisactive,resultinginfullaccounttakeover.TheendpointPOST/api/auth/reset-passwordisexposedwithoutauthentication/authorizationchecks.Duringthe15-minuteresetwindow,anyremoteusercansetanewoperatorpasswordandloginasadmin.Thisvulnerabilityisfixedin4.8.0. 31881 CVE- OpenEMRisafreeandopensourceelectronichealthrecordsandmedicalpracticemanagementapplication.Priorto8.0.0.1,StoredXSSinprescriptionCSS/HTMLprintviewviapatientdemographics.Thatfindinginvolvesserver-siderenderingofpatientnamesviarawPHPecho.Thisfindinginvolvesclient-sideDOM-basedrenderingviajQuery.html()inacompletelydifferentcomponent(portal/sign/assets/signerapi.js).Thetwosharethesamerootcause(unsanitizedpatientnamesinpatientdata),buttheyhavedifferentsinks,differentaffectedcomponents,different2026- triggeractions,andrequireindependentfixes.Thisvulnerabilityisfixedin8.0.0.1.32121 CVE- 2026- ZITADELisanopensourceidentitymanagementplatform.Priorto3.4.8and4.12.2,avulnerabilityinZitadel'sManagementAPIhasbeenreported,whichallowedauthenticatedusersholdingavalidlow-privilegetoken(e.g.,project.read,project.grant.read,orproject.app.read)toretrievemanagement-planeinformationbelongingtootherorganizationsbyspecifyingadifferenttenant’sprojectid,grantid,orappid.Thisvulnerabilityisfixedin3.4.8and4.12.2. 32131 CVE- 2026- arduino-TuyaOpenbeforeversion1.2.1containsanout-of-boundsmemoryreadvulnerabilityintheTuyaIoTcomponent.AnattackerwhohijacksorcontrolstheTuyacloudservicecanissuemaliciousDPeventdatatovictimdevices,causingout-of-boundsmemoryaccessthatmayresultininformationdisclosureoradenial-of-servicecondition. 28521 CVE- 2026- Avulnerabilityallowingalow-privilegedusertoextractsavedSSHcredentials. 21670 CVE- 2026- OpenEMRisafreeandopensourceelectronichealthrecordsandmedicalpracticemanagementapplication.Priorto8.0.0.1,sensitivitychecksforgroupencountersarebrokenbecausethecodeonlyconsultsformencounterforsensitivity,whilegroupencountersstoresensitivityinformgroups_encounter.Asaresult,sensitivityisnevercorrectlyappliedtogroupencounters,anduserswhoshouldberestrictedfromviewingsensitive(e.g.mentalhealth)encounterscanviewthem.Thisvulnerabilityisfixedin8.0.0.1. 32123 CVE- OpenCTIisanopensourceplatformformanagingcyberthreatintelligenceknowledgeandobservables.Priorto6.8.16,theOpenCTIplatform’sdataingestionfeatureacceptsuser-suppliedURLswithoutvalidationandusestheAxiosHTTPclientwithitsdefaultconfiguration(allowAbsoluteUrls:true).Thisallowsattackerstocraftrequeststoarbitraryendpoints,includinginternalservices,becauseAxioswillacceptandprocessabsoluteURLs.Thisresultsinasemi-blindSSRF,asresponsesmaynotbefullyvisiblebutcanstillimpactinternalsystems.Thisvulnerabilityisfixed2026- in6.8.16.21887 CVE- 2026- ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinRealMag777WOLFbulk-editorallowsBlindSQLInjection.ThisissueaffectsWOLF:fromn/athrough<=1.0.8.7. 32458 CVE- 2026- ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinJordyMeowMeowGallerymeow-galleryallowsBlindSQLInjection.ThisissueaffectsMeowGallery:fromn/athrough<=5.4.4. 32418 CVE- LibreChatisaChatGPTclonewithadditionalfeatures.From0.8.2to0.8.2-rc3,TheMCP(ModelContextProtocol)OAuthcallbackendpointacceptstheredirectfromtheidentityproviderandstoresOAuthtokensfortheuserwhoinitiatedtheflow,withoutverifyingthatthebrowserhittingtheredirectURLisloggedinorthatthelogged-inusermatchestheinitiator.AnattackercansendtheauthorizationURLtoavictim;whenthevictimcompletestheflow,thevictim’sOAuthtokensarestoredontheattacker’sLibreChataccount,enablingaccounttakeoverofthevictim’s2026- MCP-linkedservices(e.g.Atlassian,Outlook).Thisvulnerabilityisfixedin0.8.3-rc1.31944 CVE- 2026- Thegrafanacubism-panelpluginallowsuseofcubism.jsinGrafana.In0.1.2andearlier,thepanel'szoom-linkhandlerpassesadashboard-editor-suppliedURLdirectlytowindow.location.assign()/window.open()withnoschemevalidation.AnattackerwithdashboardEditorprivilegescansetthelinktoajavascript:URI;whenanyViewerdrag-zoomsonthepanel,thepayloadexecutesintheGrafanaorigin. 32117 CVE- 2026- StudioCMSisaserver-side-rendered,Astronative,headlesscontentmanagementsystem.Priorto0.3.1,theS3storagemanager'sisAuthorized()functionisdeclaredasync(returnsPromise)butiscalledwithoutawaitinboththePOSTandPUThandlers.SinceaPromiseobjectisalwaystruthyinJavaScript,!isAuthorized(type)alwaysevaluatestofalse,completelybypassingtheauthorizationcheck.Anyauthenticateduserwiththelowestvisitorrolecanupload,delete,rename,andlistallfilesintheS3bucket.Thisvulnerabilityisfixedin0.3.1. 32101 CVE- 2026- OneUptimeisasolutionformonitoringandmanagingonlineservices.Priorto10.0.23,theMarkdownviewercomponentrendersMermaiddiagramswithsecurityLevel:"loose"andinjectstheSVGoutputviainnerHTML.ThisconfigurationexplicitlyallowsinteractiveeventbindingsinMermaiddiagrams,enablingXSSthroughMermaid'sclickdirectivewhichcanexecutearbitraryJavaScript.Anyfieldthatrendersmarkdown(incidentdescriptions,statuspageannouncements,monitornotes)isvulnerable.Thisvulnerabilityisfixedin10.0.23. 32308 CVE- 2026- ImproperNeutralizationofSpecialElementsusedinanSQLCommand('SQLInjection')vulnerabilityinwpdevelopBookingCalendarbookingallowsBlindSQLInjection.ThisissueaffectsBookingCalendar:fromn/athrough<=10.14.15. 32358 CVE- 2026- MattermostPluginsversions<=2.0.3.0failtoproperlymasksensitiveconfigurationvalueswhichallowsanattackerwithaccesstosupportpacketstoobtainoriginalpluginsettingsviaexportedconfigurationdata.MattermostAdvisoryID:MMSA-2026-00606 2476 CVE- PyJWTisaJSONWebTokenimplementationinPython.Priorto2.12.0,PyJWTdoesnotvalidatethecrit(Critical)HeaderParameterdefinedinRFC7515§4.1.11.WhenaJWStokencontainsacritarraylistingextensionsthatPyJWTdoesnotunderstand,thelibraryacceptsthetokeninsteadofrejectingit.ThisviolatestheMUSTrequirementintheRFC.Thisvulnerabilityisfixedin2.12.0. 32597 CVE-

TheAppointmentBookingCalendar—SimplyScheduleAppointmentspluginforWordPressisvulnerabletounauthorizedaccessofsensitivedatainallversionsuptoandincluding1.6.9.29.Thisisduetotwocompoundingweaknesses:(1)anon-user-boundpublic_nonceisexposedtounauthenticatedusersthroughthepublic/wp-json/ssa/v1/embed-innerRESTendpoint,and(2)theget_item()methodinSSA_Settings_Apireliesonnonce_permissions_check()forauthorization(whichacceptsthepublicnonce)butdoesnotcall remove_unauthorized_settings_for_current_user()tofilterrestrictedfields.Thismakesitpossibleforunauthenticatedattackerstoaccessadmin-onlypluginsettingsincludingtheadministratoremail,phonenumber,internalaccesstokens,notificationconfigurations,anddevelopersettingsviathe/wp-json/ssa/v1/settings/{section}endpoint.Theexposureofappointmenttokensalsoallowsanattackertomodifyorcancelappointments. CVE-ZITADELisanopensourceidentitymanagementplatform.From2.68.0tobefore3.4.8and4.12.2,ZitadelprovidesaSystemforCross-domainIdentityManagement(SCIM)APItoprovisionusersfromexternalprovidersintoZitadel.RequesttotheAPIwithURL-encodedpathvalueswerecorrectlyroutedbutwouldbypassnecessaryauthenticationandpermissionchecks.Thisallowedunauthenticatedattackerstoretrievesensitiveinformationsuchasnames,emailaddresses,phonenumbers,addresses,externalIDs,androles.Notethatduetoadditionalcheckswhen manipulatingdata,anattackercouldnotmodifyordeleteanyuserdata.Thisvulnerabilityisfixedin3.4.8and4.12.2.32130 CVE- 2026-ImproperControlofFilenameforInclude/RequireStatementinPHPProgram('PHPRemoteFileInclusion')vulnerabilityinthemelexusMedilazarCoremedilazar-coreallowsPHPLocalFileInclusion.ThisissueaffectsMedilazarCore:fromn/athrough<1.4.7. 32426 CVE- 2026-useafterfreeinWindowDialoginGoogleChromepriorto146.0.7680.71allowedaremoteattackerwhohadcompromisedtherendererprocesstopotentiallyperformasandboxescapeviaacraftedHTMLpage.(Chromiumsecurityseverity:High) 3924 CVE-ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.9and8.6.35,anattackercanexploitLiveQuerysubscriptionstoinferthevaluesofprotectedfieldswithoutdirectlyreceivingthem.BysubscribingwithaWHEREclausethatreferencesaprotectedfield(includingviadot-notationor$regex),theattackercanobservewhetherLiveQueryeventsaredeliveredformatchingobjects.Thiscreatesabooleanoraclethatleaksprotectedfieldvalues.TheattackaffectsanyclassthathasbothprotectedFields2026-configuredinClass-LevelPermissionsandLiveQueryenabled.Thisvulnerabilityisfixedin9.6.0-alpha.9and8.6.35.32098 CVE- 2026-ImproperControlofFilenameforInclude/RequireStatementinPHPProgram('PHPRemoteFileInclusion')vulnerabilityinThemetechMountBoldmanboldmanallowsPHPLocalFileInclusion.ThisissueaffectsBoldman:fromn/athrough<=7.7. 32400 CVE- 2026-ImproperControlofFilenameforInclude/RequireStatementinPHPProgram('PHPRemoteFileInclusion')vulnerabilityinCreativesPlanetGreenlyThemeAddonsgreenly-addonsallowsPHPLocalFileInclusion.ThisissueaffectsGreenlyThemeAddons:fromn/athrough<8.2. 32393 CVE- 2026-wpDiscuzbefore7.6.47containsanunauthenticateddenialofservicevulnerabilitythatallowsanonymoususerstotriggermassnotificationemailsbyexploitingthecheckNotificationType()function.Attackerscanrepeatedlycallthewpdiscuz-ajax.phpendpointwitharbitrarypostIdandcommentidparameterstofloodsubscriberswithnotifications,asthehandlerlacksnonceverification,authenticationchecks,andratelimiting. 22182 CVE-Daguisaworkflowenginewithabuilt-inWebuserinterface.Priorto2.2.4,whenDaguisconfiguredwithHTTPBasicauthentication(DAGUAUTHMODE=basic),allServer-SentEvents(SSE)endpointsareaccessiblewithoutanycredentials.Thisallowsunauthenticatedattackerstoaccessreal-timeDAGexecutiondata,workflowconfigurations,executionlogs,andqueuestatus—bypassingtheauthenticationthatprotectstheRESTAPI.ThebuildStreamAuthOptions()functionbuildsauthenticationoptionsforSSE/streamingendpoints.Whentheauthmodeisbasic,itreturns2026-anauth.OptionsstructwithBasicAuthEnabled:truebutAuthRequireddefaultstofalse(Gozerovalue).Theauthenticationmiddlewareatinternal/service/frontend/auth/middleware.goallowsunauthenticatedrequestswhenAuthRequiredisfalse.Thisvulnerabilityisfixedin2.2.4.31882 CVE- 2026-ImproperControlofFilenameforInclude/RequireStatementinPHPProgram('PHPRemoteFileInclusion')vulnerabilityinCreativesPlanetGreenlygreenlyallowsPHPLocalFileInclusion.ThisissueaffectsGreenly:fromn/athrough<=8.1. 32392 CVE-TheFormidableFormspluginforWordPressisvulnerabletoapaymentintegritybypassinallversionsupto,andincluding,6.28.ThisisduetotheStripeLinkreturnhandler(`handleonetimestripelinkreturnurl)markingpaymentrecordsascompletebasedsolelyontheStripePaymentIntentstatuswithoutcomparingtheintent'schargedamountagainsttheexpectedpaymentamount,andtheverifyintent()functionvalidatingonlyclientsecretownershipwithoutbindingintentstospecificformsoractions.Thismakesitpossibleforunauthenticatedattackersto2026-reuseaPaymentIntentfromacompletedlow-valuepaymenttomarkahigh-valuepaymentascomplete,effectivelybypassingpaymentforgoodsorservices.2890 CVE- 2026-ImproperControlofFilenameforInclude/RequireStatementinPHPProgram('PHPRemoteFileInclusion')vulnerabilityinmagepeopleteamWpBookinglyservice-booking-managerallowsPHPLocalFileInclusion.ThisissueaffectsWpBookingly:fromn/athrough<=1.2.9. 32384 CVE- 2026-ImproperControlofFilenameforInclude/RequireStatementinPHPProgram('PHPRemoteFileInclusion')vulnerabilityinRadiusThemeMedilink-Coremedilink-coreallowsPHPLocalFileInclusion.ThisissueaffectsMedilink-Core:fromn/athrough<2.0.7. 32369 CVE- 2026-ImproperControlofFilenameforInclude/RequireStatementinPHPProgram('PHPRemoteFileInclusion')vulnerabilityinredqteamTurboManagerturbo-managerallowsPHPLocalFileInclusion.ThisissueaffectsTurboManager:fromn/athrough<4.0.8. 32364 CVE- 2019-JettwebPHPHazirHaberSitesiScriptiV3containsanauthenticationbypassvulnerabilityinthelogin.phpadministrationpanelthatallowsunauthenticatedattackerstogainadministrativeaccessbysubmittingcraftedSQLsyntax.Attackerscanbypassauthenticationbysubmittingequalssignsand'or'operatorsasusernameandpasswordparameterstoaccesstheadministrationpanelwithoutvalidcredentials. 25515 CVE- 2026-HMSNetworksEwonFlexywithfirmwarebefore15.0s4,Cosy+withfirmware22.xxbefore22.1s6,andCosy+withfirmware23.xxbefore23.0s3allowsunauthenticatedattackerstocauseaDenialofServicebyusingaspeciallycraftedHTTPrequestthatleadstoarebootofthedevice,providedtheyhaveaccesstothedevice'sGUI. 25819 CVE- 2026-EllaCoreisa5Gcoredesignedforprivatenetworks.Priorto1.5.1,EllaCorepanicswhenprocessingamalformedintegrityprotectedNGAP/NASmessagewithalengthunder7bytes.AnattackerabletosendcraftedNASmessagestoEllaCorecancrashtheprocess,causingservicedisruptionforallconnectedsubscribers.Noauthenticationisrequired.Thisvulnerabilityisfixedin1.5.1. 32319 CVE-TheMyStickyBarpluginforWordPressisvulnerabletoSQLinjectionviathestickymenucontactleadformAJAXactioninallversionsupto,andincluding,2.8.6.Thisisduetothehandlerusingattacker-controlledPOSTparameternamesdirectlyasSQLcolumnidentifiersin$wpdb->insert().Whileparametervaluesaresanitizedwithescsql()andsanitizetextfield()`,theparameterkeysareusedas-istobuildthecolumnlistintheINSERTstatement.ThismakesitpossibleforunauthenticatedattackerstoinjectSQLviacraftedparameternames,enablingblindtime-2026-baseddataextractionfromthedatabase.3657 CVE- 2026-CairoSVGisanSVGconverterbasedonCairo,a2Dgraphicslibrary.PriortoKozea/CairoSVGhasexponentialdenialofserviceviarecursive elementamplificationincairosvg/defs.py.ThiscausesCPUexhaustionfromasmallinput. 31899 Issuesummary:AnOpenSSLTLS1.3servermayfailtonegotiatetheexpectedpreferredkeyexchangegroupwhenitskeyexchangegroupconfigurationincludesthedefaultbyusingthe'DEFAULT'keyword. CVE-server.IfanOpenSSLTLS1.3server'sconfigurationusesthe'DEFAULT'keywordtointerpolatethebuilt-indefaultgrouplistintoitsownconfiguration,perhapsaddingorremovingspecificelements,thenanimplementationdefectcausesthe'DEFAULT'listtoloseits'tuple'structure,andallserver-supportedgroupsweretreatedasasinglesufficientlysecure'tuple',withtheservernotsendingaHelloRetryRequest(HRR)evenwhenagroupinamorepreferredtuplewasmutuallysupported. 2026-quantumkeyagreementgroup,suchas'X25519MLKEM768',iftheclient'sconfigurationresultsinonly'classical'groups(suchas'X25519'beingtheonlyonesintheclient'sinitialkeyshareprediction). 2673supportedbytheclient,butnotincludedinthelistofpredictedkeyshareswouldhavebeenmorepreferred,ifincluded.Thenewsyntaxpartitionsthegroupsintodistinct'tuples'ofroughlyequivalentsecurity. aboveworksasexpectedwhentheserver'sconfigurationusesthebuilt-indefaultgrouplist,orexplicitlydefinesitsownlistbydirectlydefiningthevariousdesiredgroupsandgroup'tuples'. CVE- InsufficientpolicyenforcementinPDFinGoogleChromeonAndroidpriorto146.0.7680.71allowedaremoteattackertobypassnavigationrestrictionsviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium)

CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtoproperlyhandleverylongpasswords,whichallowsanattackertooverloadtheserverCPUandmemoryviaexecutingloginattemptswithmulti-megabytepasswords.MattermostAdvisoryID:MMSA-2026-00587

24458 CVE- TheWPMapspluginforWordPressisvulnerabletotime-basedblindSQLInjectionviathe'locationid'parameterinallversionsupto,andincluding,4.9.1.Thisisduetotheplugin'sdatabaseabstractionlayer(`FlipperCodeModelBase::iscolumn())treatinguserinputwrappedinbackticksascolumnnames,bypassingtheescsql()escapingfunction.Additionally,thewpgmpajaxcallAJAXhandler(registeredforunauthenticatedusersviawpajaxnopriv)allowscallingarbitraryclassmethodsincludingwpgmpreturnfinalcapability,whichpassestheunsanitizedlocationid`GETparameterdirectlytoadatabasequery.ThismakesitpossibleforunauthenticatedattackerstoappendadditionalSQLqueriesintoalreadyexistingqueriesthatcanbeusedtoextractsensitiveinformationfromthedatabase. CVE- 2025- SQLInjectionvulnerabilityinChyrpv.2.5.2andbeforeallowsaremoteattackertoobtainsensitiveinformationviatheAdmin.phpcomponent 69768 CVE- 2026- JetKVMbefore0.5.4doesnotratelimitloginrequests,enablingbrute-forceattemptstoguesscredentials. 32295 CVE- GoShangMi(CommercialCryptography)Library(GMSM)isacryptographiclibrarythatcoverstheChinesecommercialcryptographicpublicalgorithmsSM2/SM3/SM4/SM9/ZUC.Priorto0.41.1,thecurrentSM9decryptionimplementationcontainsaninfinity-pointciphertextforgeryvulnerability.Therootcauseisthat,duringdecryption,theelliptic-curvepointC1intheciphertextisonlydeserializedandcheckedtobeonthecurve,buttheimplementationdoesnotexplicitlyrejectthepointatinfinity.Inthecurrentimplementation,anattackercanconstructC1asthepointat2026- infinity,causingthebilinearpairingresulttodegenerateintotheidentityelementintheGTgroup.Asaresult,acriticalpartofthekeyderivationinputbecomesapredictableconstant.Anattackerwhoonlyknowsthetargetuser'sUIDcanderivethedecryptionkeymaterialandthenforgeaciphertextthatpassestheintegritycheck.Thisvulnerabilityisfixedin0.41.1.32614 CVE- 2026- ImpactAservercanreplywithaWebSocketframeusingthe64-bitlengthformandanextremelylargelength.undici'sByteParseroverflowsinternalmath,endsupinaninvalidstate,andthrowsafatalTypeErrorthatterminatestheprocess. 1528 CVE- 2026- TheGL-iNetComet(GL-RM1)KVMwebinterfacedoesnotlimitloginrequests,enablingbrute-forceattemptstoguesscredentials. 32292 CVE- 2026- ApacheAirflowversions3.1.0through3.1.7sessiontoken(token)incookiesissettopath=/regardlessoftheconfigured[webserver]baseurlor[api]baseurl.Thisallowsanyapplicationco-hostedunderthesamedomaintocapturevalidAirflowsessiontokensfromHTTPrequestheaders,allowingfullsessiontakeoverwithoutattackingAirflowitself. 28779 CVE- 2026- AllversionsofthepackagesjclarevulnerabletoImproperVerificationofCryptographicSignatureduetomissingpoint-on-curvevalidationinsjcl.ecc.basicKey.publicKey().Anattackercanrecoveravictim'sECDHprivatekeybysendingcraftedoff-curvepublickeysandobservingECDHoutputs.ThedhJavaEc()functiondirectlyreturnstherawx-coordinateofthescalarmultiplicationresult(nohashing),providingaplaintextoraclewithoutrequiringanydecryptionfeedback. 4258 CVE- 2026- WhendoingasecondSMBrequesttothesamehostagain,curlwouldwronglyuseadatapointerpointingintoalreadyfreedmemory. 3805 CVE- 2026- TheWowStore–StoreBuilder&ProductBlocksforWooCommercepluginforWordPressisvulnerabletoSQLInjectionviathe‘search’parameterinallversionsupto,andincluding,4.4.3duetoinsufficientescapingontheusersuppliedparameterandlackofsufficientpreparationontheexistingSQLquery. 2579 CVE- 2026- TornadoisaPythonwebframeworkandasynchronousnetworkinglibrary.InversionsofTornadopriorto6.5.5,theonlylimitonthenumberofpartsinmultipart/form-dataisthemaxbodysizesetting(default100MB).Sinceparsingoccurssynchronouslyonthemainthread,thiscreatesthepossibilityofdenial-of-serviceduetothecostofparsingverylargemultipartbodieswithmanyparts.Thisvulnerabilityisfixedin6.5.5. 31958 CVE- TheAlly–WebAccessibility&UsabilitypluginforWordPressisvulnerabletoSQLInjectionviatheURLpathinallversionsupto,andincluding,4.0.3.Thisisduetoinsufficientescapingontheuser-suppliedURLparameterintheget_global_remediations()method,whereitisdirectlyconcatenatedintoanSQLJOINclausewithoutpropersanitizationforSQLcontext.Whileesc_url_raw()isappliedforURLsafety,itdoesnotpreventSQLmetacharacters(singlequotes,parentheses)frombeinginjected.Thismakesitpossibleforunauthenticatedattackerstoappendadditional2026- SQLqueriesintoalreadyexistingqueriesthatcanbeusedtoextractsensitiveinformationfromthedatabaseviatime-basedblindSQLinjectiontechniques.TheRemediationmodulemustbeactive,whichrequirestheplugintobeconnectedtoanElementoraccount.2413 CVE- 2026- multipartisafastmultipart/form-dataparserforpython.Priorto1.2.2,1.3.1and1.4.0-dev,theparseoptionsheader()functioninmultipart.pyusesaregularexpressionwithanambiguousalternation,whichcancauseexponentialbacktracking(ReDoS)whenparsingmaliciouslycraftedHTTPormultipartsegmentheaders.Thiscanbeabusedfordenialofservice(DoS)attacksagainstwebapplicationsusingthislibrarytoparserequestheadersormultipart/form-datastreams.Theissueisfixedin1.2.2,1.3.1and1.4.0-dev. 28356 CVE- 2026- LibreChatRAGAPI,version0.7.0,containsalog-injectionvulnerabilitythatallowsattackerstoforgelogentries. 4276 CVE- 2026- NanoMQMQTTBroker(NanoMQ)isanall-aroundEdgeMessagingPlatform.MQTTv5VariableByteIntegerparsingout-of-bounds:getvarinteger()accepts5-bytevarintswithoutboundschecks;reliablytriggersOOBread/crashwhenbuiltwithASan.Thisaffects0.24.6andearlier. 21888 CVE- 2026- OpenClawversions2026.2.21-2priorto2026.2.22and@openclaw/voice-callversions2026.2.21priorto2026.2.22acceptmedia-streamWebSocketupgradesbeforestreamvalidation,allowingunauthenticatedclientstoestablishconnections.Remoteattackerscanholdidlepre-authenticatedsocketsopentoconsumeconnectionresourcesanddegradeserviceavailabilityforlegitimatestreams. 32062 CVE- 2026- AnissueinGoBGPgobgpdv.4.2.0allowsaremoteattackertocauseadenialofserviceviatheNEXTHOPpathattribute 30405 CVE- 2026- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom18.9before18.9.2thatcouldhaveallowedanunauthenticatedusertocauseadenialofservicebysendingspeciallycraftedGraphQLrequestsduetouncontrolledrecursionundercertaincircumstances. 1069 CVE- 2026- TheJetBookingpluginforWordPressisvulnerabletoSQLInjectionviathe'checkin_date'parameterinallversionsupto,andincluding,4.0.3.ThisisduetoinsufficientescapingontheusersuppliedparameterandlackofsufficientpreparationontheexistingSQLquery.ThismakesitpossibleforunauthenticatedattackerstoappendadditionalSQLqueriesintoalreadyexistingqueriesthatcanbeusedtoextractsensitiveinformationfromthedatabase. 3496 CVE- 2025- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom16.11before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanunauthenticatedusertocauseadenialofserviceconditionduetoimproperinputvalidationwhenprocessingspeciallycraftedJSONpayloadsintheprotectedbranchesAPI. 14513 CVE- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom10.0before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanunauthenticatedusertocauseadenialofservicebyissuingspeciallycraftedrequeststorepositoryarchiveendpointsundercertainconditions. 13929 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanIncorrectAuthorizationvulnerabilitythatcouldresultinaSecurityfeaturebypass.Anattackercouldleveragethisvulnerabilitytobypasssecuritymeasuresandgainunauthorizedviewaccessofdata.Exploitationofthisissuedoesnotrequireuserinteraction.

21309 CVE- AnissuepertainingtoCWE-918:Server-SideRequestForgerywasdiscoveredinSunbird-EdSunbirdEd-portalv1.13.4.Thisallowsattackerstoobtainsensitiveinformation 70027 CVE- ImpactTheundiciWebSocketclientisvulnerabletoadenial-of-serviceattackduetoimpropervalidationoftheservermaxwindowbitsparameterinthepermessage-deflateextension.WhenaWebSocketclientconnectstoaserver,itautomaticallyadvertisessupportforpermessage-deflatecompression.Amaliciousservercanrespondwithanout-of-rangeservermaxwindowbitsvalue(outsidezlib'svalidrangeof8-15).Whentheserversubsequentlysendsacompressedframe,theclientattemptstocreateazlibInflateRawinstancewiththeinvalidwindowBitsvalue,2026- causingasynchronousRangeErrorexceptionthatisnotcaught,resultinginimmediateprocesstermination.Thevulnerabilityexistsbecause:*TheisValidClientWindowBits()functiononlyvalidatesthatthevaluecontainsASCIIdigits,notthatitfallswithinthevalidrange8-152229 CVE- 2025- DoomLauncher3.8.1.0isvulnerabletoDirectoryTraversalduetomissingfilepathvalidationduringtheextractionofgamefiles 66687 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanIncorrectAuthorizationvulnerabilitythatcouldresultinaSecurityfeaturebypass.Anattackercouldleveragethisvulnerabilitytobypasssecuritymeasuresandgainunauthorizedviewaccessofdata.Exploitationofthisissuedoesnotrequireuserinteraction. 21289 CVE- AmissingS3ownershipverificationintheBedrockAgentCoreStarterToolkitbeforeversionv0.1.13mayallowaremoteactortoinjectcodeduringthebuildprocess,leadingtocodeexecutionintheAgentCoreRuntime.ThisissueonlyaffectsusersoftheBedrockAgentCoreStarterToolkitbeforeversionv0.1.13whobuildorhavebuilttheToolkitafterSeptember24,2025.Anyusersonaversion>=v0.1.13,andanyusersonpreviousversionswhobuiltthetoolkitbeforeSeptember24,2025arenotaffected.2026- v0.1.13.4269 CVE- 2026- SveltedevalueisaJavaScriptlibrarythatserializesvaluesintostringswhenJSON.stringifyisn'tsufficientforthejob.Indevaluev5.6.3andearlier,devalue.parseanddevalue.unflattenweresusceptibletoprototypepollutionviamaliciouslycraftedpayloads.SuccessfulexploitationcouldleadtoDenialofService(DoS)ortypeconfusion.Thisvulnerabilityisfixedin5.6.4. 30226 CVE- TheAppointmentBookingCalendar—SimplyScheduleAppointmentsBookingPluginpluginforWordPressisvulnerabletoblindSQLInjectioninallversionsupto,andincluding,1.6.9.27.Thisisduetothedb_where_conditionsmethodintheTD_DB_Modelclassfailingtopreventtheappend_where_sqlparameterfrombeingpassedthroughJSONrequestbodies,whileonlycheckingforitspresenceinthe$_REQUESTsuperglobal.ThismakesitpossibleforunauthenticatedattackerstoappendarbitrarySQLcommandstoqueriesandextractsensitiveinformationfrom2026- thedatabaseviatheappend_where_sqlparameterinJSONpayloadsgrantedtheyhaveobtainedavalidpublic_tokenthatisinadvertentlyexposedduringthebookingflow.1708 CVE- flagdisafeatureflagdaemonwithaUnixphilosophy.Priorto0.14.2,flagdexposesOFREP(/ofrep/v1/evaluate/...)andgRPC(evaluation.v1,evaluation.v2)endpointsforfeatureflagevaluation.Theseendpointsaredesignedtobepubliclyaccessiblebyclientapplications.Theevaluationcontextincludedinrequestpayloadsisreadintomemorywithoutanysizerestriction.AnattackercansendasingleHTTPrequestwithanarbitrarilylargebody,causingflagdtoallocateacorrespondingamountofmemory.Thisleadstoimmediatememoryexhaustionandprocess2026- termination(e.g.,OOMKillinKubernetesenvironments).flagddoesnotnativelyenforceauthenticationonitsevaluationendpoints.Whileoperatorsmaydeployflagdbehindanauthenticatingreverseproxyorsimilarinfrastructure,theendpointsthemselvesimposenoaccesscontrolbydefault.Thisvulnerabilityisfixedin0.14.2.31866 CVE- 2026- IBMi7.6couldallowaremoteattackertocauseadenialofserviceusingfailedauthenticationconnectionsduetoimproperallocationofresources. 1376 CVE- AflawwasidentifiedintheRAR5archivedecompressionlogicofthelibarchivelibrary,specificallywithinthearchivereaddata()processingpath.WhenaspeciallycraftedRAR5archiveisprocessed,thedecompressionroutinemayenterastatewhereinternallogicpreventsforwardprogress.ThisconditionresultsinaninfiniteloopthatcontinuouslyconsumesCPUresources.Becausethearchivepasseschecksumvalidationandappearsstructurallyvalid,affectedapplicationscannotdetecttheissuebeforeprocessing.Thiscanallowattackerstocausepersistentdenial-of-2026- serviceconditionsinservicesthatautomaticallyprocessarchives.4111 CVE- 2026- WeGIAisawebmanagerforcharitableinstitutions.In3.6.5,ThepatchedloadBackupDB()extractstar.gzarchivestoatemporarydirectoryusingPHP'sPharDataclass,thenusesglob()andfilegetcontents()toreadSQLfilesfromtheextractedcontents.Neithertheextractionnorthefilereadingvalidateswhetherarchivemembersaresymboliclinks.Thisvulnerabilityisfixedin3.6.6. 31894 CVE- RIOTisanopen-sourcemicrocontrolleroperatingsystem,designedtomatchtherequirementsofInternetofThings(IoT)devicesandotherembeddeddevices.In2026.01andearlier,thedefaulthandlerforthewellknowncoreresourcecoapwellknowncoredefaulthandlerwritesuser-providedoptiondataandotherdataintoafixedsizebufferwithoutvalidatingthebufferislargeenoughtocontaintheresponse.Thisvulnerabilityallowsanattackertocorruptneighboringstacklocation,includingsecurity-sensitiveaddresseslikethereturnaddress,leadingtodenialof2026- serviceorarbitrarycodeexecution.27703 CVE- 2013- QoolCMScontainsmultiplepersistentcross-sitescriptingvulnerabilitiesinseveraladministrativescriptswherePOSTparametersarenotproperlysanitizedbeforebeingstoredandreturnedtousers.AttackerscaninjectmaliciousJavaScriptcodethroughparameterslike'title','name','email','username','link',and'task'inendpointssuchasaddnewtype,addnewdatafield,addmenu,addusergroup,addnewuserfield,adduser,addgeneraldata,andaddcontentitemtoexecutearbitraryscriptsinadministratorbrowsers. 20006 CVE- 2026- UnprotectedinternalendpointsinCloudFoundryCapiRelease1.226.0andbelow,andCFDeploymentv54.9.0andbelowonallplatformsallowsanyuserwhohasbypassedthefirewalltopotentiallyreplacedropletsandthereforeapplicationsallowingthemtoaccesssecureapplicationinformation. 22727 CVE- 2025- IBMSterlingB2BIntegratorandandIBMSterlingFileGateway6.1.0.0through6.1.2.72,6.2.0.0through6.2.0.51,6.2.1.0through6.2.1.11,and6.2.2.0couldallowanunauthenticatedattackertosendaspeciallycraftedrequestthatcausestheapplicationtocrash. 14031 CVE- 2026- Shopwareisanopencommerceplatform.Priorto6.7.8.1and6.6.10.15,aninsufficientcheckonthefiltertypesforunauthenticatedcustomersallowsaccesstoordersofothercustomers.ThisispartofthedeepLinkCodesupportonthestore-api.orderendpoint.Thisvulnerabilityisfixedin6.7.8.1and6.6.10.15. 31887 CVE- 2025- AninformationdisclosureissueinthezipfileInflatefunctioninthezipfileextensioninSQLitev3.51.1andearlierallowsattackerstoobtainheapmemoryviasupplyingacraftedZIPfile. 70873 CVE- 2019- ARMBotcontainsanunrestrictedfileuploadvulnerabilityinupload.phpthatallowsunauthenticatedattackerstouploadarbitraryfilesbymanipulatingthefileparameterwithpathtraversalsequences.AttackerscanuploadPHPfileswithtraversalpayloads../public_html/towriteexecutablecodetothewebrootandachieveremotecodeexecution. 25480 CVE- 2019- GetGoDownloadManager6.2.2.3300containsabufferoverflowvulnerabilitythatallowsremoteattackerstocausedenialofservicebysendingHTTPresponseswithexcessivelylongheaders.AttackerscancraftmaliciousHTTPresponseswithoversizedheadervaluestocrashtheapplicationandmakeitunavailable. 25478 CVE- 2026- EdimaxGS-5008PLfirmwareversion1.00.54andpriorusecleartextHTTPforthewebmanagementinterfacewithoutimplementingTLSorSSLencryption.Attackersonthesamenetworkcaninterceptmanagementtraffictocaptureadministratorcredentialsandsensitiveconfigurationdata. 32838 CVE- ServiioPRO1.8containsaninformationdisclosurevulnerabilityduetoimproperaccesscontrolenforcementintheConfigurationRESTAPIthatallowsunauthenticatedattackerstoaccesssensitiveinformation.RemoteattackerscansendspeciallycraftedrequeststotheRESTAPIendpointstoretrievepotentiallysensitiveconfigurationdatawithoutauthentication. 20217

CVE- 2026- TheAngeetES3KVMallowsaremote,unauthenticatedattackertowritearbitraryfiles,includingconfigurationfilesorsystembinaries.Modifiedconfigurationfilesorsystembinariescouldallowanattackertotakecompletecontrolofavulnerablesystem.

32297 CVE- flattedisacircularJSONparser.Priorto3.4.0,flatted'sparse()functionusesarecursiverevive()phasetoresolvecircularreferencesindeserializedJSON.Whengivenacraftedpayloadwithdeeplynestedorself-referential$indices,therecursiondepthisunbounded,causingastackoverflowthatcrashestheNode.jsprocess.Thisvulnerabilityisfixedin3.4.0. 32141 CVE- 2017- ServiioPRO1.8containsanimproperaccesscontrolvulnerabilityintheConfigurationRESTAPIthatallowsunauthenticatedattackerstochangethemediabrowserloginpassword.AttackerscansendspeciallycraftedrequeststotheRESTAPIendpointstomodifycredentialswithoutauthentication. 20220 CVE- 2019- IntelBrasTelefoneIPTIP200and200LITEcontainanunauthenticatedarbitraryfilereadvulnerabilityinthedumpConfigFilefunctionaccessibleviathecgiServer.exxendpoint.AttackerscansendGETrequeststo/cgi-bin/cgiServer.exxwiththecommandparametercontainingdumpConfigFile()toreadsensitivefilesincluding/etc/shadowandconfigurationfileswithoutproperauthorization. 25472 CVE- 2026- ApathtraversalvulnerabilitywasidentifiedinRayDashboard(defaultport8265)inRayversionspriorto2.8.1.Duetoimpropervalidationandsanitizationofuser-suppliedpathsinthestaticfilehandlingmechanism,anattackercanusetraversalsequences(e.g.,../)toaccessfilesoutsidetheintendedstaticdirectory,resultinginlocalfiledisclosure. 32981 CVE- TheundiciWebSocketclientisvulnerabletoadenial-of-serviceattackviaunboundedmemoryconsumptionduringpermessage-deflatedecompression.WhenaWebSocketconnectionnegotiatesthepermessage-deflateextension,theclientdecompressesincomingcompressedframeswithoutenforcinganylimitonthedecompresseddatasize.AmaliciousWebSocketservercansendasmallcompressedframe(a"decompressionbomb")thatexpandstoanextremelylargesizeinmemory,causingtheNode.jsprocesstoexhaustavailablememoryandcrashorbecome2026- unresponsive.ThevulnerabilityexistsinthePerMessageDeflate.decompress()method,whichaccumulatesalldecompressedchunksinmemoryandconcatenatesthemintoasingleBufferwithoutcheckingwhetherthetotalsizeexceedsasafethreshold.1526 CVE- 2019- eWONFirmwareversions12.2to13.0containanauthenticationbypassvulnerabilitythatallowsattackerswithminimalprivilegestoretrievesensitiveuserdatabyexploitingthewsdReadFormendpoint.AttackerscansendPOSTrequeststo/wrcgi.bin/wsdReadFormwithbase64-encodedpartialcredentialsandacraftedwsdListparametertoextractencryptedpasswordsforallusers,whichcanbedecryptedusingahardcodedXORkey. 25470 CVE- 2017- TelesquareSKTLTERouterSDT-CS3B1softwareversion1.2.0containsanunauthenticatedremoterebootvulnerabilitythatallowsattackerstotriggerdevicerebootwithoutauthentication.AttackerscansendPOSTrequeststothelte.cgiendpointwiththeCommand=Rebootparametertocausedenialofservicebyforcingtheroutertorestart. 20222 CVE- 2019- HisiliconHiIpcamV100R003containsadirectorytraversalvulnerabilitythatallowsunauthenticatedattackerstoaccesssensitiveconfigurationfilesbyexploitingdirectorylistinginthecgi-bindirectory.Attackerscanrequestthegetadslattr.cgiendpointtoretrieveADSLcredentialsandnetworkconfigurationparametersincludingusernames,passwords,andDNSsettings. 25465 CVE- 2026- ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.6and8.6.32,theprotectedFieldsclass-levelpermission(CLP)canbebypassedusingdot-notationinqueryWHEREclausesandsortparameters.Anattackercanusedot-notationtoqueryorsortbysub-fieldsofaprotectedfield,enablingabinaryoracleattacktoenumerateprotectedfieldvalues.ThisaffectsbothMongoDBandPostgreSQLdeployments.Thisvulnerabilityisfixedin9.6.0-alpha.6and8.6.32. 31872 CVE- cpp-httplibisaC++11single-fileheader-onlycrossplatformHTTP/HTTPSlibrary.Priorto0.37.1,whenacpp-httplibclientusesthestreamingAPI(httplib::stream::Get,httplib::stream::Post,etc.),thelibrarycallsstd::stoull()directlyontheContent-Lengthheadervaluereceivedfromtheserverwithnoinputvalidationandnoexceptionhandling.std::stoullthrowsstd::invalidargumentfornon-numericstringsandstd::outofrangeforvaluesexceedingULLONGMAX.Sincenothingcatchestheseexceptions,theC++runtimecallsstd::terminate(),whichkillstheprocesswith2026- SIGABRT.Anyservertheclientconnectsto—includingserversreachedviaHTTPredirects,third-partyAPIs,orman-in-the-middlepositionscancrashtheclientapplicationwithasingleHTTPresponse.Noauthenticationisrequired.Nointeractionfromtheenduserisrequired.Thecrashisdeterministicandimmediate.Thisvulnerabilityisfixedin0.37.1.31870 CVE- 2026- TheNEX-Forms–UltimateFormsPluginforWordPresspluginforWordPressisvulnerabletoInsecureDirectObjectReferenceinallversionsupto,andincluding,9.1.9viathesubmitnexform()functionduetomissingvalidationonausercontrolledkey.Thismakesitpossibleforunauthenticatedattackerstotooverwritearbitraryformentriesviathe'nfsetentryupdateid'parameter. 1947 CVE- AuthlibisaPythonlibrarywhichbuildsOAuthandOpenIDConnectservers.Priortoversion1.6.9,alibrary-levelvulnerabilitywasidentifiedintheAuthlibPythonlibraryconcerningthevalidationofOpenIDConnect(OIDC)IDTokens.Specifically,theinternalhashverificationlogic(verifyhash)responsibleforvalidatingtheathash(AccessTokenHash)andchash(AuthorizationCodeHash)claimsexhibitsafail-openbehaviorwhenencounteringanunsupportedorunknowncryptographicalgorithm.Thisflawallowsanattackertobypassmandatoryintegrityprotectionsby2026- supplyingaforgedIDTokenwithadeliberatelyunrecognizedalgheaderparameter.ThelibraryinterceptstheunsupportedstateandsilentlyreturnsTrue(validationpassed),inherentlyviolatingfundamentalcryptographicdesignprinciplesanddirectOIDCspecifications.Thisissuehasbeenpatchedinversion1.6.9.28498 CVE- 2025- InUNIXFourthResearchEdition(v4),thesucommandisvulnerabletoabufferoverflowduetothe'password'variablehavingafixedsizeof100bytes.Alocalusercanexploitthistogainrootprivileges.ItisunlikelythatUNIXv4isrunninganywhereoutsideofaverysmallnumberoflabenvironments. 71263 CVE- ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.11and8.6.37,ParseServer'sbuilt-inOAuth2authadapterexportsasingletoninstancethatisreuseddirectlyacrossallOAuth2providerconfigurations.UnderconcurrentauthenticationrequestsfordifferentOAuth2providers,oneprovider'stokenvalidationmayexecuteusinganotherprovider'sconfiguration,potentiallyallowingatokenthatshouldberejectedbyoneprovidertobeacceptedbecauseitisvalidatedagainstadifferentprovider's2026- policy.DeploymentsthatconfiguremultipleOAuth2providersviatheoauth2:trueflagareaffected.Thisvulnerabilityisfixedin9.6.0-alpha.11and8.6.37.32242 CVE- 2026- libexifthrough0.6.25hasaflawindecodingMakerNotes.Iftheexifmnotedatagetvaluefunctiongetspassedina0size,thepassedin-bufferwouldbeoverwrittenduetoanintegerunderflow. 32775 CVE- 2026- ZITADELisanopensourceidentitymanagementplatform.Priorto3.4.8and4.12.2,apotentialvulnerabilityexistsinZitadel'spasskeyregistrationendpoints.Thisendpointallowsregisteringanewpasskeyusingapreviouslyretrievedcode.Animproperexpirationcheckofthecode,couldallowanattackertopotentiallyregistertheirownpasskeyandgainaccesstothevictim'saccount.Thisvulnerabilityisfixedin3.4.8and4.12.2. 32132 CVE- 2026- Tinaisaheadlesscontentmanagementsystem.Priorto2.1.7,apathtraversalvulnerabilityexistsintheTinaCMSdevelopmentserver'smediauploadhandler.Thecodeatmedia.tsjoinsuser-controlledpathsegmentsusingpath.join()withoutvalidatingthattheresultingpathstayswithintheintendedmediadirectory.Thisallowswritingfilestoarbitrarylocationsonthefilesystem.Thisvulnerabilityisfixedin2.1.7. 28791 CVE- AvulnerabilityintheIntermediateSystem-to-IntermediateSystem(IS-IS)multi-instanceroutingfeatureofCiscoIOSXRSoftwarecouldallowanunauthenticated,adjacentattackertocausetheIS-ISprocesstorestartunexpectedly.2026- toadvertisednetworksandadenialofservice(DoS)condition.Note:TheIS-ISprotocolisaroutingprotocol.Toexploitthisvulnerability,anattackermustbeLayer2-adjacenttotheaffecteddeviceandmusthaveformedanadjacency.  20074 CVE- 2026- AvulnerabilityhasbeenfoundinitsourcecodeOnlineDoctorAppointmentSystem1.0.Thisimpactsanunknownfunctionofthefile/admin/patientaction.php.Suchmanipulationoftheargumentpatientidleadstosqlinjection.Theattackmaybelaunchedremotely.Theexploithasbeendisclosedtothepublicandmaybeused. 3980 CVE- 2026- AflawhasbeenfoundinitsourcecodeFreeHotelReservationSystem1.0.Thisvulnerabilityaffectsunknowncodeofthefile/hotel/admin/mod_reports/index.php.ExecutingamanipulationoftheargumentHomecanleadtosqlinjection.Theattackmaybeperformedfromremote.Theexploithasbeenpublishedandmaybeused. 4237 CVE- Avulnerabilitywasidentifiedincode-projectsSimpleFoodOrderSystem1.0.Affectedbythisvulnerabilityisanunknownfunctionalityofthefile/routers/add-item.php.Suchmanipulationoftheargumentpriceleadstosqlinjection.Theattackcanbelaunchedremotely.Theexploitispubliclyavailableandmightbeused.

