Forum: Too Lazy BBS

Vulnerability Summary for the Week of January 26, 2026

From CISA@cisa@messages.cisa.gov to cisa@toolazy.synchro.net on Tue Feb 3 14:20:25 2026

--===============2353049322333075115==
Content-Type: multipart/alternative; boundary="===============4973927651967773066=="
MIME-Version: 1.0

--===============4973927651967773066==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Cybersecurity and Infrastructure Security Agency (CISA)

You are subscribed to Vulnerability Bulletins for Cybersecurity and Infrast= ructure Security Agency. This information has recently been updated and is = now available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities t= hat have been recorded in the past week. In some cases, the vulnerabilities=
in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the=C2=A0Common Vulnerabilities and Exposures =
[ https://www.cve.org/ ]=C2=A0(CVE) vulnerability naming standard and are o= rganized according to severity, determined by the=C2=A0Common Vulnerability=
Scoring System [ https://www.cve.org/about/relatedefforts ]=C2=A0(CVSS) st= andard. The division of high, medium, and low severities correspond to the = following scores:

* *High*: vulnerabilities with a CVSS base score of 7.0=E2=80=9310.0=20
* *Medium*: vulnerabilities with a CVSS base score of 4.0=E2=80=936.9=20
* *Low*: vulnerabilities with a CVSS base score of 0.0=E2=80=933.9=20

Entries may include additional information provided by organizations and ef= forts sponsored by CISA. This information may include identifying informati= on, values, definitions, and related links. Patch information is provided w= hen available. Please note that some of the information in the bulletin is = compiled from external, open-source reports and is not a direct result of C= ISA analysis.

Vulnerability Summary for the Week of January 26, 2026 [ https://www.cisa.g= ov/news-events/bulletins/sb26-033 ] 02/03/2026 09:00 AM EST=20
High Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info 1= 0-Strike Software--Bandwidth Monitor 10-Strike Bandwidth Monitor 3.9 contai=
ns a buffer overflow vulnerability that allows attackers to bypass SafeSEH,=
ASLR, and DEP protections through carefully crafted input. Attackers can e= xploit the vulnerability by sending a malicious payload to the application'=
s registration key input, enabling remote code execution and launching arbi= trary system commands. 2026-01-30 9.8 CVE-2020-37043 [ https://www.cve.org/= CVERecord?id=3DCVE-2020-37043 ] ExploitDB-48570 [ https://www.exploit-db.co= m/exploits/48570 ]
Product Webpage [ https://www.10-strike.com/bandwidth-monitor/ ]
VulnCheck Advisory: 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow [ htt= ps://www.vulncheck.com/advisories/strike-bandwidth-monitor-buffer-overflow ] =C2=A0 10-Strike Software--Network Inventory Explorer 10-Strike Network Inv= entory Explorer 8.65 contains a buffer overflow vulnerability in exception = handling that allows remote attackers to execute arbitrary code. Attackers = can craft a malicious file with 209 bytes of padding and a specially constr= ucted Structured Exception Handler to trigger code execution. 2026-01-28 9.=
8 CVE-2020-36961 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36961 ] Expl= oitDB-49134 [ https://www.exploit-db.com/exploits/49134 ]
10-Strike Network Inventory Explorer Vendor Homepage [ https://www.10-strik= e.com ]
VulnCheck Advisory: 10-Strike Network Inventory Explorer 8.65 - Buffer Over= flow (SEH) [ https://www.vulncheck.com/advisories/strike-network-inventory-= explorer-buffer-overflow-seh ]
=C2=A0 10-Strike--Bandwidth Monitor 10-Strike Bandwidth Monitor 3.9 contain=
s an unquoted service path vulnerability in multiple services that allows l= ocal attackers to escalate privileges. Attackers can place a malicious exec= utable in specific file path locations to achieve privilege escalation to S= YSTEM during service startup. 2026-01-29 7.8 CVE-2020-37021 [ https://www.c= ve.org/CVERecord?id=3DCVE-2020-37021 ] ExploitDB-48591 [ https://www.exploi= t-db.com/exploits/48591 ]
Vendor Homepage [ https://www.10-strike.com/ ]
VulnCheck Advisory: Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquo= ted Service Path [ https://www.vulncheck.com/advisories/bandwidth-monitor-s= vcstrikebandmontitor-unquoted-service-path ]
=C2=A0 Acer--Global Registration Service Acer Global Registration Service 1= .0.0.3 contains an unquoted service path vulnerability in its service confi= guration that allows local users to potentially execute arbitrary code. Att= ackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registr= ation\ to inject malicious executables that would run with elevated LocalSy= stem privileges during service startup. 2026-01-27 7.8 CVE-2020-36976 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2020-36976 ] ExploitDB-49142 [ https://= www.exploit-db.com/exploits/49142 ]
Acer Official Homepage [ https://www.acer.com/ac/en/US/content/home ]
VulnCheck Advisory: Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unq= uoted Service Path [ https://www.vulncheck.com/advisories/global-registrati= on-service-gregsvcexe-unquoted-service-path ]
=C2=A0 Ajenti Project--Ajenti Ajenti 2.1.36 contains an authentication bypa=
ss vulnerability that allows remote attackers to execute arbitrary commands=
after successful login. Attackers can leverage the /api/terminal/create en= dpoint to send a netcat reverse shell payload targeting a specified IP and = port. 2026-01-29 9.8 CVE-2020-37002 [ https://www.cve.org/CVERecord?id=3DCV= E-2020-37002 ] ExploitDB-48929 [ https://www.exploit-db.com/exploits/48929 ] Ajenti GitHub Repository [ https://github.com/ajenti/ajenti ]