CVE- AsecurityflawhasbeendiscoveredinitsourcecodeCafeReservationSystem1.0.Thisimpactsanunknownfunctionofthefile/curvus2/signup.phpofthecomponentRegistration.PerformingamanipulationoftheargumentUsernameresultsinsqlinjection.Remoteexploitationoftheattackispossible.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.

CVE- AvulnerabilitywasdeterminedinTiandyIntegratedManagementPlatform7.17.0.Affectedbythisissueissomeunknownfunctionalityofthefile/rest/user/getAuthorityByUserId.ExecutingamanipulationoftheargumentuserIdcanleadtosqlinjection.Theattackmaybelaunchedremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.

CVE- AweaknesshasbeenidentifiedinitsourcecodeOnlineEnrollmentSystem1.0.Thisissueaffectssomeunknownprocessingofthefile/sms/login.php.Thismanipulationoftheargumentuseremailcausessqlinjection.Theattackispossibletobecarriedoutremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks. 4235 CVE- 2026- AsecurityvulnerabilityhasbeendetectedinitsourcecodeOnlineEnrollmentSystem1.0.Impactedisanunknownfunctionofthefile/enrollment/index.php?view=add.Suchmanipulationoftheargumenttxtsearch/deptname/nameleadstosqlinjection.Theattackmaybeperformedfromremote.Theexploithasbeendisclosedpubliclyandmaybeused. 4236 CVE- 2026- AvulnerabilitywasdetectedinFeMinerwmsupto1.0.Thisimpactsanunknownfunctionofthefile/wms-master/src/basic/depart/departaddbg.phpofthecomponentBasicOrganizationalStructureModule.PerformingamanipulationoftheargumentNameresultsinsqlinjection.Theattackmaybeinitiatedremotely.Theexploitisnowpublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 3969 CVE- 2026- AnchoreEnterpriseversionsbefore5.25.1containanSQLinjectionvulnerabilityintheGraphQLReportsAPI.AnauthenticatedattackerthatisabletoaccesstheGraphQLAPIcouldexecutearbitrarySQLinstructionsresultinginmodificationstothedatacontainedintheAnchoreEnterprisedatabase. 25076 CVE- 2026- AvulnerabilitywasfoundinitsourcecodeOnlineDoctorAppointmentSystem1.0.Affectedisanunknownfunctionofthefile/admin/doctoraction.php.PerformingamanipulationoftheargumentIDresultsinsqlinjection.Remoteexploitationoftheattackispossible.Theexploithasbeenmadepublicandcouldbeused. 3981 CVE- 2026- Avulnerabilitywasfoundinvanna-aivannaupto2.0.2.Affectedbythisvulnerabilityisthefunctionupdatesql/runsqlofthefilesrc/vanna/legacy/flask/init.pyofthecomponentEndpoint.Performingamanipulationresultsinserver-siderequestforgery.Theattackmaybeinitiatedremotely.Theexploithasbeenmadepublicandcouldbeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4231 CVE- 2026- AweaknesshasbeenidentifiedinTiandyEasy7IntegratedManagementPlatform7.17.0.Theimpactedelementisanunknownfunctionofthefile/rest/devStatus/getDevDetailedInfoofthecomponentEndpoint.ExecutingamanipulationoftheargumentIDcanleadtosqlinjection.Theattackcanbelaunchedremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4288 CVE- 2026- AsecurityflawhasbeendiscoveredinTiandyEasy7IntegratedManagementPlatform7.17.0.Theaffectedelementisanunknownfunctionofthefile/rest/devStatus/queryResourcesofthecomponentEndpoint.PerformingamanipulationoftheargumentareaIdresultsinsqlinjection.Theattackcanbeinitiatedremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4287 CVE- 2026- AsecurityvulnerabilityhasbeendetectedinTiandyEasy7IntegratedManagementPlatformupto7.17.0.Thisaffectsanunknownfunctionofthefile/rest/preSetTemplate/getRecByTemplateId.ThemanipulationoftheargumentIDleadstosqlinjection.Theattackmaybeinitiatedremotely.Theexploithasbeendisclosedpubliclyandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4289 CVE- 2026- AvulnerabilitywasfoundinH3CACG1000-AK230upto20260227.Thisaffectsanunknownpartofthefile/webui/?aaaportalauthlocalsubmit.Themanipulationoftheargumentsuffixresultsincommandinjection.Theattackcanbelaunchedremotely.Theexploithasbeenmadepublicandcouldbeused.Thevendorisinvestigatingandremediatingthisissue. 3943 CVE- 2026- Aflawhasbeenfoundinvanna-aivannaupto2.0.2.Thisimpactsthefunctionremovetrainingdataofthefilesrc/vanna/legacy/google/bigqueryvector.py.ThismanipulationoftheargumentIDcausessqlinjection.Theattackcanbeinitiatedremotely.Theexploithasbeenpublishedandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4229 CVE- 2026- AvulnerabilitywasidentifiedinD-LinkDIR-8161.10CNB05.Theimpactedelementisanunknownfunctionofthefileredirect.aspofthecomponentgoahead.Themanipulationoftheargumenttokenidleadstoimproperaccesscontrols.Theattackmaybeinitiatedremotely.Theexploitispubliclyavailableandmightbeused.Thisvulnerabilityonlyaffectsproductsthatarenolongersupportedbythemaintainer. 4180 CVE- 2026- AvulnerabilitywasdetectedinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Theimpactedelementisthefunctioncgisetwtoofthefile/cgi-bin/system_mgr.cgi.Performingamanipulationresultsinimproperaccesscontrols.Remoteexploitationoftheattackispossible.Theexploitisnowpublicandmaybeused. 4194 CVE- 2026- AvulnerabilitywasfoundinTiandyEasy7IntegratedManagementPlatform7.17.0.Thisaffectsanunknownpartofthefile/rest/file/uploadLedImageofthecomponentEndpoint.ThemanipulationoftheargumentFileresultsinunrestrictedupload.Theattackmaybelaunchedremotely.Theexploithasbeenmadepublicandcouldbeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4221 CVE- Asecurityflawhasbeendiscoveredinglowxqglowxq-ojupto6f7c723090472057252040fd2bbbdaa1b5ed2393.ThisaffectsthefunctionuploadTestcaseZipUrlofthefilebusiness/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java.Performingamanipulationresultsinserver-siderequestforgery.Theattackcanbeinitiatedremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Continiousdeliverywithrollingreleasesisusedbythisproduct.Therefore,noversiondetailsofaffectednorupdatedreleasesare2026- available.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.4200 CVE- 2026- AvulnerabilityhasbeenfoundinTechnologiesIntegratedManagementPlatform7.17.0.Affectedbythisissueissomeunknownfunctionalityofthefile/SetWebpagePic.jsp.ThemanipulationoftheargumenttargetPath/Suffixleadstounrestrictedupload.Theattackmaybeinitiatedremotely.Theexploithasbeendisclosedtothepublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4220 CVE- 2026- AflawhasbeenfoundinJawherKlnode-api-postgresupto2.5.Affectedisthefunctionpath.extnameofthefileindex.jsofthecomponentProfilePictureHandler.Thismanipulationcausesunrestrictedupload.Theattackispossibletobecarriedoutremotely.Theexploithasbeenpublishedandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4191 CVE- ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto8.6.40and9.6.0-alpha.14,theGraphQLWebSocketendpointforsubscriptionsdoesnotpassrequeststhroughtheExpressmiddlewarechainthatenforcesauthentication,introspectioncontrol,andquerycomplexitylimits.AnattackercanconnecttotheWebSocketendpointandexecuteGraphQLoperationswithoutprovidingavalidapplicationorAPIkey,accesstheGraphQLschemaviaintrospectionevenwhenpublicintrospectionisdisabled,andsend2026- arbitrarilycomplexqueriesthatbypassconfiguredcomplexitylimits.Thisvulnerabilityisfixedin8.6.40and9.6.0-alpha.14.32594 CVE- Aweaknesshasbeenidentifiedinglowxqglowxq-ojupto6f7c723090472057252040fd2bbbdaa1b5ed2393.ThisvulnerabilityaffectsthefunctionUploadofthefilebusiness/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java.Executingamanipulationcanleadtounrestrictedupload.Theattackcanbelaunchedremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thisproductdoesnotuseversioning.Thisiswhyinformationaboutaffectedandunaffectedreleasesareunavailable.Thevendorwas2026- contactedearlyaboutthisdisclosurebutdidnotrespondinanyway.4201 CVE- 2026- AvulnerabilitywasdetectedinJawherKlnode-api-postgresupto2.5.ThisimpactsthefunctionUser.getAllofthefilemodels/user.js.Themanipulationoftheargumentsortresultsinsqlinjection.Theattackcanbeexecutedremotely.Theexploitisnowpublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.4190

CVE- AsecurityvulnerabilityhasbeendetectedinD-LinkDIR-823G1.0.2B05.Theaffectedelementisthefunction GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomographySettings/SetNTPServerSettings/SetRouterLanSettings/SetStaticClientInfo/SetStaticRouteSettings/SetWLanRadioSecurity/SetWPSSettings/UpdateClientInfo ofthecomponentgoahead.Suchmanipulationleadstoimproperaccesscontrols.Theattackmaybelaunchedremotely.Theexploithasbeendisclosedpubliclyandmaybeused.Thisvulnerabilityonlyaffectsproductsthatarenolongersupportedbythemaintainer.

CVE- AvulnerabilitywasdeterminedinitsourcecodeUniversityManagementSystem1.0.Thisvulnerabilityaffectsunknowncodeofthefile/att_add.php.ThismanipulationoftheargumentNamecausessqlinjection.Theattackmaybeinitiatedremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized.

CVE- AvulnerabilitywasidentifiedinitsourcecodePayrollManagementSystem1.0.Thisissueaffectssomeunknownprocessingofthefile/manageemployee.php.SuchmanipulationoftheargumentIDleadstosqlinjection.Theattackcanbeexecutedremotely.Theexploitispubliclyavailableandmightbeused. 4223 CVE- 2026- ImproperControlofGenerationofCode('CodeInjection')vulnerabilityinILLIDAdvancedWooLabelsadvanced-woo-labelsallowsRemoteCodeInclusion.ThisissueaffectsAdvancedWooLabels:fromn/athrough<=2.36. 32414 CVE- 2026- AvulnerabilitywasdetectedinTRENDnetTEW-632BRP1.010B32.Thisaffectsanunknownpartofthefile/pingresponse.cgiofthecomponentHTTPPOSTRequestHandler.Themanipulationoftheargumentpingipaddrresultsinstack-basedbufferoverflow.Theattackmaybeperformedfromremote.Theexploitisnowpublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4172 CVE- 2026- PerleIOLANSTS/SCSterminalservermodelswithfirmwareversionspriorto6.0allowauthenticatedOScommandinjectionviatherestrictedshellaccessedoverTelnetorSSH.Theshell'ps'commanddoesnotperformproperargumentsanitizationandpassesuser-suppliedparametersintoan'sh-c'invocationrunningasroot.Anauthenticatedattackerwhocanlogintothedevicecaninjectshellmetacharactersafterthe'ps'subcommandtoexecutearbitraryOScommandswithrootprivileges,leadingtofullcompromiseoftheunderlyingoperatingsystem. 23759 CVE- 2026- InSplunkEnterpriseversionsbelow10.2.0,10.0.4,9.4.9,and9.3.10,andSplunkCloudPlatformversionsbelow10.2.2510.5,10.0.2503.12,10.1.2507.16,and9.3.2411.124,auserwhoholdsarolethatcontainsthehigh-privilegecapability`editcmdcouldexecutearbitraryshellcommandsusingtheunarchivecmdparameterforthe/splunkd/upload/indexing/preview`RESTendpoint. 20163 CVE- 2016- ZKTecoZKAccessSecuritySystem5.3.1containsastoredcross-sitescriptingvulnerabilitythatallowsattackerstoexecutearbitraryHTMLandscriptcodebyinjectingmaliciouspayloadsthroughthe'holidayname'and'memo'POSTparameters.Attackerscansubmitcraftedrequestswithscriptcodeintheseparameterstocompromiseuserbrowsersessionsandstealsensitiveinformation. 20032 CVE- 2015- NextClickVenturesRealtyScript4.0.2containsastoredcross-sitescriptingvulnerabilityinthelocationnameparameteroftheadminlocationsinterface.AttackerscansubmitPOSTrequeststothelocations.phpendpointwithJavaScriptpayloadsinthelocationnamefieldtoexecutearbitrarycodeinadministratorbrowsers. 20118 CVE- 2015- NextClickVenturesRealtyScript4.0.2failstoproperlysanitizefileuploads,allowingattackerstostoremaliciousscriptsthroughthefilePOSTparameterinadmin/tools.php.AttackerscanuploadfilescontainingJavaScriptcodethatexecutesinthecontextofadmin/tools.phpwhenaccessedbyotherusers. 20115 CVE- 2026- CraftCMSisacontentmanagementsystem(CMS).Fromversion5.6.0tobeforeversion5.9.11,insrc/controllers/EntryTypesController.php,the$settingsarrayfromparsestrispasseddirectlytoCraft::configure()withoutComponent::cleanseConfig().ThisallowsinjectingYii2behavior/eventhandlersvia"as"or"on"prefixedkeys,thesameattackvectorastheoriginaladvisory.CraftcontrolpaneladministratorpermissionsandallowAdminChangesmustbeenabledforthistowork.Thisissuehasbeenpatchedinversion5.9.11. 32263 CVE- 2026- CraftCMSisacontentmanagementsystem(CMS).Fromversion4.0.0-RC1tobeforeversion4.17.5andfromversion5.0.0-RC1tobeforeversion5.9.11,thereisaBehaviorinjectionRCEvulnerabilityinElementIndexesControllerandFieldsController.CraftcontrolpaneladministratorpermissionsandallowAdminChangesmustbeenabledforthistowork.Thisissuehasbeenpatchedinversions4.17.5and5.9.11. 32264 CVE- 2026- UseofHard-codedCredentialsvulnerabilityinAvantraallowsAccessingFunctionalityNotProperlyConstrainedbyACLs.ThisissueaffectsAvantra:before25.3.0. 3873 CVE- TheCheckoutFieldEditor(CheckoutManager)forWooCommercepluginforWordPressisvulnerabletoStoredCross-SiteScriptingviacustomradioandcheckboxgroupfieldvaluessubmittedthroughtheWooCommerceBlockCheckoutStoreAPIinallversionsupto,andincluding,2.1.7.Thisisduetothe`preparesinglefielddata()methodinclass-thwcfd-block-order-data.phpfirstescapingvalueswitheschtml()thenimmediatelyreversingtheescapingwithhtmlentitydecode()forradioandcheckboxgroupfieldtypes,combinedwithapermissivewpkses()2026- allowlistingetallowedhtml()thatexplicitlypermitsthe elementwiththeonchange`eventhandlerattribute.ThismakesitpossibleforunauthenticatedattackerstoinjectarbitrarywebscriptsviatheStoreAPIcheckoutendpointthatexecutewhenanadministratorviewstheorderdetailspage.3231 CVE- 2026- TheNameDirectorypluginforWordPressisvulnerabletoStoredCross-SiteScriptingviathe'namedirectoryname'parameterinallversionsupto,andincluding,1.32.1duetoinsufficientinputsanitizationandoutputescaping.Thismakesitpossibleforunauthenticatedattackerstoinjectarbitrarywebscriptsinpagesthatwillexecutewheneverauseraccessesaninjectedpage.Thevulnerabilitywaspartiallypatchedinversions1.30.3and1.32.1. 3178 CVE- 2026- AvulnerabilityinacustombinaryusedinAOS-CXSwitches'CLIcouldallowanauthenticatedremoteattackerwithhighprivilegestoperformcommandinjection.Successfulexploitationcouldallowanattackertoexecuteunauthorizedcommands. 23815 CVE- 2026- AvulnerabilityinthecommandlineinterfaceofAOS-CXSwitchescouldallowanauthenticatedremoteattackertoexecutearbitrarycommandsontheunderlyingoperatingsystem. 23816 CVE- 2026- ImproperControlofFilenameforInclude/RequireStatementinPHPProgram('PHPRemoteFileInclusion')vulnerabilityinBoldGridClientInvoicingbySproutInvoicessprout-invoicesallowsPHPLocalFileInclusion.ThisissueaffectsClientInvoicingbySproutInvoices:fromn/athrough<=20.8.9. 32401 CVE- TheResponsiveContactFormBuilder&LeadGenerationPluginpluginforWordPressisvulnerabletoStoredCross-SiteScriptinginallversionsupto,andincluding,2.0.1viaformfieldsubmissions.Thisisduetoinsufficientinputsanitizationinthelfbleadsanitize()functionwhichomitscertainfieldtypesfromitssanitizationwhitelist,combinedwithanoverlypermissivewpkses()filteratoutputtimethatallowsonclickattributesonanchortags.Thismakesitpossibleforunauthenticatedattackerstoinjectarbitrarywebscriptsinpagesthatwillexecutewheneveran2026- administratorviewstheleadentriesintheWordPressdashboard.1454 CVE- 2019- ClinicProcontainsaSQLinjectionvulnerabilitythatallowsauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthemonthparameter.AttackerscansendPOSTrequeststothemonthlyexpense_overviewendpointwithcraftedmonthvaluesusingboolean-basedblind,time-basedblind,orerror-basedSQLinjectiontechniquestoextractsensitivedatabaseinformation. 25473 CVE- 2026- AIcommandinjectioninM365Copilotallowsanunauthorizedattackertodiscloseinformationoveranetwork. 26133 CVE- OpenEMRisafreeandopensourceelectronichealthrecordsandmedicalpracticemanagementapplication.Priorto8.0.0.1,aninvertedbooleanconditioninControllerRouter::route()causestheadmin/superACLchecktobeenforcedonlyforcontrollersthatalreadyhavetheirowninternalauthorization(review,log),whileleavingallotherCDRcontrollers—alerts,ajax,edit,add,detail,browse—accessibletoanyauthenticateduser.Thisallowsanylogged-inusertosuppressclinicaldecisionsupportalertssystem-wide,deleteormodifyclinicalplans,andeditrule2026- configurations—alloperationsintendedtorequireadministratorprivileges.Thisvulnerabilityisfixedin8.0.0.1.32126

CVE- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinFlexmlsFlexmls®IDXallowsReflectedXSS.ThisissueaffectsFlexmls®IDX:fromn/athrough3.15.9. 25369

CVE- AnythingLLMisanapplicationthatturnspiecesofcontentintocontextthatanyLLMcanuseasreferencesduringchatting.In1.11.1andearlier,OndefaultinstallationswherenopasswordorAPIkeyhasbeenconfigured,allHTTPendpointsandtheagentWebSocketlackauthentication,andtheserver'sCORSpolicyacceptsanyorigin.AnythingLLMDesktopbindsto127.0.0.1(loopback)bydefault.Modernbrowsers(Chrome,Edge,Firefox)implementPrivateNetworkAccess(PNA).ThisexplicitlyblockspublicwebsitesfrommakingrequeststolocalIPaddresses.Exploitation isonlyviablefromwithinthesamelocalnetwork(LAN)duetobrowser-levelblockingofpublic-to-privaterequests. 32617 CVE- AninputvalidationvulnerabilitywasreportedintheDeviceSettingsSystemAddinusedinLenovoVantageandLenovoBaiyingthatcouldallowalocalauthenticatedusertomodifyarbitraryregistrykeyswithelevatedprivileges. 1715 CVE- 2026- AninputvalidationvulnerabilitywasreportedintheDeviceSettingsSystemAddinusedinLenovoVantageandLenovoBaiyingthatcouldallowalocalauthenticatedusertodeletearbitraryregistrykeyswithelevatedprivileges. 1716 CVE- 2019- PlacetoCMSAlpharv.4containsanSQLinjectionvulnerabilitythatallowsauthenticatedattackerstomanipulatedatabasequeriesbyinjectingSQLcodethroughthe'page'parameter.AttackerscansendGETrequeststotheadmin/edit.phpendpointwithmalicious'page'valuesusingboolean-basedblind,time-basedblind,orunion-basedtechniquestoextractsensitivedatabaseinformation. 25529 CVE- 2026- TheDukaPressWordPresspluginthrough3.2.4doesnotsanitiseandescapeaparameterbeforeoutputtingitbackinthepage,leadingtoaReflectedCross-SiteScriptingwhichcouldbeusedagainsthighprivilegeuserssuchasadmin. 2466 CVE- 2026- PX4autopilotisaflightcontrolsolutionfordrones.Priorto1.17.0-rc2,Thecrsfrcparseracceptsanoversizedvariable-lengthknownpacketandcopiesitintoafixed64-byteglobalbufferwithoutaboundscheck.IndeploymentswherecrsfrcisenabledonaCRSFserialport,anadjacent/raw-serialattackercantriggermemorycorruptionandcrashPX4.Thisvulnerabilityisfixedin1.17.0-rc2. 32706 CVE- 2026- IBMSterlingB2BIntegratorandIBMSterlingFileGateway6.1.0.0through6.1.2.72,6.2.0.0through6.2.0.51,6.2.1.0through6.2.1.11,and6.2.2.0allowsaremoteunauthenticatedattackertoviewanddeletethepartnersofacommunityandtodeletethecommunities. 1264 CVE- 2026- OpenClawversion2026.2.19-2priorto2026.2.21containsacommandinjectionvulnerabilityinsystemdunitfilegenerationwhereattacker-controlledenvironmentvaluesarenotvalidatedforCR/LFcharacters,allowingnewlineinjectiontobreakoutofEnvironment=linesandinjectarbitrarysystemddirectives.Anattackerwhocaninfluenceconfig.env.varsandtriggerserviceinstallorrestartcanexecutearbitrarycommandswiththeprivilegesoftheOpenClawgatewayserviceuser. 32063 CVE- 2026- AnimpropercertificatevalidationvulnerabilitywasreportedintheLenovoFilezapplicationthatcouldallowausercapableofinterceptingnetworktraffictoexecutearbitrarycode. 2368 CVE- 2026- ImproperInputValidationinZoomRoomsforWindowsbefore6.6.5inKioskModemayallowanauthenticatedusertoconductanescalationofprivilegevialocalaccess. 30901 CVE- 2026- HashiCorpConsulandConsulEnterprise1.18.20upto1.21.10and1.22.4arevulnerabletoarbitraryfilereadwhenconfiguredwithKubernetesauthentication.Thisvulnerability,CVE-2026-2808,isfixedinConsul1.18.21,1.21.11and1.22.5. 2808 CVE- 2026- InJetBrainsHubbefore2026.1possibleonsign-inaccountmismatchwithnon-SSOauthand2FAdisabled 32229 CVE- StudioCMSisaserver-side-rendered,Astronative,headlesscontentmanagementsystem.Priorto0.4.3,thePOST/studiocmsapi/dashboard/create-reset-linkendpointallowsanyauthenticateduserwithadminprivilegestogenerateapasswordresettokenforanyotheruser,includingtheowneraccount.Thehandlerverifiesthatthecallerisanadminbutdoesnotenforcerolehierarchy,nordoesitvalidatethatthetargetuserIdmatchesthecaller'sidentity.CombinedwiththePOST/studiocmsapi/dashboard/reset-passwordendpoint,thisallowsacompleteaccount2026- takeoverofthehighest-privilegedaccountinthesystem.Thisvulnerabilityisfixedin0.4.3.32103 CVE- 2026- ha-mcpisaHomeAssistantMCPServer.Priorto7.0.0,theha-mcpOAuthconsentformrendersuser-controlledparametersviaPythonf-stringswithnoHTMLescaping.AnattackerwhocanreachtheOAuthendpointandconvincetheserveroperatortofollowacraftedauthorizationURLcouldexecuteJavaScriptintheoperator'sbrowser.ThisaffectsonlyusersrunningthebetaOAuthmode(ha-mcp-oauth),whichisnotpartofthestandardsetupandrequiresexplicitconfiguration.Thisvulnerabilityisfixedin7.0.0. 32112 CVE- AvulnerabilityinthehandlingofanEgressPacketNetworkInterface(EPNI)AlignerinterruptinCiscoIOSXRSoftwareforCiscoNetworkConvergenceSystem(NCS)5500SerieswithNC57linecardsandCiscoNCS5700RoutersandCiscoIOSXRSoftwareforThirdPartySoftwarecouldallowanunauthenticated,remoteattackertocausethenetworkprocessingunit(NPU)andASICtostopprocessing,preventingtrafficfromtraversingtheinterface. 2026- affecteddeviceisexperiencingheavytransittraffic.Anattackercouldexploitthisvulnerabilitybysendingacontinuousflowofcraftedpacketstoaninterfaceoftheaffecteddevice.Asuccessfulexploitcouldallowtheattackertocausepersistent,heavypacketloss,resultinginadenialofservice(DoS)condition.Note:Ifactiveexploitationofthisvulnerabilityissuspected,contacttheCiscoTechnicalAssistanceCenter(TAC)oryourcontractedmaintenanceprovider.CiscohasassignedthissecurityadvisoryaSecurityImpactRating(SIR)ofHighratherthanMediumasthe 20118 scoreindicates.Thischangewasmadebecausetheaffecteddeviceoperateswithinacriticalnetworksegmentwherecompromisecouldleadtosignificantdisruptionorexposure,therebyelevatingtheoverallriskbeyondthebasetechnicalseverity. CVE- 2026- TheGutenaFormsWordPresspluginbefore1.6.1doesnotvalidateoptiontobeupdated,whichcouldallowcontributorsandaboveroletoupdatearbitrarybooleanandarrayoptions(suchasuserscanregister). 1753 CVE- 2026- PX4autopilotisaflightcontrolsolutionfordrones.Priorto1.17.0-rc2,theBSTtelemetryprobewritesastringterminatorusingadevice-providedlengthwithoutbounds.AmaliciousBSTdevicecanreportanoversizeddevname_len,causingastackoverflowinthedriverandcrashingthetask(orenablingcodeexecution).Thisvulnerabilityisfixedin1.17.0-rc2. 32705 CVE- JumpServerisanopensourcebastionhostandanoperationandmaintenancesecurityauditsystem.aServer-SideTemplateInjection(SSTI)vulnerabilityexistsinJumpServer'sAppletandVirtualAppuploadfunctionality.Thisvulnerabilitycanonlybeexploitedbyuserswithadministrativeprivileges(ApplicationAppletManagementorVirtualApplicationManagementpermissions).AttackerscanexploitthisvulnerabilitytoexecutearbitrarycodewithintheJumpServerCorecontainer.ThevulnerabilityarisesfromunsafeuseofJinja2templaterenderingwhenprocessinguser-2026- uploadedYAMLconfigurationfiles.WhenauseruploadsanAppletorVirtualAppZIPpackage,themanifest.ymlfileisrenderedthroughJinja2withoutsandboxrestrictions,allowingtemplateinjectionattacks.31864 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanImproperLimitationofaPathnametoaRestrictedDirectory('PathTraversal')vulnerabilitythatcouldresultinasecurityfeaturebypass.Ahigh-privilegedattackercouldleveragethisvulnerabilitytoaccessunauthorizedfilesordirectoriesoutsidetheintendedrestrictedpath.Exploitationofthisissuedoesnotrequireuserinteraction. 21360 CVE- 2026- TheGL-iNetComet(GL-RM1)KVMdoesnotrequireauthenticationontheUARTserialconsole.ThisattackrequiresphysicallyopeningthedeviceandconnectingtotheUARTpins. 32291 CVE- 2026- ImageMagickisfreeandopen-sourcesoftwareusedforeditingandmanipulatingdigitalimages.Priorto7.1.2-16and6.9.13-41,whenamemoryallocationfailsinthesixelencoderitwouldbepossibletowritepasttheendofabufferonthestack.Thisvulnerabilityisfixedin7.1.2-16and6.9.13-41. 32259

CVE- Aflawwasfoundinsystemd.Thesystemd-machinedservicecontainsanImproperAccessControlvulnerabilityduetoinsufficientvalidationoftheclassparameterintheRegisterMachineD-Bus(DesktopBus)method.Alocalunprivilegedusercanexploitthisbyattemptingtoregisteramachinewithaspecificclassvalue,whichmayleavebehindausable,attacker-controlledmachineobject.Thisallowstheattackertoinvokemethodsontheprivilegedobject,leadingtotheexecutionofarbitrarycommandswithrootprivilegesonthehostsystem.

CVE- ApotentialimproperinitializationvulnerabilitywasreportedintheBIOSofsomeThinkPadsthatcouldallowalocalprivilegedusertomodifydataandexecutearbitrarycode.

CVE- AnSQLinjectionvulnerabilityhasbeenreportedtoaffectVideoStation.Ifanattackergainslocalnetworkaccesswhohavealsogainedanadministratoraccount,theycanthenexploitthevulnerabilitytoexecuteunauthorizedcodeorcommands. 14025 CVE- 2026- DellAlienwareCommandCenter(AWCC),versionspriorto6.12.24.0,containanImproperPrivilegeManagementvulnerability.Alowprivilegedattackerwithlocalaccesscouldpotentiallyexploitthisvulnerability,leadingtoElevationofPrivileges. 24510 CVE- 2024- AnimpropercertificatevalidationvulnerabilityhasbeenreportedtoaffectVideoStation.Ifanattackergainslocalnetworkaccesswhohavealsogainedanadministratoraccount,theycanthenexploitthevulnerabilitytocompromisethesecurityofthesystem. 14024 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtorestrictplugininstallationonCItestinstanceswithdefaultadmincredentialswhichallowsanunauthenticatedattackertoachieveremotecodeexecutionandexfiltratesensitiveconfigurationdataincludingAWSandSMTPcredentialsviauploadingamaliciouspluginafterchangingtheimportdirectory.MattermostAdvisoryID:MMSA-2025-00528 2462 CVE- 2025- MissingauthenticationforcriticalfunctionvulnerabilityinABBAWINGW100rev.2,ABBAWINGW120.ThisissueaffectsAWINGW100rev.2:2.0-0,2.0-1;AWINGW120:1.2-0,1.2-1. 13778 CVE- 2026- OpenFormsallowsuserscreateandpublishsmartforms.Priorto3.3.13and3.4.5,tobeabletocosign,thecosignerreceivesane-mailwithinstructionsoradeep-linktostartthecosignflow.Thesubmissionreferenceiscommunicatedsothattheusercanretrievethesubmissiontobecosigned.Attackerscanguessacodeormodifythereceivedcodetolookuparbitrarysubmissions,afterloggingin(withDigiD/eHerkenning/...dependingonformconfiguration).Thisvulnerabilityisfixedin3.3.13and3.4.5. 28803 CVE- OpenProjectisanopen-source,web-basedprojectmanagementsoftware.Priorto17.2.0,anauthenticatedprojectmemberwithBCFimportpermissionscanuploadacrafted.bcfarchivewherethe valueinmarkup.bcfismanipulatedtocontainanabsoluteortraversallocalpath(forexample:/etc/passwdor../../../../etc/passwd).Duringimport,thisuntrusted valueisusedasfile.pathduringattachmentprocessing.Asaresult,localfilesystemcontentcanbereadoutsidetheintendedZIPscope.ThisresultsinanArbitraryFileRead(AFR)withinthe2026- readpermissionsoftheOpenProjectapplicationuser.Thisvulnerabilityisfixedin17.2.0.30234 CVE- 2026- SiYuanisapersonalknowledgemanagementsystem.Priorto3.6.1,POST/api/template/renderSpriglacksmodel.CheckAdminRole,allowinganyauthenticatedusertoexecutearbitrarySQLqueriesagainsttheSiYuanworkspacedatabaseandexfiltrateallnotecontent,metadata,andcustomattributes.Thisvulnerabilityisfixedin3.6.1. 32704 CVE- 2026- InSplunkEnterpriseversionsbelow10.2.0,10.0.3,9.4.9,and9.3.10,andSplunkCloudPlatformversionsbelow10.2.2510.5,10.1.2507.16,10.0.2503.11,and9.3.2411.123,alow-privilegeduserthatdoesnotholdthe"admin"or"power"Splunkrolescouldaccessthe/splunkd/__raw/servicesNS/-/-/configs/conf-passwordsRESTAPIendpoint,whichexposesthehashedorplaintextpasswordvaluesthatarestoredinthepasswords.confconfigurationfileduetoimproperaccesscontrol.Thisvulnerabilitycouldallowfortheunauthorizeddisclosureofsensitivecredentials. 20164 CVE- 2026- OpenProjectisanopen-source,web-basedprojectmanagementsoftware.Priorto17.2.0,whenbudgetsaredeleted,theworkpackagesthatwereassignedtothisbudgetneedtobemovedtoadifferentbudget.Thisactionwasperformedbeforethepermissioncheckonthedeleteactionwasexecuted.Thisallowedallusersintheapplicationtodeleteworkpackagebudgetassignments.Thisvulnerabilityisfixedin17.2.0. 30239 CVE- 2026- OpenProjectisanopen-source,web-basedprojectmanagementsoftware.Priorto17.2.0,thisvulnerabilityoccursduetoimpropervalidationofOpenProject’sMarkdownrendering,specificallyinthehyperlinkhandling.ThisallowsanattackertoinjectmalicioushyperlinkpayloadsthatperformDOMclobbering.DOMclobberingcancrashorblanktheentirepagebyoverwritingnativeDOMfunctionswithHTMLelements,causingcriticalJavaScriptcallstothrowruntimeerrorsduringapplicationinitializationandhaltfurtherexecution.Thisvulnerabilityisfixedin17.2.0. 30235 CVE- 2026- Hyperterseisatool-firstMCPframeworkforbuildingAI-readybackendsurfacesfromdeclarativeconfig.Priortov2.2.0,thesearchtoolallowsLLMstosearchfortoolsusingnaturallanguage.Whilereturningresults,HypertersealsoreturnedtherawSQLqueries,exposingstatementswhichweresupposedtobeexecutedunderthehood,andprotectedfrombeingdisplayedpublicly.Thisissuehasbeenfixedasofv2.2.0. 31841 CVE- 2026- arduino-TuyaOpenbeforeversion1.2.1containsanullpointerdereferencevulnerabilityintheWiFiUDPcomponent.AnattackeronthesamelocalareanetworkcansendalargevolumeofmaliciousUDPpacketstocausememoryexhaustiononthedevice,triggeringanullpointerdereferenceandresultinginadenial-of-servicecondition. 28522 CVE- 2025- inOpenHarmonyv5.0.3andpriorversionsallowalocalattackercasesensitiveinformationleakthroughuseofuninitializedresource. 12736 CVE- 2025- HeapbufferoverflowvulnerabilityinLibreDWGversionsv0.13.3.7571uptov0.13.3.7835allowsacraftedDWGfiletocauseaDenialofService(DoS)viathefunctiondecompressR2004sectionatdecode.c. 61154 CVE- 2026- ShescapeisasimpleshellescapelibraryforJavaScript.Priorto2.1.10,Shescape#escape()doesnotescapesquare-bracketglobsyntaxforBash,BusyBoxsh,andDash.Applicationsthatinterpolatethereturnvaluedirectlyintoashellcommandstringcancauseanattacker-controlledvaluelikesecret[12]toexpandintomultiplefilesystemmatchesinsteadofasingleliteralargument,turningoneargumentintomultipletrusted-pathnamematches.Thisvulnerabilityisfixedin2.1.10. 32094 CVE- 2026- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinThemeficUltimateAddonsforContactForm7ultimate-addons-for-contact-form-7allowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsUltimateAddonsforContactForm7:fromn/athrough<=3.5.36. 32460 CVE- 2025- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom16.11before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticatedusertocauseadenialofserviceconditionduetoimproperinputvalidationonwebhookcustomheadernamesundercertainconditions. 13690 CVE- 2026- OneUptimeisasolutionformonitoringandmanagingonlineservices.Priorto10.0.24,thepasswordresetflowlogsthecompletepasswordresetURL—containingtheplaintextresettoken—atINFOloglevel,whichisenabledbydefaultinproduction.Anyonewithaccesstoapplicationlogs(logaggregation,Dockerlogs,Kubernetespodlogs)caninterceptresettokensandperformaccounttakeoveronanyuser.Thisvulnerabilityisfixedin10.0.24. 32598 CVE- 2025- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom9.3before18.7.6,18.8before18.8.6,and18.9before18.9.2thatundercertainconditionscouldhaveallowedanauthenticatedusertocauseadenialofserviceduetoimproperhandlingofwebhookresponsedata. 12576

CVE- TheMC4WP:MailchimpforWordPresspluginforWordPressisvulnerabletoMissingAuthorizationinallversionsupto,andincluding,4.11.1.Thisisduetotheplugintrustingthe_mc4wp_actionPOSTparameterwithoutvalidation,allowingunauthenticatedattackerstoforcetheformtoprocessunsubscribeactionsinsteadofsubscribeactions.ThismakesitpossibleforunauthenticatedattackerstoarbitrarilyunsubscribeanyemailaddressfromtheconnectedMailchimpaudienceviathe_mc4wp_actionparameter,grantedtheycanobtaintheformID(whichispublicly exposedintheHTMLsource).