VulnCheck Advisory: Ajenti 2.1.36 - Remote Code Execution [ https://www.vul= ncheck.com/advisories/ajenti-remote-code-execution ]
=C2=A0 Akn Software Computer Import Export Industry and Trade Ltd.--QR Menu=
Improper Access Control vulnerability in Ak=C3=84=C2=B1n Software Computer=
Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.=
This issue affects QR Menu: before s1.05.12. 2026-01-29 8 CVE-2025-7016 [ = https://www.cve.org/CVERecord?id=3DCVE-2025-7016 ] https://www.usom.gov.tr/= bildirim/tr-26-0006
=C2=A0 aliasrobotics--cai Cybersecurity AI (CAI) is a framework for AI Secu= rity. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) fr= amework contains multiple argument injection vulnerabilities in its functio=
n tools. User-controlled input is passed directly to shell commands via `su= bprocess.Popen()` with `shell=3DTrue`, allowing attackers to execute arbitr= ary commands on the host system. The `find_file()` tool executes without re= quiring user approval because find is considered a "safe" pre-approved comm= and. This means an attacker can achieve Remote Code Execution (RCE) by inje= cting malicious arguments (like -exec) into the args parameter, completely = bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7c= f9da6d6144926f53ca01cde contains a fix. 2026-01-30 9.7 CVE-2026-25130 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-25130 ] https://github.com/aliasro= botics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f= 53ca01cde https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb97= 5e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60
=C2=A0 amitkolloldey--e-learning PHP Script e-Learning PHP Script 0.1.0 con= tains a SQL injection vulnerability in the search functionality that allows=
attackers to manipulate database queries through unvalidated user input. A= ttackers can inject malicious SQL code in the 'search' parameter to potenti= ally extract, modify, or access sensitive database information. 2026-01-30 = 8.2 CVE-2020-37035 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37035 ] Ex= ploitDB-48629 [ https://www.exploit-db.com/exploits/48629 ]
Vendor Homepage [ https://github.com/amitkolloldey/elearning-script ]
VulnCheck Advisory: e-learning Php Script 0.1.0 - 'search' SQL Injection [ = https://www.vulncheck.com/advisories/e-learning-php-script-search-sql-injec= tion ]
=C2=A0 ammarfaizi2--Tea LaTex Tea LaTex 1.0 contains a remote code executio=
n vulnerability that allows unauthenticated attackers to execute arbitrary = shell commands through the /api.php endpoint. Attackers can craft a malicio=
us LaTeX payload with shell commands that are executed when processed by th=
e application's tex2png API action. 2026-01-29 9.8 CVE-2020-37012 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2020-37012 ] ExploitDB-48805 [ https://www.= exploit-db.com/exploits/48805 ]
Vendor Homepage [ https://github.com/ammarfaizi2/latex.teainside.org ] VulnCheck Advisory: Tea LaTex 1.0 - Remote Code Execution [ https://www.vul= ncheck.com/advisories/tea-latex-remote-code-execution ]
=C2=A0 Andrea Electronics--Andrea ST Filters Service Andrea ST Filters Serv= ice 1.0.64.7 contains an unquoted service path vulnerability in its Windows=
service configuration. Local attackers can exploit the unquoted path to in= ject malicious code that will execute with elevated LocalSystem privileges = during service startup. 2026-01-30 7.8 CVE-2020-37058 [ https://www.cve.org= /CVERecord?id=3DCVE-2020-37058 ] ExploitDB-48396 [ https://www.exploit-db.c= om/exploits/48396 ]
Andrea Electronics Official Homepage [ https://andreaelectronics.com/ ] VulnCheck Advisory: Andrea ST Filters Service 1.0.64.7 - Unquoted service p= ath [ https://www.vulncheck.com/advisories/andrea-st-filters-service-unquot= ed-service-path ]
=C2=A0 Arcadia Technology, LLC--Crafty Controller An input neutralization v= ulnerability in the File Operations API Endpoint component of Crafty Contro= ller allows a remote, authenticated attacker to perform file tampering and = remote code execution via path traversal. 2026-01-30 9.9 CVE-2026-0963 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-0963 ] GitLab Issue #660 [ https:= //gitlab.com/crafty-controller/crafty-4/-/issues/660 ]
=C2=A0 Arcadia Technology, LLC--Crafty Controller An input neutralization v= ulnerability in the Backup Configuration component of Crafty Controller all= ows a remote, authenticated attacker to perform file tampering and remote c= ode execution via path traversal. 2026-01-30 8.2 CVE-2026-0805 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-0805 ] GitLab Issue #650 [ https://gitlab= .com/crafty-controller/crafty-4/-/issues/650 ]
=C2=A0 asc Applied Software Consultants, s.r.o.--asc Timetables aSc TimeTab= les 2021.6.2 contains a denial of service vulnerability that allows attacke=
rs to crash the application by overwriting subject title fields with excess= ive data. Attackers can generate a 10,000-character buffer and paste it int=
o the subject title to trigger application instability and potential crash.=
2026-01-28 7.5 CVE-2020-36943 [ https://www.cve.org/CVERecord?id=3DCVE-202= 0-36943 ] ExploitDB-49147 [ https://www.exploit-db.com/exploits/49147 ]
Vendor Homepage [ https://www.asctimetables.com/#!/home ]
Software Download Page [ https://www.asctimetables.com/#!/home/download ] VulnCheck Advisory: aSc TimeTables 2021.6.2 - Denial of Service [ https://w= ww.vulncheck.com/advisories/asc-timetables-denial-of-service ]
=C2=A0 Ashkon Software--Simple Startup Manager Simple Startup Manager 1.17 = contains a local buffer overflow vulnerability that allows attackers to exe= cute arbitrary code by overwriting memory through the 'File' input paramete=