CVE- EdimaxGS-5008PLfirmwareversion1.00.54andpriorcontainaninsecurecredentialstoragevulnerabilitythatallowsattackerstoobtainadministratorcredentialsbyaccessingconfigurationbackupfiles.Attackerscandownloadtheconfig.binfilethroughfupload.cgitoextractplaintextusernameandpasswordfieldsforunauthorizedadministrativeaccess. 32842 CVE- IBMPlanningAnalyticsLocal2.1.0through2.1.17couldallowanunauthorizedaccesstosensitiveapplicationdataandadministrativefunctionalitiesduetolackofproperaccesscontrols. 1267 CVE- 2026- GLPIisafreeAssetandITmanagementsoftwarepackage.Startinginversion11.0.0andpriortoversion11.0.6,anauthenticatedusercanperfomaSQLinjection.Version11.0.6fixestheissue. 25936 CVE- 2026- Anauthenticateduserwiththereadrolemayreadlimitedamountsofuninitializedstackmemoryviaspecially-craftedissuancesofthefilemd5command. 4147 CVE- 2026- OpenCTIisanopensourceplatformformanagingcyberthreatintelligenceknowledgeandobservables.Priortoversion6.9.1,theGraphQLmutations"IndividualDeletionDeleteMutation"isintendedtoallowuserstodeleteindividualentityobjectsrespectively.However,itwasobservedthatthismutationcanbemisusedtodeleteunrelatedandsensitiveobjectssuchasanalysesreportsetc.ThisbehaviorstemsfromthelackofvalidationintheAPItoensurethatthetargetedobjectiscontextuallyrelatedtothemutationbeingexecuted.Version6.9.1fixestheissue. 21886 CVE- 2026- ApacheAirflowversions3.0.0through3.1.7FastAPIDagVersionlistingAPIdoesnotapplyper-DAGauthorizationfilteringwhentherequestismadewithdagidsetto"~"(wildcardforallDAGs).Asaresult,versionmetadataofDAGsthattherequesterisnotauthorizedtoaccessisreturned. 26929 CVE- 2026- Tinyauthisanauthenticationandauthorizationserver.Priorto5.0.3,theOIDCtokenendpointdoesnotverifythattheclientexchanginganauthorizationcodeisthesameclientthecodewasissuedto.AmaliciousOIDCclientoperatorcanexchangeanotherclient'sauthorizationcodeusingtheirownclientcredentials,obtainingtokensforuserswhoneverauthorizedtheirapplication.ThisviolatesRFC6749Section4.1.3.Thisvulnerabilityisfixedin5.0.3. 32245 CVE- 2026- AweaknesshasbeenidentifiedinOpenBMBXAgent1.0.0.AffectedbythisvulnerabilityisthefunctionworkspaceofthefileXAgentServer/application/routers/workspace.py.Thismanipulationoftheargumentfilenamecausespathtraversal.Theattackmaybeinitiatedremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 3954 CVE- 2025- InForgejothrough13.0.3,theattachmentcomponentallowsadenialofservicebyuploadingamulti-gigabytefileattachment(e.g.,tobeassociatedwithanissueorarelease). 68971 CVE- 2026- AuthlibisaPythonlibrarywhichbuildsOAuthandOpenIDConnectservers.Priortoversion1.6.9,acryptographicpaddingoraclevulnerabilitywasidentifiedintheAuthlibPythonlibraryconcerningtheimplementationoftheJSONWebEncryption(JWE)RSA15keymanagementalgorithm.AuthlibregistersRSA15initsdefaultalgorithmregistrywithoutrequiringexplicitopt-in,andactivelydestroystheconstant-timeBleichenbachermitigationthattheunderlyingcryptographylibraryimplementscorrectly.Thisissuehasbeenpatchedinversion1.6.9. 28490 CVE- UndiciallowsduplicateHTTPContent-Lengthheaderswhentheyareprovidedinanarraywithcase-variantnames(e.g.,Content-Lengthandcontent-length).ThisproducesmalformedHTTP/1.1requestswithmultipleconflictingContent-Lengthvaluesonthewire.2026- withduplicateContent-Lengthheaders(400BadRequest)HTTPRequestSmuggling:Indeploymentswhereanintermediaryandbackendinterpretduplicateheadersinconsistently(e.g.,oneusesthefirstvalue,theotherusesthelast),thiscanenablerequestsmugglingattacksleadingtoACLbypass,cachepoisoning,orcredentialhijacking1525 CVE- 2026- Avulnerabilityintheweb-basedmanagementinterfaceofAOS-CXSwitchescouldallowanunauthenticatedremoteattackertoredirectuserstoanarbitraryURL. 23817 CVE- ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.13and8.6.39,theOAuth2authenticationadapterdoesnotcorrectlyvalidateappIDswhenappidFieldandappIdsareconfigured.DuringappIDvalidation,amalformedvalueissenttothetokenintrospectionendpointinsteadoftheuser'sactualaccesstoken.Dependingontheintrospectionendpoint'sbehavior,thiscouldeithercauseallOAuth2loginstofail,orallowauthenticationfromdisallowedappcontextsiftheendpointreturnsvalid-looking2026- dataforthemalformedrequest.DeploymentsusingtheOAuth2adapterwithappidFieldandappIdsconfiguredareaffected.Thisvulnerabilityisfixedin9.6.0-alpha.13and8.6.39.32269 CVE- libcurlcaninsomecircumstancesreusethewrongconnectionwhenaskedtodoanNegotiate-authenticatedHTTPorHTTPSrequest.libcurlfeaturesapoolofrecentconnectionssothatsubsequentrequestscanreuseanexistingconnectiontoavoidoverhead. 2026- authenticatesconnectionsandnotrequests*,contrarytohowHTTPisdesignedtowork.AnapplicationthatallowsNegotiateauthenticationtoaserver(thatrespondswantingNegotiate)withuser1:password1andthendoesanotheroperationtothesameserveralsousingNegotiatebutwithuser2:password2(whilethepreviousconnectionisstillalive)-thesecondrequestwronglyreusedthesameconnectionandsinceitthenseesthattheNegotiatenegotiationisalreadymade,itjustsendstherequestoverthatconnectionthinkingitusestheuser2credentials 1965 whenitisinfactstillusingtheconnectionauthenticatedforuser1...ThesetofauthenticationmethodstouseissetwithCURLOPT_HTTPAUTH.Applicationscandisablelibcurl'sreuseofconnectionsandthusmitigatethisproblem,byusingoneofthefollowinglibcurloptionstoalterhowconnectionsareorarenotreused:CURLOPT_FRESH_CONNECT,CURLOPT_MAXCONNECTSandCURLMOPT_MAX_HOST_CONNECTIONS(ifusingthecurl_multiAPI). CVE- 2026- curlwouldwronglyreuseanexistingHTTPproxyconnectiondoingCONNECTtoaserver,evenifthenewrequestusesdifferentcredentialsfortheHTTPproxy.Theproperbehavioristocreateoruseaseparateconnection. 3784 CVE- 2025- LocalFileInclusioninContactPlan,E-Mail,SMSandFaxcomponentsinAssecoSEELive2.0allowsremoteauthenticateduserstoaccessfilesonthehostvia"path"parameterinthedownloadAttachmentanddownloadAttachmentFromPathAPIcalls. 66955 CVE- 2026- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinRealMag777MDTFwp-meta-data-filter-and-taxonomy-filterallowsDOM-BasedXSS.ThisissueaffectsMDTF:fromn/athrough<=1.3.5. 32455 CVE- 2026- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinimmoneximmonexKickstartimmonex-kickstartallowsStoredXSS.ThisissueaffectsimmonexKickstart:fromn/athrough<=1.13.0. 31918 CVE- 2026- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinMarketingFireEditorialCalendareditorial-calendarallowsDOM-BasedXSS.ThisissueaffectsEditorialCalendar:fromn/athrough<=3.9.0. 32361 CVE- 2026- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinbPluginsIconListBlockicon-list-blockallowsStoredXSS.ThisissueaffectsIconListBlock:fromn/athrough<=1.2.3. 32359 CVE- 2026- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinrobosoftRoboGalleryrobo-galleryallowsDOM-BasedXSS.ThisissueaffectsRoboGallery:fromn/athrough<=5.1.2. 32356 CVE- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinElementorElementorWebsiteBuilderelementorallowsDOM-BasedXSS.ThisissueaffectsElementorWebsiteBuilder:fromn/athrough<=3.35.5. 32352 CVE-

EllaCoreisa5Gcoredesignedforprivatenetworks.Priorto1.5.1,EllaCorepanicswhenprocessingaPathSwitchRequestcontainingUESecurityCapabilitieswithzero-lengthNRencryptionorintegrityprotectionalgorithmbitstrings,resultinginadenialofservice.AnattackerabletosendcraftedNGAPmessagestoEllaCorecancrashtheprocess,causingservicedisruptionforallconnectedsubscribers.Noauthenticationisrequired.Thisvulnerabilityisfixedin1.5.1. 32320 CVE- LibreChatisaChatGPTclonewithadditionalfeatures.Priorto0.8.3-rc1,aDenialofService(DoS)vulnerabilityexistsintheDELETE/api/convosendpointthatallowsanauthenticatedattackertocrashtheNode.jsserverprocessbysendingmalformedrequests.TheDELETE/api/convosroutehandlerattemptstodestructurereq.body.argwithoutvalidatingthatitexists.TheservercrashesduetoanunhandledTypeErrorthatbypassesExpresserrorhandlingmiddlewareandtriggersprocess.exit(1).Thisvulnerabilityisfixedin0.8.3-rc1. 31949 CVE- 2026-FreeRDPisafreeimplementationoftheRemoteDesktopProtocol.Priorto3.24.0,thereisanout-of-boundsreadinMS-ADPCMandIMA-ADPCMdecodersduetouncheckedpredictorandstepindexvaluesfrominputdata.Thisvulnerabilityisfixedin3.24.0. 31885 CVE- 2026-InsufficientpolicyenforcementinChromeDriverinGoogleChromepriorto146.0.7680.71allowedaremoteattackertobypasssameoriginpolicyviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium) 3934 CVE-FreeRDPisafreeimplementationoftheRemoteDesktopProtocol.Priorto3.24.0,divisionbyzeroinMS-ADPCMandIMA-ADPCMdecoderswhennBlockAlignis0,leadingtoacrash.Inlibfreerdp/codec/dsp.c,bothADPCMdecodersusesize%blocksizewhereblocksize=context->common.format.nBlockAlign.ThenBlockAlignvaluecomesfromtheServerAudioFormatsPDUontheRDPSNDchannel.Thevalue0isnotvalidatedanywherebeforereachingthedecoder.WhennBlockAlign=0,themodulooperationcausesaSIGFPE(floatingpointexception)crash.This2026-vulnerabilityisfixedin3.24.0.31884 CVE-FreeRDPisafreeimplementationoftheRemoteDesktopProtocol.Priorto3.24.0,asizetunderflowintheIMA-ADPCMandMS-ADPCMaudiodecodersleadstoheap-buffer-overflowwriteviatheRDPSNDaudiochannel.Inlibfreerdp/codec/dsp.c,theIMA-ADPCMandMS-ADPCMdecoderssubtractblockheadersizesfromasizetvariablewithoutcheckingforunderflow.WhennBlockAlign(receivedfromtheserver)issetsuchthatsize%blocksize==0triggerstheheaderparsingatapointwheresizeissmallerthantheheader(4or8bytes),thesubtractionwrapssizeto2026-~SIZEMAX.Thewhile(size>0)loopthencontinuesforanastronomicalnumberofiterations.Thisvulnerabilityisfixedin3.24.0.31883 CVE- 2026-Gokapiisaself-hostedfilesharingserverwithautomaticexpirationandencryptionsupport.Priorto2.2.4,AnAPIendpointacceptsunboundedrequestbodieswithoutanysizelimit.AnauthenticatedusercancauseanOOMkillandcompleteservicedisruptionforallusers.Thisvulnerabilityisfixedin2.2.4. 30955 CVE- 2026-wpDiscuzbefore7.6.47containsamissingratelimitingvulnerabilitythatallowsunauthenticatedattackerstosubscribearbitraryemailaddressestopostnotificationsbysendingPOSTrequeststothewpdAddSubscriptionhandlerinclass.WpdiscuzHelperAjax.php.AttackerscanexploitLIKEwildcardcharactersinthesubscriptionquerytomatchmultipleemailaddressesandgenerateunwantednotificationemailstovictimaccounts. 22216 CVE- 2026-wpDiscuzbefore7.6.47containsashortcodeinjectionvulnerabilitythatallowsattackerstoexecutearbitraryshortcodesbyincludingthemincommentcontentsentviaemailnotifications.Attackerscaninjectshortcodeslike[contact-form-7]or[usermeta]incomments,whichareexecutedserver-sidewhentheWpdiscuzHelperEmailclassprocessesnotificationsthroughdoshortcode()beforewpmail(). 22191 CVE- 2025-IBMSterlingB2BIntegratorandIBMSterlingFileGateway6.1.0.0through6.1.2.72,6.2.0.0through6.2.0.51,and6.2.1.0through6.2.1.1_1arevulnerabletoSQLinjection.AnadministrativeusercouldsendspeciallycraftedSQLstatements,whichcouldallowtheattackertoview,add,modify,ordeleteinformationintheback-enddatabase. 36368 CVE- 2026-IncorrectsecurityUIinWebAppInstallsinGoogleChromepriorto146.0.7680.71allowedaremoteattackertoperformUIspoofingviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium) 3935 CVE- 2026-IncorrectsecurityUIinDownloadsinGoogleChromeonAndroidpriorto146.0.7680.71allowedaremoteattackertoperformUIspoofingviaacraftedHTMLpage.(Chromiumsecurityseverity:Low) 3937 CVE- 2026-Cross-SiteRequestForgery(CSRF)vulnerabilityinJoshKohlbachProductFeedPROforWooCommercewoo-product-feed-proallowsCrossSiteRequestForgery.ThisissueaffectsProductFeedPROforWooCommerce:fromn/athrough<=13.5.2. 32443 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinThemeFusionAvadaCorefusion-coreallowsDOM-BasedXSS.ThisissueaffectsAvadaCore:fromn/athrough<5.15.0. 32454 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinSimpmaEmbedCalendlyembed-calendly-schedulingallowsStoredXSS.ThisissueaffectsEmbedCalendly:fromn/athrough<=4.4. 32411 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinBoldGridSproutClientssprout-clientsallowsStoredXSS.ThisissueaffectsSproutClients:fromn/athrough<=3.2.2. 32424 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinNoorAlamMagicalAddonsForElementormagical-addons-for-elementorallowsStoredXSS.ThisissueaffectsMagicalAddonsForElementor:fromn/athrough<=1.4.1. 32429 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinIdeaBoxCreationsPowerPackAddonsforElementorpowerpack-lite-for-elementorallowsStoredXSS.ThisissueaffectsPowerPackAddonsforElementor:fromn/athrough<=2.9.9. 32430 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinBrainstormForceAstraBulkEditastra-bulk-editallowsDOM-BasedXSS.ThisissueaffectsAstraBulkEdit:fromn/athrough<=1.2.10. 32431 CVE-Copypartyisaportablefileserver.Priorto1.20.12,therewasamissingpermission-checkinthesharesfeature(theshrglobal-option).ThisvulnerabilityonlyapplieswhenthesharesfeatureisusedforthespecificpurposeofcreatingashareofjustasinglefileinsideafolderoreithertheFTPorSFTPserverisenabled,andalsomadepubliclyaccessible.Giventheseconditions,whenauserisbrowsingasharethrougheitherFTPorSFTP(nothttporhttps),theycangainread-accesstotheremainingfilesinsidethesharedfolderbyguessing/bruteforcingthefilenames.Itwas2026-notpossibletodescendintosubdirectoriesinthismanner;onlythesiblingfileswereaccessible.ThisvulnerabilityissimilartoCVE-2025-58753whichwaspreviouslyfixedforHTTPandHTTPS,butnotforFTP.TheFTPSserverdidnotyetexistatthattime.Thisvulnerabilityisfixedin1.20.12.32108 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityintoochekeToochekeCompaniontoocheke-companionallowsDOM-BasedXSS.ThisissueaffectsToochekeCompanion:fromn/athrough<=1.194. 32403

CVE- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinEricTeubertPodlovePodcastPublisherpodlove-podcasting-plugin-for-wordpressallowsStoredXSS.ThisissueaffectsPodlovePodcastPublisher:fromn/athrough<=4.3.3. 32448 CVE-

OliveTingivesaccesstopredefinedshellcommandsfromawebinterface.In3000.10.2andearlier,OliveTin’sliveEventStreambroadcastsexecutioneventsandactionoutputtoauthenticateddashboardsubscriberswithoutenforcingper-actionauthorization.Alow-privilegedauthenticatedusercanreceiveoutputfromactionstheyarenotallowedtoview,resultinginbrokenaccesscontrolandsensitiveinformationdisclosure. 32102 CVE- ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinRealMag777ActiveProductsTablesforWooCommerceprofit-products-tables-for-woocommerceallowsDOM-BasedXSS.ThisissueaffectsActiveProductsTablesforWooCommerce:fromn/athrough<=1.0.7. 32450 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinthemifymeThemifyEventPostthemify-event-postallowsStoredXSS.ThisissueaffectsThemifyEventPost:fromn/athrough<=1.3.4. 32449 CVE- 2026-TheGetGeniepluginforWordPressisvulnerabletoInsecureDirectObjectReferenceinallversionsupto,andincluding,4.3.2duetomissingvalidationonausercontrolledkeyintheactionfunction.Thismakesitpossibleforauthenticatedattackers,withAuthor-levelaccessandabove,toupdatepostmetadataforarbitraryposts.Combinedwithalackofinputsanitization,thisleadstoStoredCross-SiteScriptingwhenahigher-privilegeduser(suchasanAdministrator)viewstheaffectedpost's"Competitor"tabintheGetGeniesidebar. 2257 CVE- 2026-TheCalculatedFieldsFormpluginforWordPressisvulnerabletoStoredCross-SiteScriptingviatheformsettingsinallversionsupto,andincluding,5.4.5.0.Thisisduetoinsufficientcapabilitychecksontheformsettingssavehandlerandinsufficientinputsanitizationofthefcontentfieldinfhtmlfieldtypes.Thismakesitpossibleforauthenticatedattackers,withContributor-levelaccessandabove,toinjectarbitrarywebscriptsinpagesthatwillexecutewheneverauseraccessesaninjectedpage. 3986 CVE- 2026-Aspeciallycraftedaggregationquerywith$lookupbyanauthenticateduserwithwriteprivilegescancauseadouble-freeoruse-after-freememoryissueintheslot-basedexecution(SBE)enginewhenanin-memoryhashtableisspilledtodisk. 4358 CVE- 2026-Vulnogram1.0.0containsastoredcross-sitescriptingvulnerabilityincommenthypertexthandlingthatallowsattackerstoinjectmaliciousscripts.RemoteattackerscaninjectXSSpayloadsthroughcommentstoexecutearbitraryJavaScriptinvictims'browsers. 32774 CVE- 2015-NextClickVenturesRealtyScript4.0.2containsastoredcross-sitescriptingvulnerabilitythatallowsauthenticatedattackerstoinjectmaliciousHTMLandiframeelementsthroughthetextparameterinthepages.phpadmininterface.AttackerscansubmitPOSTrequeststotheaddpageactionwithcraftediframepayloadsinthetextparametertostoremaliciouscontentthatexecutesinthebrowsersofusersviewingtheaffectedpages. 20119 CVE- 2026-Server-SideRequestForgery(SSRF)vulnerabilityinMailerPressTeamMailerPressmailerpressallowsServerSideRequestForgery.ThisissueaffectsMailerPress:fromn/athrough<=1.4.2. 32353 CVE- 2026-Server-SideRequestForgery(SSRF)vulnerabilityinKatsushiKawamoriSimpleBlogCardsimple-blog-cardallowsServerSideRequestForgery.ThisissueaffectsSimpleBlogCard:fromn/athrough<=2.37. 32357 CVE- 2025-AcontainerprivilegeescalationflawwasfoundincertainMulti-CloudObjectGatewayCoreimages.Thisissuestemsfromthe/etc/passwdfilebeingcreatedwithgroup-writablepermissionsduringbuildtime.Incertainconditions,anattackerwhocanexecutecommandswithinanaffectedcontainer,evenasanon-rootuser,canleveragetheirmembershipintherootgrouptomodifythe/etc/passwdfile.ThiscouldallowtheattackertoaddanewuserwithanyarbitraryUID,includingUID0,leadingtofullrootprivilegeswithinthecontainer 8766 CVE- 2025-AcontainerprivilegeescalationflawwasfoundincertainFuseimages.Thisissuestemsfromthe/etc/passwdfilebeingcreatedwithgroup-writablepermissionsduringbuildtime.Incertainconditions,anattackerwhocanexecutecommandswithinanaffectedcontainer,evenasanon-rootuser,canleveragetheirmembershipintherootgrouptomodifythe/etc/passwdfile.ThiscouldallowtheattackertoaddanewuserwithanyarbitraryUID,includingUID0,leadingtofullrootprivilegeswithinthecontainer. 57849 CVE- 2026-TheDearFlipbook–PDFFlipbook,3DFlipbook,PDFembed,PDFviewerpluginforWordPressisvulnerabletoStoredCross-SiteScriptingviaPDFpagelabelsinallversionsupto,andincluding,2.4.20duetoinsufficientinputsanitizationandoutputescaping.Thismakesitpossibleforauthenticatedattackers,withAuthor-levelaccessandabove,toinjectarbitrarywebscriptsinpagesthatwillexecutewheneverauseraccessesaninjectedpage. 2569 CVE-TheGravityFormspluginforWordPressisvulnerabletoStoredCross-SiteScriptinginallversionsupto,andincluding,2.9.28.1.Thisisduetoacompoundfailureinvolvingmissingauthorizationonthecreate_from_templateAJAXendpoint(allowinganyauthenticatedusertocreateforms),insufficientinputsanitization(sanitize_text_field()preservessinglequotes),andmissingoutputescapingwhentheformtitleisrenderedintheFormSwitcherdropdown(titleattributeconstructedwithoutesc_attr(),andJavaScriptsaferHtmlutilityonlyescapes&,<,>but2026-notquotes).Thismakesitpossibleforauthenticatedattackers,withSubscriber-levelaccessandabove,toinjectarbitraryJavaScriptthatexecuteswhenanAdministratorsearchesintheFormSwitcherdropdownintheFormEditor.3492 CVE-TheHappyAddonsforElementorpluginforWordPressisvulnerabletoInsecureDirectObjectReferenceinallversionsupto,andincluding,3.21.0viatheha_condition_updateAJAXaction.Thisisduetothevalidate_reqeust()methodusingcurrent_user_can('edit_posts',$template_id)insteadofcurrent_user_can('edit_post',$template_id)—failingtoperformobject-levelauthorization.Additionally,theha_get_current_conditionAJAXactionlacksacapabilitycheck.Thismakesitpossibleforauthenticatedattackers,withContributor-levelaccessandabove,tomodify2026-thedisplayconditionsofanypublishedha_librarytemplate.Becausethecond_to_html()rendereroutputsconditionvaluesintoHTMLattributeswithoutproperescaping(usingstringconcatenationinsteadofesc_attr()),anattackercaninjecteventhandlerattributes(e.g.,onmouseover)thatexecuteJavaScriptwhenanadministratorviewstheTemplateConditionspanel,resultinginStoredCross-SiteScripting.2918 CVE-TheAstrathemeforWordPressisvulnerabletoStoredCross-SiteScriptingviatheast-page-background-metaandast-content-background-metapostmetafieldsinallversionsupto,andincluding,4.12.3.Thisisduetoinsufficientinputsanitizationonmetaregistrationandmissingoutputescapingintheastra_get_responsive_background_obj()functionforfourCSS-contextsub-properties(background-color,background-image,overlay-color,overlay-gradient).Thismakesitpossibleforauthenticatedattackers,withContributor-levelaccessandabove,toinject2026-arbitrarywebscriptsinpagesthatwillexecutewheneverauseraccessesaninjectedpage.3534 CVE-TheWPULikepluginforWordPressisvulnerabletoStoredCross-SiteScriptingviathe[wp_ulike_likers_box]shortcodetemplateattributeinallversionsupto,andincluding,5.0.1.Thisisduetotheuseofhtml_entity_decode()onshortcodeattributeswithoutsubsequentoutputsanitization,whicheffectivelybypassesWordPress'swp_kses_post()contentfiltering.Thismakesitpossibleforauthenticatedattackers,withContributor-levelaccessandabove,toinjectarbitrarywebscriptsinpagesthatwillexecutewheneverauseraccessesaninjectedpage.Thepost2026-musthaveatleastonelikefortheXSStorender.2358 CVE-TheweFormspluginforWordPressisvulnerabletoStoredCross-SiteScriptingviatheRESTAPIentrysubmissionendpointinallversionsupto,andincluding,1.6.27.ThisisduetoinconsistentinputsanitizationbetweenthefrontendAJAXhandlerandtheRESTAPIendpoint.WhenentriesaresubmittedviatheRESTAPI(/wp-json/weforms/v1/forms/{id}/entries/),theprepare_entry()methodinclass-abstract-fields.phpreceivestheWPRESTRequestobjectas$args,bypassingtheweforms_clean()fallbackthatsanitizes$_POSTdataforfrontendsubmissions.The2026-basefieldhandleronlyappliestrim()tothevalue.Thismakesitpossibleforauthenticatedattackers,withSubscriber-levelaccessandabove,toinjectarbitrarywebscriptsintoformentryhiddenfieldvaluesviatheRESTAPIthatexecutewhenanadministratorviewstheformentriespage,wheredataisrenderedusingaVue.jsv-htmldirectivewithoutescaping.2707 CVE- 2026-Asecurityvulnerabilityhasbeendetectedinprojectsenduptor1945.TheaffectedelementisanunknownfunctionofthecomponentAJAXEndpoints.Themanipulationleadstomissingauthorization.Theattackcanbeinitiatedremotely.Theidentifierofthepatchis35dfd6f08f7d517709c77ee73e57367141107e6b.Tofixthisissue,itisrecommendedtodeployapatch. 3977 CVE- 2026-AvulnerabilityhasbeenfoundinAvinashBolequip-mcp-server1.0.0.AffectedbythisvulnerabilityisthefunctionsetupToolHandlersofthefilesrc/index.ts.Suchmanipulationleadstocommandinjection.Theattackmaybeperformedfromremote.Theexploithasbeendisclosedtothepublicandmaybeused.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 4192 CVE- 2026-AflawhasbeenfoundinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Thisaffectsanunknownfunctionofthefile/cgi-bin/wizard_mgr.cgi.Executingamanipulationcanleadtocommandinjection.Theattackcanbeexecutedremotely.Theexploithasbeenpublishedandmaybeused. 4195

CVE- AvulnerabilityhasbeenfoundinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Thisimpactsthefunctioncgirecovery/cgibackupnow/cgisetschedule/cgisetrsyncserverofthefile/cgi-bin/remote_backup.cgi.Themanipulationleadstocommandinjection.Theattackispossibletobecarriedoutremotely.Theexploithasbeendisclosedtothepublicandmaybeused.

CVE-

AvulnerabilitywasfoundinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.AffectedisthefunctionRSSGetUpdateStatus/RSSUpdate/RSSChannelAutoDownlaod/RSSAdd/RSSChannelItemDownlaod/RSSHistoryItemList/RSSItemListofthefile/cgi-bin/downloadmgr.cgi.Themanipulationresultsincommandinjection.Theattackmaybeperformedfromremote. Theexploithasbeenmadepublicandcouldbeused. CVE- ImproperLimitationofaPathnametoaRestrictedDirectory('PathTraversal')vulnerabilityinApacheLivy.ThisissueaffectsApacheLivy:from0.3.0before0.9.0.Thevulnerabilitycanonlybeexploitedwithnon-defaultApacheLivyServersettings.Iftheconfigurationvalue"livy.file.local-dir-whitelist"issettoanon-defaultvalue,thedirectorycheckingcanbebypassed. 66249 CVE-AvulnerabilitywasdetectedinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Impactedisthefunctioncgiportforwardingadd/cgiportforwardingdel/cgiportforwardingmodify/cgiportforwardingaddscan/cgidhcpdlease/cgiddns/cgiip/cgidhcpdofthefile/cgi-bin/networkmgr.cgi.Themanipulationresultsincommandinjection.Theattackmaybelaunched2026-remotely.Theexploitisnowpublicandmaybeused.4203 CVE- 2026-Tinaisaheadlesscontentmanagementsystem.Priorto2.1.2,TinaCMSallowsuserstocreate,update,anddeletecontentdocumentsusingrelativefilepaths(relativePath,newRelativePath)viaGraphQLmutations.Undercertainconditions,thesepathsarecombinedwiththecollectionpathusingpath.join()withoutvalidatingthattheresolvedpathremainswithinthecollectionrootdirectory.Becausepath.join()doesnotpreventdirectorytraversal,pathscontaining../sequencescanescapetheintendeddirectoryboundary.Thisvulnerabilityisfixedin2.1.2. 24125 CVE-AflawhasbeenfoundinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Theaffectedelementisthefunctioncgimyfavoriteadd/cgimyfavoriteset/cgimyfavoritedel/cgimyfavoritesetsortinfo/cgimyfavoriteremoveapkg/cgimyfavoritecompareapkg/cgimycloudautodownlaodofthefile/cgi-bin/guimgr.cgi.Thismanipulationoftheargumentfusercauses2026-commandinjection.Remoteexploitationoftheattackispossible.Theexploithasbeenpublishedandmaybeused.4204 CVE- 2026-AvulnerabilityhasbeenfoundinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Theimpactedelementisthefunctioncgirefreshdb/FTPServerBlockIPAdd/FTPServerBlockIPDelofthefile/cgi-bin/appmgr.cgi.Suchmanipulationleadstocommandinjection.Theattackcanbeexecutedremotely.Theexploithasbeendisclosedtothepublicandmaybeused. 4205 CVE- 2026-AvulnerabilitywasfoundinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.ThisaffectsthefunctionFMTrebuilddiskmgr/FMTcreatediskmgr/ScanDiskrune2fsckofthefile/cgi-bin/dskmgr.cgi.Performingamanipulationresultsincommandinjection.Theattackispossibletobecarriedoutremotely.Theexploithasbeenmadepublicandcouldbeused. 4206 CVE- 2026-AvulnerabilitywasdeterminedinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Thisimpactsthefunctioncgidevice/cgismstest/cgifirmwareupload/cgintptimeofthefile/cgi-bin/systemmgr.cgi.Executingamanipulationcanleadtocommandinjection.Theattackmaybeperformedfromremote.Theexploithasbeenpubliclydisclosedandmaybeutilized. 4207 CVE-AvulnerabilitywasidentifiedinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Affectedisthefunctioncgicreateimportusers/cgiuserbatchcreate/cgiusersetquota/cgiuserdel/cgiusermodify/cgigroupsetquota/cgigroupmodify/cgigroupadd/cgiuseradd/cgigetmodifygroupinfo/cgichgadminpwofthefile/cgi-bin/accountmgr.cgi.Themanipulation2026-leadstocommandinjection.Itispossibletoinitiatetheattackremotely.Theexploitispubliclyavailableandmightbeused.4209 CVE- 2026-AvulnerabilitywasfoundinGPACupto2.5-DEV-rev2167-gcc9d617c0-master.Thisvulnerabilityaffectsthefunctionswfdefbitsjpegofthefilesrc/scenemanager/swfparse.cofthecomponentMP4Box.ThemanipulationoftheargumentszNameresultsinstack-basedbufferoverflow.Itispossibletolaunchtheattackremotely.Theexploithasbeenmadepublicandcouldbeused.Thepatchisidentifiedas8961c74f87ae3fe2d3352e622f7730ca96d50cf1.Apatchshouldbeappliedtoremediatethisissue. 4185 CVE- 2025-AprivilegedIgnitionuser,intentionallyorotherwise,importsanexternalfilewithaspeciallycraftedpayload,whichexecutesembeddedmaliciouscode. 13913 CVE- 2026-AflawhasbeenfoundinCodePhiliaXChat2DBupto0.3.7.ThisvulnerabilityaffectsthefunctionexportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedureofthefileDMDBManage.javaofthecomponentDatabaseExportHandler.Thismanipulationcausessqlinjection.Itispossibletoinitiatetheattackremotely.Theexploithasbeenpublishedandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4173 CVE- 2026-AsecurityvulnerabilityhasbeendetectedinCodeGenieAppserverless-expressupto4.17.1.Affectedbythisissueissomeunknownfunctionalityofthefileexamples/lambda-function-url/packages/api/models/TodoList.tsofthecomponentAPIEndpoint.ThemanipulationoftheargumentuserIdleadstoauthorizationbypass.Theattackispossibletobecarriedoutremotely.Theexploithasbeendisclosedpubliclyandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4171 CVE- 2026-AflawhasbeenfoundinAlfrescoActivitiupto7.19/8.8.0.Affectedbythisissueisthefunctiondeserialize/createObjectInputStreamofthefileactiviti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.javaofthecomponentProcessVariableSerializationSystem.Thismanipulationcausesdeserialization.Remoteexploitationoftheattackispossible.Theexploithasbeenpublishedandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 3967 CVE- 2026-Avulnerabilitywasdetectedin648540858wvp-GB28181-proupto2.7.4-20260107.AffectedbythisvulnerabilityisthefunctiongetDownloadFilePathofthefile/src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.javaofthecomponentIPAddressHandler.ThemanipulationoftheargumentMediaServer.streamIpresultsinserver-siderequestforgery.Theattackmaybelaunchedremotely.Theexploitisnowpublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 3966 CVE-Asecurityvulnerabilityhasbeendetectedinwhyourqinglongupto2.20.1.Affectedisanunknownfunctionofthefileback/loaders/express.tsofthecomponentAPIInterface.Themanipulationoftheargumentcommandleadstoprotectionmechanismfailure.Theattackmaybeinitiatedremotely.Theexploithasbeendisclosedpubliclyandmaybeused.Upgradingtoversion2.20.2isabletoaddressthisissue.Theidentifierofthepatchis6bec52dca158481258315ba0fc2f11206df7b719.Itisadvisabletoupgradetheaffectedcomponent.Thecodemaintainerwasinformed2026-beforehandabouttheissues.Hereactedveryfastandhighlyprofessional.3965 CVE- 2026-Avulnerabilitywasdeterminedinzyddnysmanga-image-translatoruptobeta-0.3.Theaffectedelementisthefunctiontopilimageofthefilemanga-image-translator-main/server/requestextraction.pyofthecomponentTranslateEndpoints.Thismanipulationcausesserver-siderequestforgery.Itispossibletoinitiatetheattackremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 3961 CVE- 2026-AweaknesshasbeenidentifiedinCodeGenieAppserverless-expressupto4.17.1.Thisaffectsanunknownpartofthefileutils/dynamodb.tsofthecomponentUsersEndpoint.Thismanipulationoftheargumentfiltercausesinjection.Theattackmaybeinitiatedremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 3992 CVE- 2026-AvulnerabilityhasbeenfoundinWoahai321ListSyncupto0.6.6.Thisissueaffectsthefunctionrequests.postofthefilelist-sync-main/api_server.pyofthecomponentJSONHandler.Themanipulationleadstoserver-siderequestforgery.Theattackispossibletobecarriedoutremotely.Theexploithasbeendisclosedtothepublicandmaybeused.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 3958 CVE- 2026-FastGPTisanAIAgentbuildingplatform.In4.14.7andearlier,FastGPT'sPythonSandbox(fastgpt-sandbox)includesguardrailsintendedtopreventfilewrites(staticdetection+seccomp).Theseguardrailsarebypassablebyremappingstdout(fd1)toanarbitrarywritablefiledescriptorusingfcntl.Afterremapping,writingviasys.stdout.write()stillsatisfiestheseccomprulewrite(fd==1),enablingarbitraryfilecreation/overwriteinsidethesandboxcontainerdespitetheintendednofilewritesrestriction. 32128 CVE- 2026-AsecurityvulnerabilityhasbeendetectedinelecV2Pupto3.8.3.AffectedbythisissueisthefunctionrunJSFileofthefilesource-code/elecV2P-master/webser/wbjs.jsofthecomponentjsfileEndpoint.Suchmanipulationleadstocodeinjection.Theattackmaybelaunchedremotely.Theexploithasbeendisclosedpubliclyandmaybeused.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 3955

CVE- MissingAuthorizationvulnerabilityinThemeFusionFusionBuilderfusion-builderallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsFusionBuilder:fromn/athrough<3.15.0. 32451 CVE-

InJetBrainsDatalorebefore2026.1sessionhijackingwaspossibleduetomissingsecureattributeforcookiesettings 32745 CVE- AvulnerabilitywasidentifiedinSourceCodesterWeb-basedPharmacyProductManagementSystem1.0.Thisaffectsanunknownfunctionofthefileadd_admin.php.Suchmanipulationleadstoimproperauthorization.Theattackmaybelaunchedremotely.

CVE- 2025- inOpenHarmonyv5.1.0andpriorversionsallowalocalattackerarbitrarycodeexecutioninpre-installedappsthroughusingincompatibletype.Thisvulnerabilitycanbeexploitedonlyinrestrictedscenarios. 25277 CVE- OPNsenseisaFreeBSDbasedfirewallandroutingplatform.Priorto26.1.4,multipleOPNsenseMVCAPIendpointsperformstate‑changingoperationsbutareaccessibleviaHTTPGETrequestswithoutCSRFprotection.TheframeworkCSRFvalidationinApiControllerBaseonlyappliestoPOST/PUT/DELETEmethods,allowingauthenticatedGETrequeststobypassCSRFverification.Asaresult,amaliciouswebsitecantriggerprivilegedbackendactionswhenvisitedbyanauthenticateduser,causingunintendedservicereloadsandconfigurationchangesthroughconfigd.This2026- resultsinanauthenticatedCross‑SiteRequestForgeryvulnerabilityallowingunauthorizedsystemstatechanges.Thisvulnerabilityisfixedin26.1.4.30868 CVE- 2026- InSplunkEnterpriseversionsbelow10.2.1,10.0.4,9.4.9,and9.3.10,andSplunkCloudPlatformversionsbelow10.2.2510.7,10.1.2507.17,10.0.2503.12,and9.3.2411.124,alow-privilegeduserthatdoesnotholdthe"admin"or"power"Splunkrolescouldretrievesensitiveinformationbyinspectingthejob'ssearchlogduetoimproperaccesscontrolintheMongoClientloggingchannel. 20165 CVE- InSplunkEnterpriseversionsbelow10.2.0,10.0.3,9.4.9,and9.3.9,andSplunkCloudPlatformversionsbelow10.2.2510.4,10.1.2507.15,10.0.2503.11,and9.3.2411.123,alow-privilegeduserwhodoesnotholdthe"admin"or"power"SplunkrolescouldcraftamaliciouspayloadwhencreatingaView(Settings-2026- vulnerabilityrequirestheattackertophishthevictimbytrickingthemintoinitiatingarequestwithintheirbrowser.Theauthenticatedusershouldnotbeabletoexploitthevulnerabilityatwill.20162 CVE- 2026- AvulnerabilitywasdeterminedinOpenClaw2026.2.19-2.ThisvulnerabilityaffectsthefunctionapplySkillConfigenvOverridesofthecomponentSkillEnvHandler.Executingamanipulationcanleadtocodeinjection.Itispossibletolaunchtheattackremotely.Upgradingtoversion2026.2.21-beta.1isabletoresolvethisissue.Thispatchiscalled8c9f35cdb51692b650ddf05b259ccdd75cc9a83c.Itisrecommendedtoupgradetheaffectedcomponent. 4039 CVE- MaliciousconfigurationcanleadtounauthorizedfileaccessinApacheLivy.ThisissueaffectsApacheLivy0.7.0and0.8.0whenconnectingtoApacheSpark3.1orlater.2025- later,whichfixestheissue.60012 CVE- 2026- AvulnerabilityhasbeenfoundinAutohomeCorpfrostmourneupto1.0.ThisaffectsthefunctionscriptEngine.evalofthefileExpressionRule.javaofthecomponentOracleNashornJavaScriptEngine.SuchmanipulationoftheargumentEXPRESSIONleadstocodeinjection.Theattackcanbeexecutedremotely.Theexploithasbeendisclosedtothepublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 3968 CVE- 2026- Avulnerabilityhasbeenfoundinvanna-aivannaupto2.0.2.Affectedisthefunctionupdatesqlofthefilesrc/vanna/legacy/flask/init.pyofthecomponentEndpoint.Suchmanipulationleadstosqlinjection.Theattackcanbelaunchedremotely.Theexploithasbeendisclosedtothepublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4230 CVE- 2026- AvulnerabilitywasidentifiedinitsourcecodeCollegeManagementSystem1.0.Theimpactedelementisanunknownfunctionofthefile/admin/time-table.php.Suchmanipulationoftheargumentcoursecodeleadstosqlinjection.Theattackcanbelaunchedremotely.Theexploitispubliclyavailableandmightbeused. 4241 CVE- 2026- AsecurityflawhasbeendiscoveredinSSCMS7.4.0.ThisvulnerabilityaffectsunknowncodeofthefileSitesAddController.Submit.csofthecomponentDDLHandler.ThemanipulationoftheargumenttableHandWriteresultsinsqlinjection.Theattackcanbeexecutedremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4234 CVE- 2026- Aweaknesshasbeenidentifiedinfrdel/agent0aiagent-zero0.9.7.Thisaffectsthefunctionhandlepdfdocumentofthefilepython/helpers/documentquery.py.Thismanipulationcausesserver-siderequestforgery.Theattackispossibletobecarriedoutremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4308 CVE- AsecurityflawhasbeendiscoveredinD-LinkDNS-120,DNR-202L,DNS-315L,DNS-320,DNS-320L,DNS-320LW,DNS-321,DNR-322L,DNS-323,DNS-325,DNS-326,DNS-327L,DNR-326,DNS-340L,DNS-343,DNS-345,DNS-726-4,DNS-1100-4,DNS-1200-05andDNS-1550-04upto20260205.Affectedbythisvulnerabilityisthefunctioncgitmsetshareofthefile/cgi-bin/timemachine.cgi.ThemanipulationoftheargumentNameresultsincommandinjection.Itispossibletolaunchtheattackremotely.Theexploithasbeenreleasedtothepublicandmaybeusedfor2026- attacks.4210 CVE- 2026- AvulnerabilitywasdetectedinLB-LINKBL-WR90002.4.9.Thisaffectsthefunctionsub458754ofthefile/goform/set_wifi.Themanipulationresultsincommandinjection.Itispossibletolaunchtheattackremotely.Theexploitisnowpublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4228 CVE- 2026- AsecurityflawhasbeendiscoveredinFlowCIflow-core-xupto1.23.01.TheimpactedelementisthefunctionSaveofthefilecore/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.javaofthecomponentSMTPHostHandler.Themanipulationresultsinserver-siderequestforgery.Theattackmaybeperformedfromremote.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4215 CVE- 2019- WinMPGiPodConvert3.0containsabufferoverflowvulnerabilityintheRegisterdialogthatallowslocalattackerstocrashtheapplicationbysupplyinganoversizedpayload.AttackerscanpastealargestringofcharactersintotheUserNameandUserCodefieldtotriggeradenialofservicecondition. 25484 CVE- 2019- R3.4.4onWindowsx64containsabufferoverflowvulnerabilityintheGUIPreferenceslanguagemenufieldthatallowslocalattackerstobypassDEPandASLRprotections.AttackerscaninjectacraftedpayloadthroughtheLanguageformenuspreferencetotriggerastructuredexceptionhandlerchainpivotandexecutearbitraryshellcodewithapplicationprivileges. 25485 CVE- 2016- ZKTecoZKBioSecurity3.0containsafilepathmanipulationvulnerabilitythatallowsattackerstoaccessarbitraryfilesbymodifyingfilepathsusedtoretrievelocalresources.Attackerscanmanipulatepathparameterstobypassaccesscontrolsandretrievesensitiveinformationincludingconfigurationfiles,sourcecode,andprotectedapplicationresources. 20029 CVE- 2019- OutlookPasswordRecovery2.10containsabufferoverflowvulnerabilitythatallowslocalattackerstocrashtheapplicationbysupplyinganoversizedpayload.Attackerscancreateamalicioustextfilecontaining6000bytesofdataandpasteitintotheUserNameandRegistrationCodefieldtotriggeradenialofservicecondition.25476

CVE- 2019- SQLServerPasswordChanger1.90containsabufferoverflowvulnerabilitythatallowslocalattackerstocrashtheapplicationbysupplyinganoversizedpayload.Attackerscaninject6000bytesofdataintotheUserNameandRegistrationCodefieldtotriggeradenialofservicecondition. 25475 CVE- EasyMP3Downloader4.7.8.8containsabufferoverflowvulnerabilitythatallowslocalattackerstocrashtheapplicationbysupplyinganexcessivelylongunlockcode.Attackerscangenerateafilecontaining6000'A'charactersandpastethecontentsintotheUnlockCodefieldduringapplicationstartuptotriggeradenialofservicecondition. 25474

CVE- FolderLock7.7.9containsabufferoverflowvulnerabilityintheserialnumberregistrationfieldthatallowslocalattackerstocrashtheapplicationbysubmittinganoversizedpayload.Attackerscanpastea6000-bytebufferofarbitrarydataintothe'SerialNumberandRegistrationKey'fieldtotriggeradenialofservicecondition. 25469 CVE- SpotIEInternetExplorerPasswordRecovery2.9.5containsadenialofservicevulnerabilityintheregistrationkeyinputfieldthatallowslocalattackerstocrashtheapplicationbysupplyinganexcessivelylongstring.Attackerscanpastea256-characterpayloadintotheKeyfieldduringregistrationtotriggerabufferoverflowandcrashtheapplication. 25463 CVE- 2019- RARPasswordRecovery1.80containsabufferoverflowvulnerabilitythatallowslocalattackerstocrashtheapplicationbysupplyinganoversizedpayloadintheregistrationdialog.Attackerscancraftamaliciousinputstringexceeding6000bytesandpasteitintotheUserNameandRegistrationCodefieldtotriggeranapplicationcrash. 25477 CVE- 2026- Tinaisaheadlesscontentmanagementsystem.Priorto2.1.8,theTinaCMSCLIdevserverconfiguresVitewithserver.fs.strict:false,whichdisablesVite'sbuilt-infilesystemaccessrestriction.Thisallowsanyunauthenticatedattackerwhocanreachthedevservertoreadarbitraryfilesonthehostsystem.Thisvulnerabilityisfixedin2.1.8. 29066 CVE- CallingNSS-backedfunctionsthatsupportcachingvianscdmaycallthenscdclientsidecodeandintheGNUCLibraryversion2.36underhighloadonx8664systems,theclientmaycallmemcmponinputsthatare 2026- memcmpwasintroducedforx8664whichcouldcrashwheninvokedwithsuchundefinedbehaviour,turningthisintoapotentialcrashofthenscdclientandtheapplicationthatusesit. 3904 crashinthenscdclient. CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 58427 CVE- 2026- Versionsofthepackagespin.jsbefore3.0.0arevulnerabletoCross-siteScripting(XSS)viathespin()functionthatallowsacreationofmorethan1alertforeach'target'element.Anattackerwouldneedtosetanarbitrarykey-valuepaironObject.prototypethroughacraftedURLachievingaprototypepollutionfirst,beforebeingabletoexecutearbitraryJavaScriptinthecontextoftheuser'sbrowser. 3884 CVE- 2026- IFTOPdevelopedbyWellChoosehasanOpenredirectvulnerability,allowingauthenticatedremoteattackerstocraftaURLthattricksusersintovisitingmaliciouswebsite. 3824 CVE- 2026- IFTOPdevelopedbyWellChoosehasaReflectedCross-siteScriptingvulnerability,allowingauthenticatedremoteattackerstoexecutearbitraryJavaScriptcodesinuser'sbrowserthroughphishingattacks. 3825 CVE- 2016- ZKTecoZKBioSecurity3.0containsmultiplereflectedcross-sitescriptingvulnerabilitiesthatallowattackerstoexecutearbitraryHTMLandscriptcodebyinjectingmaliciouspayloadsthroughunsanitizedparametersinmultiplescripts.AttackerscancraftmaliciousURLswithXSSpayloadsinvulnerableparameterstoexecutescriptsinauser'sbrowsersessionwithinthecontextoftheaffectedapplication. 20027 CVE- 2015- NextClickVenturesRealtyScript4.0.2failstoproperlysanitizeCSVfileuploads,allowingattackerstoinjectmaliciousscriptsthroughfilenameparametersinmultipartformdata.AttackerscanuploadfileswithXSSpayloadsinthefilenamefieldtoexecutearbitraryJavaScriptinusers'browserswhenthefileisprocessedordisplayed. 20116 CVE- 2015- NextClickVenturesRealtyScript4.0.2containsacross-sitescriptingvulnerabilitythatallowsattackerstoexecutearbitraryHTMLandscriptcodebyinjectingmaliciousinputthroughmultipleparametersthatarenotproperlysanitized.Attackerscancraftrequestswithinjectedscriptpayloadsinvulnerableparameterstoexecutecodeinusers'browsersessionswithinthecontextoftheaffectedapplication. 20114 CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 64735 CVE- 2026- ApotentialbufferoverflowvulnerabilitywasreportedintheLenovoVirtualBusdriverusedinSmartConnectthatcouldallowalocalauthenticatedusertocorruptmemoryandcauseaWindowsbluescreenerror. 1652 CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 47873 CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 65119 CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 66000 CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 66042 CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 66503 CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 66617 CVE- 2025- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 66633 CVE- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 20726 CVE-

Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 22882 CVE- Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 64776 CVE- 2016-WowzaStreamingEngine4.5.0containsmultiplereflectedcross-sitescriptingvulnerabilitiesintheenginemanagerinterfacewhereinputpassedthroughvariousparametersisnotproperlysanitizedbeforebeingreturnedtousers.AttackerscaninjectmaliciousscriptcodethroughparameterslikeappName,vhost,uiAppType,andwowzaCloudDestinationTypeinmultipleendpointstoexecutearbitraryHTMLandJavaScriptinauser'sbrowsersession. 20036 CVE- 2025-CrossSitescriptingvulnerability(XSS)inNetBox4.3.5"comment"fieldonobjectforms.AnattackercaninjectarbitraryHTML,whichwillberenderedinthewebUIwhenviewedbyotherusers.ThiscouldpotentiallyleadtouserinterfaceredressattacksorbeescalatedtoXSSincertaincontexts. 57543 CVE- 2026-Craftisacontentmanagementsystem(CMS).ThefixforCVE-2025-35939incraftcms/cmsintroducedastriptags()callinsrc/web/User.phptosanitizereturnURLsbeforetheyarestoredinthesession.However,striptags()onlyremovesHTMLtags(anglebrackets)--itdoesnotinspectorfilterURLschemes.Payloadslikejavascript:alert(document.cookie)containnoHTMLtagsandpassthroughstriptags()completelyunmodified,enablingreflectedXSSwhenthereturnURLisrenderedinanhrefattribute.Thisvulnerabilityisfixedin 31859 CVE- 2026-AflawwasfoundinGNUBinutils.Thisvulnerability,aheap-basedbufferoverflow,specificallyanout-of-boundsread,existsinthebfdlinkercomponent.AnattackercouldexploitthisbyconvincingausertoprocessaspeciallycraftedmaliciousXCOFFobjectfile.Successfulexploitationmayleadtothedisclosureofsensitiveinformationorcausetheapplicationtocrash,resultinginanapplicationleveldenialofservice. 3442 CVE- 2026-AflawwasfoundinGNUBinutils.Thisheap-basedbufferoverflowvulnerability,specificallyanout-of-boundsreadinthebfdlinker,allowsanattackertogainaccesstosensitiveinformation.ByconvincingausertoprocessaspeciallycraftedXCOFFobjectfile,anattackercantriggerthisflaw,potentiallyleadingtoinformationdisclosureoranapplicationleveldenialofservice. 3441 CVE-Avulnerabilityintheweb-basedmanagementinterfaceof CiscoFinesse,CiscoPackagedContactCenterEnterprise(PackagedCCE),CiscoUnifiedContactCenterEnterprise(UnifiedCCE),CiscoUnifiedContactCenterExpress(UnifiedCCX),andCiscoUnifiedIntelligenceCentercouldallowanunauthenticated,remoteattackertoconductcross-sitescripting(XSS)attacksagainstauseroftheinterface.2026-exploitthisvulnerabilitybyinjectingmaliciouscodeintospecificpagesoftheinterface.Asuccessfulexploitcouldallowtheattackertoexecutearbitraryscriptcodeinthecontextoftheaffectedinterfaceoraccesssensitive,browser-basedinformation.20116 CVE-Avulnerabilityintheweb-basedmanagementinterfaceofCiscoUnifiedContactCenterExpress(UnifiedCCX)couldallowanunauthenticated,remoteattackertoconductcross-sitescripting(XSS)attacksagainstauseroftheinterface.2026-oftheaffectedinterfaceoraccesssensitive,browser-basedinformation.20117 CVE- 2025-Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 61952 CVE- 2025-Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 61979 CVE- 2025-Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 62403 CVE- 2025-RaythaCMSisvulnerabletoReflectedXSSviareturnUrlparameterinlogonfunctionality.AnattackercancraftamaliciousURLwhich,whenopenedbytheauthenticatedvictim,resultsinarbitraryJavaScriptexecutioninthevictim’sbrowser. 69245 CVE- 2026-HeretaETH-IMC408Mfirmwareversion1.0.15andpriorcontainareflectedcross-sitescriptingvulnerabilityintheNetworkDiagnosispingfunctionthatallowsattackerstoexecutearbitraryJavaScript.Attackerscancraftmaliciouslinkswithinjectedscriptpayloadsinthepingipaddrparametertocompromiseauthenticatedadministratorsessionswhenthelinksarevisited. 29520 CVE- 2026-Issuesinstm32USBdevicedriver(drivers/usb/device/usbdcstm32.c)canleadtoaninfinitewhileloop. 4179 CVE- 2025-Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 62500 CVE- 2025-TheRTMKitpluginforWordPressisvulnerabletoReflectedCross-SiteScriptingviathe'themebuilder'parameterinallversionsupto,andincluding,1.6.8duetoinsufficientinputsanitizationandoutputescaping.Thismakesitpossibleforunauthenticatedattackerstoinjectarbitrarywebscriptsinpagesthatexecuteiftheycansuccessfullytrickasiteadministratorintoperforminganactionsuchasclickingonalink. 12473 CVE- 2026-TheLatePoint–CalendarBookingPluginforAppointmentsandEventspluginforWordPressisvulnerabletoCross-SiteRequestForgeryinallversionsupto,andincluding,5.2.7.Thisisduetomissingorincorrectnoncevalidationonthereloadpreview()function.Thismakesitpossibleforunauthenticatedattackerstoupdatesettingsandinjectmaliciouswebscriptsviaaforgedrequestgrantedtheycantrickasiteadministratorintoperforminganactionsuchasclickingonalink. 2324 CVE- 2025-Anout-of-boundsreadvulnerabilityexistsintheEMFfunctionalityofCanvaAffinity.ByusingaspeciallycraftedEMFfile,anattackercouldexploitthisvulnerabilitytoperformanout-of-boundsread,potentiallyleadingtothedisclosureofsensitiveinformation. 64733 CVE-ChamiloLMSisalearningmanagementsystem.ChamiloLMSversion1.11.34andpriorcontainsaReflectedCross-SiteScripting(XSS)vulnerabilityinthesessioncategorylistingpage.Thekeywordparameterfrom$REQUESTisechoeddirectlyintoanHTMLhrefattributewithoutanyencodingorsanitization.AnattackercaninjectarbitraryHTML/JavaScriptbybreakingoutoftheattributecontextusing">followedbyamaliciouspayload.Thevulnerabilityistriggeredwhenthepaginationcontrolsarerendered—whichoccurswhenthenumberofsessioncategoriesexceeds2026-20(thepagelimit).Thisissuehasbeenpatchedinversion1.11.36.30882 CVE- 2017-ServiioPRO1.8DLNAMediaStreamingServercontainsaDOM-basedcross-sitescriptingvulnerabilitythatallowsattackerstoexecutearbitraryHTMLandscriptcodebyinjectingmaliciouspayloads.AttackerscancraftURLswithmaliciousinputthatisreadfromdocument.locationandpassedtodocument.write()inthemediabrowsercomponenttoexecutecodeinauser'sbrowsercontext. 20219 CVE- RaythaCMSisvulnerabletoreflectedXSSviathebackToListUrlparameter.AnattackercancraftamaliciousURLwhich,whenopenedbyauthenticatedvictim,resultsinarbitraryJavaScriptexecutioninthevictim’sbrowser. 69242 CVE-ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.4and8.6.30,anattackercanuploadafilewithafileextensionorcontenttypethatisnotblockedbythedefaultconfigurationoftheParseServerfileUpload.fileExtensionsoption.Thefilecancontainmaliciouscode,forexampleJavaScriptinanSVGorXHTMLfile.WhenthefileisaccessedviaitsURL,thebrowserrendersthefileandexecutesthemaliciouscodeinthecontextoftheParseServerdomain.ThisisastoredCross-SiteScripting(XSS)

vulnerabilitythatcanbeexploitedtostealsessiontokens,redirectusers,orperformactionsonbehalfofotherusers.Affectedfileextensionsandcontenttypesinclude.svgz,.xht,.xml,.xsl,.xslt,andcontenttypesapplication/xhtml+xmlandapplication/xslt+xmlforextensionlessuploads.Uploadingof.html,.htm,.shtml,.xhtml,and.svgfileswasalreadyblocked.Thisvulnerabilityisfixedin9.6.0-alpha.4and8.6.30. 31868 CVE- wpDiscuzbefore7.6.47containsastoredcross-sitescriptingvulnerabilitythatallowsauthenticatedattackerstoinjectmaliciousJavaScriptbyimportingacraftedoptionsfilewithunescapedcustomCssfieldvalues.AttackerscansupplyamaliciousJSONimportfilecontainingscriptpayloadsinthecustomCssparameterthatexecuteoneverypagewhenrenderedthroughtheoptionshandlerwithoutpropersanitization. 22192 CVE- 2026-wpDiscuzbefore7.6.47containsastoredcross-sitescriptingvulnerabilityintheinlinecommentpreviewfunctionalitythatallowsauthenticateduserstoinjectmaliciousscriptsbysubmittingcommentswithunescapedcontent.Attackerswithunfiltered_htmlcapabilitiescaninjectJavaScriptdirectlythroughcommentcontentrenderedintheAJAXresponsefromthegetLastInlineComments()functioninclass.WpdiscuzHelperAjax.phpwithoutproperHTMLescaping. 22183 CVE- 2026-TheSimpleAjaxChatpluginforWordPressisvulnerabletoStoredCross-SiteScriptingviathe'c'parameterinversionsupto,andincluding,20260217duetoinsufficientinputsanitizationandoutputescaping.Thismakesitpossibleforunauthenticatedattackerstoinjectarbitrarywebscriptsinpagesthatwillexecutewheneverauseraccessesaninjectedpage. 2987 CVE- 2025-IBMSterlingPartnerEngagementManager6.2.3.0through6.2.3.5and6.2.4.0through6.2.4.2isvulnerabletocross-sitescripting.ThisvulnerabilityallowsanauthenticatedusertoembedarbitraryJavaScriptcodeintheWebUIthusalteringtheintendedfunctionalitypotentiallyleadingtocredentialsdisclosurewithinatrustedsession. 13702 CVE- 2026-Unheadisadocumentheadandtemplatemanager.Priorto2.1.11,useHeadSafe()canbebypassedtoinjectarbitraryHTMLattributes,includingeventhandlers,intoSSR-rendered

tags.ThisisthecomposablethatNuxtdocsrecommendforsafelyhandlinguser-generatedcontent.TheacceptDataAttrsfunction(safe.ts,line16-20)allowsanypropertykeystartingwithdata-throughtothefinalHTML.Itonlycheckstheprefix,notwhetherthekeycontainsspacesorothercharactersthatbreakHTMLattributeparsing.Thisvulnerabilityisfixedin2.1.11. 31860 CVE- 2026-TheGuestposting/FrontendPosting/FrontEditorWordPresspluginbefore5.0.6allowspassingaURLparametertoregeneratea.jsonfilebasedondemodatathatitinitiallycreates.IfanadministratormodifiesthedemoformandenablesadminnotificationsintheGuestposting/FrontendPosting/FrontEditor 1867 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinblubrryPowerPressPodcastingpowerpressallowsStoredXSS.ThisissueaffectsPowerPressPodcasting:fromn/athrough<=11.15.13. 32351 CVE-Backstageisanopenframeworkforbuildingdeveloperportals.Priorto0.27.1,theexperimentalOIDCproviderin@backstage/plugin-auth-backendisvulnerabletoaredirectURIallowlistbypass.InstancesthathaveenabledexperimentalDynamicClientRegistrationorClientIDMetadataDocumentsandconfiguredallowedRedirectUriPatternsareaffected.AspeciallycraftedredirectURIcanpasstheallowlistvalidationwhileresolvingtoanattacker-controlledhost.IfavictimapprovestheresultingOAuthconsentrequest,theirauthorizationcodeissenttotheattacker,who2026-canexchangeitforavalidaccesstoken.Thisrequiresvictiminteractionandthatoneoftheexperimentalfeaturesisexplicitlyenabled,whichisnotthedefault.Thisvulnerabilityisfixedin0.27.1.32235 CVE-ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.7and8.6.33,whenmulti-factorauthentication(MFA)viaTOTPisenabledforauseraccount,ParseServergeneratestwosingle-userecoverycodes.ThesecodesareintendedasafallbackwhentheusercannotprovideaTOTPtoken.However,recoverycodesarenotconsumedafteruse,allowingthesamerecoverycodetobeusedanunlimitednumberoftimes.Thisdefeatsthesingle-usedesignofrecoverycodesandweakensthesecurityofMFA-2026-protectedaccounts.Anattackerwhoobtainsasinglerecoverycodecanrepeatedlyauthenticateastheaffecteduserwithoutthecodeeverbeinginvalidated.Thisvulnerabilityisfixedin9.6.0-alpha.7and8.6.33.31875 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinrichpluginsRichShowcaseforGoogleReviewswidget-google-reviewsallowsStoredXSS.ThisissueaffectsRichShowcaseforGoogleReviews:fromn/athrough<=6.9.4.3. 32360 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinFernandoBrianoListcategorypostslist-category-postsallowsDOM-BasedXSS.ThisissueaffectsListcategoryposts:fromn/athrough<=0.93.1. 32419 CVE-Thisisanuncontrolledresourceconsumptionvulnerability(CWE-400)thatcanleadtoDenialofService(DoS).InvulnerableUndiciversions,wheninterceptors.deduplicate()isenabled,responsedatafordeduplicatedrequestscouldbeaccumulatedinmemoryfordownstreamhandlers.Anattacker-controlledoruntrustedupstreamendpointcanexploitthiswithlarge/chunkedresponsesandconcurrentidenticalrequests,causinghighmemoryusageandpotentialOOMprocesstermination.2026-endpointsthatmayproducelargeorlong-livedresponsebodies.PatchesTheissuehasbeenpatchedbychangingdeduplicationbehaviortostreamresponsechunkstodownstreamhandlersastheyarrive(insteadoffull-bodyaccumulation),andbypreventinglatededuplicationwhenbodystreaminghasalreadystarted.2581 CVE- 2026-ImproperNeutralizationofInputDuringWebPageGeneration('Cross-siteScripting')vulnerabilityinLitonArefinMasterAddonsforElementormaster-addonsallowsDOM-BasedXSS.ThisissueaffectsMasterAddonsforElementor:fromn/athrough<=2.1.3. 32462 CVE- 2026-AflawwasfoundinLibsoup.Theserver-sidedigestauthenticationimplementationintheSoupAuthDomainDigestclassdoesnotproperlytrackissuednoncesorenforcetherequiredincrementingnonce-count(nc)attribute.Thisvulnerabilityallowsaremoteattackertocaptureasinglevalidauthenticationheaderandreplayitrepeatedly.Consequently,theattackercanbypassauthenticationandgainunauthorizedaccesstoprotectedresources,impersonatingthelegitimateuser. 3099 CVE- 2025-HCLAIONisaffectedbyavulnerabilitywherecertainuseractionsarenotadequatelyauditedorlogged.Theabsenceofproperauditingmechanismsmayreducetraceabilityofuseractivitiesandcouldpotentiallyimpactmonitoring,accountability,orincidentinvestigationprocesses. 52644 CVE- 2026-Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtohandleincorrectlyreportedarraylengthswhichallowsmalicioususertocauseOOMerrorsandcrashtheserverviasendingcorruptedmsgpackframeswithinwebsocketmessagestocallsplugin.MattermostAdvisoryID:MMSA-2025-00537 2454 CVE- 2025-IBMPlanningAnalyticsLocal2.1.0through2.1.17couldallowanattackertotrickthecachingmechanismintostoringandservingsensitive,user-specificresponsesaspubliclycacheableresources. 14806 CVE- 2026-ImageMagickisfreeandopen-sourcesoftwareusedforeditingandmanipulatingdigitalimages.Priorto7.1.2-16and6.9.13-41,anoverflowon32-bitsystemscancauseacrashintheSFWdecoderwhenprocessingextremelylargeimages.Thisvulnerabilityisfixedin7.1.2-16and6.9.13-41. 31853 CVE- 2026-AvulnerabilitywasdeterminedinDuendeIdentityServer4.Theaffectedelementisanunknownfunctionofthefile/connect/authorizeofthecomponentTokenRenewalEndpoint.Thismanipulationoftheargumentidtokenhintcausesimproperauthentication.Itispossibletoinitiatetheattackremotely.Theattackisconsideredtohavehighcomplexity.Theexploitabilityisdescribedasdifficult.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4349 CVE- 2025-HCLAIONisaffectedbyavulnerabilitywheregeneratedcontainersmayexecutebinarieswithroot-levelprivileges.Runningcontainerswithrootprivilegesmayincreasethepotentialsecurityrisk,asitgrantselevatedpermissionswithinthecontainerenvironment.Aligningcontainerconfigurationswithsecuritybestpracticesrequiresminimizingprivilegesandavoidingroot-levelexecutionwhereverpossible. 52638 CVE-InspektorGadgetisasetoftoolsandframeworkfordatacollectionandsysteminspectiononKubernetesclustersandLinuxhostsusingeBPF.Priorto0.50.1,inasituationwherethering-bufferofagadgetis–incidentallyormaliciously–alreadyfull,thegadgetwillsilentlydropevents.Theinclude/gadget/buffer.hfilecontainsdefinitionsfortheBufferAPIthatgadgetscanuseto,amongtheotherthings,transferdatafromeBPFprogramstouserspace.ForhostsrunningamodernenoughLinuxkernel(>=5.8),thistransfermechanismisbasedonring-buffers.Thesizeof thering-bufferforthegadgetsishard-codedto256KB.Whenagadgetreservebuffailsbecauseofinsufficientspace,thegadgetsilentlycleansupwithoutproducinganalert.ThelostcountreportedbytheeBPFoperator,whenusingring-buffers–themodernchoice–ishardcodedtozero.Thevulnerabilitycanbeusedbyamaliciouseventsource(e.g.acompromisedcontainer)tocauseaDenialOfService,forcingthesystemtodropeventscomingfromothercontainers(orthesamecontainer).Thisvulnerabilityisfixedin0.50.1.31890 CVE- 2025- inOpenHarmonyv5.1.0andpriorversionsallowalocalattackerarbitrarycodeexecutioninpre-installedappsthroughout-of-boundswrite.Thisvulnerabilitycanbeexploitedonlyinrestrictedscenarios. 52458 CVE- wpDiscuzbefore7.6.47containsacross-sitescriptingvulnerabilityinthecustomCssfieldthatallowsadministratorstoinjectmaliciousscriptsbybreakingoutofstyletags.AttackerswithadminaccesscaninjectpayloadslikeinthecustomCSSsettingtoexecutearbitraryJavaScriptinuserbrowsers. 22209 CVE- 2026- ImproperProtectionofAlternatePathexistsintheno-accessandworkdirfeatureoftheAWSAPIMCPServerversions>=0.2.14and<1.3.9onallplatformsmayallowthebypassofintendedfileaccessrestrictionandexposearbitrarylocalfilecontentsintheMCPclientapplicationcontext. 4270 CVE- 2019- InputMapper1.6.10containsabufferoverflowvulnerabilityintheusernamefieldthatallowslocalattackerstocrashtheapplicationbyenteringanexcessivelylongstring.Attackerscantriggeradenialofservicebycopyingalargepayloadintotheusernamefieldanddouble-clickingtoprocessit,causingtheapplicationtocrash. 25464 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyaServer-SideRequestForgery(SSRF)vulnerabilitythatcouldresultinaSecurityfeaturebypass.Ahigh-privilegedattackercouldexploitthisvulnerabilitytomanipulateserver-siderequestsandbypasssecuritycontrols.Exploitationofthisissuedoesnotrequireuserinteraction. 21294 CVE- 2016- ZKTecoZKBioSecurity3.0containsalocalauthorizationbypassvulnerabilityinvisLogin.jspthatallowsattackerstoauthenticatewithoutvalidcredentialsbyspoofinglocalhostrequests.AttackerscanexploittheEnvironmentUtil.getClientIp()methodwhichtreatsIPv6loopbackaddress0:0:0:0:0:0:0:1as127.0.0.1andauthenticatesusingtheIPasusernamewithhardcodedpassword123456toaccesssensitiveinformationandperformunauthorizedactions. 20031 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyaServer-SideRequestForgery(SSRF)vulnerabilitythatcouldresultinaSecurityfeaturebypass.Ahigh-privilegedattackercouldexploitthisvulnerabilitytomanipulateserver-siderequestsandaccessunauthorizedresources.Exploitationofthisissuedoesnotrequireuserinteraction. 21293 CVE- 2026- ImproperinputvalidationintheappsandendpointsconfigurationinPowerShellUniversalbefore2026.1.4allowsanauthenticateduserwithpermissionstocreateormodifyAppsorEndpointstooverrideexistingapplicationorsystemroutes,resultinginunintendedrequestroutinganddenialofserviceviaaconflictingURLpath. 3563 CVE- 2026- ApotentialdividebyzerovulnerabilitywasreportedintheLenovoVirtualBusdriverusedinSmartConnectthatcouldallowalocalauthenticatedusertocauseaWindowsbluescreenerror. 1653 CVE- 2026- ADTracecomponent,dtprobed,allowsarbitraryfilecreationthroughcraftedUSDTprovidernames. 21991 CVE- 2026- AninputvalidationvulnerabilitywasreportedintheLenovoProductivitySystemAddinusedinLenovoVantageandLenovoBaiyingthatcouldallowalocalauthenticatedusertoterminatearbitraryprocesseswithelevatedprivileges. 1717 CVE- 2026- Duringaninternalsecurityassessment,apotentialvulnerabilitywasdiscoveredinLenovoPCManagerthatcouldallowalocalauthenticatedusertoterminateprivilegedprocesses. 2640 CVE- Quillprovidessimplemacbinarysigningandnotarizationfromanyplatform.Quillbeforeversionv0.7.1containsanunboundedmemoryallocationvulnerabilitywhenparsingMach-Obinaries.ExploitationrequiresthatQuillprocessesanattacker-suppliedMach-Obinary,whichismostlikelyinenvironmentssuchasCI/CDpipelines,sharedsigningservices,oranyworkflowwhereexternally-submittedbinariesareacceptedforsigning.WhenparsingaMach-Obinary,QuillreadsseveralsizeandcountfieldsfromtheLCCODESIGNATUREloadcommandandembeddedcode 2026- signingstructures(SuperBlob,BlobIndex)andusesthemtoallocatememorybufferswithoutvalidatingthatthevaluesarereasonableorconsistentwiththeactualfilesize.AffectedfieldsincludeDataSize,DataOffset,andSizefromtheloadcommand,CountfromtheSuperBlobheader,andLengthfromindividualblobheaders.Anattackercancraftaminimal(~4KB)maliciousMach-Obinarywithextremelylargevaluesinthesefields,causingQuilltoattempttoallocateexcessivememory.Thisleadstomemoryexhaustionanddenialofservice,potentiallycrashingthehost 31961 process.BoththeQuillCLIandGolibraryareaffectedwhenusedtoparseuntrustedMach-Ofiles.Thisvulnerabilityisfixedin0.7.1. CVE- 2025- inOpenHarmonyv5.1.0andpriorversionsallowalocalattackerarbitrarycodeexecutioninpre-installedappsthroughout-of-boundswrite.Thisvulnerabilitycanbeexploitedonlyinrestrictedscenarios. 41432 CVE- 2026- 27257 CVE- 2026- 27250 CVE- 2026- StudioCMSisaserver-side-rendered,Astronative,headlesscontentmanagementsystem.Priorto0.4.3,theupdateUserNotificationsendpointacceptsauserIDfromtherequestpayloadandusesittoupdatethatuser'snotificationpreferences.Itchecksthatthecallerisloggedinbutneververifiesthatthecallerownsthetargetaccount(id!==userData.user.id).Anyauthenticatedvisitorcanmodifynotificationpreferencesforanyuser,includingdisablingadminnotificationstosuppressdetectionofmaliciousactivity.Thisvulnerabilityisfixedin0.4.3. 32104 CVE- 2026- 27248 CVE- 2026- 27256 CVE- 2026- Frappeisafull-stackwebapplicationframework.Priorto14.100.2,15.101.0,and16.10.0,duetoalackofvalidationandimproperpermissionchecks,userscouldmodifyotheruser'sprivateworkspaces.SpeciallycraftedrequestscouldleadtostoredXSShere.Thisvulnerabilityisfixedin14.100.2,15.101.0,and16.10.0. 31879 CVE- 2025- AnauthenticatedarbitraryfileuploadvulnerabilityintheCourses/WorkAssignmentsmoduleofgunetOpeneClassv3.11,andfixedinv3.13,allowsattackerstoexecutearbitrarycodeviauploadingacraftedSVGfile. 65734

CVE- Notesnookisanote-takingappfocusedonuserprivacy&easeofuse.Priorto3.3.9,aStoredCross-SiteScripting(XSS)vulnerabilityexistedinNotesnook'seditorembedcomponentwhenrenderingTwitter/XembedURLs.ThetweetToEmbed()functionincomponent.tsxinterpolatedtheuser-suppliedURLdirectlyintoanHTMLstringwithoutescaping,whichwasthenassignedtothesrcdocattributeofan

27247 CVE- 27244 CVE- 2026- MissingAuthorizationvulnerabilityinSaadIqbalWPEasyPayallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsWPEasyPay:fromn/athrough4.2.11. 32587 CVE- 2026- HeretaETH-IMC408Mfirmwareversion1.0.15andpriorcontainastoredcross-sitescriptingvulnerabilitythatallowsauthenticatedattackerstoinjectarbitraryJavaScriptbymanipulatingtheDeviceNamefield.AttackerscaninjectmaliciousscriptsthroughtheSystemStatusinterfacethatexecuteinbrowsersofusersviewingthestatuspagewithoutinputsanitation. 29510 CVE- 2026- MissingAuthorizationvulnerabilityinlinethemesSmartFixsmartfixallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsSmartFix:fromn/athrough<1.2.4. 32391 CVE- 2026- MissingAuthorizationvulnerabilityinlinethemesNanosoftnanosoftallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsNanosoft:fromn/athrough<1.3.2. 32390 CVE- 2026- MissingAuthorizationvulnerabilityinlinethemesGLBglballowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsGLB:fromn/athrough<=1.2.2. 32388 CVE- 2026- Cross-SiteRequestForgery(CSRF)vulnerabilityinRubenGarciaGamiPressgamipressallowsCrossSiteRequestForgery.ThisissueaffectsGamiPress:fromn/athrough<=7.6.6. 32420 CVE- 2026- MissingAuthorizationvulnerabilityinEnvoThemesEnvoExtraenvo-extraallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsEnvoExtra:fromn/athrough<=1.9.13. 32386 CVE- 2026- MissingAuthorizationvulnerabilityinMetagaussRegistrationMagiccustom-registration-form-builder-with-submission-managerallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsRegistrationMagic:fromn/athrough<=6.0.7.6. 32385 CVE- 2026- MissingAuthorizationvulnerabilityinBowoAdminandSiteEnhancements(ASE)admin-site-enhancementsallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsAdminandSiteEnhancements(ASE):fromn/athrough<=8.4.0. 32423 CVE- 2026- 27249 CVE- 2026- 27266 CVE- 2026- MissingAuthorizationvulnerabilityinbPluginsPDFPosterpdf-posterallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPDFPoster:fromn/athrough<=2.4.0. 32416 CVE- TheGetGeniepluginforWordPressisvulnerabletoInsecureDirectObjectReferenceinallversionsupto,andincluding,4.3.2.Thisisduetomissingvalidationontheidparameterinthecreate()methodoftheGetGenieChatRESTAPIendpoint.Themethodacceptsauser-controlledpostIDand,whenapostwiththatIDexists,callswp_update_post()withoutverifyingthatthecurrentuserownsthepostorthatthepostisoftheexpectedgetgenie_chattype.Thismakesitpossibleforauthenticatedattackers,withAuthor-levelaccessandabove,tooverwrite2026- arbitrarypostsownedbyanyuser—includingAdministrators—effectivelydestroyingtheoriginalcontentbychangingitspost_typetogetgenie_chatandreassigningpost_authortotheattacker.2879 CVE- 2026- HeretaETH-IMC408Mfirmwareversion1.0.15andpriorcontainastoredcross-sitescriptingvulnerabilitythatallowsauthenticatedattackerstoinjectarbitraryJavaScriptbymanipulatingtheDeviceLocationfield.AttackerscaninjectmaliciousscriptsthroughtheSystemStatusinterfacethatexecuteinbrowsersofusersviewingthestatuspagewithoutinputsanitation. 29513 CVE- 2026- 27242 CVE- 2026- AflawwasfoundintheKatellopluginforRedHatSatellite.Thisvulnerability,causedbyimpropersanitizationofuser-providedinput,allowsaremoteattackertoinjectarbitrarySQLcommandsintothesortbyparameterofthe/api/hosts/bootcimagesAPIendpoint.ThiscanleadtoaDenialofService(DoS)bytriggeringdatabaseerrors,andpotentiallyenableBoolean-basedBlindSQLinjection,whichcouldallowanattackertoextractsensitiveinformationfromthedatabase. 4324 CVE- 2026- OpenEMRisafreeandopensourceelectronichealthrecordsandmedicalpracticemanagementapplication.Priorto8.0.0.1,storedcross-sitescripting(XSS)intheGraphicalPainMap("clickmap")formallowsanyauthenticatedcliniciantoinjectarbitraryJavaScriptthatexecutesinthebrowserofeverysubsequentuserwhoviewstheaffectedencounterform.BecausesessioncookiesarenotmarkedHttpOnly,thisenablesfullsessionhijackingofotherusers,includingadministrators.Thisvulnerabilityisfixedin8.0.0.1. 32118 CVE- 2026- 27255 CVE- 2026- MissingAuthorizationvulnerabilityinwppochippPochipppochippallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPochipp:fromn/athrough<1.18.9. 32417 CVE- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyalow-privilegedattackerattackertoinjectmaliciousscriptsintovulnerableformfields.Exploitationofthisissuerequiresuserinteractioninthatavictimmustbrowsetothepagecontainingthevulnerablefield. 21292 CVE- 2026- Plunkisanopen-sourceemailplatformbuiltontopofAWSSES.Priorto0.7.1,Plunk'simageuploadendpointacceptedSVGfiles,whichbrowserstreatasactivedocumentscapableofexecutingembeddedJavaScript,creatingastoredXSSvulnerability.Thisvulnerabilityisfixedin0.7.1.

32095 CVE- Server-SideRequestForgery(SSRF)vulnerabilityinGiftUp!GiftUpGiftCardsforWordPressandWooCommercegift-upallowsServerSideRequestForgery.ThisissueaffectsGiftUpGiftCardsforWordPressandWooCommerce:fromn/athrough<=3.1.7. 32412 CVE- 2026- StatamicisaLaravelandGitpoweredcontentmanagementsystem(CMS).Priorto6.6.2,storedXSSinthecontrolpanelcolormodepreferenceallowsauthenticateduserswithcontrolpanelaccesstoinjectmaliciousJavaScriptthatexecuteswhenahigher-privilegeduserimpersonatestheiraccount.Thishasbeenfixedin6.6.2. 32612 CVE- 2026- 27254 CVE- 2026- 27253 CVE- 2026- 27252 CVE- Out-of-boundsreadinFFmpeg8.0and8.0.1RV60videodecoder(libavcodec/rv60dec.c).Thequantizationparameter(qp)validationatline2267onlychecksthelowerbound(qp<0)butismissingupperboundvalidation.Theqpvaluecanreach65(basevalue63from6-bitframeheader+offset+2fromreadqpoffset)whiletherv60qptoidxarrayhassize64(validindices0-63).Thisresultsinout-of-boundsarrayaccessatlines1554(decodecbp8),1655(decodecbp16),and1419/1421(getc4x4set),potentiallyleadingtomemorydisclosureorcrash.Apreviousfix2025- incommit61cbcaf93faddedvalidationonlyforintraframes.Thisvulnerabilityaffectsthereleasedversions8.0(released2025-08-22)and8.0.1(released2025-11-20)andisfixedingitmastercommit8abeb879dfwhichwillbeincludedinFFmpeg8.1.69693 CVE- 2026- OpenEMRisafreeandopensourceelectronichealthrecordsandmedicalpracticemanagementapplication.Priorto8.0.0.1,thedynamiccodepickerAJAXendpointreturnscodedescriptions(codetext)thatarerenderedinthefrontend(e.g.DataTables)withoutHTMLescaping.Ifanadministrator(oruserwithcodemanagementrights)createsoreditsacodewithamaliciousdescriptioncontainingscript,thatscriptrunsinthebrowserofeveryuserwhousesthepicker.Thisvulnerabilityisfixedin8.0.0.1. 32124 CVE- 2026- 27251 CVE- 2026- 27265 CVE- 2026- AdobeExperienceManagerversions6.5.23andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyanattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield. 27262 CVE- 2026- OpenEMRisafreeandopensourceelectronichealthrecordsandmedicalpracticemanagementapplication.Priorto8.0.0.1,track/itemnamesfromtheTrackAnythingfeaturearestoredfromuserinput(POST)andlaterrenderedinDygraphcharts(titles/labels)usinginnerHTMLorequivalentwithoutescaping.AuserwhocancreateoreditTrackAnythingitemscaninjectscriptthatrunswhenanyuserviewsthecorrespondinggraph.Thisvulnerabilityisfixedin8.0.0.1. 32125 CVE- 2026- Cross-SiteRequestForgery(CSRF)vulnerabilityinshufflehoundLemmonylemmonyallowsCrossSiteRequestForgery.ThisissueaffectsLemmony:fromn/athrough<1.7.1. 32328 CVE- 2026- AdobeExperienceManagerversions6.5.23andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyanattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield. 27223 CVE- Dataeaseisanopensourcedatavisualizationanalysistool.InDataEase2.10.19andearlier,thestaticresourceuploadinterfaceallowsSVGuploads.However,backendvalidationonlycheckswhethertheXMLisparseableandwhethertherootnodeissvg.Itdoesnotsanitizeactivecontentsuchasonload/onerroreventhandlersorscript-capableattributes.Asaresult,anattackercanuploadamaliciousSVGandthentriggerscriptexecutioninabrowserbyvisitingtheexposedstaticresourceURL,formingafullstoredXSSexploitationchain.Thisvulnerabilityisfixedin2026- 2.10.20.32139 CVE- 2025- RaythaCMSisvulnerabletoStoredXSSviaFieldValues[1].Valueparameterinposteditingfunctionality.AuthenticatedattackerwithpermissionstoeditpostscaninjectarbitraryHTMLandJSintowebsite,whichwillberendered/executedwhenvisitingeditedpage. 69236 CVE- PX4autopilotisaflightcontrolsolutionfordrones.Priorto1.17.0-rc2,AnunauthenticatedpathtraversalvulnerabilityinthePX4AutopilotMAVLinkFTPimplementationallowsanyMAVLinkpeertoread,write,create,delete,andrenamearbitraryfilesontheflightcontrollerfilesystemwithoutauthentication.OnNuttXtargets,theFTProotdirectoryisanemptystring,meaningattacker-suppliedpathsarepasseddirectlytofilesystemsyscallswithnoprefixorsanitizationforreadoperations.OnPOSIXtargets(Linuxcompanioncomputers,SITL),thewrite-pathvalidation2026- functionunconditionallyreturnstrue,providingnoprotection.ATOCTOUraceconditioninthewritevalidationonNuttXfurtherallowsbypassingtheonlyexistingguard.Thisvulnerabilityisfixedin1.17.0-rc2.32709 CVE- 2026- 27232 CVE- 2026- AdobeExperienceManagerversions6.5.23andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyanattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield. 27239 CVE- 2026- AdobeExperienceManagerversions6.5.23andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyanattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield. 27231 CVE- 2025- RaythaCMSisvulnerabletoStoredXSSviaFieldValues[0].Valueparameterinpagecreationfunctionality.AuthenticatedattackerwithpermissionstocreatecontentcaninjectarbitraryHTMLandJSintowebsite,whichwillberendered/executedwhenvisitingeditedpage. 69237 CVE- AdobeExperienceManagerversions6.5.23andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyanattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield. 27234 CVE- IBMSterlingB2BIntegratorandIBMSterlingFileGateway6.1.0.0through6.1.2.72,6.2.0.0through6.2.0.51,6.2.1.0through6.2.1.1_1,and6.2.2.0arevulnerabletocross-sitescripting.ThisvulnerabilityallowsanauthenticatedusertoembedarbitraryJavaScriptcodeintheWebUIthusalteringtheintendedfunctionalitypotentiallyleadingtocredentialsdisclosurewithinatrustedsession.