r. Attackers can craft a malicious payload with 268 bytes to trigger code e= xecution, bypassing DEP and overwriting memory addresses to launch calc.exe=
. 2026-01-30 8.4 CVE-2020-37031 [ https://www.cve.org/CVERecord?id=3DCVE-20= 20-37031 ] ExploitDB-48678 [ https://www.exploit-db.com/exploits/48678 ] Product Webpage [ https://www.ashkon.com/startup_manager.html ]
VulnCheck Advisory: Simple Startup Manager 1.17 - 'File' Local Buffer Overf= low [ https://www.vulncheck.com/advisories/simple-startup-manager-file-loca= l-buffer-overflow ]
=C2=A0 Atheros--Coex Service Application Atheros Coex Service Application 8= .0.0.255 contains an unquoted service path vulnerability in its Windows ser= vice configuration. Attackers can exploit the unquoted path by placing mali= cious executables in the service path to gain elevated system privileges du= ring service startup. 2026-01-27 7.8 CVE-2020-36979 [ https://www.cve.org/C= VERecord?id=3DCVE-2020-36979 ] ExploitDB-49053 [ https://www.exploit-db.com= /exploits/49053 ]
Vendor Homepage [ https://www.file.net/process/ath_coexagent.exe.html ] Software Download Link [ https://www.boostbyreason.com/resource-file-9102-a= th_coexagent-exe.aspx ]
VulnCheck Advisory: Atheros Coex Service Application 8.0.0.255 -'ZAtheros B= t&Wlan Coex Agent' Unquoted Service Path [ https://www.vulncheck.com/adviso= ries/atheros-coex-service-application-zatheros-btwlan-coex-agent-unquoted-s= ervice-path ]
=C2=A0 avalanche123--Cassandra Web Cassandra Web 0.5.0 contains a directory=
traversal vulnerability that allows unauthenticated attackers to read arbi= trary files by manipulating path traversal parameters. Attackers can exploi=
t the disabled Rack::Protection module to read sensitive system files like = /etc/passwd and retrieve Apache Cassandra database credentials. 2026-01-27 = 7.5 CVE-2020-36939 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36939 ] Ex= ploitDB-49362 [ https://www.exploit-db.com/exploits/49362 ]
Cassandra Web GitHub Repository [ https://github.com/avalanche123/cassandra= -web ]
Cassandra Web RubyGems Package [ https://rubygems.org/gems/cassandra-web/ve= rsions/0.5.0 ]
VulnCheck Advisory: Cassandra Web 0.5.0 - Remote File Read [ https://www.vu= lncheck.com/advisories/cassandra-web-remote-file-read ]
=C2=A0 Avast--AVAST SecureLine Avast SecureLine 5.5.522.0 contains an unquo= ted service path vulnerability that allows local users to potentially execu=
te code with elevated system privileges. Attackers can exploit the unquoted=
path in the service configuration to inject malicious code that would exec= ute with LocalSystem account permissions during service startup. 2026-02-01=
7.8 CVE-2020-37037 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37037 ] E= xploitDB-48249 [ https://www.exploit-db.com/exploits/48249 ]
Avast Official Homepage [ https://www.avast.com/ ]
VulnCheck Advisory: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Serv= ice Path [ https://www.vulncheck.com/advisories/avast-secureline-secureline= -unquoted-service-path ]
=C2=A0 backstage--backstage Backstage is an open framework for building dev= eloper portals, and @backstage/plugin-techdocs-node provides common node.js=
functionalities for TechDocs. In versions of @backstage/plugin-techdocs-no=
de prior to 1.13.11 and 1.14.1, when TechDocs is configured with `runIn: lo= cal`, a malicious actor who can submit or modify a repository's `mkdocs.yml=
` file can execute arbitrary Python code on the TechDocs build server via M= kDocs hooks configuration. @backstage/plugin-techdocs-node versions 1.13.11=
and 1.14.1 contain a fix. The fix introduces an allowlist of supported MkD= ocs configuration keys. Unsupported configuration keys (including `hooks`) = are now removed from `mkdocs.yml` before running the generator, with a warn= ing logged to indicate which keys were removed. Users of `@techdocs/cli` sh= ould also upgrade to the latest version, which includes the fixed `@backsta= ge/plugin-techdocs-node` dependency. Some workarounds are available. Config= ure TechDocs with `runIn: docker` instead of `runIn: local` to provide cont= ainer isolation, though it does not fully mitigate the risk. Limit who can = modify `mkdocs.yml` files in repositories that TechDocs processes; only all=
ow trusted contributors. Implement PR review requirements for changes to `m= kdocs.yml` files to detect malicious `hooks` configurations before they are=
merged. Use MkDocs < 1.4.0 (e.g., 1.3.1) which does not support hooks. Not=
e: This may limit access to newer MkDocs features. Building documentation i=
n CI/CD pipelines using `@techdocs/cli` does not mitigate this vulnerabilit=
y, as the CLI uses the same vulnerable `@backstage/plugin-techdocs-node` pa= ckage. 2026-01-30 7.7 CVE-2026-25153 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-25153 ] https://github.com/backstage/backstage/security/advisories/= GHSA-6jr7-99pf-8vgf
=C2=A0 Barcode-Ocr--BarcodeOCR BarcodeOCR 19.3.6 contains an unquoted servi=
ce path vulnerability that allows local attackers to execute code with elev= ated privileges during system startup. Attackers can exploit the unquoted p= ath in the service configuration to inject malicious executables that will = run with LocalSystem privileges. 2026-01-29 7.8 CVE-2020-37016 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2020-37016 ] ExploitDB-48740 [ https://www.exp= loit-db.com/exploits/48740 ]
BarcodeOCR Official Homepage [ https://www.barcode-ocr.com/ ]
VulnCheck Advisory: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path =
[ https://www.vulncheck.com/advisories/barcodeocr-barcodeocr-unquoted-servi= ce-path ]
=C2=A0 BearshareOfficial--BearShare Lite BearShare Lite 5.2.5 contains a bu= ffer overflow vulnerability in the Advanced Search keywords input that allo=
ws attackers to execute arbitrary code. Attackers can craft a specially des= igned payload to overwrite the EIP register and execute shellcode by pastin=
g malicious content into the search keywords field. 2026-01-29 9.8 CVE-2020= -37010 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37010 ] ExploitDB-4883=
9 [ https://www.exploit-db.com/exploits/48839 ]
Official BearShare Homepage [ http://www.bearshareofficial.com/ ]
BearShare Lite 5.2.5 Download Page [ http://www.oldversion.com.de/windows/b= earshare-lite-5-2-5 ]
VulnCheck Advisory: BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow=
in (PoC) [ https://www.vulncheck.com/advisories/bearshare-lite-advanced-se= archbuffer-overflow-in-poc ]
=C2=A0 Beckhoff Automation--Beckhoff.Device.Manager.XAR A low privileged re= mote attacker can execute arbitrary code by sending specially crafted calls=
to the web service of the Device Manager or locally via an API and can cau=
se integer overflows which then may lead to arbitrary code execution within=
privileged processes. 2026-01-27 8.8 CVE-2025-41726 [ https://www.cve.org/= CVERecord?id=3DCVE-2025-41726 ] https://certvde.com/de/advisories/VDE-2025-= 092
=C2=A0 Beckhoff Automation--Beckhoff.Device.Manager.XAR A local low privile= ged attacker can bypass the authentication of the Device Manager user inter= face, allowing them to perform privileged operations and gain administrator=
access. 2026-01-27 7.8 CVE-2025-41727 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-41727 ] https://certvde.com/de/advisories/VDE-2025-092
=C2=A0 bentoml--BentoML BentoML is a Python library for building online ser= ving systems optimized for AI apps and model inference. Prior to version 1.= 4.34, BentoML's `bentofile.yaml` configuration allows path traversal attack=
s through multiple file path fields (`description`, `docker.setup_script`, = `docker.dockerfile_template`, `conda.environment_yml`). An attacker can cra=
ft a malicious bentofile that, when built by a victim, exfiltrates arbitrar=
y files from the filesystem into the bento archive. This enables supply cha=
in attacks where sensitive files (SSH keys, credentials, environment variab= les) are silently embedded in bentos and exposed when pushed to registries =
or deployed. Version 1.4.34 contains a patch for the issue. 2026-01-26 7.4 = CVE-2026-24123 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24123 ] https:= //github.com/bentoml/BentoML/security/advisories/GHSA-6r62-w2q3-48hf https://github.com/bentoml/BentoML/commit/84d08cfeb40c5f2ce71b3d3444bbaa0fb= 16b5ca4
https://github.com/bentoml/BentoML/releases/tag/v1.4.34
=C2=A0 bloompixel--TableMaster for Elementor Advanced Responsive Tables for=
Elementor The TableMaster for Elementor plugin for WordPress is vulnerable=
to Server-Side Request Forgery in all versions up to, and including, 1.3.6=
. This is due to the plugin not restricting which URLs can be fetched when = importing CSV data from a URL in the Data Table widget. This makes it possi= ble for authenticated attackers, with Author-level access and above, to mak=
e web requests to arbitrary locations, including localhost and internal net= work services, and read sensitive files such as wp-config.php via the 'csv_= url' parameter. 2026-01-28 7.2 CVE-2025-14610 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-14610 ] https://www.wordfence.com/threat-intel/vulnerabili= ties/id/ef07d6b0-ccdb-4b33-817f-6d4b3ad96243?source=3Dcve https://plugins.trac.wordpress.org/browser/tablemaster-for-elementor/trunk/= modules/data-table/widgets/data-table.php#L446 https://plugins.trac.wordpress.org/browser/tablemaster-for-elementor/tags/1= .3.6/modules/data-table/widgets/data-table.php#L446 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3442158%40tablemaster-for-elementor&new=3D3442158%40tablemast= er-for-elementor&sfp_email=3D&sfph_mail=3D
=C2=A0 Broadcom--Symantec Web Security Services Agent WSS Agent, prior to 9= .8.5, may be susceptible to a Elevation of Privilege vulnerability, which i=
s a type of issue whereby an attacker may attempt to compromise the softwar=
e application to gain elevated access to resources that are normally protec= ted from an application or user. 2026-01-28 7 CVE-2025-13917 [ https://www.= cve.org/CVERecord?id=3DCVE-2025-13917 ] https://support.broadcom.com/web/ec= x/support-content-notification/-/external/content/SecurityAdvisories/0/36778 =C2=A0 C4illin--ConvertX ConvertXis a self-hosted online file converter. In=
versions prior to 0.17.0, the `POST /delete` endpoint uses a user-controll=
ed `filename` value to construct a filesystem path and deletes it via `unli= nk` without sufficient validation. By supplying path traversal sequences (e= .g., `../`), an attacker can delete arbitrary files outside the intended up= loads directory, limited only by the permissions of the server process. Ver= sion 0.17.0 fixes the issue. 2026-01-27 8.1 CVE-2026-24741 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-24741 ] https://github.com/C4illin/ConvertX/s= ecurity/advisories/GHSA-w372-w6cr-45jp https://github.com/C4illin/ConvertX/commit/7a936bdc0463936463616381ca257b13= babc5e77
=C2=A0 ChurchCRM--CRM ChurchCRM is an open-source church management system.=
A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor.php` in=
ChurchCRM prior to version 6.7.2. Any authenticated user, including one wi=
th zero assigned permissions, can exploit SQL injection through the `PerID`=