CVE- 27235 CVE- 27240 CVE- 2026- 27230 CVE- 2026- EdimaxGS-5008PLfirmwareversion1.00.54andpriorcontainastoredcross-sitescriptingvulnerabilityinthesystemnameset.cgiscriptthatallowsattackerstoinjectarbitraryscriptcodebymanipulatingthesysNameparameter.AttackerscansendacraftedPOSTrequestwithmaliciousscriptpayloadthatexecuteswhenmanagementpagesincludingsystemdata.jsareviewedbyadministrators. 32840 CVE- 2026- InSplunkEnterpriseversionsbelow10.2.1and10.0.4,andSplunkCloudPlatformversionsbelow10.2.2510.5,10.1.2507.16,and10.0.2503.12,alow-privilegeduserthatdoesnotholdthe"admin"or"power"SplunkrolescouldretrievetheObservabilityCloudAPIaccesstokenthroughtheDiscoverSplunkObservabilityCloudappduetoimproperaccesscontrol. 20166 CVE- 2025- RaythaCMSisvulnerabletoStoredXSSviaFirstNameandLastNameparametersinprofileeditingfunctionality.AuthenticatedattackercaninjectarbitraryHTMLandJSintowebsite,whichwillberendered/executedwhenvisitingeditedpage. 69241 CVE- 2026- 27241 CVE- 2026- AdobeExperienceManagerversions6.5.23andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyanattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield. 27229 CVE- 2025- IBMSterlingB2BIntegratorandIBMSterlingFileGateway6.1.0.0through6.1.2.72,6.2.0.0through6.2.0.51,6.2.1.0through6.2.1.11,and6.2.2.0isvulnerabletocross-sitescripting.ThisvulnerabilityallowsanauthenticatedusertoembedarbitraryJavaScriptcodeintheWebUIthusalteringtheintendedfunctionalitypotentiallyleadingtocredentialsdisclosurewithinatrustedsession. 14504 CVE- 2026- 27228 CVE- 2026- AdobeExperienceManagerversions6.5.23andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyanattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield. 27226 CVE- 2026- 27237 CVE- 2026- MissingAuthorizationvulnerabilityinCozyVisionSMSAlertOrderNotificationssms-alertallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsSMSAlertOrderNotifications:fromn/athrough<=3.9.0. 32373 CVE- 2026- 27225 CVE- TheHappyAddonsforElementorpluginforWordPressisvulnerabletoInsecureDirectObjectReferenceinallversionsupto,andincluding,3.21.0viatheha_duplicate_thingadminactionhandler.Thisisduetothecan_clone()methodonlycheckingcurrent_user_can('edit_posts')(ageneralcapability)withoutperformingobject-levelauthorizationsuchascurrent_user_can('edit_post',$post_id),andthenoncebeingtiedtothegenericactionnameha_duplicate_thingratherthantoaspecificpostID.Thismakesitpossibleforauthenticatedattackers,with2026- Contributor-levelaccessandabove,tocloneanypublishedpost,page,orcustomposttypebyobtainingavalidclonenoncefromtheirownpostsandchangingthepost_idparametertotargetotherusers'content.Thecloneoperationcopiesthefullpostcontent,allpostmetadata(includingpotentiallysensitivewidgetconfigurationsandAPItokens),andtaxonomiesintoanewdraftownedbytheattacker.2917 CVE- 2026- 27236 CVE- 2023- IBMSterlingB2BIntegratorandIBMSterlingFileGateway6.1.0.0through6.1.2.72,and6.2.0.0through6.2.0.51,6.2.1.0through6.2.1.1_1arevulnerabletocross-sitescripting.ThisvulnerabilityallowsuserstoembedarbitraryJavaScriptcodeintheWebUIthusalteringtheintendedfunctionalitypotentiallyleadingtocredentialsdisclosurewithinatrustedsession. 40693 CVE- 2026- AdobeExperienceManagerversions6.5.23andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyanattackertoinjectmaliciousscriptsintovulnerableformfields.MaliciousJavaScriptmaybeexecutedinavictim’sbrowserwhentheybrowsetothepagecontainingthevulnerablefield. 27224 CVE- 2026- 27233 CVE- Quillprovidessimplemacbinarysigningandnotarizationfromanyplatform.Quillbeforeversionv0.7.1containsaServer-SideRequestForgery(SSRF)vulnerabilitywhenattemptingtofetchtheApplenotarizationsubmissionlogs.ExploitationrequirestheabilitytomodifyAPIresponsesfromApple'snotarizationservice,whichisnotpossibleunderstandardnetworkconditionsduetoHTTPSwithproperTLScertificatevalidation;however,environmentswithTLS-interceptingproxies(commonincorporatenetworks),compromisedcertificateauthorities,orothertrustboundary 2026- violationsareatrisk.Whenretrievingsubmissionlogs,QuillfetchesaURLprovidedintheAPIresponsewithoutvalidatingthattheschemeishttpsorthatthehostdoesnotpointtoalocalormulticastIPaddress.AnattackerwhocantamperwiththeresponsecansupplyanarbitraryURL,causingtheQuillclienttoissueHTTPorHTTPSrequeststoattacker-controlledorinternalnetworkdestinations.Thiscouldleadtoexfiltrationofsensitivedatasuchascloudprovidercredentialsorinternalserviceresponses.BoththeQuillCLIandlibraryareaffectedwhenusedtoretrieve 31959 notarizationsubmissionlogs.Thisvulnerabilityisfixedin0.7.1. CVE- Quillprovidessimplemacbinarysigningandnotarizationfromanyplatform.Quillbeforeversionv0.7.1hasunboundedreadsofHTTPresponsebodiesduringtheApplenotarizationprocess.ExploitationrequirestheabilitytomodifyAPIresponsesfromApple'snotarizationservice,whichisnotpossibleunderstandardnetworkconditionsduetoHTTPSwithproperTLScertificatevalidation;however,environmentswithTLS-interceptingproxies(commonincorporatenetworks),compromisedcertificateauthorities,orothertrustboundaryviolationsareatrisk.Whenprocessing 2026- HTTPresponsesduringnotarization,Quillreadstheentireresponsebodyintomemorywithoutanysizelimit.Anattackerwhocancontrolormodifytheresponsecontentcanreturnanarbitrarilylargepayload,causingtheQuillclienttorunoutofmemoryandcrash.Theimpactislimitedtoavailability;thereisnoeffectonconfidentialityorintegrity.BoththeQuillCLIandlibraryareaffectedwhenusedtoperformnotarizationoperations.Thisvulnerabilityisfixedin0.7.1. 31960 CVE- AnimpropercertificatevalidationvulnerabilitywasreportedintheLenovoFilezapplicationthatcouldallowausercapableofinterceptingnetworktraffictoobtainsensitiveuserdatafromtheapplication.

CVE- AnIncorrectAccessControlvulnerabilityexistsinINDEX-EDUCATIONPRONOTEpriorto2025.2.8.Theaffectedcomponents(index.jsandcomposeUrlImgPhotoIndividu)allowtheconstructionofdirectURLstouserprofileimagesbasedsolelyonpredictableidentifierssuchasuserIDsandnames.Duetomissingauthorizationchecksandlackofrate-limitingwhengeneratingoraccessingtheseURLs,anunauthenticatedorunauthorizedactormayretrieveprofilepicturesofusersbycraftingrequestswithguessedorknownidentifiers. 69727 CVE- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanIncorrectAuthorizationvulnerabilitythatcouldresultinaSecurityfeaturebypass.Anattackercouldleveragethisvulnerabilitytobypasssecuritymeasuresandgainlimitedunauthorizedviewaccessofdata.Exploitationofthisissuedoesnotrequireuserinteraction. 21286 CVE- 2026- MissingAuthorizationvulnerabilityinCyberChimpsResponsiveBlocksresponsive-block-editor-addonsallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsResponsiveBlocks:fromn/athrough<=2.2.0. 32543 CVE- 2026- MissingAuthorizationvulnerabilityinwptravelengineTravelBookingtravel-bookingallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsTravelBooking:fromn/athrough<=1.3.9. 32486 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10Mattermostfailstolimitthesizeofresponsesfromintegrationactionendpoints,whichallowsanauthenticatedattackertocauseservermemoryexhaustionanddenialofserviceviaamaliciousintegrationserverthatreturnsanarbitrarilylargeresponsewhenauserclicksaninteractivemessagebutton..MattermostAdvisoryID:MMSA-2026-00571 2456 CVE- 2026- TheUserFrontend:AIPoweredFrontendPosting,UserDirectory,Profile,Membership&UserRegistrationpluginforWordPressisvulnerabletounauthorizedmodificationofdataduetoamissingcapabilitycheckonthedraftpost()functioninallversionsupto,andincluding,4.2.8.Thismakesitpossibleforunauthenticatedattackerstomodifyarbitraryposts(e.g.unpublishpublishedpostsandoverwritethecontents)viathe'postid'parameter. 2233 CVE- 2026- AweaknesshasbeenidentifiedinGPAC26.03-DEV.Affectedisthefunctiontxtinprocesstexmlofthefilesrc/filters/loadtext.cofthecomponentTeXMLFileParser.Executingamanipulationcanleadtostack-basedbufferoverflow.Itispossibletolaunchtheattackonthelocalhost.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thispatchiscalledd29f6f1ada5cc284cdfa783b6f532c7d8bd049a5.Applyingapatchisadvisedtoresolvethisissue. 4015 CVE- 2026- MissingAuthorizationvulnerabilityinReallySimplePluginsReallySimpleSSLreally-simple-sslallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsReallySimpleSSL:fromn/athrough<=9.5.7. 32461 CVE- 2026- ChamiloLMSisalearningmanagementsystem.Priortoversion1.11.36,Chamiloisvulnerabletouserenumerationwithvalid/invalidusername.Thisissuehasbeenpatchedinversion1.11.36. 30876 CVE- 2026- MissingAuthorizationvulnerabilityinrarathemeLawyerLandingPagelawyer-landing-pageallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsLawyerLandingPage:fromn/athrough<=1.2.7. 32487 CVE- 2013- QoolCMS2.0RC2containsacross-siterequestforgeryvulnerabilitythatallowsattackerstoperformadministrativeactionsbytrickinglogged-inusersintovisitingmaliciouswebpages.AttackerscanforgePOSTrequeststothe/admin/adduserendpointwithparameterslikeusername,password,email,andleveltocreateroot-leveluseraccountswithoutuserconsent. 20005 CVE- 2025- RaythaCMSisvulnerabletoUserEnumerationinpasswordresetfunctionality.Differenceinmessagescouldallowanattackertodetermineiftheloginisvalidornot,enablingabruteforceattackwithvalidlogins. 69243 CVE- 2026- wpDiscuzbefore7.6.47containsanIPspoofingvulnerabilityinthegetIP()functionthatallowsattackerstobypassIP-basedratelimitingandbanenforcementbytrustinguntrustedHTTPheaders.AttackerscansetHTTPCLIENTIPorHTTPXFORWARDEDFORheaderstospooftheirIPaddressandcircumventsecuritycontrols. 22201 CVE- 2026- MissingAuthorizationvulnerabilityinWebnusInc.ModernEventsCalendarallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsModernEventsCalendar:fromn/athrough7.29.0. 32583 CVE- 2016- WowzaStreamingEngine4.5.0containsacross-siterequestforgeryvulnerabilitythatallowsattackerstoperformadministrativeactionsbycraftingmaliciouswebpages.Attackerscantricklogged-inadministratorsintovisitingamalicioussitethatsubmitsPOSTrequeststotheusereditendpointtocreatenewadminaccountswitharbitrarycredentials. 20035 CVE- Aweaknesshasbeenidentifiedini-SENSSmartLogAppupto2.6.8onAndroid.Thisaffectsanunknownfunctionofthecomponentair.SmartLog.android.Thismanipulationcauseshard-codedcredentials.Theattackcanonlybeexecutedlocally.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thevendorexplains:"Thefunctionreferencedinthereportcurrentlyexistsinourdeployedsystem.ItisrelatedtoadevelopermodeusedduringtheconfigurationprocessforBluetoothpairingbetweenthebloodglucosemeterandtheSmartLog2026- application.Thisfunctionisintendedforconfigurationpurposesrelatedtodeviceintegrationandtesting.(...)[I]nafutureapplicationupdate,weplantoreviewmeasurestoeitherremovethedevelopermodefunctionorrestrictaccesstoit."4216 CVE- 2025- IBMSterlingPartnerEngagementManager6.2.3.0through6.2.3.5and6.2.4.0through6.2.4.2couldallowanattackertoobtainsensitiveuserinformationusinganexpiredaccesstoken 13723 CVE- 2026- WhenanOAuth2bearertokenisusedforanHTTP(S)transfer,andthattransferperformsaredirecttoasecondURL,curlcouldleakthattokentothesecondhostnameundersomecircumstances. 3783 CVE- 2025- IBMSterlingPartnerEngagementManager6.2.3.0through6.2.3.5and6.2.4.0through6.2.4.2couldallowaremoteattackertoobtainsensitiveinformationwhendetailedtechnicalerrormessagesarereturned.Thisinformationcouldbeusedinfurtherattacksagainstthesystem. 13726 CVE- Shopwareisanopencommerceplatform.Priorto6.7.8.1and6.6.10.15,theStoreAPIloginendpoint(POST/store-api/account/login)returnsdifferenterrorcodesdependingonwhetherthesubmittedemailaddressbelongstoaregisteredcustomer(CHECKOUTCUSTOMERAUTHBAD_CREDENTIALS)orisunknown(CHECKOUTCUSTOMERNOTFOUND).The"notfound"responsealsoechoestheprobedemailaddress.Thisallowsanunauthenticatedattackertoenumeratevalidcustomeraccounts.Thestorefrontlogincontrollercorrectlyunifiesbotherrorpaths,butthe2026- StoreAPIdoesnot—indicatinganinconsistentdefense.Thisvulnerabilityisfixedin6.7.8.1and6.6.10.15.31888 CVE- 2026- Avulnerabilitywasidentifiedinbazinga012mcpcodeexecutorupto0.3.0.AffectedbythisissueisthefunctioninstallDependenciesofthefilesrc/index.ts.Suchmanipulationleadstocommandinjection.Theattackcanonlybeperformedfromalocalenvironment.Theexploitispubliclyavailableandmightbeused.Itisbestpracticetoapplyapatchtoresolvethisissue.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 4199

CVE- Avulnerabilitywasdeterminedinhypermodel-labsmcp-server-auto-commit1.0.0.AffectedbythisvulnerabilityisthefunctiongetGitChangesofthefileindex.ts.Thismanipulationcausescommandinjection.Theattackcanonlybeexecutedlocally.Theexploithasbeenpubliclydisclosedandmaybeutilized.Patchname:f7d992c830c5f2ec5749852e66c0195e3ed7fe30.Applyingapatchistherecommendedactiontofixthisissue.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet.

CVE- NextClickVenturesRealtyScript4.0.2containsacross-siterequestforgeryvulnerabilitythatallowsunauthenticatedattackerstocreateunauthorizeduseraccountsandadministrativeusersbycraftingmaliciousforms.Attackerscansubmithiddenformdatato/admin/addusers.phpand/admin/editadmins.phpendpointstoregisternewuserswitharbitrarycredentialsandescalateprivilegestoSUPERUSERlevel. 20117 CVE- IBMAsperaConsole3.3.0through3.4.8couldallowanauthenticatedusertocauseadenialofserviceintheemailserviceduetoimpropercontrolofinteractionfrequency. 13212 CVE- FreeRDPisafreeimplementationoftheRemoteDesktopProtocol.Priorto3.24.0,aclient-sideheapbufferoverflowoccursintheFreeRDPclient'sAVC420/AVC444YUV-to-RGBconversionpathduetomissinghorizontalboundsvalidationofH.264metablockregionRectscoordinates.2026- canreachfarbeyondtheallocatedsurfacebuffer.AmaliciousserversendsaWIRETOSURFACEPDU1withAVC420codeccontainingaregionRectsentrywhereleftgreatlyexceedsthesurfacewidth(e.g.,left=60000ona128pxsurface).TheH.264bitstreamdecodessuccessfully,thenyuv420processworkcallbackcallsavc420yuvtorgbwhichcomputespDstPoint=pDstData+rect->topnDstStep+rect->left4,writing16-byteSSEvectors1888+bytespasttheallocatedheapregion.Thisvulnerabilityisfixedin3.24.0.29774 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanImproperInputValidationvulnerabilitythatcouldresultinasecurityfeaturebypass,withlimitedimpacttointegrity.Exploitationofthisissuedoesnotrequireuserinteraction. 21310 CVE- 2025- IBMAsperaConsole3.3.0through3.4.8couldallowanattackertoenumerateusernamesduetoanobservableresponsediscrepancy. 13460 CVE- 2026- FreeRDPisafreeimplementationoftheRemoteDesktopProtocol.Priorto3.24.0,aclient-sideheapout-of-boundsread/writeoccursinFreeRDP'sbitmapcachesubsystemduetoanoff-by-oneboundarycheckinbitmapcacheput.AmaliciousservercansendaCACHEBITMAPORDER(Rev1)withcacheIdequaltomaxCells,bypassingtheguardandaccessingcells[]oneelementpasttheallocatedarray.Thisvulnerabilityisfixedin3.24.0. 29775 CVE- 2015- NextClickVenturesRealtyScript4.0.2containscross-siterequestforgeryandpersistentcross-sitescriptingvulnerabilitiesthatallowattackerstoperformadministrativeactionsandinjectmaliciousscripts.Attackerscancraftmaliciouswebpagesthatexecuteunauthorizedactionswhenlogged-inusersvisitthem,orinjectpersistentscriptsthatexecuteintheapplicationcontext. 20113 CVE- 2026- AvulnerabilitywasidentifiedinTiandyEasy7IntegratedManagementPlatform7.17.0.Impactedisanunknownfunctionofthefile/WebService/UpdateLocalDevInfo.jspofthecomponentDeviceIdentifierHandler.Suchmanipulationoftheargumentusername/passwordleadstomissingauthentication.Theattackcanbelaunchedremotely.Theexploitispubliclyavailableandmightbeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4187 CVE- 2026- PX4autopilotisaflightcontrolsolutionfordrones.Priorto1.17.0-rc1,aheap-use-after-freeisdetectedintheMavlinkShell::available()function.TheissueiscausedbyaraceconditionbetweentheMAVLinkreceiverthread(whichhandlesshellcreation/destruction)andthetelemetrysenderthread(whichpollstheshellforavailableoutput).TheissueisremotelytriggerableviaMAVLinkSERIALCONTROLmessages(ID126),whichcanbesentbyanexternalgroundstationorautomatedscript.Thisvulnerabilityisfixedin1.17.0-rc1. 32724 CVE- 2026- file-typedetectsthefiletypeofafile,stream,ordata.From20.0.0to21.3.1,acraftedZIPfilecantriggerexcessivememorygrowthduringtypedetectioninfile-typewhenusingfileTypeFromBuffer(),fileTypeFromBlob(),orfileTypeFromFile().TheZIPinflateoutputlimitisenforcedforstream-baseddetection,butnotforknown-sizeinputs.Asaresult,asmallcompressedZIPcancausefile-typetoinflateandprocessamuchlargerpayloadwhileprobingZIP-basedformatssuchasOOXML.Thisvulnerabilityisfixedin21.3.2. 32630 CVE- 2026- AsecurityvulnerabilityhasbeendetectedinGPAC26.03-DEV.Affectedbythisvulnerabilityisthefunctionsvginprocessofthefilesrc/filters/loadsvg.cofthecomponentSVGParser.Themanipulationleadstoout-of-boundswrite.Localaccessisrequiredtoapproachthisattack.Theexploithasbeendisclosedpubliclyandmaybeused.Theidentifierofthepatchis7618d7206cdeb3c28961dc97ab0ecabaff0c8af2.Itissuggestedtoinstallapatchtoaddressthisissue. 4016 CVE- 2026- wpDiscuzbefore7.6.47containsavotemanipulationvulnerabilitythatallowsattackerstomanipulatecommentvotesbyobtainingfreshnoncesandbypassingratelimitingthroughclient-controlledheaders.AttackerscanvaryUser-Agentheaderstoresetratelimits,requestnoncesfromtheunauthenticatedwpdGetNonceendpoint,andvotemultipletimesusingIProtationorreverseproxyheadermanipulation. 22199 CVE- 2026- AvulnerabilitywasdeterminedinOpen5GSupto2.7.6.Theaffectedelementisthefunctionsmfgxccacb/smfgyccacb/smfs6baaacb/smfs6bsta_cbofthecomponentCCAHandler.Thismanipulationcausesdenialofservice.Theattackcanbeinitiatedremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized.Upgradingtoversion2.7.7issufficienttofixthisissue.Patchname:80eb484a6ab32968e755e628b70d1a9c64f012ec.Upgradingtheaffectedcomponentisrecommended. 4240 CVE- ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto8.6.34and9.6.0-alpha.8,theemailverificationendpoint(/verificationEmailRequest)returnsdistincterrorresponsesdependingonwhetheranemailaddressbelongstoanexistinguser,isalreadyverified,ordoesnotexist.Anattackercansendrequestswithdifferentemailaddressesandobservetheerrorcodestodeterminewhichemailaddressesareregisteredintheapplication.ThisisauserenumerationvulnerabilitythataffectsanyParseServerdeployment2026- withemailverificationenabled(verifyUserEmails:true).Thisvulnerabilityisfixedin8.6.34and9.6.0-alpha.8.31901 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanImproperInputValidationvulnerabilitythatcouldleadtoapplicationdenial-of-service.Anattackercouldexploitthisvulnerabilitybyprovidingspeciallycraftedinput,causinglimitedimpacttoapplicationavailability.Exploitationofthisissuedoesnotrequireuserinteraction. 21282 CVE- 2026- IBMDb2RecoveryExpertforLinux,UNIXandWindows5.5IF2couldallowanattackertomodifyorcorruptdataduetoaninsecuremechanismusedforverifyingtheintegrityofthedataduringtransmission. 3856 CVE- 2026- MissingAuthorizationvulnerabilityinWombatPluginsAdvancedProductFields(ProductAddons)forWooCommerceadvanced-product-fields-for-woocommerceallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsAdvancedProductFields(ProductAddons)forWooCommerce:fromn/athrough<=1.6.18. 32457 CVE- 2026- MissingAuthorizationvulnerabilityinrarathemePranayamaYogapranayama-yogaallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPranayamaYoga:fromn/athrough<=1.2.2. 32377 CVE- 2026- UptimeKumaisanopensource,self-hostedmonitoringtool.From2.0.0to2.1.3,theGET/api/badge/:id/ping/:duration?endpointinserver/routers/api-router.jsdoesnotverifythattherequestedmonitorbelongstoapublicgroup.AllotherbadgeendpointscheckANDpublic=1intheirSQLquerybeforereturningdata.Thepingendpointskipsthischeckentirely,allowingunauthenticateduserstoextractaverageping/responsetimedataforprivatemonitors.Thisvulnerabilityisfixedin2.2.0. 32230 CVE- 2026- MissingAuthorizationvulnerabilityinwpradiantChocolateHousechocolate-houseallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsChocolateHouse:fromn/athrough<=1.1.5. 32350 CVE- 2026- InsertionofSensitiveInformationIntoSentDatavulnerabilityinmagepeopleteamWpEventlymage-eventpressallowsRetrieveEmbeddedSensitiveData.ThisissueaffectsWpEvently:fromn/athrough<5.1.9. 32354 CVE- AweaknesshasbeenidentifiedinOpenAkitaupto1.24.3.Thisimpactsthefunctionrunofthefilesrc/openakita/tools/shell.pyofthecomponentChatAPIEndpoint.ExecutingamanipulationoftheargumentMessagecanleadtooscommandinjection.Theattackisrestrictedtolocalexecution.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.

CVE-

Shopwareisanopencommerceplatform./api/info/configrouteexposesinformationaboutactivesecurityfixes.Thisvulnerabilityisfixedin2.0.16,3.0.12,and4.0.7. 32100 CVE-yauzl(akaYetAnotherUnzipLibrary)version3.2.0forNode.jscontainsanoff-by-oneerrorintheNTFSextendedtimestampextrafieldparserwithinthegetLastModDate()function.Thewhileloopconditioncheckscursor<data.length+4insteadofcursor+4<=data.length,allowingreadUInt16LE()toreadpastthebufferboundary.Aremoteattackercancauseadenialofservice(processcrashviaERROUTOFRANGEexception)bysendingacraftedzipfilewithamalformedNTFSextrafield.ThisaffectsanyNode.jsapplicationthatprocesseszipfileuploadsandcalls entry.getLastModDate()onparsedentries.Fixedinversion3.2.1.31988 CVE-Avulnerabilitywasfoundin0xKodaWireMCPupto7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e.Impactedisthefunctionserver.toolofthefileindex.jsofthecomponentTsharkCLICommandHandler.Themanipulationresultsinoscommandinjection.Theattackneedstobeapproachedlocally.Theexploithasbeenmadepublicandcouldbeused.Thisproductutilizesarollingreleasesystemforcontinuousdelivery,andassuch,versioninformationforaffectedorupdatedreleasesisnotdisclosed.Theprojectwasinformedoftheproblemearlythroughanissuereport2026-buthasnotrespondedyet.3959 CVE- 2026-MissingAuthorizationvulnerabilityinactivity-log.comWPSessionsTimeMonitoringFullAutomaticactivitytimeallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsWPSessionsTimeMonitoringFullAutomatic:fromn/athrough<=1.1.3. 32362 CVE- 2026-MissingAuthorizationvulnerabilityinFunlusOyWPLifeCyclefree-php-version-infoallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsWPLifeCycle:fromn/athrough<=3.3.1. 32363 CVE-TheFormidableFormspluginforWordPressisvulnerabletoanauthorizationbypassthroughuser-controlledkeyinallversionsupto,andincluding,6.28.Thisisduetothefrm_strp_amountAJAXhandler(update_intent_ajax)overwritingtheglobal$_POSTdatawithattacker-controlledJSONinputandthenusingthosevaluestorecalculatepaymentamountsviafieldshortcoderesolutioningenerate_false_entry().Thehandlerreliesonanoncethatispubliclyexposedinthepage'sJavaScript(frm_stripe_vars.nonce),whichprovidesCSRFprotectionbutnot2026-authorization.ThismakesitpossibleforunauthenticatedattackerstomanipulatePaymentIntentamountsbeforepaymentcompletiononformsusingdynamicpricingwithfieldshortcodes,effectivelypayingareducedamountforgoodsorservices.2888 CVE- 2026-InsufficientpolicyenforcementinDevToolsinGoogleChromepriorto146.0.7680.71allowedaremoteattackertobypassnavigationrestrictionsviaacraftedHTMLpage.(Chromiumsecurityseverity:Low) 3940 CVE- 2026-InsufficientpolicyenforcementinPDFinGoogleChromepriorto146.0.7680.71allowedaremoteattackertobypassnavigationrestrictionsviaacraftedPDFfile.(Chromiumsecurityseverity:Low) 3939 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeInfluencerinfluencerallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsInfluencer:fromn/athrough<=1.1.7. 32370 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeElegantPinkelegant-pinkallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsElegantPink:fromn/athrough<=1.3.3. 32371 CVE- 2026-ExposureofSensitiveSystemInformationtoanUnauthorizedControlSpherevulnerabilityinRadiusThemeShopBuilder–ElementorWooCommerceBuilderAddonsshopbuilderallowsRetrieveEmbeddedSensitiveData.ThisissueaffectsShopBuilder–ElementorWooCommerceBuilderAddons:fromn/athrough<=3.2.4. 32372 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeTheMinimalthe-minimalallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsTheMinimal:fromn/athrough<=1.2.9. 32374 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeTravelDiariestravel-diariesallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsTravelDiaries:fromn/athrough<=1.2.4. 32375 CVE- 2026-MissingAuthorizationvulnerabilityinMadrasThemesMASVideosmasvideosallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsMASVideos:fromn/athrough<=1.3.2. 32348 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeRestaurantandCaferestaurant-and-cafeallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsRestaurantandCafe:fromn/athrough<=1.2.5. 32347 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeTravelAgencytravel-agencyallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsTravelAgency:fromn/athrough<=1.5.5. 32346 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeTheConferencethe-conferenceallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsTheConference:fromn/athrough<=1.2.5. 32335 CVE- 2026-Aflawhasbeenfoundinquickjs-ngquickjsupto0.12.1.Thisaffectsthefunctionjsiteratorconcat_returnofthefilequickjs.c.Thismanipulationcausesuseafterfree.Theattackrequireslocalaccess.Theexploithasbeenpublishedandmaybeused.Patchname:daab4ad4bae4ef071ed0294618d6244e92def4cd.Applyingapatchistherecommendedactiontofixthisissue. 3979 CVE- 2026-MissingAuthorizationvulnerabilityinUX-themesFlatsomeflatsomeallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsFlatsome:fromn/athrough<=3.19.6. 31915 CVE- 2026-MissingAuthorizationvulnerabilityinIuliaCazanLatestPostShortcodelatest-post-shortcodeallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsLatestPostShortcode:fromn/athrough<=14.2.1. 31916 CVE- soroban-sdkisaRustSDKforSorobancontracts.Priorto22.0.11,23.5.3,and25.3.0,TheFr(scalarfield)typesforBN254andBLS12-381insoroban-sdkcomparedvaluesusingtheirrawU256representationwithoutfirstreducingmodulothefieldmodulusr.Thiscausedmathematicallyequalfieldelementstocompareasnot-equalwhenoneorbothvalueswereunreduced(i.e.,>=r).ThevulnerabilityrequiresanattackertosupplycraftedFrvaluesthroughcontractinputs,andcomparethemdirectlywithoutgoingthroughhost-sidearithmeticoperations.Smartcontracts2026- thatrelyonFrequalitychecksforsecurity-criticallogiccouldproduceincorrectresults.TheimpactdependsonhowtheaffectedcontractusesFrequalitycomparisons,butcanresultinincorrectauthorizationdecisionsorvalidationbypassesincontractsthatperformequalitychecksonuser-suppliedscalarvalues.Thisvulnerabilityisfixedin22.0.11,23.5.3,and25.3.0.32322

CVE- MissingAuthorizationvulnerabilityinAysProAdvancedRelatedPostsadvanced-related-postsallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsAdvancedRelatedPosts:fromn/athrough<=1.9.1. 32329 CVE-

MissingAuthorizationvulnerabilityinAysProEasyFormeasy-formallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsEasyForm:fromn/athrough<=2.7.9. 32332 CVE- MissingAuthorizationvulnerabilityinrarathemeJobScoutjobscoutallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsJobScout:fromn/athrough<=1.1.7. 32334 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeRaraBusinessrara-businessallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsRaraBusiness:fromn/athrough<=1.3.0. 32336 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemePerfectPortfolioperfect-portfolioallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPerfectPortfolio:fromn/athrough<=1.2.4. 32345 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemePreschoolandKindergartenpreschool-and-kindergartenallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPreschoolandKindergarten:fromn/athrough<=1.2.5. 32337 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeConstructionLandingPageconstruction-landing-pageallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsConstructionLandingPage:fromn/athrough<=1.4.1. 32338 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeBakesAndCakesbakes-and-cakesallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsBakesAndCakes:fromn/athrough<=1.2.9. 32339 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeBusinessOnePagebusiness-one-pageallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsBusinessOnePage:fromn/athrough<=1.3.2. 32340 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeBenevolentbenevolentallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsBenevolent:fromn/athrough<=1.3.9. 32341 CVE-Wazuhisafreeandopensourceplatformusedforthreatprevention,detection,andresponse.Startinginversion4.3.0andpriortoversion4.14.3,aDenialofService(DoS)vulnerabilityexistsintheWazuhAPIauthenticationmiddleware(middlewares.py).Theapplicationusesanasynchronouseventloop(Starlette/Asyncio)tocallasynchronousfunction(generate_keypair)thatperformsblockingdiskI/OoneveryrequestcontainingaBearertoken.AnunauthenticatedremoteattackercanexploitthisbyfloodingtheAPIwithrequestscontaininginvalidBearertokens.2026-Thisforcesthesingle-threadedeventlooptopauseforfilereadoperationsrepeatedly,starvingtheapplicationofCPUresourcesandpotentiallypreventingitfromacceptingorprocessinglegitimateconnections.Version4.14.3fixestheissue.25771 CVE- 2026-Shopwareisanopencommerceplatform./api/info/configrouteexposesinformationaboutlicenses.Thisvulnerabilityisfixedin7.8.1and6.10.15. 32142 CVE- 2026-Avulnerabilitywasdetectedinrui314moldupto2.40.4.Thisissueaffectsthefunctionmold::ObjectFilemold::X8664::initializesectionsofthefilesrc/input-files.ccofthecomponentObjectFileHandler.Performingamanipulationresultsinheap-basedbufferoverflow.Attackinglocallyisarequirement.Theexploitisnowpublicandmaybeused.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 3994 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeKalonkalonallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsKalon:fromn/athrough<=1.2.9. 32376 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeBookLandingPagebook-landing-pageallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsBookLandingPage:fromn/athrough<=1.2.7. 32378 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeRaraAcademicrara-academicallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsRaraAcademic:fromn/athrough<=1.2.2. 32379 CVE- 2026-MissingAuthorizationvulnerabilityinlinknacionalPaymentGatewayPixForGiveWPpayment-gateway-pix-for-givewpallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPaymentGatewayPixForGiveWP:fromn/athrough<=2.2.3. 32425 CVE- 2026-MissingAuthorizationvulnerabilityinvowelwebVWEducationLitevw-education-liteallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsVWEducationLite:fromn/athrough<=2.2.0. 32427 CVE- 2026-MissingAuthorizationvulnerabilityinAysProPopupLikeboxays-facebook-popup-likeboxallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPopupLikebox:fromn/athrough<=3.7.7. 32428 CVE-ha-mcpisaHomeAssistantMCPServer.Priorto7.0.0,theha-mcpOAuthconsentform(betafeature)acceptsauser-suppliedhaurlandmakesaserver-sideHTTPrequestto{haurl}/api/configwithnoURLvalidation.AnunauthenticatedattackercansubmitarbitraryURLstoperforminternalnetworkreconnaissanceviaanerrororacle.TwoadditionalcodepathsinOAuthtoolcalls(RESTandWebSocket)areaffectedbythesameprimitive.Theprimarydeploymentmethod(privateURLwithpre-configuredHOMEASSISTANTTOKEN)isnotaffected.Thisvulnerabilityisfixed2026-in7.0.0.32111 CVE- 2026-MissingAuthorizationvulnerabilityincodepeopleWPTimeSlotsBookingFormwp-time-slots-booking-formallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsWPTimeSlotsBookingForm:fromn/athrough<=1.2.42. 32432 CVE- 2026-MissingAuthorizationvulnerabilityinPluggablBoosterforWooCommerceallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsBoosterforWooCommerce:fromn/abefore7.11.3. 32586 CVE- MissingAuthorizationvulnerabilityinvowelwebVWFitnessvw-fitnessallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsVWFitness:fromn/athrough<=4.3.4. 32434 CVE-

MissingAuthorizationvulnerabilityinvowelwebVWPetShopvw-pet-shopallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsVWPetShop:fromn/athrough<=1.4.7. 32435 CVE- MissingAuthorizationvulnerabilityinvowelwebVWPhotographyvw-photographyallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsVWPhotography:fromn/athrough<=1.3.8. 32436 CVE- 2026-MissingAuthorizationvulnerabilityinvowelwebVWPortfoliovw-portfolioallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsVWPortfolio:fromn/athrough<=1.3.3. 32437 CVE- 2026-MissingAuthorizationvulnerabilityinvowelwebVWSchoolEducationvw-school-educationallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsVWSchoolEducation:fromn/athrough<=1.4.6. 32438 CVE- 2026-MissingAuthorizationvulnerabilityinWebGeniusLabBigHeartsbigheartsallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsBigHearts:fromn/athrough<=3.1.14. 32439 CVE- 2026-MissingAuthorizationvulnerabilityinEx-ThemesWPFoodwp-foodallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsWPFood:fromn/athrough<2.7.1. 32440 CVE-Vimisanopensource,commandlinetexteditor.From9.1.0011tobefore9.2.0137,Vim'sNFAregexcompiler,whenencounteringacollectioncontainingacombiningcharacterastheendpointofacharacterrange(e.g.[0-0\u05bb]),incorrectlyemitsthecomposingbytesofthatcharacterasseparateNFAstates.ThiscorruptstheNFApostfixstack,resultinginNFASTARTCOLLhavingaNULLout1pointer.Whennfamaxwidth()subsequentlytraversesthecompiledNFAtoestimatematchwidthforthelook-behindassertion,itdereferencesstate->out1->outwithouta2026-NULLcheck,causingasegmentationfault.Thisvulnerabilityisfixedin9.2.0137.32249 CVE- 2026-TheRoyalAddonsforElementor–AddonsandTemplatesKitforElementorpluginforWordPressisvulnerabletoInformationExposureinallversionsupto,andincluding,1.7.1049viathegetmainqueryargs()functionduetoinsufficientrestrictionsonwhichpostscanbeincluded.Thismakesitpossibleforunauthenticatedattackerstoextractcontentsofnon-publiccustomposttypes,suchasContactForm7submissionsorWooCommercecoupons. 2373 CVE- 2026-MissingAuthorizationvulnerabilityinThemeFusionFusionBuilderfusion-builderallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsFusionBuilder:fromn/athrough<3.15.0. 32452 CVE- 2026-MissingAuthorizationvulnerabilityinThemeFusionAvadaCorefusion-coreallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsAvadaCore:fromn/athrough<5.15.0. 32453 CVE- 2026-Aflawwasfoundinlibsoup,alibraryforhandlingHTTPrequests.Thisvulnerability,knownasaUse-After-Free,occursintheHTTP/2serverimplementation.AremoteattackercanexploitthisbysendingspeciallycraftedHTTP/2requeststhatcauseauthenticationfailures.Thiscanleadtotheapplicationattemptingtoaccessmemorythathasalreadybeenfreed,potentiallycausingapplicationinstabilityorcrashes,resultinginaDenialofService(DoS). 4271 CVE- 2026-TheThimKitforElementor–Pre-builtTemplates&WidgetsforElementorpluginforWordPressisvulnerabletounauthorizedaccessofdataduetoamissingvalidationchecksonthe'thim-ekit/archive-course/get-courses'RESTendpointcallbackfunctioninallversionsupto,andincluding,1.3.7.ThismakesitpossibleforunauthenticatedattackerstodiscloseprivateordraftLearnPresscoursecontentbysupplyingpoststatusintheparams_urlpayload. 1870 CVE- 2026-MissingAuthorizationvulnerabilityinYMCFilter&Gridsymc-smart-filterallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsFilter&Grids:fromn/athrough<=3.5.1. 32397 CVE- 2026-ConcurrentExecutionusingSharedResourcewithImproperSynchronization('RaceCondition')vulnerabilityinSubrataMalTeraWallet–ForWooCommercewoo-walletallowsLeveragingRaceConditions.ThisissueaffectsTeraWallet–ForWooCommerce:fromn/athrough<=1.5.15. 32398 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeRidhiridhiallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsRidhi:fromn/athrough<=1.1.2. 32383 CVE- 2026-MissingAuthorizationvulnerabilityinNoorAlamCheckoutforPayPalcheckout-for-paypalallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsCheckoutforPayPal:fromn/athrough<=1.0.46. 32387 CVE- 2026-UnsafenavigationinNavigationinGoogleChromeoniOSpriorto146.0.7680.71allowedaremoteattackertobypassnavigationrestrictionsviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium) 3930 CVE- 2026-MissingAuthorizationvulnerabilityinXproXproAddonsForBeaverBuilder–Litexpro-addons-beaver-builder-elementorallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsXproAddonsForBeaverBuilder–Lite:fromn/athrough<=1.5.6. 32395 CVE- 2026-MissingAuthorizationvulnerabilityinRadiusThemeTeamtlp-teamallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsTeam:fromn/athrough<=5.0.13. 32396 CVE- 2026-MissingAuthorizationvulnerabilityinrarathemeNuminousnuminousallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsNuminous:fromn/athrough<=1.3.0. 32380 CVE- 2026-MissingAuthorizationvulnerabilityinAysProImageSliderbyAysays-sliderallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsImageSliderbyAys:fromn/athrough<=2.7.1. 32402 CVE- MissingAuthorizationvulnerabilityinrarathemeAppLandingPageapp-landing-pageallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsAppLandingPage:fromn/athrough<=1.2.2. 32381 CVE- 2026- MissingAuthorizationvulnerabilityinStudio99Studio99WPMonitorstudio99-wp-monitorallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsStudio99WPMonitor:fromn/athrough<=1.0.3.