parameter. Version 6.7.2 contains a patch for the issue. 2026-01-30 8.8 CV= E-2026-24854 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24854 ] https://= github.com/ChurchCRM/CRM/security/advisories/GHSA-p3q7-q68q-h2gr http://github.com/ChurchCRM/CRM/commit/748f5084fc06c5e12463dc7fdd62d1d31fc0= 8d38
=C2=A0 Cleanersoft Software--Free MP3 CD Ripper Free MP3 CD Ripper 2.8 cont= ains a stack buffer overflow vulnerability that allows remote attackers to = execute arbitrary code by crafting a malicious WAV file with oversized payl= oad. Attackers can leverage a specially crafted exploit file with shellcode=
, SEH bypass, and egghunter technique to achieve remote code execution on v= ulnerable Windows systems. 2026-01-29 9.8 CVE-2020-37000 [ https://www.cve.= org/CVERecord?id=3DCVE-2020-37000 ] ExploitDB-48696 [ https://www.exploit-d= b.com/exploits/48696 ]
Vendor Homepage [ https://www.cleanersoft.com ]
VulnCheck Advisory: Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + E= gghunter) [ https://www.vulncheck.com/advisories/free-mp-cd-ripper-stack-bu= ffer-overflow-seh-egghunter ]
=C2=A0 code-projects--Online Examination System A vulnerability was found i=
n code-projects Online Examination System 1.0. Affected by this vulnerabili=
ty is an unknown functionality of the file /index.php of the component Logi=
n Page. Performing a manipulation of the argument User results in sql injec= tion. The attack is possible to be carried out remotely. The exploit has be=
en made public and could be used. 2026-01-26 7.3 CVE-2026-1422 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-1422 ] VDB-342838 | code-projects Online = Examination System Login Page index.php sql injection [ https://vuldb.com/?= id.342838 ]
VDB-342838 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342838 ]
Submit #736606 | code-projects Online Examination System 1 SQL Injection [ = https://vuldb.com/?submit.736606 ] https://github.com/geo-chen/code-projects/blob/main/Online%20Examination%20= System%20In%20PHP%20With%20Source%20Code.md#finding-2-sql-injection-on-logi= n-page
https://code-projects.org/
=C2=A0 code-projects--Online Music Site A flaw has been found in code-proje= cts Online Music Site 1.0. Affected by this issue is some unknown functiona= lity of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation =
of the argument ID causes sql injection. The attack can be initiated remote= ly. The exploit has been published and may be used. 2026-01-26 7.3 CVE-2026= -1443 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1443 ] VDB-342872 | cod= e-projects Online Music Site AdminDeleteUser.php sql injection [ https://vu= ldb.com/?id.342872 ]
VDB-342872 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342872 ]
Submit #736967 | code-projects Online Music Site V1.0 SQL Injection [ https= ://vuldb.com/?submit.736967 ]
https://github.com/Volije/cve/issues/1
https://code-projects.org/
=C2=A0 code-projects--Online Music Site A weakness has been identified in c= ode-projects Online Music Site 1.0. This affects an unknown function of the=
file /Administrator/PHP/AdminEditUser.php. This manipulation of the argume=
nt ID causes sql injection. It is possible to initiate the attack remotely.=
The exploit has been made available to the public and could be used for at= tacks. 2026-01-28 7.3 CVE-2026-1534 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-1534 ] VDB-343220 | code-projects Online Music Site AdminEditUser.ph=
p sql injection [ https://vuldb.com/?id.343220 ]
VDB-343220 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343220 ]
Submit #738705 | Code-Projects ONLINE MUSIC SITE V1.0 SQL injection [ https= ://vuldb.com/?submit.738705 ]
https://github.com/yuji0903/silver-guide/issues/3
https://code-projects.org/
=C2=A0 code-projects--Online Music Site A security vulnerability has been d= etected in code-projects Online Music Site 1.0. This impacts an unknown fun= ction of the file /Administrator/PHP/AdminReply.php. Such manipulation of t=
he argument ID leads to sql injection. It is possible to launch the attack = remotely. The exploit has been disclosed publicly and may be used. 2026-01-=
28 7.3 CVE-2026-1535 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1535 ] V= DB-343221 | code-projects Online Music Site AdminReply.php sql injection [ = https://vuldb.com/?id.343221 ]
VDB-343221 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343221 ]
Submit #738706 | Code-Projects ONLINE MUSIC SITE V1.0 SQL injection [ https= ://vuldb.com/?submit.738706 ]
https://github.com/yuji0903/silver-guide/issues/4
https://code-projects.org/
=C2=A0 Code::Blocks--Code::Blocks Code Blocks 17.12 contains a local buffer=
overflow vulnerability that allows attackers to execute arbitrary code by = crafting a malicious file name with Unicode characters. Attackers can trigg=
er the vulnerability by pasting a specially crafted payload into the file n= ame field during project creation, potentially executing system commands li=
ke calc.exe. 2026-01-30 8.4 CVE-2020-37040 [ https://www.cve.org/CVERecord?= id=3DCVE-2020-37040 ] ExploitDB-48594 [ https://www.exploit-db.com/exploits= /48594 ]
Code Blocks Official Website [ http://www.codeblocks.org/ ]
Code Blocks SourceForge Page [ https://sourceforge.net/projects/codeblocks ] VulnCheck Advisory: Code Blocks 17.12 - 'File Name' Local Buffer Overflow [=
https://www.vulncheck.com/advisories/code-blocks-file-name-local-buffer-ov= erflow ]