32404 CVE- ExposureofSensitiveSystemInformationtoanUnauthorizedControlSpherevulnerabilityinxtemosWoodMartwoodmartallowsRetrieveEmbeddedSensitiveData.ThisissueaffectsWoodMart:fromn/athrough<=8.3.9. 32405 CVE- 2026- MissingAuthorizationvulnerabilityinWPMUDEV-YourAll-in-OneWordPressPlatformForminatorforminatorallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsForminator:fromn/athrough<=1.50.2. 32409 CVE- 2026- MissingAuthorizationvulnerabilityinWBWPluginsWBWCurrencySwitcherforWooCommercewoo-currencyallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsWBWCurrencySwitcherforWooCommerce:fromn/athrough<=2.2.5. 32410 CVE- 2026- MissingAuthorizationvulnerabilityinMaciejBisPermalinkManagerLitepermalink-managerallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPermalinkManagerLite:fromn/athrough<2.5.3. 32413 CVE- 2026- MissingAuthorizationvulnerabilityinAgileLogixPostTimelinepost-timelineallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPostTimeline:fromn/athrough<=2.4.1. 32421 CVE- 2026- MissingAuthorizationvulnerabilityinrarathemeDigitalDownloaddigital-downloadallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsDigitalDownload:fromn/athrough<=1.1.4. 32382 CVE- 2026- PX4autopilotisaflightcontrolsolutionfordrones.Priorto1.17.0-rc2,tattucancontainsanunboundedmemcpyinitsmulti-frameassemblyloop,allowingstackmemoryoverwritewhencraftedCANframesareprocessed.Indeploymentswheretattucanisenabledandrunning,aCAN-injection-capableattackercantriggeracrash(DoS)andmemorycorruption.Thisvulnerabilityisfixedin1.17.0-rc2. 32707 CVE- 2026- IBMCICSTransactionGatewayforMultiplatforms9.3and10.1couldallowausertotransferorviewfilesduetoimproperaccesscontrols. 0977 CVE- 2026- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom8.11before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticatedusertomakeunintendedinternalrequeststhroughproxyenvironmentsundercertainconditionsduetoimproperinputvalidationinimportfunctionality. 3848 CVE- 2026- JumpServerisanopensourcebastionhostandanoperationandmaintenancesecurityauditsystem.Priortov4.10.16-lts,JumpServerimproperlyvalidatescertificatesintheCustomSMSAPIClient.WhenJumpServersendsMFA/OTPcodesviaCustomSMSAPI,anattackercanintercepttherequestandcapturetheverificationcodeBEFOREitreachestheuser'sphone.Thisvulnerabilityisfixedinv4.10.16-lts. 31798 CVE- 2026- calibreisacross-platforme-bookmanagerforviewing,converting,editing,andcataloginge-books.Priorto9.5.0,apathtraversalvulnerabilityintheRocketBook(.rb)inputplugin(src/calibre/ebooks/rb/reader.py)allowsanattackertowritearbitraryfilestoanypathwritablebythecalibreprocesswhenauseropensorconvertsacrafted.rbfile.ThisisthesamebugclassfixedinCVE-2026-26065forthePDBreaders,butthefixwasneverappliedtotheRBreader.Thisvulnerabilityisfixedin9.5.0. 30853 CVE- 2026- Frappeisafull-stackwebapplicationframework.Priorto14.100.1,15.100.0,and16.6.0,amalicioususercouldsendacraftedrequesttoanendpointwhichwouldleadtotheservermakinganHTTPcalltoaserviceoftheuser'schoice.Thisvulnerabilityisfixedin14.100.1,15.100.0,and16.6.0. 31878 CVE- 2026- MicrosoftEdge(Chromium-based)forAndroidSpoofingVulnerability 0385 CVE- 2025- inOpenHarmonyv5.1.0andpriorversionsallowalocalattackercauseDOSthroughimproperinput. 6969 CVE- 2026- PathTraversal:'.../...//'vulnerabilityinBogdanBendziukovSqueezesqueezeallowsPathTraversal.ThisissueaffectsSqueeze:fromn/athrough<=1.7.7. 32415 CVE- 2026- Aflawwasfoundinmirror-registrywhereanauthenticatedusercantrickthesystemintoaccessingunintendedinternalorrestrictedsystemsbyprovidingmaliciouswebaddresses. 2376 CVE- 2026- BuffaloTeraStationNASTS5400Rfirmwareversion4.02-0.06andpriorcontainanexcessivefilepermissionsvulnerabilitythatallowsauthenticatedattackerstoreadthe/etc/shadowfilebyuploadingandexecutingaPHPfilethroughthewebserver.Attackerscanexploitworld-readablepermissionson/etc/shadowtoretrievehashedpasswordsforallconfiguredaccountsincludingroot. 29516 CVE- Wazuhisafreeandopensourceplatformusedforthreatprevention,detection,andresponse.Startinginversion4.4.0andpriortoversion4.14.3,astack-basedbufferoverflowvulnerabilityexistsintheWazuhDatabasesynchronizationmodule(wdb_delta_event.c).TheSQLqueryconstructionlogicallowsforanintegerunderflowwhencalculatingtheremainingbuffersize.Thisoccursbecausethecodeincorrectlyaggregatesthereturnvalueofsnprintf.Ifaspecificdatabasesynchronizationpayloadexceedsthesizeofthequerybuffer(2048bytes),thesizecalculation2026- wrapsaroundtoamassiveinteger,effectivelyremovingboundscheckingforsubsequentwrites.Thisallowsanattackertocorruptthestack,leadingtoaDenialofService(DoS)orpotentiallyRCE.Version4.14.3fixestheissue.25772 CVE- 2026- Server-SideRequestForgery(SSRF)vulnerabilityinAndyFragenEmbedPDFViewerembed-pdf-viewerallowsServerSideRequestForgery.ThisissueaffectsEmbedPDFViewer:fromn/athrough<=2.4.7. 32349 CVE- 2026- wpDiscuzbefore7.6.47containsaninformationdisclosurevulnerabilitythatallowsadministratorstoinadvertentlyexposeOAuthsecretsbyexportingpluginoptionsasJSON.AttackerscanobtainexportedfilescontainingplaintextAPIsecretslikefbAppSecret,googleClientSecret,twitterAppSecret,andothersociallogincredentialsfromsupporttickets,backups,orversioncontrolrepositories. 22203 CVE- Wazuhisafreeandopensourceplatformusedforthreatprevention,detection,andresponse.Startinginversion3.9.0andpriortoversion4.14.3,multiplestack-basedbufferoverflowsexistintheSecurityConfigurationAssessment(SCA)decoder(wazuh-analysisd).Theuseofsprintfwithafloating-point(%lf)formatspecifieronafixed-size128-bytebufferallowsaremoteattackertooverflowthestack.AspeciallycraftedJSONeventcantriggerthisoverflow,leadingtoadenialofservice(crash)orpotentialRCEontheWazuhmanager.Thevulnerabilityislocatedin /src/analysisd/decoders/security_configuration_assessment.c,withintheFillScanInfoandFillCheckEventInfofunctions.Inmultiplelocations,a128-bytebuffer(charvalue[OS_SIZE_128];)isallocatedonthestacktoholdthestringrepresentationofanumberfromaJSONevent.Thecodechecksifthenumberisanintegeroradouble.Ifit'sadouble,itusessprintf(value,"%lf",...)toperformtheconversion.Thissprintfcallisunbounded.Ifafloating-pointnumberwithalargeexponent(e.g.,1.0e150)isprovided,sprintfwillattempttowriteitsfullstring 25790 representation(a"1"followedby150zeros),whichislargerthanthe128-bytebuffer,corruptingthestack.Version4.14.3patchestheissue. CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyastoredCross-SiteScripting(XSS)vulnerabilitythatcouldbeabusedbyahigh-privilegedattackertoinjectmaliciousscriptsintovulnerableformfields.Exploitationofthisissuerequiresuserinteractioninthatavictimmustbrowsetothepagecontainingthevulnerablefield.

21291 CVE- CraftCommerceisanecommerceplatformforCraftCMS.Priorto4.11.0and5.6.0,AnInsecureDirectObjectReference(IDOR)vulnerabilityexistsinCraftCommerce’scartfunctionalitythatallowsuserstohijackanyshoppingcartbyknowingorguessingits32-characternumber.TheCartControlleracceptsauser-suppliednumberparametertoloadandmodifyshoppingcarts.Noownershipvalidationisperformed-thecodeonlychecksiftheorderexistsandisincomplete,notwhethertherequesterhasauthorizationtoaccessit.Thisvulnerabilityenablesthetakeoverof shoppingsessionsandpotentialexposureofPII.Thisvulnerabilityisfixedin4.11.0and5.6.0.31867 CVE- SupabaseAuthisaJWTbasedAPIformanagingusersandissuingJWTtokens.Priorto2.185.0,avulnerabilityhasbeenidentifiedthatallowsanattackertoissuesessionsforarbitraryusersusingspeciallycraftedIDtokenswhentheAppleorAzureprovidersareenabled.Theattackerissuesavalid,asymmetricallysignedIDtokenfromtheirissuerforeachvictimemailaddress,whichthenissenttotheSupabaseAuthtokenendpointusingtheIDtokenflow.IftheIDtokenisOIDCcompliant,theAuthserverwouldvalidateitagainsttheattacker-controlledissuerandlinkthe2026- existingOIDCidentity(AppleorAzure)ofthevictimtoanadditionalOIDCidentitybasedontheIDtokencontents.TheAuthserverwouldthenissueavalidusersession(accessandrefreshtokens)attheAAL1leveltotheattacker.Thisvulnerabilityisfixedin2.185.0.31813 CVE- 2025- HCLAIONisaffectedbyavulnerabilitywhereofferingimagesarenotdigitallysigned.Lackofimagesigningmayallowtheuseofunverifiedortamperedimages,potentiallyleadingtosecurityriskssuchasintegritycompromiseorunintendedbehaviorinthesystem 52648 CVE- Aflawhasbeenfoundinxierongwkhdweimai-wetappupto5fe9e8225be4f73f2c5087f134aff657bdf1c6f2.ThisvulnerabilityaffectsthefunctiongetLikeMovieListofthefilesource-code/src/main/java/com/moke/wp/wxweimai/controller/HomeController.javaofthecomponentEndpoint.Executingamanipulationoftheargumentcatcanleadtosqlinjection.Theattackcanbeexecutedremotely.Theexploithasbeenpublishedandmaybeused.Thisproductimplementsarollingreleaseforongoingdelivery,whichmeansversioninformationforaffectedorupdatedreleasesis2026- unavailable.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet.3957 CVE- 2026- TheGL-iNetComet(GL-RM1)KVMdoesnotsufficientlyverifytheauthenticityofuploadedfirmwarefiles.Anattacker-in-the-middleoracompromisedupdateservercouldmodifythefirmwareandthecorrespondingMD5hashtopassverification. 32290 CVE- 2026- JetKVMpriorto0.5.4doesnotverifytheauthenticityofdownloadedfirmwarefiles.Anattacker-in-the-middleoracompromisedupdateservercouldmodifythefirmwareandthecorrespondingSHA256hashtopassverification. 32294 CVE- 2025- HTMLInjectioncanbecarriedoutinProductwhenawebapplicationdoesnotproperlycheckorcleanuserinputbeforeshowingitonawebpage.Becauseofthis,anattackermayinsertunwantedHTMLcodeintothepage.Whenthebrowserloadsthepage,itmayautomaticallyinteractwithexternalresourcesincludedinthatHTML,whichcancauseunexpectedrequestsfromtheuser’sbrowser. 62320 CVE- Avulnerabilitywasdetectedinxierongwkhdweimai-wetappupto5fe9e8225be4f73f2c5087f134aff657bdf1c6f2.ThisaffectsthefunctiongetAdminsofthefilesource-code/src/main/java/com/moke/wp/wxweimai/controller/admin/AdminAdminUserController.java.Performingamanipulationoftheargumentkeywordresultsinsqlinjection.Remoteexploitationoftheattackispossible.Theexploitisnowpublicandmaybeused.Thisproductfollowsarollingreleaseapproachforcontinuousdelivery,soversiondetailsforaffectedorupdatedreleasesarenotprovided.The2026- projectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet.3956 CVE- 2026- StudioCMSisaserver-side-rendered,Astronative,headlesscontentmanagementsystem.Priorto0.4.3,theRESTAPIcreateUserendpointusesstring-basedrankchecksthatonlyblockcreatingowneraccounts,whiletheDashboardAPIusesindexOf-basedrankcomparisonthatpreventscreatingusersatoraboveyourownrank.ThisinconsistencyallowsanadmintocreateadditionaladminaccountsviatheRESTAPI,enablingprivilegeproliferationandpersistence.Thisvulnerabilityisfixedin0.4.3. 32106 CVE- Avulnerabilitywasdeterminedintaoofagieasegen-adminupto8f87936ac774065b92fb20aab55b274a6ea76433.ThisissueaffectsthefunctiondownloadFileofthefile-yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/PPTUtil.javaofthecomponentPPTFileHandler.Thismanipulationoftheargumenturlcausesserver-siderequestforgery.Itispossibletoinitiatetheattackremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized.Thisproductisusingarollingreleasetoprovidecontinious2026- delivery.Therefore,noversiondetailsforaffectednorupdatedreleasesareavailable.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.4284 CVE- ParseServerisanopensourcebackendthatcanbedeployedtoanyinfrastructurethatcanrunNode.js.Priorto9.6.0-alpha.10and8.6.36,anattackerwithaccesstothemasterkeycaninjectmaliciousSQLviacraftedfieldnamesusedinqueryconstraintswhenParseServerisconfiguredwithPostgreSQLasthedatabase.Thefieldnameina$regexqueryoperatorispassedtoPostgreSQLusingunparameterizedstringinterpolation,allowingtheattackertomanipulatetheSQLquery.WhilethemasterkeycontrolswhatcanbedonethroughtheParseServerabstraction2026- layer,thisSQLinjectionbypassesParseServerentirelyandoperatesatthedatabaselevel.ThisvulnerabilityonlyaffectsParseServerdeploymentsusingPostgreSQL.Thisvulnerabilityisfixedin9.6.0-alpha.10and8.6.36.32234 CVE- 2026- AsecurityflawhasbeendiscoveredinTendaAC816.03.50.11.Thisaffectsthefunctionroutesetuserpolicyruleofthefile/cgi-bin/UploadCfgofthecomponentWebInterface.Themanipulationoftheargumentwans.policy.list1resultsinoscommandinjection.Itispossibletolaunchtheattackremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks. 4253 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanIncorrectAuthorizationvulnerabilitythatcouldresultinaSecurityfeaturebypass.Anattackercouldleveragethisvulnerabilitytobypasssecuritymeasuresandhavelimitedimpacttotheintegrityandavailabilityofdata.Theexploitdependsonconditionsbeyondtheattacker'scontrol.Exploitationofthisissuedoesnotrequireuserinteraction. 21359 CVE- 2025- HCLAIONisaffectedbyavulnerabilitywhereuntrustedfileparsingoperationsarenotexecutedwithinaproperlyisolatedsandboxenvironment.Thismayexposetheapplicationtopotentialsecurityrisks,includingunintendedbehaviourorintegrityimpactwhenprocessingspeciallycraftedfiles. 52643 CVE- 2026- AvulnerabilityhasbeenfoundinitsourcecodeCollegeManagementSystem1.0.Thisissueaffectssomeunknownprocessingofthefile/admin/courses.php.Themanipulationoftheargumentcoursecodeleadstosqlinjection.Itispossibletoinitiatetheattackremotely.Theexploithasbeendisclosedtothepublicandmaybeused. 4238 CVE- 2026- Aweaknesshasbeenidentifiedinphpipamupto1.7.4.Theimpactedelementisanunknownfunctionofthefileapp/admin/sections/edit-result.phpofthecomponentSectionHandler.ExecutingamanipulationoftheargumentsubnetOrderingcanleadtosqlinjection.Theattackmaybelaunchedremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4189 CVE- 2026- ImpactWhenanapplicationpassesuser-controlledinputtotheupgradeoptionofclient.request(),anattackercaninjectCRLFsequences(\r\n)to:*InjectarbitraryHTTPheaders 1527 CVE- 2025- HCLAIONisaffectedbyavulnerabilitywherecertainofferingconfigurationsmaypermitexecutionofpotentiallyharmfulSQLqueries.Impropervalidationorrestrictionsonqueryexecutioncouldexposethesystemtounintendeddatabaseinteractionsorlimitedinformationexposureunderspecificconditions. 52637 CVE- 2026- wpDiscuzbefore7.6.47containsacross-sitescriptingvulnerabilitythatallowsattackerstoinjectmaliciouscodethroughunescapedattachmentURLsinHTMLoutputbyexploitingtheWpdiscuzHelperUploadclass.AttackerscancraftmaliciousattachmentrecordsorfilterhookstoinjectarbitraryJavaScriptintoimgandanchortagattributes,executingcodeinthecontextofWordPressusersviewingcomments. 22210 CVE- 2026- OpenClawversionspriorto2026.2.17containapathtraversalvulnerabilityinthe$includedirectiveresolutionthatallowsreadingarbitrarylocalfilesoutsidetheconfigdirectoryboundary.Attackerswithconfigmodificationcapabilitiescanexploitthisbyspecifyingabsolutepaths,traversalsequences,orsymlinkstoaccesssensitivefilesreadablebytheOpenClawprocessuser,includingAPIkeysandcredentials. 32061

CVE- Backstageisanopenframeworkforbuildingdeveloperportals.Priorto3.1.5,authenticateduserswithpermissiontoexecutescaffolderdry-runscangainaccesstoserver-configuredenvironmentsecretsthroughthedry-runAPIresponse.Secretsareproperlyredactedinlogoutputbutnotinallpartsoftheresponsepayload.Deploymentsthathaveconfiguredscaffolder.defaultEnvironment.secretsareaffected.Thisispatchedin@backstage/plugin-scaffolder-backendversion3.1.5. 32237 CVE- 2026- Cross-SiteRequestForgery(CSRF)vulnerabilityinJanisElstsAdminMenuEditoradmin-menu-editorallowsCrossSiteRequestForgery.ThisissueaffectsAdminMenuEditor:fromn/athrough<=1.14.1.

32456 CVE- AvulnerabilitywasdeterminedinitsourcecodeUniversityManagementSystem1.0.Affectedbythisvulnerabilityisanunknownfunctionalityofthefile/view_result.php.Executingamanipulationoftheargumentvrcanleadtocrosssitescripting.Theattackcanbeexecutedremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized.

CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanIncorrectAuthorizationvulnerabilitythatcouldresultinaSecurityfeaturebypass.Alow-privilegedattackercouldleveragethisvulnerabilitytobypasssecuritymeasuresandgainlimitedunauthorizedaccesstoafeature.Exploitationofthisissuedoesnotrequireuserinteraction. 21297 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanIncorrectAuthorizationvulnerabilitythatcouldresultinaSecurityfeaturebypass.Alow-privilegedattackercouldleveragethisvulnerabilitytobypasssecuritymeasuresandgainlimitedunauthorizedviewaccessofdata.Exploitationofthisissuedoesnotrequireuserinteraction. 21296 CVE- TheSocialIconsWidget&BlockbyWPZOOMpluginforWordPressisvulnerabletounauthorizeddatamodificationduetoamissingcapabilitycheckintheaddmenuitem()methodhookedtoadminmenuinallversionsupto,andincluding,4.5.8.Thisisduetothemethodperformingwpinsertpost()andupdatepostmeta()callstocreateasharingconfigurationwithoutverifyingthecurrentuserhasadministrator-levelcapabilities.Thismakesitpossibleforauthenticatedattackers,withSubscriber-levelaccessandabove,totriggerthecreationofapublishedwpzoom-2026- sharingconfigurationpostwithdefaultsharingbuttonsettings,whichcausessocialsharingbuttonstobeautomaticallyinjectedintoallpostcontentonthefrontendviathethecontentfilter.4063 CVE- 2026- HeretaETH-IMC408Mfirmwareversion1.0.15andpriorcontainacross-siterequestforgeryvulnerabilitythatallowsattackerstomodifydeviceconfigurationbyexploitingmissingCSRFprotectionsinsetup.cgi.Attackerscanhostmaliciouspagesthatsubmitforgedrequestsusingautomatically-includedHTTPBasicAuthenticationcredentialstoaddRADIUSaccounts,alternetworksettings,ortriggerdiagnostics. 29521 CVE- 2026- EdimaxGS-5008PLfirmwareversion1.00.54andpriorcontainacross-siterequestforgeryvulnerabilitythatallowsremoteattackerstoperformunauthorizedadministrativeactionsbyinducinglogged-inadministratorstovisitmaliciouspages.Attackerscanexploitthelackofanti-CSRFtokensandrequestvalidationtochangepasswords,uploadfirmware,rebootthedevice,performfactoryresets,ormodifynetworkconfigurations. 32839 CVE- TheLearnPress–WordPressLMSPluginpluginforWordPressisvulnerabletounauthorizedemailnotificationtriggeringduetomissingcapabilitychecksonall10functionsintheSendEmailAjaxclassinallversionsupto,andincluding,4.3.2.8.TheAbstractAjax::catchlpajax()dispatcherverifiesawprestnoncebutperformsnocurrentusercan()checkbeforedispatchingtohandlerfunctions.ThewprestnonceisembeddedinthefrontendJavaScriptforallauthenticatedusers.Thismakesitpossibleforauthenticatedattackers,withSubscriber-levelaccessandabove,to2026- triggerarbitraryemailnotificationstoadmins,instructors,andusers,enablingemailflooding,socialengineering,andimpersonationofadmindecisionsregardinginstructorrequests.3226 CVE- 2026- MissingAuthorizationvulnerabilityinJoshKohlbachAdvancedCouponsforWooCommerceCouponsadvanced-coupons-for-woocommerce-freeallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsAdvancedCouponsforWooCommerceCoupons:fromn/athrough<=4.7.1. 31919 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2failtoverifyrun_createpermissionforemptyplaybookId,whichallowsteammemberstocreateunauthorizedrunsviatheplaybookrunAPI.MattermostAdvisoryID:MMSA-2025-00542 26304 CVE- 2026- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom8.14before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticatedusertogainunauthorizedaccesstoconfidentialissuetitlecreatedinpublicprojectsundercertaincircumstances. 1182 CVE- 2026- AsecurityflawhasbeendiscoveredinLockerProjectLocker0.0.0/0.0.1/0.1.0.AffectedisthefunctionauthIsAwesomeofthefilesource-code/Locker-master/Ops/registry.jsofthecomponentErrorResponseHandler.ThemanipulationoftheargumentIDresultsincrosssitescripting.Theattackcanbelaunchedremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 3951 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyanIncorrectAuthorizationvulnerabilitythatcouldresultinaSecurityfeaturebypass.Alow-privilegedattackercouldleveragethisvulnerabilitytobypasssecuritymeasuresandgainlimitedunauthorizedaccesstoafeature.Exploitationofthisissuedoesnotrequireuserinteraction. 21285 CVE- CraftCMSisacontentmanagementsystem(CMS).Fromversion4.0.0-RC1tobeforeversion4.17.5andfromversion5.0.0-RC1tobeforeversion5.9.11,theAssetsController->replaceFile()methodhasatargetFilenamebodyparameterthatisusedunsanitizedinadeleteFile()callbeforeAssets::prepareAssetName()isappliedonsave.ThisallowsanauthenticateduserwithreplaceFilespermissiontodeletearbitraryfileswithinthesamefilesystemrootbyinjecting../pathtraversalsequencesintothefilename.ThiscouldallowanauthenticateduserwithreplaceFiles2026- permissionononevolumetodeletefilesinotherfolders/volumesthatsharethesamefilesystemroot.Thisonlyaffectslocalfilesystems.Thisissuehasbeenpatchedinversions4.17.5and5.9.11.32262 CVE- 2026- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom14.4before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticateduserwithgroupimportpermissionstocreatelabelsinprivateprojectsduetoimproperauthorizationvalidationinthegroupimportprocessundercertaincircumstances. 1663 CVE- 2026- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom12.6before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticatedusertodiscloseconfidentialissuetitlesduetoimproperfilteringundercertaincircumstances. 1732 CVE- 2026- Mattermostversions10.11.x<=10.11.10Failtoinvalidatecachedpermalinkpreviewdatawhenauserloseschannelaccesswhichallowstheusertocontinueviewingprivatechannelcontentviapreviouslycachedpermalinkpreviewsuntilcacheresetorrelogin..MattermostAdvisoryID:MMSA-2026-00580 1629 CVE- 2026- IncorrectsecurityUIinPictureInPictureinGoogleChromepriorto146.0.7680.71allowedaremoteattackertoperformUIspoofingviaacraftedHTMLpage.(Chromiumsecurityseverity:Low) 3942 CVE- 2026- Gokapiisaself-hostedfilesharingserverwithautomaticexpirationandencryptionsupport.Priorto2.2.4,thechunkeduploadcompletionpathforfilerequestsdoesnotvalidatethetotalfilesizeagainsttheper-requestMaxSizelimit.AnattackerwithapublicfilerequestlinkcansplitanoversizedfileintochunkseachunderMaxSizeanduploadthemsequentially,bypassingthesizerestrictionentirely.Filesuptotheserver'sglobalMaxFileSizeMBareacceptedregardlessofthefilerequest'sconfiguredlimit.Thisvulnerabilityisfixedin2.2.4. 30961 CVE- 2016- ZKTecoZKBioSecurity3.0containsacross-siterequestforgeryvulnerabilitythatallowsattackerstoperformadministrativeactionsbytrickinglogged-inusersintovisitingmaliciouswebsites.AttackerscancraftHTTPrequeststhataddsuperadminaccountswithoutvaliditychecks,enablingunauthorizedadministrativeaccesswhenauthenticatedusersvisitattacker-controlledpages. 20028 CVE- AsecurityflawhasbeendiscoveredinCesiumGSCesiumJSupto1.137.0.AffectedbythisissueissomeunknownfunctionalityofthefileApps/Sandcastle/standalone.html.Themanipulationoftheargumentcresultsincrosssitescripting.Theattackcanbelaunchedremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Thepresenceofthisvulnerabilityremainsuncertainatthistime.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.AccordingtoCVE-2023-48094,"thevendor'spositionisthat2026- Apps/Sandcastle/standalone.htmlispartoftheCesiumGS/cesiumGitHubrepository,butisdemocodethatisnotpartoftheCesiumJSJavaScriptlibraryproduct."3990

CVE- AvulnerabilitywasidentifiedinThingsGateway12.Thisaffectsanunknownpartofthefile/api/file/download.ThemanipulationoftheargumentfileNameleadstopathtraversal.Remoteexploitationoftheattackispossible.Theexploitispubliclyavailableandmightbeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.

CVE- 2026- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom15.6before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticatedusertodisclosemetadatafromprivateissues,mergerequests,epics,milestones,orcommitsduetoimproperfilteringinthesnippetrenderingprocessundercertaincircumstances.

CVE- TheAppointmentBookingCalendar—SimplyScheduleAppointmentsBookingPluginpluginforWordPressisvulnerabletoInsecureDirectObjectReferenceinallversionsupto,andincluding,1.6.9.29.Thisisduetotheget_item_permissions_checkmethodgrantingaccesstouserswiththessa_manage_appointmentscapabilitywithoutvalidatingstaffownershipoftherequestedappointment.Thismakesitpossibleforauthenticatedattackers,withcustom-levelaccessandabove(usersgrantedthessamanageappointmentscapability,suchasTeamMembers),toview appointmentrecordsbelongingtootherstaffmembersandaccesssensitivecustomerpersonallyidentifiableinformationviatheappointmentIDparameter. CVE- 2026- wpDiscuzbefore7.6.47containsacross-siterequestforgeryvulnerabilityinthegetFollowsPage()functionthatallowsattackerstotriggerunauthorizedactionswithoutnoncevalidation.AttackerscancraftmaliciousrequeststoenumeratefollowrelationshipsandmanipulateuserfollowdatabyexploitingthemissingCSRFprotectioninthefollowspagehandler. 22215 CVE- 2025- IBMSterlingB2BIntegratorandIBMSterlingFileGateway6.1.0.0through6.1.2.72,6.2.0.0through6.2.0.51,6.2.1.0through6.2.1.11,and6.2.2.0coulddisclosesensitivehostinformationtoauthenticatedusersinresponsesthatcouldbeusedinfurtherattacksagainstthesystem. 14483 CVE- 2017- TelesquareSKTLTERouterSDT-CS3B1version1.2.0containsacross-siterequestforgeryvulnerabilitythatallowsauthenticatedattackerstoexecutearbitrarysystemcommandsbyexploitingmissingrequestvalidation.Attackerscancraftmaliciouswebpagesthatperformadministrativeactionswhenvisitedbylogged-inusers,enablingcommandexecutionwithrouterprivileges. 20221 CVE- WordPresscoreisvulnerabletounauthorizedaccessinversions6.9through6.9.1.TheNotesfeature(block-levelcollaborationannotations)wasintroducedinWordPress6.9toalloweditorialcommentsdirectlyonpostsintheblockeditor.However,theRESTAPI`createitempermissionscheck()methodinthecommentscontrollerdidnotverifythattheauthenticateduserhaseditpost`permissiononthetargetpostwhencreatinganote.ThismakesitpossibleforauthenticatedattackerswithSubscriber-levelaccesstocreatenotesonanypost,includingpostsauthored2026- byotherusers,privateposts,andpostsinanystatus.3906 CVE- 2026- TheModularDS:Monitor,update,andbackupmultiplewebsitespluginforWordPressisvulnerabletoCross-SiteRequestForgeryinallversionsupto,andincluding,2.5.1.ThisisduetomissingnoncevalidationonthepostConfirmOauth()function.Thismakesitpossibleforunauthenticatedattackerstodisconnecttheplugin'sOAuth/SSOconnectionviaaforgedrequestgrantedtheycantrickasiteadministratorintoperforminganactionsuchasclickingonalink. 3903 CVE- 2026- TheWickedFolders–FolderOrganizerforPages,Posts,andCustomPostTypespluginforWordPressisvulnerabletoInsecureDirectObjectReferenceinallversionsupto,andincluding,4.1.0viathedeletefolders()functionduetomissingvalidationonausercontrolledkey.Thismakesitpossibleforauthenticatedattackers,withContributor-levelaccessandabove,todeletearbitraryfolderscreatedbyotherusers. 1883 CVE- 2025- TheTimeticsWordPresspluginbefore1.0.52doesnothaveauthorizationinaRESTendpoint,allowingunauthenticateduserstoarbitrarilychangeabooking'spaymentstatusandpoststatusforthe"timetics-booking"customposttype. 15473 CVE- 2026- TheReadingprogressbarWordPresspluginbefore1.3.1doesnotsanitiseandescapesomeofitssettings,whichcouldallowhighprivilegeuserssuchasadmintoperformStoredCross-SiteScriptingattacksevenwhentheunfilteredhtmlcapabilityisdisallowed(forexampleinmultisitesetup). 2687 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtovalidateteam-specificuploadfilepermissionswhichallowsaguestusertopostfilesinchannelswheretheylackuploadfilepermissionviauploadingfilesinateamwheretheyhavepermissionandreusingthefilemetadatainaPOSTrequesttoadifferentteam.MattermostAdvisoryID:MMSA-2025-00553 4265 CVE- 2026- TheNEX-Forms–UltimateFormsPluginforWordPresspluginforWordPressisvulnerabletounauthorizedmodificationofdataduetoamissingcapabilitycheckonthedeactivatelicense()functioninallversionsupto,andincluding,9.1.9.Thismakesitpossibleforauthenticatedattackers,withSubscriber-levelaccessandabove,totodeactivatethepluginlicense. 1948 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtouseconsistenterrorresponseswhenhandlingthe/mutecommandwhichallowsanauthenticatedteammembertoenumerateprivatechannelstheyarenotauthorizedtoknowaboutviadifferingerrormessagesfornonexistentversusprivatechannels.MattermostAdvisoryID:MMSA-2026-00588 21386 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtoproperlyenforcereadpermissionsinsearchAPIendpointswhichallowsguestuserswithoutreadpermissionstoaccesspostsandfilesinchannelsviasearchAPIrequests.MattermostAdvisoryID:MMSA-2025-00554 24692 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtocanonicalizeIPv4-mappedIPv6addressesbeforereservedIPvalidationwhichallowsanattackertoperformSSRFattacksagainstinternalservicesviaIPv4-mappedIPv6literals(e.g.,[::ffff:127.0.0.1])..MattermostAdvisoryID:MMSA-2026-00585 2455 CVE- 2026- Aflawwasfoundinmodproxycluster.Thisvulnerability,aCarriageReturnLineFeed(CRLF)injectioninthedecodeenc()function,allowsaremoteattackertobypassinputvalidation.ByinjectingCRLFsequencesintotheclusterconfiguration,anattackercancorrupttheresponsebodyofINFOendpointresponses.ExploitationrequiresnetworkaccesstotheMCMPprotocolport,butnoauthenticationisneeded. 3234 CVE- 2026- AsecurityvulnerabilityhasbeendetectedinitsourcecodePayrollManagementSystem1.0.Thisvulnerabilityaffectsunknowncodeofthefile/manageemployeedeductions.php.SuchmanipulationoftheargumentIDleadstocrosssitescripting.Theattackmaybelaunchedremotely.Theexploithasbeendisclosedpubliclyandmaybeused. 3993 CVE- OpenProjectisanopen-source,web-basedprojectmanagementsoftware.Priorto17.2.0,wheneditingaprojectbudgetandplanningthelaborcost,itwasnotcheckedthattheuserthatwasplannedinthebudgetisactuallyaprojectmember.Thisexposedtheuser'sdefaultrate(ifonewassetup)tousersthatshouldonlyseethatinformationforprojectmembers.Also,theendpointthathandlesthepre-calculationforthefrontendtodisplayapreviewofthecosts,whileitwasbeingentered,didnotproperlyvalidatethemembershipoftheuseraswell.Thisalsoallowedto2026- calculatecostswiththedefaultrateofnon-members.Thisvulnerabilityisfixedin17.2.0.30236 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtoboundmemoryallocationwhenprocessingDOCfileswhichallowsanauthenticatedattackertocauseservermemoryexhaustionanddenialofserviceviauploadingaspeciallycraftedDOCfile..MattermostAdvisoryID:MMSA-2026-00581 25780 CVE- 2026- MissingAuthorizationvulnerabilityinIsrapilTextmetricswebtexttoolallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsTextmetrics:fromn/athrough<=3.6.4. 32331 CVE- 2026- InsufficientpolicyenforcementinExtensionsinGoogleChromepriorto146.0.7680.71allowedanattackerwhoconvincedausertoinstallamaliciousextensiontoperformUIspoofingviaacraftedChromeExtension.(Chromiumsecurityseverity:Medium)3928

CVE- Mattermostversions11.3.x<=11.3.0failtopreservetheredactedstateofburn-on-readpostsduringdeletionwhichallowschannelmemberstoaccessunrevealedburn-on-readmessagecontentsviatheWebSocketpostdeletionevent..MattermostAdvisoryID:MMSA-2026-00579

CVE- 2026- IncorrectsecurityUIinPictureInPictureinGoogleChromepriorto146.0.7680.71allowedaremoteattackertoperformUIspoofingviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium)

CVE- IncorrectsecurityUIinLookalikeChecksinGoogleChromeonAndroidpriorto146.0.7680.71allowedaremoteattackertoperformUIspoofingviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium)

CVE- 2026- MissingAuthorizationvulnerabilityinWPCleverWPCProductBundlesforWooCommercewoo-product-bundleallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsWPCProductBundlesforWooCommerce:fromn/athrough<=8.4.5. 32406 CVE- Outlineisaservicethatallowsforcollaborativedocumentation.Priorto1.5.0,theevents.listAPIendpoint,usedforretrievingactivitylogs,containsalogicflawinitsfilteringmechanism.Itallowsanyauthenticatedusertoretrieveactivityeventsassociatedwithdocumentsthathavenocollection(e.g.,PrivateDrafts,DeletedDocuments),regardlessoftheuser'sactualpermissionsonthosedocuments.Whilethedocumentcontentisnotdirectlyexposed,thisvulnerabilityleakssensitivemetadata(suchasDocumentIDs,useractivitytimestamps,andinsomespecificcases2026- liketheDocumentTitleofPermanentDelete).Crucially,leakingvalidDocumentIDsofdeleteddraftsremovestheprotectionofUUIDrandomness,makingHigh-severityIDORattacks(suchastheoneidentifiedindocuments.restore)triviallyexploitablebyloweringtheattackcomplexity.Version1.5.0fixestheissue.28506 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtoproperlyvalidateUser-AgentheadertokenswhichallowsanauthenticatedattackertocausearequestpanicviaaspeciallycraftedUser-Agentheader.MattermostAdvisoryID:MMSA-2026-00586 25783 CVE- 2026- MissingAuthorizationvulnerabilityinWPCleverWPCSmartWishlistforWooCommercewoo-smart-wishlistallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsWPCSmartWishlistforWooCommerce:fromn/athrough<=5.0.8. 32407 CVE- 2026- MissingAuthorizationvulnerabilityinthemefusecomBrizybrizyallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsBrizy:fromn/athrough<=2.7.23. 32408 CVE- 2026- MissingAuthorizationvulnerabilityinVitoPelegAtarimatarim-visual-collaborationallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsAtarim:fromn/athrough<=4.3.2. 32447 CVE- 2025- RaythaCMSisvulnerabletoCross-SiteRequestForgeryacrossmultipleendpoints.Attackercancraftspecialwebsite,whichwhenvisitedbytheauthenticatedvictim,willautomaticallysendPOSTrequesttotheendpoint(e.x.deletionofthedata)withoutenforcingtokenverification. 69238 CVE- 2026- Cross-SiteRequestForgery(CSRF)vulnerabilityindesertthemesCorpivacorpivaallowsCrossSiteRequestForgery.ThisissueaffectsCorpiva:fromn/athrough<=1.0.96. 32344 CVE- 2026- Cross-SiteRequestForgery(CSRF)vulnerabilityinMagazine3EasyTableofContentseasy-table-of-contentsallowsCrossSiteRequestForgery.ThisissueaffectsEasyTableofContents:fromn/athrough<=2.0.80. 32343 CVE- 2026- Cross-SiteRequestForgery(CSRF)vulnerabilityinAysProQuizMakerquiz-makerallowsCrossSiteRequestForgery.ThisissueaffectsQuizMaker:fromn/athrough<=6.7.1.2. 32342 CVE- 2026- Cross-SiteRequestForgery(CSRF)vulnerabilityin10WebPhotoGalleryby10Webphoto-galleryallowsCrossSiteRequestForgery.ThisissueaffectsPhotoGalleryby10Web:fromn/athrough<=1.8.37. 32330 CVE- 2026- MissingAuthorizationvulnerabilityinPublishPressPublishPressCapabilitiescapability-manager-enhancedallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsPublishPressCapabilities:fromn/athrough<=2.31.0. 32394 CVE- 2026- OpenEMRisafreeandopensourceelectronichealthrecordsandmedicalpracticemanagementapplication.Priorto8.0.0.1,theClaimFileTrackerfeatureexposesanAJAXendpointthatreturnsbillingclaimmetadata(claimIDs,payerinfo,transmissionlogs).TheendpointdoesnotenforcethesameACLasthemainbilling/claimsworkflow,soauthenticateduserswithoutappropriatebillingpermissionscanaccessthisdata.Thisvulnerabilityisfixedin8.0.0.1. 32122 CVE- 2026- ApacheAirflowversions3.1.0through3.1.7/ui/dependenciesendpointreturnsthefullDAGdependencygraphwithoutfilteringbyauthorizedDAGIDs.ThisallowsanauthenticateduserwithonlyDAGDependenciespermissiontoenumerateDAGstheyarenotauthorizedtoview. 28563 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtofilterinviteIDsbasedonuserpermissions,whichallowsregularuserstobypassaccesscontrolrestrictionsandregisterunauthorizedaccountsvialeakedinviteIDsduringteamcreation..MattermostAdvisoryID:MMSA-2025-00565 2463 CVE- 2026- InsufficientpolicyenforcementinClipboardinGoogleChromepriorto146.0.7680.71allowedaremoteattackerwhohadcompromisedtherendererprocesstoleakcross-origindataviaacraftedHTMLpage.(Chromiumsecurityseverity:Low) 3938 CVE- 2026- MattermostPluginsversions<=11.311.0.311.2.210.10.11.0failtoimplementauthorisationchecksoncommentblockmodifications,whichallowsanauthorisedattackerwitheditorpermissiontomodifycommentscreatedbyotherboardmembers. 2461 CVE- 2025- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom15.1before18.7.6,18.8before18.8.6,and18.9before18.9.2that,undercertainconditions,couldhaveallowedanauthenticatedusertoaccesspreviouspipelinejobinformationonprojectswithrepositoryandCI/CDdisabledduetoimproperauthorizationchecks. 12555 CVE- 2026- MissingAuthorizationvulnerabilityinE2Pdfe2pdfe2pdfallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.Thisissueaffectse2pdf:fromn/athrough<=1.28.15. 32442

CVE- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtoproperlyvalidateteammembershipwhensearchingchannelswhichallowsaremovedteammembertoenumerateallpublicchannelswithinaprivateteamviathechannelsearchAPIendpoint..MattermostAdvisoryID:MMSA-2025-00568

CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtosanitizeclient-suppliedpostmetadatawhichallowsanauthenticatedattackertospoofpermalinkembedsimpersonatingotherusersviacraftedPUTrequeststothepostupdateAPIendpoint..MattermostAdvisoryID:MMSA-2025-00569

CVE- Asecurityflawhasbeendiscoveredinfrdel/agent0aiagent-zero0.9.7-10.Theimpactedelementisthefunctiongetabspathofthefilepython/helpers/files.py.Themanipulationresultsinpathtraversal.Theattackcanbeexecutedremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.