=C2=A0 Code::Blocks--Code::Blocks Code Blocks 20.03 contains a denial of se= rvice vulnerability that allows attackers to crash the application by manip= ulating input in the FSymbols search field. Attackers can paste a large pay= load of 5000 repeated characters into the search field to trigger an applic= ation crash. 2026-01-30 7.5 CVE-2020-37038 [ https://www.cve.org/CVERecord?= id=3DCVE-2020-37038 ] ExploitDB-48617 [ https://www.exploit-db.com/exploits= /48617 ]
Code Blocks Official Homepage [ http://www.codeblocks.org/ ]
Code Blocks SourceForge Page [ https://sourceforge.net/projects/codeblocks ] VulnCheck Advisory: Code Blocks 20.03 - Denial Of Service [ https://www.vul= ncheck.com/advisories/code-blocks-denial-of-service ]
=C2=A0 codexcube--Ultimate Project Manager CRM PRO Ultimate Project Manager=
CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows att= ackers to extract usernames and password hashes from the tbl_users database=
table. Attackers can exploit the /frontend/get_article_suggestion/ endpoin=
t by crafting malicious search parameters to progressively guess and retrie=
ve user credentials through boolean-based inference techniques. 2026-01-29 = 8.2 CVE-2020-37004 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37004 ] Ex= ploitDB-48912 [ https://www.exploit-db.com/exploits/48912 ]
Ultimate Project Manager CRM PRO Vendor Homepage [ https://ultimatepro.code= xcube.com/ ]
VulnCheck Advisory: Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentia=
ls Leakage [ https://www.vulncheck.com/advisories/ultimate-project-manager-= crm-pro-sqli-credentials-leakage ]
=C2=A0 Codriapp Innovation and Software Technologies Inc.--HeyGarson Genera= tion of Error Message Containing Sensitive Information vulnerability in Cod= riapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing fo=
r application mapping. This issue affects HeyGarson: through 30012026. NOTE=
: The vendor was contacted several times to verifying fixing process but di=
d not respond in any way. 2026-01-30 8.2 CVE-2025-1395 [ https://www.cve.or= g/CVERecord?id=3DCVE-2025-1395 ] https://www.usom.gov.tr/bildirim/tr-26-0009 =C2=A0 crm-now GmbH--berliCRM berliCRM 1.0.24 contains a SQL injection vuln= erability in the 'src_record' parameter that allows remote attackers to man= ipulate database queries. Attackers can inject malicious SQL code through a=
crafted POST request to the index.php endpoint to potentially extract or m= odify database information. 2026-01-29 8.2 CVE-2020-37006 [ https://www.cve= .org/CVERecord?id=3DCVE-2020-37006 ] ExploitDB-48872 [ https://www.exploit-= db.com/exploits/48872 ]
Vendor Homepage [ https://www.berlicrm.de ]
VulnCheck Advisory: berliCRM 1.0.24 - 'src_record' SQL Injection [ https://= www.vulncheck.com/advisories/berlicrm-srcrecord-sql-injection ]
=C2=A0 Crystal Shard--http-protection Crystal Shard http-protection 0.2.0 c= ontains an IP spoofing vulnerability that allows attackers to bypass protec= tion middleware by manipulating request headers. Attackers can hardcode con= sistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP header=
s to circumvent security checks and gain unauthorized access. 2026-01-30 9.=
8 CVE-2020-37056 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37056 ] Expl= oitDB-48533 [ https://www.exploit-db.com/exploits/48533 ]
HTTP Protection Crystal Shard Repository [ https://github.com/rogeriozambon= /http-protection ]
VulnCheck Advisory: Crystal Shard http-protection 0.2.0 - IP Spoofing Bypas=
s [ https://www.vulncheck.com/advisories/crystal-shard-http-protection-ip-s= poofing-bypass ]
=C2=A0 D-Link--DIR-615 A vulnerability was detected in D-Link DIR-615 up to=
4.10. This impacts an unknown function of the file /wiz_policy_3_machine.p=
hp of the component Web Management Interface. Performing a manipulation of = the argument ipaddr results in os command injection. It is possible to init= iate the attack remotely. The exploit is now public and may be used. This v= ulnerability only affects products that are no longer supported by the main= tainer. 2026-01-26 7.2 CVE-2026-1448 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-1448 ] VDB-342880 | D-Link DIR-615 Web Management wiz_policy_3_mach= ine.php os command injection [ https://vuldb.com/?id.342880 ]
VDB-342880 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342880 ]
Submit #737006 | Dlink DIR615 Firmware v4.10 and earlier (DIR-615 Rev D) OS=
Command Injection [ https://vuldb.com/?submit.737006 ] https://pentagonal-time-3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c= 8ce35933396?pvs=3D73
https://www.dlink.com/
=C2=A0 D-Link--DIR-615 A vulnerability was found in D-Link DIR-615 4.10. Th=
is issue affects some unknown processing of the file /set_temp_nodes.php of=
the component URL Filter. The manipulation results in os command injection=
. The attack can be executed remotely. The exploit has been made public and=
could be used. This vulnerability only affects products that are no longer=
supported by the maintainer. 2026-01-28 7.2 CVE-2026-1505 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-1505 ] VDB-343117 | D-Link DIR-615 URL Filter=
set_temp_nodes.php os command injection [ https://vuldb.com/?id.343117 ] VDB-343117 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343117 ]
Submit #737061 | Dlink DIR-615 v4.10 OS Command Injection [ https://vuldb.c= om/?submit.737061 ] https://pentagonal-time-3a7.notion.site/D-Link-DIR-615-2e7e5dd4c5a580109a14= fdeb6f105cd6
https://www.dlink.com/
=C2=A0 D-Link--DIR-615 A vulnerability was determined in D-Link DIR-615 4.1=
0. Impacted is an unknown function of the file /adv_mac_filter.php of the c= omponent MAC Filter Configuration. This manipulation of the argument mac ca= uses os command injection. The attack is possible to be carried out remotel=
y. The exploit has been publicly disclosed and may be utilized. This vulner= ability only affects products that are no longer supported by the maintaine=
r. 2026-01-28 7.2 CVE-2026-1506 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-1506 ] VDB-343118 | D-Link DIR-615 MAC Filter Configuration adv_mac_filt= er.php os command injection [ https://vuldb.com/?id.343118 ]
VDB-343118 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343118 ]
Submit #737078 | Dlink DIR-615 v4.10 OS Command Injection [ https://vuldb.c= om/?submit.737078 ] https://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER-2e7e5dd4c5a58091= b027f50271cc7c6a
https://www.dlink.com/
=C2=A0 Dassault Systmes--SOLIDWORKS eDrawings A Heap-based Buffer Overflow = vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDraw= ings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could all=
ow an attacker to execute arbitrary code while opening a specially crafted = EPRT file. 2026-01-26 7.8 CVE-2026-1283 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1283 ] https://www.3ds.com/trust-center/security/security-advis= ories/cve-2026-1283
=C2=A0 Dassault Systmes--SOLIDWORKS eDrawings An Out-Of-Bounds Write vulner= ability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings f= rom Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an = attacker to execute arbitrary code while opening a specially crafted EPRT f= ile. 2026-01-26 7.8 CVE-2026-1284 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-1284 ] https://www.3ds.com/trust-center/security/security-advisories/c= ve-2026-1284
=C2=A0 Deepinstinct--Deep Instinct Windows Agent Deep Instinct Windows Agen=
t 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtS= ervice that allows local users to potentially execute code with elevated pr= ivileges. Attackers can exploit the unquoted path in C:\Program Files\HP Su=
re Sense\DeepMgmtService.exe to inject malicious code that would execute wi=
th LocalSystem permissions during service startup. 2026-02-01 7.8 CVE-2020-= 37047 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37047 ] ExploitDB-48174=
[ https://www.exploit-db.com/exploits/48174 ]
Deep Instinct Official Homepage [ https://www.deepinstinct.com/ ]
VulnCheck Advisory: Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService=
' Unquoted Service Path [ https://www.vulncheck.com/advisories/deep-instinc= t-windows-agent-deepmgmtservice-unquoted-service-path ]
=C2=A0 Dell--CloudBoost Virtual Appliance Dell CloudBoost Virtual Appliance=
, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vul= nerability. A high privileged attacker with remote access could potentially=
exploit this vulnerability, leading to Elevation of privileges. 2026-01-27=
7 CVE-2026-21417 [ https://www.cve.org/CVERecord?id=3DCVE-2026-21417 ] htt= ps://www.dell.com/support/kbdoc/en-us/000419894/dsa-2026-025-security-updat= e-for-dell-cloudboost-virtual-appliance-multiple-vulnerabilities
=C2=A0 Dell--PremierColor Dell PremierColor Panel Driver, versions prior to=
1.0.0.1 A01, contains an Improper Access Control vulnerability. A low priv= ileged attacker with local access could potentially exploit this vulnerabil= ity, leading to Elevation of Privileges. 2026-01-28 7.8 CVE-2025-46691 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-46691 ] https://www.dell.com/supp= ort/kbdoc/en-us/000394670/dsa-2025-444?lang=3Den
=C2=A0 Dell--Unity Dell Unity, version(s) 5.5.2 and prior, contain(s) an Im= proper Neutralization of Special Elements used in an OS Command ('OS Comman=
d Injection') vulnerability. A low privileged attacker with local access co= uld potentially exploit this vulnerability, leading to arbitrary command ex= ecution with root privileges. 2026-01-30 7.8 CVE-2026-21418 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-21418 ] https://www.dell.com/support/kbdoc/e= n-us/000421197/dsa-2026-054-security-update-for-dell-unity-dell-unityvsa-an= d-dell-unity-xt-security-update-for-multiple-vulnerabilities
=C2=A0 Dell--UnityVSA Dell UnityVSA, version(s) 5.4 and prior, contain(s) a=
n Improper Neutralization of Special Elements used in an OS Command ('OS Co= mmand Injection') vulnerability. A low privileged attacker with local acces=
s could potentially exploit this vulnerability, leading to arbitrary comman=
d execution with root privileges. 2026-01-30 7.8 CVE-2026-22277 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-22277 ] https://www.dell.com/support/kbd= oc/en-us/000421197/dsa-2026-054-security-update-for-dell-unity-dell-unityvs= a-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
=C2=A0 Delta Electronics--ASDA-Soft ASDA-Soft Stack-based Buffer Overflow V= ulnerability 2026-01-27 7.8 CVE-2026-1361 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-1361 ] https://filecenter.deltaww.com/news/download/doc/Delta-= PCSA-2026-00003_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability= %20(CVE-2026-1361).pdf
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subs= cription endpoints lack proper checking for ownership before making changes=
. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1= .0. No known workarounds are available. 2026-01-28 7.1 CVE-2025-68479 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-68479 ] https://github.com/discour= se/discourse/security/advisories/GHSA-6gjr-5897-m327
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostnam=
e validation issue in FinalDestination could allow bypassing SSRF protectio=
ns under certain conditions. This issue is patched in versions 3.5.4, 2025.= 11.2, 2025.12.1, and 2026.1.0. No known workarounds are available. 2026-01-=
28 7.6 CVE-2025-68662 [ https://www.cve.org/CVERecord?id=3DCVE-2025-68662 ]=