CVE- AvulnerabilitywasidentifiedinJcharisMachine-Learning-Web-Appsuptoa6996b634d98ccec4701ac8934016e8175b60eb5.TheimpactedelementisthefunctionrendertemplateofthefileMachine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.pyofthecomponentJinja2TemplateHandler.Suchmanipulationleadstocrosssitescripting.Itispossibletolaunchtheattackremotely.Theexploitispubliclyavailableandmightbeused.Thisproducttakestheapproachofrollingreleasestoprovidecontiniousdelivery.Therefore,versiondetailsfor2026- affectedandupdatedreleasesarenotavailable.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet.3962 CVE- 2026- PX4autopilotisaflightcontrolsolutionfordrones.Priorto1.17.0-rc2,AlogicerrorinthePX4AutopilotMAVLinkFTPsessionvalidationusesincorrectbooleanlogic(&&insteadof||),allowingBurstReadFileandWriteFileoperationstoproceedwithinvalidsessionsorclosedfiledescriptors.ThisenablesanunauthenticatedattackertoputtheFTPsubsystemintoaninconsistentstate,triggeroperationsoninvalidfiledescriptors,andbypasssessionisolationchecks.Thisvulnerabilityisfixedin1.17.0-rc2. 32713 CVE- 2026- InsufficientpolicyenforcementinDevToolsinGoogleChromepriorto146.0.7680.71allowedaremoteattackertobypassnavigationrestrictionsviaacraftedHTMLpage.(Chromiumsecurityseverity:Low) 3941 CVE- 2026- MissingAuthorizationvulnerabilityinSyedBalkhiContactFormbyWPFormswpforms-liteallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsContactFormbyWPForms:fromn/athrough<=1.9.9.3. 32446 CVE- 2026- Mattermostversions11.3.x<=11.3.0,11.2.x<=11.2.2,10.11.x<=10.11.10failtoboundmemoryallocationwhenprocessingPSDimagefileswhichallowsanauthenticatedattackertocauseservermemoryexhaustionanddenialofserviceviauploadingaspeciallycraftedPSDfile.MattermostAdvisoryID:MMSA-2026-00572 26246 CVE- 2026- AnythingLLMisanapplicationthatturnspiecesofcontentintocontextthatanyLLMcanuseasreferencesduringchatting.In1.11.1andearlier,TheImportedPlugin.importCommunityItemFromUrl()functioninserver/utils/agents/imported.jsdownloadsaZIPfilefromacommunityhubURLandextractsitusingAdmZip.extractAllTo()withoutvalidatingfilepathswithinthearchive.ThisenablesaZipSlippathtraversalattackthatcanleadtoarbitrarycodeexecution. 32719 CVE- 2026- AflawwasidentifiedintheAccountRESTAPIofKeycloakthatallowsauserauthenticatedatalowersecurityleveltoperformsensitiveactionsintendedonlyforhigher-assurancesessions.Specifically,anattackerwhohasalreadyobtainedavictim’spasswordcandeletethevictim’sregisteredMFA/OTPcredentialwithoutfirstprovingpossessionofthatfactor.TheattackercanthenregistertheirownMFAdevice,effectivelytakingfullcontroloftheaccount.Thisweaknessunderminestheintendedprotectionprovidedbymulti-factorauthentication. 3429 CVE- 2026- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom1.0before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticatedusertocauserepositorydownloadstocontaindifferentcodethandisplayedinthewebinterfaceduetoincorrectvalidationofbranchreferencesundercertaincircumstances. 1230 CVE- 2026- Gokapiisaself-hostedfilesharingserverwithautomaticexpirationandencryptionsupport.Priorto2.2.4,AninsufficientauthorizationcheckinthefilereplaceAPIallowsauserwithonlylistvisibilitypermission(UserPermListOtherUploads)todeleteanotheruser'sfilebyabusingthedeleteNewFileflag,bypassingtherequirementforUserPermDeleteOtherUploads.Thisvulnerabilityisfixedin2.2.4. 30943 CVE- 2026- libexpatbefore2.7.5allowsaninfiniteloopwhileparsingDTDcontent. 32777 CVE- 2026- libexpatbefore2.7.5allowsaNULLpointerdereferencewithemptyexternalparameterentitycontent. 32776 CVE- 2026- Aflawwasfoundinlibsoup.AnattackercontrollingthevalueusedtosettheContent-TypeheadercaninjectaCarriageReturnLineFeed(CRLF)sequenceduetoimproperinputsanitizationinthe`soupmessageheaderssetcontenttype()function.Thisvulnerabilityallowsfortheinjectionofarbitraryheader-valuepairs,potentiallyleadingtoHTTPheaderinjectionandresponsesplittingattacks. 3634 CVE- 2026- Aflawwasfoundinlibsoup.Aremoteattacker,bycontrollingthemethodparameterofthesoupmessagenew()`function,couldinjectarbitraryheadersandadditionalrequestdata.Thisvulnerability,knownasCRLF(CarriageReturnLineFeed)injection,occursbecausethemethodvalueisnotproperlyescapedduringrequestlineconstruction,potentiallyleadingtoHTTPrequestinjection. 3633 CVE- Aflawwasfoundinlibsoup,alibraryusedbyapplicationstosendnetworkrequests.Thisvulnerabilityoccursbecauselibsoupdoesnotproperlyvalidatehostnames,allowingspecialcharacterstobeinjectedintoHTTPheaders.AremoteattackercouldexploitthistoperformHTTPsmuggling,wheretheycansendhidden,maliciousrequestsalongsidelegitimateones.Incertainsituations,thiscouldleadtoServer-SideRequestForgery(SSRF),enablinganattackertoforcetheservertomakeunauthorizedrequeststootherinternalorexternalsystems.Theimpactislow,as2026- SoupServerisnotactuallyusedininternetinfrastructure.3632 CVE- 2026- AvulnerabilitywasdeterminedinSSCMSupto7.4.0.ThisvulnerabilityaffectsthefunctionPathUtils.RemoveParentPathofthefile/api/admin/plugins/install/actions/download.Thismanipulationoftheargumentpathcausespathtraversal.Remoteexploitationoftheattackispossible.Theexploithasbeenpubliclydisclosedandmaybeutilized.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4222 CVE- 2026- Avulnerabilitywasdetectedinprojectsenduptor1945.Thisaffectsthefunctionrealpathofthefile/import-orphans.phpofthecomponentDeleteHandler.Performingamanipulationoftheargumentfiles[]resultsinpathtraversal.Remoteexploitationoftheattackispossible.Theexploitisnowpublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4044 CVE- 2026- Mattermostversions10.11.x<=10.11.10failtoproperlyvalidatepermissionrequirementsintheteammemberrolesAPIendpointwhichallowsteamadministratorstodemotememberstoguestrole.MattermostAdvisoryID:MMSA-2025-00531 26230 CVE- 2026- MalformedATAES132Aresponseswithanoversizedlengthfieldoverflowa52-bytestackbufferintheZephyrcryptodriver,allowingacompromiseddeviceorbusattackertocorruptkernelmemoryandpotentiallyhijackexecution. 0849 CVE- 2026- AnythingLLMisanapplicationthatturnspiecesofcontentintocontextthatanyLLMcanuseasreferencesduringchatting.In1.11.1andearlier,Thetwogenericsystem-preferencesendpointsallowmanagerroleaccess,whileeveryothersurfacethattouchesthesamesettingsisrestrictedtoadminonly.Becauseofthisinconsistency,amanagercancallthegenericendpointsdirectlytoreadplaintextSQLdatabasecredentialsandoverwriteadmin-onlyglobalsettingssuchasthedefaultsystempromptandtheCommunityHubAPIkey. 32715

CVE- Asecurityflawhasbeendiscoveredinperfreego-fastdfs-webupto1.3.7.ThisaffectsthefunctionrememberMeManagerofthefilesrc/main/java/com/perfree/config/ShiroConfig.javaofthecomponentApacheShiroRememberMe.Performingamanipulationresultsinuseofhard-codedcryptographickey anyway. CVE- 2025- Mumblebefore1.6.870ispronetoanout-of-boundsarrayaccess,whichmayresultindenialofservice(clientcrash).

71264 CVE- HCLNomadserveronDominodidnotconfiguretheframe-ancestorsdirectiveintheContent-Security-Policyheaderbydefaultwhichcouldallowanattackertoobtainsensitiveinformationviaunspecifiedvectors. 62328 CVE- 2025- IBMSterlingPartnerEngagementManager6.2.3.0through6.2.3.5and6.2.4.0through6.2.4.2couldallowaremoteattackertoobtainsensitiveinformationincleartextinacommunicationchannelthatcanbesniffedbyunauthorizedactors. 13718 CVE- Copypartyisaportablefileserver.Priorto1.20.12,ifanattackerhasbeengivenbothread-andwrite-permissionstotheserver,theycanuploadamaliciousfilewiththefilename.prologue.htmlandthencraftalinktopotentiallyexecutearbitraryJavaScriptinthevictim'scontext.NotethatitisintendedbehaviorthattheJavaScriptwouldexecuteifthetargetclicksalinktotheHTMLfileitself;"https://example.com/foo/.prologue.html".Thevulnerabilityisthat"https://example.com/foo/?b"wouldalsoevaluatethefile,makingthebehaviorunexpected.Thereareexisting2026- preventativemeasures(strictSameSitecookies)whichmakesithardertoleveragethisvulnerabilityinanattack;inordertogaincontrolofthetarget'sauthenticatedsession,thelinkmustbeclickedfromapageservedbytheserveritself--mostlikelybyeditinganexistingresource,whichwouldrequireadditionalaccesspermissions.Finally,forthisattacktobesuccessful,theattacker'stargetmustclickthespecificcraftedlinkgivenbytheattacker.Thisvulnerabilityisnotactivatedbynormallybrowsingtheweb-UIontheserver.Thisvulnerabilityisfixedin1.20.12.32109 CVE- 2026- Aflawhasbeenfoundinprojectsenduptor1945.Thisimpactsanunknownfunctionofthefileincludes/Classes/Auth.php.Executingamanipulationoftheargumentldapemailcanleadtoobservableresponsediscrepancy.Theattackcanbeexecutedremotely.Ahighcomplexitylevelisassociatedwiththisattack.Theexploitabilityissaidtobedifficult.Theexploithasbeenpublishedandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4045 CVE- 2026- wpDiscuzbefore7.6.47containsanemailheaderinjectionvulnerabilitythatallowsattackerstomanipulatemailrecipientsbyinjectingmaliciousdataintothecommentauthoremailcookie.Attackerscancraftamaliciouscookievaluethat,whenprocessedthroughurldecode()andpassedtowpmail()functions,enablesheaderinjectiontoalteremailrecipientsorinjectadditionalheaders. 22204 CVE- 2026- TheGL-iNetComet(GL-RM1)KVMconnectstoaGL-iNetsiteduringboot-uptoprovisionclientandCAcertificates.TheGL-RM1doesnotverifycertificatesusedforthisconnection,allowinganattacker-in-the-middletoserveinvalidclientandCAcertificates.TheGL-RM1willattempttousetheinvalidcertificatesandfailtoconnecttothelegitimateGL-iNetKVMcloudservice. 32293 CVE- 2026- DellAlienwareCommandCenter(AWCC),versionspriorto6.12.24.0,containanImproperAccessControlvulnerability.Alowprivilegedattackerwithlocalaccesscouldpotentiallyexploitthisvulnerability,leadingtoDenialofservice. 24509 CVE- 2026- AnytypeHeartisthemiddlewarelibraryforAnytype.Thechallenge-basedauthenticationforthelocalgRPCclientAPIcanbebypassed,allowinganattackertogainaccesswithoutthe4-digitcode.Thisvulnerabilityisfixedinanytype-heart0.48.4,anytype-cli0.1.11,andAnytypeDesktop0.54.5. 31863 CVE- 2026- AsecurityflawhasbeendiscoveredinCampcodesDivisionRegionalAthleticMeetGameResultMatrixSystem2.1.Thisaffectsanunknownpartofthefilesave-games.php.Themanipulationoftheargumentgamenameresultsincrosssitescripting.Theattackmaybeperformedfromremote.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks. 3983 CVE- 2026- AvulnerabilitywasdetectedinPHPEMS11.0.Theaffectedelementisanunknownfunctionofthefile/index.php?ask=app-ask.Performingamanipulationoftheargumentaskcontentresultsincrosssitescripting.Theattackispossibletobecarriedoutremotely.Theexploitisnowpublicandmaybeused. 3946 CVE- 2026- AvulnerabilitywasdeterminedinUEditorupto1.4.3.2.Thisissueaffectssomeunknownprocessingofthefilephp/controller.php?action=uploadimageofthecomponentJSONPCallbackHandler.Thismanipulationoftheargumentcallbackcausescrosssitescripting.Theattackcanbeinitiatedremotely.Theexploithasbeenpubliclydisclosedandmaybeutilized.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway.Thisvulnerabilityonlyaffectsproductsthatarenolongersupportedbythemaintainer. 4186 CVE- 2026- AweaknesshasbeenidentifiedinCampcodesDivisionRegionalAthleticMeetGameResultMatrixSystem2.1.Thisvulnerabilityaffectsunknowncodeofthefilesaveupathlete.php.Thismanipulationoftheargumentanamecausescrosssitescripting.Itispossibletoinitiatetheattackremotely.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks. 3984 CVE- 2026- AvulnerabilitywasfoundinLagomWHMCSTemplateupto2.3.7.ImpactedisanunknownfunctionofthecomponentDatatables.Themanipulationresultsinimproperlycontrolledmodificationofobjectprototypeattributes.Itispossibletolaunchtheattackremotely.Theexploithasbeenmadepublicandcouldbeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4239 CVE- 2026- AvulnerabilitywasfoundinWavlinkWL-NU516U1240425.Theimpactedelementisthefunctionsub404F68ofthefile/cgi-bin/login.cgi.Themanipulationoftheargumenthomepage/hostnameresultsincrosssitescripting.Theattackcanbelaunchedremotely.Theexploithasbeenmadepublicandcouldbeused.Thevendorwascontactedearlyaboutthisdisclosure. 4166 CVE- 2025- GitLabhasremediatedanissueinGitLabEEaffectingallversionsfrom18.2before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticatedusertoaccessVirtualRegistrydataingroupswheretheyarenotmembersduetoimproperauthorizationundercertainconditions. 12704 CVE- AvulnerabilitywasdeterminedinAureusERPupto1.3.0-BETA2.Theaffectedelementisanunknownfunctionofthefileplugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.phpofthecomponentChatterMessageHandler.Executingamanipulationoftheargumentsubject/bodycanleadtocrosssitescripting.Theattackcanbelaunchedremotely.Upgradingtoversion1.3.0-BETA1issufficienttofixthisissue.Thispatchiscalled2135ee7efff4090e70050b63015ab5e268760ec8.Itissuggestedtoupgradetheaffected2026- component.4175 CVE- 2026- telnetinGNUinetutilsthrough2.7allowsserverstoreadarbitraryenvironmentvariablesfromclientsviaNEWENVIRONSENDUSERVAR. 32772 CVE- 2025- inOpenHarmonyv5.0.3andpriorversionsallowalocalattackercauseinformationimproperinput.Thisvulnerabilitycanbeexploitedonlyinrestrictedscenarios. 26474 CVE- 2026- Avulnerabilitywasdeterminedinrxifeuptoed4cda96bd582cbb08520964ba627efb40f3dd91.Theimpactedelementisthefunctionread_ofthefilesrc/fe.c.Thismanipulationwiththeinput1causesout-of-boundsread.Theattackrequireslocalaccess.Theexploithasbeenpubliclydisclosedandmaybeutilized.Thisproductusesarollingreleasemodeltodelivercontinuousupdates.Asaresult,specificversioninformationforaffectedorupdatedreleasesisnotavailable.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotrespondedyet. 4012 CVE- 2025- HCLAIONisaffectedbyavulnerabilitywhereinternalfilesystempathsmaybeexposedthroughapplicationresponsesorsystembehaviour.Exposureofinternalpathsmayrevealenvironmentstructuredetailswhichcouldpotentiallyaidinfurthertargetedattacksorinformationdisclosure. 52642 CVE- inOpenHarmonyv6.0andpriorversionsallowalocalattackercaseDOSthroughmissingreleaseofmemory.

CVE- 2026- AvulnerabilitywasidentifiedinOpenClawupto2026.2.17.Thisissueaffectsthefunctiontools.exec.safeBinsofthecomponentFileExistenceHandler.Themanipulationleadstoinformationexposurethroughdiscrepancy.Theattackneedstobeperformedlocally.Upgradingtoversion2026.2.19-beta.1iscapableofaddressingthisissue.Theidentifierofthepatchisbafdbb6f112409a65decd3d4e7350fbd637c7754.Upgradingtheaffectedcomponentisadvised.

CVE- Avulnerabilitywasidentifiedinstrukturaglibheifupto1.21.2.ThisimpactsthefunctionTrack::loadofthefilelibheif/sequences/track.ccofthecomponentstsz/stts.Themanipulationleadstoout-of-boundsread.Theattackneedstobeperformedlocally.Theexploitispubliclyavailableandmightbeused.Applyingapatchistherecommendedactiontofixthisissue.Thepatchavailableisinofficialandnotapprovedyet.

CVE- Avulnerabilityhasbeenfoundinjarikomppasoloudupto20200207.Impactedisthefunctiondrwavreadpcmframess16_msadpcminthelibrarysrc/audiosource/wav/drwav.hofthecomponentWAVFileParser.Themanipulationleadstoout-of-boundsread.Theattackneedstobeperformedlocally.Theexploithasbeendisclosedtothepublicandmaybeused.Upgradingtoversion20200207isrecommendedtoaddressthisissue.Itisrecommendedtoupgradetheaffectedcomponent.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnot2026- respondedyet.4009 CVE- 2026- Avulnerabilitywasdeterminedinstrukturaglibheifupto1.21.2.Thisaffectsthefunctionvvdecpushdata2ofthefilelibheif/plugins/decodervvdec.ccofthecomponentHEIFFileParser.Executingamanipulationoftheargumentsizecanleadtoout-of-boundsread.Theattackneedstobelaunchedlocally.Theexploithasbeenpubliclydisclosedandmaybeutilized.Thispatchiscalledb97c8b5f198b27f375127cd597a35f2113544d03.Itisadvisabletoimplementapatchtocorrectthisissue. 3949 CVE- 2026- AflawhasbeenfoundinINDEXConferences&ExhibitionsOrganizationYWFBPOFAPGCSAppupto1.0.2onAndroid.Affectedbythisvulnerabilityisanunknownfunctionalityofthefilecom/index/event/BuildConfig.javaofthecomponentae.index.apgcs.ExecutingamanipulationoftheargumentACCESSKEY/HASHKEYcanleadtohard-codedcredentials.Theattackisrestrictedtolocalexecution.Theexploithasbeenpublishedandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4219 CVE- AvulnerabilitywasfoundinThakeeNatheespocketlanguptocc73ca61b113d48ee130d837a7a8b145e41de5ce.TheaffectedelementisthefunctionpkByteBufferAddString.Themanipulationoftheargumentlengthwiththeinput4294967290resultsinmemorycorruption.Theattackrequiresalocalapproach.Theexploithasbeenmadepublicandcouldbeused.Thisproductdoesnotuseversioning.Thisiswhyinformationaboutaffectedandunaffectedreleasesareunavailable.Theprojectwasinformedoftheproblemearlythroughanissuereportbuthasnotresponded2026- yet.4010 CVE- 2025- EasyGradePro4.1.0.2containsafileparsinglogicflawinthehandlingofproprietary.EGPgradebookfiles.Bymodifyingspecificfieldsatpreciseoffsetswithinanotherwisevalid.EGPfile,anattackercantriggeranout-of-boundsmemoryreadduringparsing.Thisresultsinanunhandledaccessviolationandapplicationcrash,leadingtoalocaldenial-of-serviceconditionwhenthecraftedfileisopenedbyauser. 70330 CVE- AvulnerabilityhasbeenfoundinRadare25.9.9.Thisissueaffectsthefunctionwalkexportstrieofthefilelibr/bin/format/mach0/mach0.cofthecomponentMach-OFileParser.Suchmanipulationleadstoresourceconsumption.Theattackcanonlybeperformedfromalocalenvironment.Theexploithasbeendisclosedtothepublicandmaybeused.Theexistenceofthisvulnerabilityisstilldisputedatpresent.Upgradingtoversion6.1.2iscapableofaddressingthisissue.Thenameofthepatchis4371ae84c99c46b48cb21badbbef06b30757aba0.Youshouldupgradethe2026- affectedcomponent.Thecodemaintainerstatesthat,"[he]wontconsiderthisbugaDoS".4174 CVE- 2025- IBMSterlingPartnerEngagementManager6.2.3.0through6.2.3.5and6.2.4.0through6.2.4.2couldallowanattackertoobtainsensitiveinformationfromthequerystringofanHTTPGETmethodtoprocessarequestwhichcouldbeobtainedusingmaninthemiddletechniques. 14811 CVE- 2026- Mattermostversions10.11.x<=10.11.10failtovalidateuser'sauthenticationmethodwhenprocessingaccountauthtypeswitchwhichallowsanauthenticatedattackertochangeaccountpasswordwithoutconfirmationviafalselyclaimingadifferentauthprovider..MattermostAdvisoryID:MMSA-2026-00583 22545 CVE- 2026- AdobeCommerceversions2.4.9-alpha3,2.4.8-p3,2.4.7-p8,2.4.6-p13,2.4.5-p15,2.4.4-p16andearlierareaffectedbyaURLRedirectiontoUntrustedSite('OpenRedirect')vulnerability.Anattackercouldleveragethisvulnerabilitytoredirectuserstomaliciouswebsites.Exploitationofthisissuerequiresuserinteraction. 21295 CVE- 2026- FreeRDPisafreeimplementationoftheRemoteDesktopProtocol.Priorto3.24.0,IntegerUnderflowinupdatereadcachebitmaporderFunctionofFreeRDP'sCoreLibraryThisvulnerabilityisfixedin3.24.0. 29776 CVE- 2026- Side-channelinformationleakageinResourceTiminginGoogleChromepriorto146.0.7680.71allowedaremoteattackertoleakcross-origindataviaacraftedHTMLpage.(Chromiumsecurityseverity:Medium) 3929 CVE- 2026- AflawwasfoundinKeycloak.AnauthorizationbypassvulnerabilityintheKeycloakAdminAPIallowsanyauthenticateduser,eventhosewithoutadministrativeprivileges,toenumeratetheorganizationmembershipsofotherusers.Thisinformationdisclosureoccursiftheattackerknowsthevictim'suniqueidentifier(UUID)andtheOrganizationsfeatureisenabled. 2366 CVE- OpenProjectisanopen-source,web-basedprojectmanagementsoftware.Priorto17.2.0,OpenProjectSMTPtestendpoint(POST/admin/settings/mailnotifications)acceptsarbitraryhostandportvaluesandexhibitsmeasurabledifferencesinresponsebehaviourdependingonwhetherthetargetIPexistsandwhethertheportisopen.Anattackerwithaccesscanusethesetiminganderrordistinctionstomapinternalhostsandidentifywhichservices/portsarereachable.Similarly,youcancreatewebhooksinOpenProjectandpointthemtoarbitraryIPs,resultinginthesame2026- kindofSSRFissuewhichallowsattackerstoscantheinternalnetwork.Thisvulnerabilityisfixedin17.2.0.31974 CVE- 2026- libexpatbefore2.7.5allowsaNULLpointerdereferenceinthefunctionsetContextonretryafteranearlierouf-of-memorycondition. 32778 CVE- 2026- ApotentialvulnerabilitywasreportedintheLenovoFileZAndroidapplicationthat,undercertainconditions,couldallowalocalauthenticatedusertoretrievesomesensitivedatastoredinalogfile. 0520 CVE- 2025- RaythaCMSisvulnerabletoServer-SideRequestForgeryinthe“Themes-ImportfromURL”feature.ItallowsanattackerwithhighprivilegestoprovidetheURLforredirectingserver-sideHTTPrequest. 69239 CVE- 2025- IBMAsperaConsole3.3.0through3.4.8couldallowaprivilegedusertocauseadenialofserviceduetoimproperenforcementofbehavioralworkflow. 13459 CVE- 2026- MissingAuthorizationvulnerabilityinElementorElementorWebsiteBuilderelementorallowsExploitingIncorrectlyConfiguredAccessControlSecurityLevels.ThisissueaffectsElementorWebsiteBuilder:fromn/athrough<=3.35.5. 32445 CVE- AnythingLLMisanapplicationthatturnspiecesofcontentintocontextthatanyLLMcanuseasreferencesduringchatting.In1.11.1andearlier,inmulti-usermode,AnythingLLMblockssuspendedusersonthenormalJWT-backedsessionpath,butitdoesnotblockthemonthebrowserextensionAPIkeypath.Ifauseralreadyhasavalidbrx-...browserextensionAPIkey,thatkeycontinuestoworkaftersuspension.Asaresult,asuspendedusercanstillaccessbrowserextensionendpoints,readreachableworkspacemetadata,andcontinueuploadorembedoperations2026- eventhoughnormalauthenticatedrequestsarerejected.32717

CVE- Avulnerabilitywasidentifiedintaoofagieasegen-adminupto8f87936ac774065b92fb20aab55b274a6ea76433.ImpactedisthefunctionrecognizeMarkdownofthefileyudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java.SuchmanipulationoftheargumentfileUrlleadstopathtraversal.Itispossibletolaunchtheattackremotely.Theexploitispubliclyavailableandmightbeused.Thisproducttakestheapproachofrollingreleasestoprovidecontiniousdelivery.Therefore,versiondetailsfor affectedandupdatedreleasesarenotavailable.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. CVE- 2026- AflawwasfoundinKeycloak.Anauthenticateduserwiththeview-usersrolecouldexploitavulnerabilityintheUserResourcecomponent.Byaccessingaspecificadministrativeendpoint,thisusercouldimproperlyretrieveuserattributesthatwereconfiguredtobehidden.Thisunauthorizedinformationdisclosurecouldexposesensitiveuserdata.

CVE- HCLSametimeisvulnerabletobrokenserver-sidevalidation.Whiletheapplicationperformsclient-sideinputchecks,thesearenotenforcedbythewebserver.AnattackercanbypasstheserestrictionsbysendingmanipulatedHTTPrequestsdirectlytotheserver. 31966 CVE- AsecurityflawhasbeendiscoveredinBabyChakraPregnancy&ParentingAppupto5.4.3.0onAndroid.Thisaffectsanunknownfunctionofthefilefileapp/babychakra/babychakra/Configuration.javaofthecomponentapp.babychakra.babychakra.PerformingamanipulationoftheargumentSEGMENTWRITEKEYresultsinunprotectedstorageofcredentials.Theattackneedstobeapproachedlocally.Thecomplexityofanattackisratherhigh.Theexploitabilityisreportedasdifficult.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks.Thevendorwas2026- contactedearlyaboutthisdisclosurebutdidnotrespondinanyway.4242 CVE- AsecurityvulnerabilityhasbeendetectedinXREALNebulaAppupto3.2.1onAndroid.Thisimpactsanunknownfunctionofthefileinai/nreal/nebula/flutterPlugin/CloudStoragePlugin.javaofthecomponentai.nreal.nebula.universal.SuchmanipulationoftheargumentaccessKey/secretAccessKey/securityTokenleadstounprotectedstorageofcredentials.Theattackcanonlybeperformedfromalocalenvironment.Theattackrequiresahighlevelofcomplexity.Theexploitabilityissaidtobedifficult.Theexploithasbeendisclosedpubliclyandmaybeused.Thevendorwas2026- contactedearlyaboutthisdisclosurebutdidnotrespondinanyway.4217 CVE- 2026- DellAlienwareCommandCenter(AWCC),versionspriorto6.12.24.0,containanImproperCertificateValidationvulnerability.Alowprivilegedattackerwithlocalaccesscouldpotentiallyexploitthisvulnerability,leadingtoInformationexposure. 24508 CVE- AvulnerabilitywasdeterminedinCityDataCityChatupto0.12.6onAndroid.Affectedbythisvulnerabilityisanunknownfunctionalityofthefileresources/assets/flutterassets/assets/credentials.jsonofthecomponentai.citydata.citychat.Executingamanipulationcanleadtounprotectedstorageofcredentials.Theattackrequireslocalaccess.Ahighcomplexitylevelisassociatedwiththisattack.Theexploitationappearstobedifficult.Theexploithasbeenpubliclydisclosedandmaybeutilized.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondin2026- anyway.4251 CVE- AweaknesshasbeenidentifiedinLaNacionApp10.2.25onAndroid.Thisimpactsanunknownfunctionofthefilesource/app/lanacion/clublanacion/BuildConfig.javaofthecomponentapp.lanacion.activity.ExecutingamanipulationoftheargumentAPIKEYWEBSOCKETCVcanleadtounprotectedstorageofcredentials.Theattackcanonlybeexecutedlocally.Ahighcomplexitylevelisassociatedwiththisattack.Theexploitabilityissaidtobedifficult.Theexploithasbeenmadeavailabletothepublicandcouldbeusedforattacks.Thevendorwascontactedearlyabout2026- thisdisclosurebutdidnotrespondinanyway.4243 CVE- 2026- AvulnerabilitywasfoundinAlbertSağlıkHizmetleriveTicaretAlbertHealthupto1.7.3onAndroid.Affectedisanunknownfunctionofthefileresources/assets/service-account.jsonofthecomponentGoogleCloudServiceAccountKeyHandler.Performingamanipulationresultsinunprotectedstorageofcredentials.Theattackrequiresalocalapproach.Thecomplexityofanattackisratherhigh.Theexploitabilityistoldtobedifficult.Theexploithasbeenmadepublicandcouldbeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4250 CVE- 2026- AvulnerabilitywasdetectedinmyAEDESAppupto1.18.4onAndroid.Affectedisanunknownfunctionofthefileaedes/me/beta/utils/EngageBayUtils.javaofthecomponentaedes.me.beta.PerformingamanipulationoftheargumentAUTHKEYresultsininformationdisclosure.Theattackisonlypossiblewithlocalaccess.Theattack'scomplexityisratedashigh.Theexploitabilityistoldtobedifficult.Theexploitisnowpublicandmaybeused.Thevendorwascontactedearlyaboutthisdisclosurebutdidnotrespondinanyway. 4218 CVE- AvulnerabilitywasidentifiedinTecnickTCExam16.5.0.Thisimpactsanunknownfunctionofthefile/admin/code/tceeditgroup.phpofthecomponentGroupHandler.SuchmanipulationoftheargumentNameleadstocrosssitescripting.Theattackmaybelaunchedremotely.Theexploitispubliclyavailableandmightbeused.Thepresenceofthisvulnerabilityremainsuncertainatthistime.Theaffectedcomponentshouldbeupgraded.Thevendorexplained:"IwasnotabletoreproducethesameexploitastheTCExamversionwasalreadyadvancedinthemeanwhile."2026- Therefore,itcanbeassumedthatthisissuegotfixedinalaterrelease.4168 CVE- AsecurityflawhasbeendiscoveredinTecnickTCExamupto16.6.0.AffectedisthefunctionFxmlexportusersofthefileadmin/code/tcexmlusers.phpofthecomponentXMLExport.Performingamanipulationresultsincrosssitescripting.Remoteexploitationoftheattackispossible.Therearestilldoubtsaboutwhetherthisvulnerabilitytrulyexists.Upgradingtoversion16.6.1isabletoaddressthisissue.Thepatchisnamed899b5b2fa09edfe16043f07265e44fe2022b7f12.Itissuggestedtoupgradetheaffectedcomponent.Whenthevendorwasinformedabout2026- anothersecurityissue,heidentifiedandfixedthisflawduringanalysis.Hedoubtstheimpactofthis:"However,thisisdifficulttojustifyassecurityissue.Itrequirestobeadministratortobothcreateandconsumetheexploit.Administratorscandoprettymuchanythingintheplatform,soIdon'tseethepointofthisfromasecurityperspective."ThisisreflectedbytheCVSSvector.4169 CVE- 2026- AvulnerabilityhasbeenfoundinWorksuiteHR,CRMandProjectManagementupto5.5.25.Theaffectedelementisanunknownfunctionofthefile/account/orders/create.ThemanipulationoftheargumentClientNoteleadstocrosssitescripting.Theattackcanbeinitiatedremotely.Theexploithasbeendisclosedtothepublicandmaybeused. 4165 CVE- 2026- AsecurityflawhasbeendiscoveredinCMSMadeSimpleupto2.2.21.Impactedisanunknownfunctionofthefileadmin/listusers.phpofthecomponentUserManagementModule.PerformingamanipulationoftheargumentMessageresultsincrosssitescripting.Theattackispossibletobecarriedoutremotely.Theexploithasbeenreleasedtothepublicandmaybeusedforattacks. 4225 CVE- 2025- GitLabhasremediatedanissueinGitLabCE/EEaffectingallversionsfrom15.5before18.7.6,18.8before18.8.6,and18.9before18.9.2thatcouldhaveallowedanauthenticateduserwithmaintainer-rolepermissionstorevealDatadogAPIcredentialsundercertainconditions. 12697 CVE- 2025- HCLAIONisaffectedbyavulnerabilitywherecertainofferingconfigurationsmaypermitexecutionofpotentiallyharmfulSQLqueries.Impropervalidationorrestrictionsonqueryexecutioncouldexposethesystemtounintendeddatabaseinteractionsorlimitedinformationexposureunderspecificconditions. 52646 CVE- 2026- Acompromisedthirdpartycloudserverorman-in-the-middleattackercouldsendamalformedHTTPresponseandcauseacrashinapplicationsusingtheMongoDBCdriver. 4359 CVE- 2025- HCLAIONisaffectedbyavulnerabilitywheremodelpackaginganddistributionmechanismsmaynotincludesufficientauthenticityverification.Thismayallowthepossibilityofunverifiedormodifiedmodelartifactsbeingused,potentiallyleadingtointegrityconcernsorunintendedbehaviour. 52645 CVE- 2025- HCLAIONisaffectedbyavulnerabilityrelatedtothehandlingofuploadsizelimits.Impropercontrolorvalidationofuploadsizesmayallowexcessiveresourceconsumption,whichcouldpotentiallyleadtoservicedegradationordenial-of-serviceconditionsundercertainscenarios. 52636 CVE- 2025- HCLAIONisaffectedbyavulnerabilitywherecertainidentifiersmaybepredictableinnature.Predictableidentifiersmayallowanattackertoinferorguesssystem-generatedvalues,potentiallyleadingtolimitedinformationdisclosureorunintendedaccessunderspecificconditions. 52649 CVE- 2026- FreeRDPisafreeimplementationoftheRemoteDesktopProtocol.Priorto3.24.0,thereisanout-of-boundsreadinfreerdpbitmapdecompress_planarwhenSrcSizeis0.Thefunctiondereferences*srcp(whichpointstopSrcData)withoutfirstverifyingthatSrcSize>=1.WhenSrcSizeis0andpSrcDataisnon-NULL,thisreadsonebytepasttheendofthesourcebuffer.Thisvulnerabilityisfixedin3.24.0. 31897 CVE- 2026- Unheadisadocumentheadandtemplatemanager.Priorto2.1.11,Thelink.hrefcheckinmakeTagSafe(safe.ts)usesString.includes(),whichiscase-sensitive.BrowserstreatURIschemescase-insensitively.DATA:text/css,...isthesameasdata:text/css,...tothebrowser,but'DATA:...'.includes('data:')returnsfalse.AnattackercaninjectarbitraryCSSforUIredressingordataexfiltrationviaCSSattributeselectorswithbackground-imagecallbacks.Thisvulnerabilityisfixedin2.1.11. 31873

CVE- Backstageisanopenframeworkforbuildingdeveloperportals.Priorto0.27.1,aServer-SideRequestForgery(SSRF)vulnerabilityexistsin@backstage/plugin-auth-backendwhenauth.experimentalClientIdMetadataDocuments.enabledissettotrue.TheCIMDmetadatafetchvalidatestheinitialclientidhostnameagainstprivateIPrangesbutdoesnotapplythesamevalidationafterHTTPredirects.Thepracticalimpactislimited.Theattackercannotreadtheresponsebodyfromtheinternalrequest,cannotcontrolrequestheadersormethod,andthefeaturemustbe explicitlyenabledviaanexperimentalflagthatisoffbydefault.DeploymentsthatrestrictallowedClientIdPatternstospecifictrusteddomainsarenotaffected.Patchedin@backstage/plugin-auth-backendversion0.27.1.32236 CVE- 2026- Emlogisanopensourcewebsitebuildingsystem.In2.6.6andearlier,thedeleteasyncaction(asynchronousdelete)lacksacalltoLoginAuth::checkToken(),enablingCSRFattacks.

31954 CVE- ExcessivecachingofauthenticationcontextinNeo4jEnterpriseeditionversionspriorto2026.01.4leadstoauthenticatedusersinheritingthecontextofthefirstuserwhoauthenticatedafterrestart.Theissueislimitedtocertainnon-defaultconfigurationsofSSO(UserInfoendpoint).Werecommendupgradingtoversions2026.01.4(or5.26.22)wheretheissueisfixed.

CVE- GStreamerRIFFPaletteIntegerOverflowRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- executecodeinthecontextofthecurrentprocess.WasZDI-CAN-28854.2921 CVE- AngularisadevelopmentplatformforbuildingmobileanddesktopwebapplicationsusingTypeScript/JavaScriptandotherlanguages.Priorto22.0.0-next.3,21.2.4,20.3.18,and19.2.20,aCross-SiteScripting(XSS)vulnerabilityhasbeenidentifiedintheAngularruntimeandcompiler.Itoccurswhentheapplicationusesasecurity-sensitiveattribute(forexamplehrefonananchortag)togetherwithAngular'sabilitytointernationalizeattributes.Enablinginternationalizationforthesensitiveattributebyaddingi18n- namebypassesAngular'sbuilt-insanitization2026- mechanism,whichwhencombinedwithadatabindingtountrusteduser-generateddatacanallowanattackertoinjectamaliciousscript.Thisvulnerabilityisfixedin22.0.0-next.3,21.2.4,20.3.18,and19.2.20.32635 CVE- 2026- ImproperpermissionenforcementinCheckmkversions2.4.0before2.4.0p23,2.3.0before2.3.0p43,and2.2.0(EOL)allowsunauthenticateduserstoenumerateexistinghostsbyobservingdifferentHTTPresponsecodesindeployagentendpoint,whichcouldleadtoinformationdisclosure. 2859 CVE- 2026- SocomecDIRISA-40HTTPAPIAuthenticationBypassVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstobypassauthenticationonaffectedinstallationsofSocomecDIRISA-40powermonitoringdevices.Authenticationisnotrequiredtoexploitthisvulnerability. 2491 CVE- 2026- CloudCLI(akaClaudeCodeUI)isadesktopandmobileUIforClaudeCode,CursorCLI,Codex,andGemini-CLI.Priorto1.25.0,OSCommandInjectionviaWebSocketShell.BothprojectPathandinitialCommandinserver/index.jsaretakendirectlyfromtheWebSocketmessagepayloadandinterpolatedintoabashcommandstringwithoutanysanitization,enablingarbitraryOScommandexecution.AsecondaryinjectionvectorexistsviaunsanitizedsessionId.Thisvulnerabilityisfixedin1.25.0. 31975 CVE- 2025- NULLPointerDereferencevulnerabilityinSoftingIndustrialAutomationGmbHsmartLinkSW-HT(Webservermodules)allowsHTTPDoS.ThisissueaffectssmartLinkSW-HT:1.43. 13406 CVE- 2026- TheextensionfailstoproperlyresetthegeneratedMFAcodeaftersuccessfulauthentication.ThisleadstoapossibleMFAbypassforfutureloginattemptsbyprovidinganemptystringasMFAcodetotheextensionsMFAprovider. 4208 CVE- 2026- 27260 CVE- 2026- IceWarpcollaborationDirectoryTraversalInformationDisclosureVulnerability.ThisvulnerabilityallowsremoteattackerstodisclosesensitiveinformationonaffectedinstallationsofIceWarp.Authenticationisnotrequiredtoexploitthisvulnerability. 2493 CVE- GStreamerASFDemuxerHeap-basedBufferOverflowRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- thisvulnerabilitytoexecutecodeinthecontextofthecurrentprocess.WasZDI-CAN-28843.2920 CVE- ThisHighseverityRCE(RemoteCodeExecution)vulnerabilitywasintroducedinversions9.6.0,10.0.0,10.1.0,10.2.0,11.0.0,11.1.0,12.0.0,and12.1.0ofBambooDataCenter.2026- thanorequalto9.6.24BambooDataCenter10.2:Upgradetoareleasegreaterthanorequalto10.2.16BambooDataCenter12.1:Upgradetoareleasegreaterthanorequalto12.1.321570 CVE- GStreamerDVBSubtitlesOut-Of-BoundsWriteRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- inthecontextofthecurrentprocess.WasZDI-CAN-28838.2923 CVE- CleanuparrisatoolforautomatingthecleanupofunwantedorblockedfilesinSonarr,Radarr,andsupporteddownloadclientslikeqBittorrent.From2.7.0to2.8.0,the/api/auth/loginendpointcontainsalogicflawthatallowsunauthenticatedremoteattackerstoenumeratevalidusernamesbymeasuringtheapplication'sresponsetime.Itappearsthatthehashingfunction,whichisthemosttime-consumingpartoftheprocessbydesign,occursaspartoftheVerifyPasswordfunction.Withtheshortcircuitsoccurringbeforethehashingfunction,atimingdifferentialis2026- introducedthatexposesvaliditytotheactor.Thisvulnerabilityisfixedin2.8.1.32702 CVE- 2026- Yamuxisastreammultiplexeroverreliable,orderedconnectionssuchasTCP/IP.From0.13.0tobefore0.13.9,aspeciallycraftedWindowUpdatecancausearithmeticoverflowinsend-windowaccounting,whichtriggersapanicintheconnectionstatemachine.Thisisremotelyreachableoveranormalnetworkconnectionanddoesnotrequireauthentication.Thisvulnerabilityisfixedin0.13.9. 31814 CVE- GStreamerRealMediaDemuxerOut-Of-BoundsWriteRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- executecodeinthecontextofthecurrentprocess.WasZDI-CAN-28845.2922 CVE- AnedgecaseinSSOimplementationinNeo4jEnterpriseeditionversionspriortoversion2026.02canleadtounauthorisedaccessunderthefollowingconditions:Ifaneo4jadminconfigurestwoormoreOIDCprovidersANDconfiguresoneormoreofthemtobeanauthorizationproviderANDconfiguresoneormoreofthemtobeauthentication-only,thenthosethatareauthentication-onlywillalsoprovideauthorization.Thisedgecasebecomesasecurityproblemonlyiftheauthentication-onlyprovidercontainsgroupswhichhavehigherprivilegesthanprovidedbythe2026- intended(configured)authorizationprovider.Whenusingmultiplepluginsforauthenticationandauthorisation,priortothefixtheissuecouldleadtoapluginconfiguredtoprovideonlyauthenticationorauthorisationcapabilitieserroneouslyprovidingbothcapabilities.1524 CVE- Yamuxisastreammultiplexeroverreliable,orderedconnectionssuchasTCP/IP.Priorto0.13.10,theRustimplementationofYamuxcanpanicwhenprocessingacraftedinboundDataframethatsetsSYNandusesabodylengthgreaterthanDEFAULTCREDIT(e.g.262145).Onthefirstpacketofanewinboundstream,streamstateiscreatedandareceiverisqueuedbeforeoversized-bodyvalidationcompletes.Whenvalidationfails,thetemporarystreamisdroppedandcleanupmaycallremove(...).expect("streamnotfound"),triggeringapanicintheconnectionstate2026- machine.ThisisremotelyreachableoveranormalYamuxsessionanddoesnotrequireauthentication.Thisvulnerabilityisfixedin0.13.10.32314 CVE- 2025- IntheLinuxkernel,thefollowingvulnerabilityhasbeenresolved:audit:addfchmodat2()tochangeattributesclassfchmodat2(),introducedinversion6.6iscurrentlynotinthechangeattributeclassofaudit.Callingfchmodat2()tochangeafileattributeinthesamefashionthanchmod()orfchmodat()willbypassauditrulessuchas: 71239 CVE- 2026- OpenLiteSpeedandLSWSEnterpriseprovidedbyLiteSpeedTechnologiescontainanOScommandinjectionvulnerability.AnarbitraryOScommandmaybeexecutedbyanattackerwiththeadministrativeprivilege.31386

CVE- SimpleEvalisalibraryforaddingevaluatableexpressionsintopythonprojects.Priorto1.0.5,objects(includingmodules)canleakdangerousmodulesthroughtodirectaccessinsidethesandbox.Iftheobjectsyou'vepassedinasnamestoSimpleEvalhavemodulesorotherdisallowed/dangerousobjectsavailableasattrs.Additionally,dangerousfunctionsormodulescouldbeaccessedbypassingthemascallbackstoothersafefunctionstocall.Thelatestversion1.0.5hasthisissuefixed.Thisvulnerabilityisfixedin1.0.5. 32640 CVE- 2026- IntheLinuxkernel,thefollowingvulnerabilityhasbeenresolved:audit:addmissingsyscallstoreadclassThe"at"variantofgetxattr()andlistxattr()aremissingfromtheauditreadclass.Callinggetxattrat()orlistxattrat()onafiletoreaditsextendedattributeswillbypassauditrulessuchas:

23241 CVE- 27259 CVE- 2026- SFTPGoisanopensource,event-drivenfiletransfersolution.InSFTPGoversionspriorto2.7.1,apathnormalizationdiscrepancybetweentheprotocolhandlersandtheinternalVirtualFilesystemroutingcanleadtoanauthorizationbypass.Anauthenticatedattackercancraftspecificfilepathstobypassfolder-levelpermissionsorescapetheboundariesofaconfiguredVirtualFolder.Thisvulnerabilityisfixedin2.7.1. 30914 CVE- 2026- CursorisacodeeditorbuiltforprogrammingwithAI.Priorto2.0,ifavisitedwebsitecontainsmaliciouslycraftedinstructions,themodelmayattempttofollowtheminorderto“assist”theuser.Whencombinedwithabypassofthecommandwhitelistmechanism,suchindirectpromptinjectionscouldresultincommandsbeingexecutedautomatically,withouttheuser’sexplicitintent,therebyposingasignificantsecurityrisk.Thisvulnerabilityisfixedin2.0. 31854 CVE- 2026- AnissuewasdiscoveredinSpeedExamOnlineExaminationSystem(SaaS)afterv.FEV2026.ItallowsBrokenAccessControlviatheReviewAnswerDetailsASP.NETPageMethod.Authenticatedattackerscanbypassclient-siderestrictionsandinvokethismethoddirectlytoretrievethefullanswerkey 30707 CVE- 2026- miniaudioversion0.11.25andearliercontainaheapout-of-boundsreadvulnerabilityintheWAVBEXTmetadataparserthatallowsattackerstotriggermemoryaccessviolationsbyprocessingcraftedWAVfiles.Attackerscanexploitimpropernull-terminationhandlinginthecodinghistoryfieldtocauseout-of-boundsreadspasttheallocatedmetadatapool,resultinginapplicationcrashesordenialofservice. 32837 CVE- 2026- ImproperverificationofcryptographicsignatureinSmartSwitchpriortoversion3.7.69.15allowsremoteattackerstopotentiallybypassauthentication. 20997 CVE- 2026- UseofabrokenorriskycryptographicalgorithminSmartSwitchpriortoversion3.7.69.15allowsremoteattackerstoconfigureadowngradedschemeforauthentication. 20996 CVE- 2026- ExposureofsensitivefunctionalitytoanunauthorizedactorinSmartSwitchpriortoversion3.7.69.15allowsremoteattackerstosetaspecificconfiguration. 20995 CVE- 2026- URLredirectioninSamsungAccountpriortoversion15.5.01.1allowsremoteattackerstopotentiallygetaccesstoken. 20994 CVE- 2025- AnIncorrectPermissionAssignmentvulnerabilityexistsintheASUSBusinessSystemControlInterfacedriver.ThisvulnerabilitycanbetriggeredbyanunprivilegedlocalusersendingaspeciallycraftedIOCTLrequest,potentiallyleadingtounauthorizedaccesstosensitivehardwareresourcesandkernelinformationdisclosure.Refertothe"ASUSBusinessSystemControlInterface"sectionontheASUSSecurityAdvisoryformoreinformation. 15037 CVE- 2026- NetskopewasnotifiedaboutapotentialgapinitsEndpointDLPModuleforNetskopeClientonWindowssystems.ThesuccessfulexploitationofthegapcanpotentiallyallowaprivilegedusertotriggeranintegeroverflowwithintheDLLInjector,leadingtoaBlue-Screen-of-Death(BSOD).SuccessfulexploitationwouldrequiretheEndpointDLPmoduletobeenabledintheclientconfiguration.Asuccessfulexploitcanpotentiallyresultinadenial-of-serviceforthelocalmachine. 2809 CVE- 2025- AnOut-of-BoundsReadvulnerabilityexistsintheASUSBusinessSystemControlInterfacedriver.ThisvulnerabilitycanbetriggeredbyanunprivilegedlocalusersendingaspeciallycraftedIOCTLrequest,potentiallyleadingtoadisclosureofkernelinformationorasystemcrash.Refertothe"SecurityUpdateforASUSBusinessSystemControlInterface"sectionontheASUSSecurityAdvisoryformoreinformation. 15038 CVE- 2026- AnInsufficientIntegrityVerificationvulnerabilityintheASUSROGperipheraldriverinstallationprocessallowsprivilegeescalationtoSYSTEM.Thevulnerabilityisduetoimproperaccesscontrolontheinstallationdirectory,whichenablestheexploitationofaraceconditionwherethelegitimateinstallerissubstitutedwithanunexpectedpayloadimmediatelyafterdownload,resultinginarbitrarycodeexecution.Refertothe"SecurityUpdateforASUSROGperipheraldriver"sectionontheASUSSecurityAdvisoryformoreinformation. 1878 CVE- 2026- ImproperexportofandroidapplicationcomponentsinSamsungAssistantpriortoversion9.3.10.7allowslocalattackertoaccesssavedinformation. 20993 CVE- 2026- ImproperauthorizationinSettingspriortoSMRMar-2026Release1allowslocalattackertodisableconfiguringthebackgrounddatausageofapplication. 20992 CVE- 2026- ImproperprivilegemanagementinThemeManagerpriortoSMRMar-2026Release1allowslocalprivilegedattackerstoreusetrialcontents. 20991 CVE- 2026- ImproperexportofandroidapplicationcomponentsinSecureFolderpriortoSMRMar-2026Release1allowslocalattackerstolauncharbitraryactivitywithSecureFolderprivilege. 20990 CVE- 2026- ImproperverificationofcryptographicsignatureinFontSettingspriortoSMRMar-2026Release1allowsphysicalattackerstousecustomfont. 20989 CVE- 2026- ImproperverificationofintentbybroadcastreceiverinSettingspriortoSMRMar-2026Release1allowslocalattackertolauncharbitraryactivitywithSettingsprivilege.Userinteractionisrequiredfortriggeringthisvulnerability. 20988 CVE- 2026- AcommandinjectionvulnerabilityhasbeenidentifiedintheTelnetcommand-lineinterface(CLI)ofTP-LinkTL-MR6400v5.3.ThisissueiscausedbyinsufficientsanitizationofdataprocessedduringspecificCLIoperations. 3841 CVE- Across-originissueintheNavigationAPIwasaddressedwithimprovedinputvalidation.ThisissueisfixedinBackgroundSecurityImprovementsforiOS26.3.1,iPadOS26.3.1,macOS26.3.1,andmacOS26.3.2.ProcessingmaliciouslycraftedwebcontentmaybypassSameOriginPolicy. 20643 CVE- 2026- drlibsversion0.13.3andearliercontainanuncontrolledmemoryallocationvulnerabilityindrflacreadanddecodemetadata()thatallowsattackerstotriggerexcessivememoryallocationbysupplyingcraftedPICTUREmetadatablocks.Attackerscanexploitattacker-controlledmimeLengthanddescriptionLengthfieldstocausedenialofservicethroughmemoryexhaustionwhenprocessingFLACstreamswithmetadatacallbacks.

32836 CVE- ImproperauthenticationinSmartSwitchpriortoversion3.7.69.15allowsremoteattackerstobypassauthentication. 20998 CVE- 2026- Rejectedreason:REJECTDONOTUSETHISCANDIDATENUMBER.Reason:Thiscandidatewasissuedinerror.Notes:Allreferencesanddescriptionsinthiscandidatehavebeenremovedtopreventaccidentalusage. 2326 CVE- 2025- NetskopewasnotifiedaboutapotentialgapinitsEndpointDLPModuleforNetskopeClientonWindowssystems.Thesuccessfulexploitationofthegapcanpotentiallyallowanunprivilegedusertotriggeranintegeroverflowwithinthefiltercommunicationport,leadingtoaBlue-Screen-of-Death(BSOD).SuccessfulexploitationwouldrequiretheEndpointDLPmoduletobeenabledintheclientconfiguration.Asuccessfulexploitcanpotentiallyresultinadenial-of-serviceforthelocalmachine. 15584 CVE- 2026- Cap'nProtoisadatainterchangeformatandcapability-basedRPCsystem.Priorto1.4.0,whenusingTransfer-Encoding:chunked,ifachunk'ssizeparsedtoavalueof2^64orlarger,itwouldbetruncatedtoa64-bitinteger.Intheory,thisbugcouldenableHTTPrequest/responsesmuggling.Thisvulnerabilityisfixedin1.4.0. 32240 CVE- 2026- Cap'nProtoisadatainterchangeformatandcapability-basedRPCsystem.Priorto1.4.0,anegativeContent-Lengthvaluewasconvertedtounsigned,treatingitasanimpossiblylargelengthinstead.Intheory,thisbugcouldenableHTTPrequest/responsesmuggling.Thisvulnerabilityisfixedin1.4.0. 32239 CVE- 2026- AUseofHard-coded,Security-relevantConstantsvulnerabilityinTraneTracerSC,TracerSC+,andTracerConciergecouldallowanattackertodisclosesensitiveinformationandtakeoveraccounts. 28256 CVE- VulnerabilityintheOpenSSHGSSAPIdeltaincludedinvariousLinuxdistributions.ThisvulnerabilityaffectstheGSSAPIpatchesaddedbyvariousLinuxdistributionsanddoesnotaffecttheOpenSSHupstreamprojectitself.Theusageofsshpktdisconnect()onanerror,whichdoesnotterminatetheprocess,allowsanattackertosendanunexpectedGSSAPImessagetypeduringtheGSSAPIkeyexchangetotheserver,whichwillcalltheunderlyingfunctionandcontinuetheexecutionoftheprogramwithoutsettingtherelatedconnectionvariables.Asthevariablesarenot2026- initializedtoNULLthecodelateraccessesthoseuninitializedvariables,accessingrandommemory,whichcouldleadtoundefinedbehavior.Therecommendedworkaroundistousesshpacketdisconnect()instead,whichdoesterminatetheprocess.Theimpactofthevulnerabilitydependsheavilyonthecompilerflaghardeningconfiguration.3497 CVE- 2026- AproblemwithaprotectionmechanisminthePaloAltoNetworksCortexXDRagentonmacOSallowsalocaladministratortodisabletheagent.Thisissuecouldbeleveragedbymalwaretoperformmaliciousactivitywithoutdetection. 0230 CVE- 2026- AninformationdisclosurevulnerabilityinPaloAltoNetworksCortexXDR®BrokerVMallowsanauthenticatedusertoobtainandmodifysensitiveinformationbytriggeringliveterminalsessionviaCortexUIandmodifyinganyconfigurationsetting.TheattackermusthavenetworkaccesstotheBrokerVMtoexploitthisissue. 0231 CVE- 2026- ZeptoClawisapersonalAIassistant.Priorto0.7.6,thereisaDanglingSymlinkComponentBypass,TOCTOUBetweenValidationandUse,andHardlinkAliasBypass.Thisvulnerabilityisfixedin0.7.6. 32232 CVE- SFTPGoisanopensource,event-drivenfiletransfersolution.SFTPGoversionsbeforev2.7.1containaninputvalidationissueinthehandlingofdynamicgrouppaths,forexample,homedirectoriesorkeyprefixes.Whenagroupisconfiguredwithadynamichomedirectoryorkeyprefixusingplaceholderslike%username%,thevaluereplacingtheplaceholderisnotstrictlysanitizedagainstrelativepathcomponents.Consequently,ifauseriscreatedwithaspeciallycraftedusernametheresultingpathmayresolvetoaparentdirectoryinsteadoftheintendedsub-directory.2026- Thisissueisfixedinversionv2.7.130915 CVE- soroban-poseidonprovidesPoseidonandPoseidon2cryptographichashfunctionsforSorobansmartcontracts.PoseidonV1(PoseidonSponge)acceptsvariable-lengthinputswithoutinjectivepadding.Whenacallerprovidesfewerinputsthanthespongerate(inputs.len()<T-1),unusedratepositionsareimplicitlyzero-filled.Thisallowstrivialhashcollisions:foranyinputvector[m1,...,mk]hashedwithaspongeofrate>k,hash([m1,...,mk])equalshash([m1,...,mk,0])becausebothproduceidenticalpre-permutationstates.ThisaffectsanyuseofPoseidonSpongeor2026- poseidonhashwherethenumberofinputsislessthanT-1(e.g.,hashing1inputwithT=3).Poseidon2(Poseidon2Sponge)isnotaffected.32129 CVE- 2026- GROWIOpenAIthread/messageAPIendpointsdonotperformauthorization.Affectedarev7.4.5andearlierversions.Alogged-inuserwhoknowsasharedAIassistant'sidentifiermayviewand/ortampertheotheruser'sthreads/messages. 25083 CVE- 2026- PathtraversalinSmartSwitchpriortoversion3.7.69.15allowsadjacentattackerstooverwritearbitraryfileswithSmartSwitchprivilege. 21005 CVE- 2026- ImproperauthenticationinSmartSwitchpriortoversion3.7.69.15allowsadjacentattackerstotriggeradenialofservice. 21004 CVE- 2026- ImproperverificationofcryptographicsignatureinGalaxyStorepriortoversion4.6.03.8allowslocalattackertoinstallarbitraryapplication. 21002 CVE- 2026- PathtraversalinGalaxyStorepriortoversion4.6.03.8allowslocalattackertocreatefilewithGalaxyStoreprivilege. 21001 CVE- 2026- ImproperaccesscontrolinGalaxyStorepriortoversion4.6.03.8allowslocalattackertocreatefilewithGalaxyStoreprivilege. 21000 CVE- 2026- AuthenticationbypassbyreplayinSmartSwitchpriortoversion3.7.69.15allowsremoteattackerstotriggerprivilegedfunctions. 20999 CVE- 2026- ConfigurationissueinJavaManagementExtensions(JMX)inTIBCOBPMEnterpriseversion4.xallowsunauthorisedaccess. 3207

CVE- Theextensionfailstoverify,ifanauthenticateduserhaspermissionstoaccesstoredirectsresultinginexposureofredirectrecordswheneditingapage.

CVE- 2026- Non-relationalSQLinjectionvulnerability(NoSQLi)intheWakymawebapplication,specificallyintheendpoint'vets.wakyma.com/centro/equipo/empleado'.ThisvulnerabilitycouldallowanauthenticatedusertoalteraGETrequesttotheaffectedendpointforthepurposeofinjectingspecialNoSQLcommands.Thiswouldleadtotheenumerationofsensitiveemployeedata.

CVE- Theextensionfailstoproperlydefineallowedclassesusedwhendeserializingtransportfailuremetadata.Anattackermayexploitthistoexecuteuntrustedserializedcode.Notethatanactiveexploitrequireswriteaccesstothedirectoryconfiguredat$GLOBALS['TYPO3CONFVARS']['MAIL']['transportspoolfilepath'].

CVE- 2026- ImproperpermissionenforcementinCheckmkversions2.4.0before2.4.0p23,2.3.0before2.3.0p43,and2.2.0(EOL)allowsauthenticateduserstoenumerateexistinghostsbyobservingdifferentHTTPresponsecodesinagent-receiver/registerexistingendpoint,whichcouldleadtoinformationdisclosure. 24097 CVE- 2025- Rejectedreason:ThisCVEIDhasbeenrejectedorwithdrawnbyitsCVENumberingAuthority. 13337 CVE- 2025- ObservableresponsediscrepancyvulnerabilityinOpenText™VerticaallowsPasswordBruteForcing.ThevulnerabilitycouldleadtoPasswordBruteForcinginVerticamanagementconsoleapplication.ThisissueaffectsVertica:from10.0through10.X,from11.0through11.X,from12.0through12.X. 12455 CVE- 2025- Improperneutralizationofinputduringwebpagegeneration('cross-sitescripting')vulnerabilityinOpenText™VerticaallowsReflectedXSS.ThevulnerabilitycouldleadtoReflectedXSSattackofcross-sitescriptinginVerticamanagementconsoleapplication.ThisissueaffectsVertica:from10.0through10.X,from11.0through11.X,from12.0through12.X,from23.0through23.X,from24.0through24.X,from25.1.0through25.1.X. 12454 CVE- 2025- Improperneutralizationofinputduringwebpagegeneration('cross-sitescripting')vulnerabilityinOpenText™VerticaallowsReflectedXSS.ThevulnerabilitycouldleadtoReflectedXSSattackofcross-sitescriptinginVerticamanagementconsoleapplication.ThisissueaffectsVertica:from10.0through10.X,from11.0through11.X,from12.0through12.X,from23.0through23.X,from24.0through24.X,from25.1.0through25.1.X,from25.2.0through25.2.X,from25.3.0through25.3.X. 12453 CVE- PhilipsHueBridgehkhapcharacteristicsHeap-basedBufferOverflowRemoteCodeExecutionVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstoexecutearbitrarycodeonaffectedinstallationsofPhilipsHueBridge.Althoughauthenticationisrequiredtoexploitthisvulnerability,theexistingauthenticationmechanismcanbebypassed.2026- Anattackercanleveragethisvulnerabilitytoexecutecodeinthecontextofthedevice.WasZDI-CAN-28479.3561 CVE- PhilipsHueBridgeHomeKithkhappairstorageputHeap-basedBufferOverflowRemoteCodeExecutionVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstoexecutearbitrarycodeonaffectedinstallationsofPhilipsHueBridge.Authenticationisnotrequiredtoexploitthisvulnerability.2026- Anattackercanleveragethisvulnerabilitytoexecutecodeinthecontextofthedevice.WasZDI-CAN-28469.3560 CVE- 2026- AuthenticationbypassissueexistsinMR-GM5L-S1andMR-GM5A-L1,whichmayallowanattackertobypassauthenticationandchangethedeviceconfiguration. 27842 CVE- 2026- Useofhard-codedcredentialsissueexistsinMR-GM5L-S1andMR-GM5A-L1,whichmayallowanattackertoobtainadministrativeaccess. 24448 CVE- PhilipsHueBridgeHomeKitAccessoryProtocolStaticNonceAuthenticationBypassVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstobypassauthenticationonaffectedinstallationsofPhilipsHueBridge.Authenticationisnotrequiredtoexploitthisvulnerability.2026- thesystem.WasZDI-CAN-28451.3559 CVE- 2026- AUseofaBrokenorRiskyCryptographicAlgorithmvulnerabilityinTraneTracerSC,TracerSC+,andTracerConciergecouldallowanattackertobypassauthenticationandgainroot-levelaccesstothedevice. 28252 CVE- ADLLsearchorderhijackingvulnerabilityinThermalrightTR-VISIONHOMEonWindows(64-bit)allowsalocalattackertoescalateprivilegesviaDLLside-loading.Theapplicationloadscertaindynamic-linklibrary(DLL)dependenciesusingthedefaultWindowssearchorder,whichincludesdirectoriesthatmaybewritablebynon-privilegedusers.\n\n\n\nBecausethesedirectoriescanbemodifiedbyunprivilegedusers,anattackercanplaceamaliciousDLLwiththesamenameasalegitimatedependencyinadirectorythatissearchedbeforetrustedsystemlocations.When 2026- theapplicationisexecuted,whichisalwayswithadministrativeprivileges,themaliciousDLLisloadedinsteadofthelegitimatelibrary.\n\n\n\nTheapplicationdoesnotenforcerestrictionsonDLLloadinglocationsanddoesnotverifytheintegrityordigitalsignatureofloadedlibraries.Asaresult,attacker-controlledcodemaybeexecutedwithinthesecuritycontextoftheapplication,allowingarbitrarycodeexecutionwithelevatedprivileges.\n\n\n\nSuccessfulexploitationrequiresthatanattackerplaceacraftedmaliciousDLLinauser-writabledirectorythatisincludedin 4255 theapplication'sDLLsearchpathandthencausetheaffectedapplicationtobeexecuted.Onceloaded,themaliciousDLLrunswiththesameprivilegesastheapplication.\n\n\n\nThisissueaffects\nTR-VISIONHOMEversionsuptoandincluding2.0.5. CVE- PhilipsHueBridgeHomeKitAccessoryProtocolTransientPairingModeAuthenticationBypassVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstobypassauthenticationonaffectedinstallationsofPhilipsHueBridge.Authenticationisnotrequiredtoexploitthisvulnerability.2026- authenticationonthesystem.WasZDI-CAN-28374.3558 CVE- 2025- ImproperNeutralizationofInputDuringWebPageGenerationinForcepointWebSecurity(On-Prem)onWindowsallowsStoredXSS.ThisissueaffectsWebSecuritythrough8.5.6. 2274 CVE- PhilipsHueBridgehappairverifyhandlerSub-TLVParsingHeap-basedBufferOverflowRemoteCodeExecutionVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstoexecutearbitrarycodeonaffectedinstallationsofPhilipsHueBridge.Althoughauthenticationisrequiredtoexploitthisvulnerability,theexistingauthenticationmechanismcanbebypassed.2026- user-supplieddatapriortocopyingittoaheap-basedbuffer.Anattackercanleveragethisvulnerabilitytoexecutecodeinthecontextofroot.WasZDI-CAN-28337.3557 CVE- 2026- Lexborisawebbrowserenginelibrary.Priorto2.7.0,theISO‑2022‑JPencoderinLexborfailstoresetthetemporarysizevariablebetweeniterations.Thestatementctx->bufferused-=sizewithastalesize=3causesanintegerunderflowthatwrapstoSIZEMAX.Afterwards,memcpyiscalledwithanegativelength,leadingtoanout‑of‑boundsreadfromthestackandanout‑of‑boundswritetotheheap.ThesourcedataispartiallycontrollableviathecontentsoftheDOMtree.Thisvulnerabilityisfixedin2.7.0. 29078 CVE- PhilipsHueBridgeHomeKitPair-SetupHeap-basedBufferOverflowRemoteCodeExecutionVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstoexecutearbitrarycodeonaffectedinstallationsofPhilipsHueBridge.Authenticationisnotrequiredtoexploitthisvulnerability.2026- theHomeKitservice.WasZDI-CAN-28326.3556 CVE- PhilipsHueBridgeZigbeeStackCustomCommandHandlerHeap-basedBufferOverflowRemoteCodeExecutionVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstoexecutearbitrarycodeonaffectedinstallationsofPhilipsHueBridge.Userinteractionisrequiredtoexploitthisvulnerabilityinthattheusermustinitiatethedevicepairingprocess.2026- sizeheapbuffer.Anattackercanleveragethisvulnerabilitytoexecutecodeinthecontextofthedevice.WasZDI-CAN-28276.3555 CVE- 2026- PhilipsHueBridgehkhapEd25519SignatureVerificationAuthenticationBypassVulnerability.Thisvulnerabilityallowsnetwork-adjacentattackerstoexecutearbitrarycodeonaffectedinstallationsofPhilipsHueBridge.Authenticationisnotrequiredtoexploitthisvulnerability. 3562 CVE- ImproperHandlingofHighlyCompressedData(CompressionBomb)vulnerabilityinErlangOTPssh(ssh_transportmodules)allowsDenialofServiceviaResourceDepletion. attacksEachSSHpacketcandecompress~255MBfrom256KBofwiredata(1029:1amplificationratio).Multiplepacketscanrapidlyexhaustavailablememory,causingOOMkillsinmemory-constrainedenvironments.23943 CVE- IncorrectresolvingofnamespacesincompositedatabasesinNeo4jEnterpriseeditionpriortoversions2026.02and5.26.22canleadtothefollowingscenario:anadminthatintendstogiveauseranaccesstoaremotedatabaseconstituent"namespace.name"willinadvertentlygrantaccesstoanylocaldatabaseorremotealiascalled"name".Ifsuchdatabaseoraliasdoesn'texistwhenthecommandisrun,theprivilegeswillapplyifit'screatedinthefuture.

CVE- ImproperLimitationofaPathnametoaRestrictedDirectory('PathTraversal')vulnerabilityinErlangOTP(sshsftpdmodule)allowsPathTraversal.Thisvulnerabilityisassociatedwithprogramfileslib/ssh/src/sshsftpd.erlandprogramroutinessshsftpd:iswithinroot/2. example,ifrootissetto/home/user1,pathslike/home/user10or/home/user1backupwouldincorrectlybeconsideredwithintheroot.ThisissueaffectsOTPfromOTP17.0untilOTP28.4.1,OTP27.3.4.9andOTP26.2.5.18,correspondingtosshfrom3.0.1until5.5.1,5.2.11.6and5.1.4.14.23942 CVE- UseofacustomtokenencodingalgorithminStreamsoftPrestiżsoftwareallowsthevalueoftheKSeF(KrajowySysteme-Faktur)tokentobeguessedafteranalyzinghowtokenswithknowvaluesareencoded. 0809 CVE- claude-hovercraftexecuteClaudeCodeCommandInjectionRemoteCodeExecutionVulnerability.Thisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofclaude-hovercraft.Authenticationisnotrequiredtoexploitthisvulnerability.2025- ZDI-CAN-27785.15060 CVE- 2025- ExecutionwithunnecessaryprivilegesinForcepointNGFWEngineallowslocalprivilegeescalation.ThisissueaffectsNGFWEnginethrough6.10.19,through7.3.0,through7.2.4,through7.1.10. 12690 CVE- 2026- AvulnerabilityexistsinProgressFlowmonADSversionspriorto12.5.5and13.0.3,wherebyanadministratorwhoclicksamaliciouslinkprovidedbyanattackermayinadvertentlytriggerunintendedactionswithintheirauthenticatedwebsession. 2513 CVE- 2026- CopperminePhotoGalleryinversions1.6.09through1.6.27isvulnerabletopathtraversal.Unauthenticatedremoteattackerisabletoexploitavulnerableendpointandconstructpayloadsthatallowtoreadcontentofanyfileaccessiblebythethewebserverprocess.Thisissuewasfixedinversion1.6.28. 3013 CVE- Acommandinjectionvulnerabilityexistsinmlflow/mlflowversionsbeforev3.7.0,specificallyinthemlflow/sagemaker/__init__.pyfileatlines161-167.Thevulnerabilityarisesfromthedirectinterpolationofuser-suppliedcontainerimagenamesintoshellcommandswithoutpropersanitization,whicharethenexecutedusingos.system().Thisallowsattackerstoexecutearbitrarycommandsbysupplyingmaliciousinputthroughthe--containerparameteroftheCLI.TheissueaffectsenvironmentswhereMLflowisused,includingdevelopmentsetups,CI/CDpipelines,and2025- clouddeployments.14287 CVE- 2026- InProgressFlowmonADSversionspriorto12.5.5and13.0.3,avulnerabilityexistswherebyanadversarywithaccesstoFlowmonmonitoringportsmaycraftmaliciousnetworkdatathat,whenprocessedbyFlowmonADSandviewedbyanauthenticateduser,couldresultinunintendedactionsbeingexecutedintheuser'sbrowsercontext. 2514 CVE- TinycontroldevicessuchastcPDUandLANControllersLK3.5,LK3.9andLK4havetwoseparateauthenticationmechanisms-onesolelyforinterfacemanagementandoneforprotectingallotherserverresources.Whenthelatteristurnedoff(whichisadefaultsetting),anunauthenticatedattackeronthelocalnetworkcanobtainusernamesandencodedpasswordsforinterfacemanagementportalbyinspectingtheHTTPresponseoftheserverwhenvisitingtheloginpage,whichcontainsaJSONfilewiththesedetails.Bothnormalandadminuserscredentialsareexposed.2025- Thisissuehasbeenfixedinfirmwareversions:1.36(fortcPDU),1.67(forLK3.5-hardwareversions:3.5,3.6,3.7and3.8),1.75(forLK3.9-hardwareversion3.9)and1.38(forLK4-hardwareversion4.0).11500 CVE- 2025- Heap-basedbufferoverflowvulnerabilityinSoftingIndustrialAutomationGmbHsmartLinkSW-PNandsmartLinkSW-HT(Webservermodules)allowsoverflowbuffers.Thisissueaffects: 10685 CVE- 2025- GlobalfilereadscausedbyimproperURLchecksinwebserverinSoftingIndustrialAutomationGmbHsmartLinksondocker(filesystemmodules)allowsfileaccess. 10461 CVE- 2026- ThewebinterfaceonmultipleOmadaswitchesdoesnotadequatelyvalidatecertainexternalinputs,whichmayleadtoout-of-boundmemoryaccesswhenprocessingcraftedrequests. 1668 CVE- 2026- AnimpropersanitizationofthecompressionalgorithmparameterinCanonicalLXDallowsanauthenticated,unprivilegedusertoexecutecommandsastheLXDdaemonontheLXDserverviaAPIcallstotheimageandbackupendpoints.ThisissueaffectedLXDfrom4.12through6.6andwasfixedinthesnapversions5.0.6-e49d9f4(channel5.0/stable),5.21.4-1374f39(channel5.21/stable),and6.7-1f11451(channel6.0stable).Thechannel4.0/stableisnotaffectedasitcontainsversion4.0.10. 28384 CVE- 2025- TheauthenticationmechanismforaspecificfeatureintheEasySharemodulecontainsavulnerability.Ifspecificconditionsaremetonalocalnetwork,itcancausedataleakage 15515 CVE- 2026- UncontrolledResourceConsumptionvulnerabilityinhexpmhexpm/hexpmallowsExcessiveAllocation.PublishinganoversizedpackagecancauseHex.pmtorunoutofmemorywhileextractingtheuploadedpackagetarball.Thiscanterminatetheaffectedapplicationinstanceandresultinadenialofserviceforpackagepublishingandpotentiallyotherpackage-processingfunctionality. 23940 CVE- 2026- UnraidAuthenticationRequestPathTraversalAuthenticationBypassVulnerability.ThisvulnerabilityallowsremoteattackerstobypassauthenticationonaffectedinstallationsofUnraid.Authenticationisnotrequiredtoexploitthisvulnerability. 3839 CVE- InconsistentInterpretationofHTTPRequests('HTTPRequestSmuggling')vulnerabilityinErlangOTP(inetshttpdmodule)allowsHTTPRequestSmuggling.Thisvulnerabilityisassociatedwithprogramfileslib/inets/src/httpserver/httpdrequest.erlandprogramroutineshttpdrequest:parse_headers/7.2026- andallowsfront-end/back-enddesynchronization,leavingattacker-controlledbytesqueuedasthestartofthenextrequest.ThisissueaffectsOTPfromOTP17.0untilOTP28.4.1,OTP27.3.4.9andOTP26.2.5.18,correspondingtoinetsfrom5.10until9.6.1,9.3.2.3and9.1.0.5.23941 CVE- 2026- UnraidUpdateRequestPathTraversalRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofUnraid.Authenticationisrequiredtoexploitthisvulnerability. 3838 CVE- 2026- CodeinjectionvulnerabilityexistsinMR-GM5L-S1andMR-GM5A-L1,whichmayallowanattackerwithadministrativeprivilegestoexecutearbitrarycommands. 20892 CVE- 2026- BlackistheuncompromisingPythoncodeformatter.Priorto26.3.1,Blackwritesacachefile,thenameofwhichiscomputedfromvariousformattingoptions.Thevalueofthe--python-cell-magicsoptionwasplacedinthefilenamewithoutsanitization,whichallowedanattackerwhocontrolsthevalueofthisargumenttowritecachefilestoarbitraryfilesystemlocations.FixedinBlack26.3.1. 32274 CVE- 2026- InaffectedversionsofOctopusServeritwaspossibleforalowprivilegedusertomanipulateanAPIrequesttochangethesigningkeyexpirationandrevocationtimeframesviaanAPIendpointthathadincorrectpermissionvalidation.Itwasnotpossibletoexposethesigningkeysusingthisvulnerability.

CVE- GStreamerH.266CodecParserStack-basedBufferOverflowRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation. vulnerabilitytoexecutecodeinthecontextofthecurrentprocess.WasZDI-CAN-28839.

CVE- Non-relationalSQLinjectionvulnerability(NoSQLi)intheWakymawebapplication,specificallyintheendpoint'vets.wakyma.com/pets/print-tags'.ThisvulnerabilitycouldallowanauthenticatedusertoalteraPOSTrequesttotheaffectedendpointforthepurposeofinjectingNoSQLcommands,allowingthemtolistbothpetsandownernames.

CVE- Non-relationalSQLinjectionvulnerability(NoSQLi)intheWakymawebapplication,specificallyintheendpoint'vets.wakyma.com/hospitalization/generate-hospitalization-summary'.ThisvulnerabilitycouldallowanauthenticatedusertoalteraPOSTrequesttotheaffectedendpointforthepurposeofinjectingspecialNoSQLcommands,resultingintheattackerbeingabletoobtaincustomerreports. 3022 CVE- 2026- Identitybasedauthorizationbypassvulnerability(IDOR)thatallowsanattackertomodifythedataofalegitimateuseraccount,suchaschangingthevictim'semailaddress,validatingthenewemailaddress,andrequestinganewpassword.Thiscouldallowthemtotakecompletecontrolofotherusers'legitimateaccounts 3020 CVE- 2026- AMissingAuthorizationvulnerabilityinTraneTracerSC,TracerSC+,andTracerConciergecouldallowanunauthenticatedattackertoaccesssensitiveinformationthroughunprotectedAPIs. 28254 CVE- 2026- AUseofHard-codedCredentialsvulnerabilityinTraneTracerSC,TracerSC+,andTracerConciergecouldallowanattackertodisclosesensitiveinformationandtakeoveraccounts. 28255 CVE- 2026- Tolgeeisanopen-sourcelocalizationplatform.Priorto3.166.3,theXMLparsersusedforimportingAndroidXMLresources(.xml)and.resxfilesdon'tdisableexternalentityprocessing.Anauthenticateduserwhocanimporttranslationfilesintoaprojectcanexploitthistoreadarbitraryfilesfromtheserverandmakeserver-siderequeststointernalservices.Thisvulnerabilityisfixedin3.166.3. 32251 CVE- 2026- Lean4VSCodeExtensionisaVisualStudioCodeextensionfortheLean4proofassistant.Projectsthatuse@leanprover/unicode-input-componentarevulnerabletoanXSSexploitin0.1.9ofthepackageandlower.Thecomponentre-insertedtextintheinputelementbackintotheinputelementasunescapedHTML.Theissuehasbeenresolvedin0.2.0. 32732 CVE- 2026- ZwickRoellTestDataManagementversionspriorto3.0.8containalocalfileinclusion(LFI)vulnerabilityinthe/server/nodeupgradesrv.jsendpoint.Anunauthenticatedattackercansupplydirectorytraversalsequencesviathefirmwareparametertoaccessarbitraryfilesontheserver,leadingtoinformationdisclosureofsensitivesystemfiles. 29522 CVE- 2026- TraefikisanHTTPreverseproxyandloadbalancer.Priorto3.6.10,AtenantwithwriteaccesstoanHTTPRouteresourcecaninjectbacktick-delimitedruletokensintoTraefik'srouterrulelanguageviaunsanitizedheaderorqueryparametermatchvalues.Insharedgatewaydeployments,thiscanbypasslistenerhostnameconstraintsandredirecttrafficforvictimhostnamestoattacker-controlledbackends.Thisvulnerabilityisfixedin3.6.10. 29777 CVE- 2025- InsufficientSessionExpirationinTruesec’sLAPSWebUIbeforeversion2.4allowsanattackerwithaccesstoaworkstationtoescalatetheirprivilegesviadisclosureoflocaladminpassword. 15552 CVE- 2026- TheCTFer.ioMonitoringcomponentisinchargeofthecollection,processandstorageofvarioussignals(i.e.logs,metricsanddistributedtraces).Priorto0.2.1,duetoamis-writtenNetworkPolicy,amaliciousactorcanpivotfromacomponenttoanyothernamespace.Thisbreaksthesecurity-by-defaultpropertyexpectedaspartofthedeploymentprogram,leadingtoapotentiallateralmovement.Thisvulnerabilityisfixedin0.2.1. 32720 CVE- 2026- 27264 CVE- 2026- 27263 CVE- 2025- Non-workinglogoutfunctionalityinTruesec’sLAPSWebUIbeforeversion2.4allowsanattackerwithaccesstoaworkstationtoescalatetheirprivilegesviadisclosureoflocaladminpassword. 15553 CVE- 2025- BrowsercachingofLAPSpasswordsinTruesec’sLAPSWebUIbeforeversion2.4allowsanattackerwithaccesstoaworkstationtoescalatetheirprivilegesviadisclosureoflocaladminpasswords. 15554 CVE- 2025- TinycontroldevicessuchastcPDUandLANControllersLK3.5,LK3.9andLK4allowalowprivilegedusertoreadanadministrator'spasswordbydirectlyaccessingaspecificresourceinaccessibleviaagraphicalinterface. 15587 CVE- 2026- 27261 CVE- 2026- StoredCross-SiteScripting(XSS)vulnerabilityintheWakymawebapplication,specificallyintheendpoint'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'.Auserwithpermissiontocreatepersonalizedaccountscouldexploitthisvulnerabilitysimplybycreatingamalicioussurveythatwouldharmtheentireveterinaryteam.Atthesametime,auserwithlowprivilegescouldexploitthisvulnerabilitytoaccessunauthorizeddataandperformactionswithelevatedprivileges. 3024 CVE- WebhooksforCraftCMSpluginaddstheabilitytomanage“webhooks”inCraftCMS,whichwillsendGETorPOSTrequestswhencertaineventsoccur.Fromversion3.0.0tobeforeversion3.2.0,theWebhookspluginrendersuser-suppliedtemplatecontentthroughTwig’srenderString()functionwithoutsandboxprotection.ThisallowsanauthenticateduserwithaccesstotheCraftcontrolpanelandpermissionstoaccesstheWebhooksplugintoinjectTwigtemplatecodethatcallsarbitraryPHPfunctions.ThisispossibleevenifallowAdminChangesissettofalse.Thisissue2026- hasbeenpatchedinversion3.2.0.32261 CVE- 2026- AcommandinjectionvulnerabilitywasidentifiedinTP-LinkTL-WR802Nv4,TL-WR841Nv14,andTL-WR840Nv6duetoimproperneutralizationofspecialelementsusedinanOScommand. 3227

CVE- 2025- FastMCPisthestandardframeworkforbuildingMCPapplications.Priortoversion2.14.2,theserverdoesnotproperlyrespecttheresourceparametersubmittedbytheclientintheauthorizationandtokenrequest.InsteadofissuingthetokenexplicitlyfortheMCPserver,thetokenisissuedforthebase_urlpassedtotheOAuthProxyduringinitialization.Thisissuehasbeenpatched2.14.2. 69196 CVE- MiCodeFileExplorercontainsanauthenticationbypassvulnerabilityintheembeddedSwiFTPFTPservercomponentthatallowsnetworkattackerstologinwithoutvalidcredentials.AttackerscansendarbitraryusernameandpasswordcombinationstothePASScommandhandler,whichunconditionallygrantsaccessandallowslisting,reading,writing,anddeletingfilesexposedbytheFTPserver.TheMiCode/Exploreropensourceprojecthasreachedend-of-lifestatus. 29515

CVE- Lexborisawebbrowserenginelibrary.Priorto2.7.0,atype‑confusionvulnerabilityexistsinLexbor’sHTMLfragmentparser.Whenns=UNDEF,acommentiscreatedusingthe“unknownelement”constructor.Thecomment’sdataarewrittenintotheelement’sfieldsviaanunsafecast,corruptingthequalifiednamefield.Thatcorruptedvalueislaterusedasapointeranddereferencednearthezeropage.Thisvulnerabilityisfixedin2.7.0. 29079 CVE- InsecureDirectObjectReference(IDOR)vulnerabilityinCampusEducativaspecificallyattheendpoint'/archivos/usuarios/[ID]/[username]/thumbAAxAA.jpg'(translatedas80x90and40x45).SuccessfulexploitationofthisvulnerabilitycouldallowanunauthenticatedattackertoaccesstheprofilephotosofallusersviaamanipulatedURL,enablingthemtocollectuserphotosenmasse.Thiscouldleadtothesephotosbeingusedmaliciouslytoimpersonateidentities,performsocialengineering,linkidentitiesacrossplatformsusingfacialrecognition,orevencarryout doxxing.3111 CVE- 2025- Rejectedreason:REJECTDONOTUSETHISCANDIDATENUMBER.ConsultIDs:none.Reason:TheCNAorindividualwhorequestedthiscandidatedidnotassociateitwithanyvulnerabilityduring2025.Notes:none. 53517 CVE- 2025- Rejectedreason:REJECTDONOTUSETHISCANDIDATENUMBER.ConsultIDs:none.Reason:TheCNAorindividualwhorequestedthiscandidatedidnotassociateitwithanyvulnerabilityduring2025.Notes:none. 53815 CVE- 2025- Rejectedreason:REJECTDONOTUSETHISCANDIDATENUMBER.ConsultIDs:none.Reason:TheCNAorindividualwhorequestedthiscandidatedidnotassociateitwithanyvulnerabilityduring2025.Notes:none. 54758 CVE- InsecureDirectObjectReference(IDOR)vulnerabilityinCampusEducativaspecificallyattheendpoint'/administracion/adminusuarios.cgi?filtroestado=T&wAccion=listadoxlsx&wBuscar=&wFiltrar=&wOrden=altausuario&widcursoActual=[ID]'wherethedataofusersenrolledinthecourseisexported.Successfulexploitationofthisvulnerabilitycouldallowanunauthenticatedattackertoaccessuserdata(e.g.,usernames,firstandlastnames,emailaddresses,andphonenumbers)andretrievethedataofallusersenrolledincoursesbyperformingabrute-forceattack2026- onthecourseIDviaamanipulatedURL.3110 CVE- GStreamerH.266CodecParserOut-Of-BoundsWriteRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- codeinthecontextofthecurrentprocess.WasZDI-CAN-28911.3086 CVE- GStreamerrtpqdm2depayHeap-basedBufferOverflowRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- executecodeinthecontextofthecurrentprocess.WasZDI-CAN-28851.3085 CVE- 2026- PathTraversalinClaspimpactingversions<3.2.0allowsaremoteattackertoperformremotecodeexecutionviaamaliciousGoogleAppsScriptprojectcontainingspeciallycraftedfilenameswithdirectorytraversalsequences. 4092 CVE- GStreamerH.266CodecParserIntegerUnderflowRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- executecodeinthecontextofthecurrentprocess.WasZDI-CAN-28910.3084 CVE- 2026- Abrokenaccesscontrolmayallowanauthenticatedusertoperformahorizontalprivilegeescalation.Thevulnerabilityonlyimpactsspecificconfigurations. 3999 CVE- 2026- AMemoryAllocationwithExcessiveSizeValuevulnerabilityinTraneTracerSC,TracerSC+,andTracerConciergecouldallowanunauthenticatedattackertocauseadenial-of-servicecondition 28253 CVE- GStreamerrtpqdm2depayOut-Of-BoundsWriteRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- leveragethisvulnerabilitytoexecutecodeinthecontextofthecurrentprocess.WasZDI-CAN-28850.3083 CVE- 2026- ThefixforCVE-2026-0672,whichrejectedcontrolcharactersinhttp.cookies.Morsel,wasincomplete.TheMorsel.update(),|=operator,andunpicklingpathswerenotpatched,allowingcontrolcharacterstobypassinputvalidation.Additionally,BaseCookie.jsoutput()lackedtheoutputvalidationappliedtoBaseCookie.output(). 3644 CVE- 2026- WhenanExpatparserwitharegisteredElementDeclHandlerparsesaninlinedocumenttypedefinitioncontainingadeeplynestedcontentmodelaCstackoverflowoccurs. 4224 CVE- GStreamerJPEGParserHeap-basedBufferOverflowRemoteCodeExecutionVulnerability.ThisvulnerabilityallowsremoteattackerstoexecutearbitrarycodeonaffectedinstallationsofGStreamer.Interactionwiththislibraryisrequiredtoexploitthisvulnerabilitybutattackvectorsmayvarydependingontheimplementation.2026- toexecutecodeinthecontextofthecurrentprocess.WasZDI-CAN-28840.3082 CVE- 2025- The"tarfile"modulewouldstillapplynormalizationofAREGTYPE(\x00)blockstoDIRTYPE,evenwhileprocessingamulti-blockmembersuchasGNUTYPELONGNAMEorGNUTYPELONGLINK.Thiscouldresultinacraftedtararchivebeingmisinterpretedbythetarfilemodulecomparedtootherimplementations. 13462