https://github.com/discourse/discourse/security/advisories/GHSA-gcfp-rjfc-= 925c
=C2=A0 dnnsoftware--Dnn.Platform DNN (formerly DotNetNuke) is an open-sourc=
e web content management platform (CMS) in the Microsoft ecosystem. Prior t=
o versions 9.13.10 and 10.2.0, module title supports richtext which could i= nclude scripts that would execute in certain scenarios. Versions 9.13.10 an=
d 10.2.0 contain a fix for the issue. 2026-01-27 9.1 CVE-2026-24838 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-24838 ] https://github.com/dnnsoftwa= re/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h
=C2=A0 dnnsoftware--Dnn.Platform DNN (formerly DotNetNuke) is an open-sourc=
e web content management platform (CMS) in the Microsoft ecosystem. Prior t=
o versions 9.13.10 and 10.2.0, a module could install with richtext in its = description field which could contain scripts that will run for user in the=
Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue. 2026= -01-27 7.7 CVE-2026-24833 [ https://www.cve.org/CVERecord?id=3DCVE-2026-248=
33 ] https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-9= r3h-mpf8-25gj
=C2=A0 dnnsoftware--Dnn.Platform DNN (formerly DotNetNuke) is an open-sourc=
e web content management platform (CMS) in the Microsoft ecosystem. Startin=
g in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions cou=
ld write richtext in log notes which can include scripts that would run in = the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix fo=
r the issue. 2026-01-27 7.7 CVE-2026-24836 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-24836 ] https://github.com/dnnsoftware/Dnn.Platform/security/= advisories/GHSA-2g5g-hcgh-q3rp
=C2=A0 dnnsoftware--Dnn.Platform DNN (formerly DotNetNuke) is an open-sourc=
e web content management platform (CMS) in the Microsoft ecosystem. Startin=
g in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module frien= dly name could include scripts that will run during some module operations =
in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue=
. 2026-01-27 7.7 CVE-2026-24837 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-24837 ] https://github.com/dnnsoftware/Dnn.Platform/security/advisories/= GHSA-vm5q-8qww-h238
=C2=A0 Dokploy--dokploy Dokploy is a free, self-hostable Platform as a Serv= ice (PaaS). In versions prior to 0.26.6, a critical command injection vulne= rability exists in Dokploy's WebSocket endpoint `/docker-container-terminal=
`. The `containerId` and `activeWay` parameters are directly interpolated i= nto shell commands without sanitization, allowing authenticated attackers t=
o execute arbitrary commands on the host server. Version 0.26.6 fixes the i= ssue. 2026-01-28 9.9 CVE-2026-24841 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-24841 ] https://github.com/Dokploy/dokploy/security/advisories/GHSA-= vx6x-6559-x35r https://github.com/Dokploy/dokploy/commit/74e0bd5fe3ef7199f44fcd19c6f5a2f09= b806d6f https://github.com/Dokploy/dokploy/blob/canary/apps/dokploy/server/wss/dock= er-container-terminal.ts
=C2=A0 Dokploy--dokploy Dokploy is a free, self-hostable Platform as a Serv= ice (PaaS). In versions prior to 0.26.6, a hardcoded credential in the prov= ided installation script (located at https://dokploy.com/install.sh, line 1= 54) uses a hardcoded password when creating the database container. This me= ans that nearly all Dokploy installations use the same database credentials=
and could be compromised. Version 0.26.6 contains a patch for the issue. 2= 026-01-28 8 CVE-2026-24840 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24= 840 ] https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w= -gjmc https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1f= ab2c64d
=C2=A0 Drive-Software--Atomic Alarm Clock x86 Atomic Alarm Clock 6.3 contai=
ns a local privilege escalation vulnerability in its service configuration = that allows attackers to execute arbitrary code with SYSTEM privileges. Att= ackers can exploit the unquoted service path by placing a malicious executa= ble named 'Program.exe' to gain persistent system-level access. 2026-01-30 = 7.8 CVE-2020-37060 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37060 ] Ex= ploitDB-48352 [ https://www.exploit-db.com/exploits/48352 ]
Vendor Homepage [ http://www.drive-software.com ]
VulnCheck Advisory: Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquote=
d Service Path [ https://www.vulncheck.com/advisories/atomic-alarm-clock-x-= atomicalarmclock-unquoted-service-path ]
=C2=A0 Dummysoftware--BacklinkSpeed BacklinkSpeed 2.4 contains a buffer ove= rflow vulnerability that allows attackers to corrupt the Structured Excepti=
on Handler (SEH) chain through malicious file import. Attackers can craft a=
specially designed payload file to overwrite SEH addresses, potentially ex= ecuting arbitrary code and gaining control of the application. 2026-01-29 9=
.8 CVE-2020-36997 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36997 ] Exp= loitDB-48726 [ https://www.exploit-db.com/exploits/48726 ]
Vendor Homepage [ http://www.dummysoftware.com ]
Software Download Page [ http://www.dummysoftware.com/backlinkspeed.html ] VulnCheck Advisory: BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH) [ https:/= /www.vulncheck.com/advisories/backlinkspeed-buffer-overflow-poc-seh ]
=C2=A0 Eclipse Foundation--Eclipse Theia - Website In the Eclipse Theia Web= site repository, the GitHub Actions workflow .github/workflows/preview.yml = used pull_request_target trigger while checking out and executing untrusted=
pull request code. This allowed any GitHub user to execute arbitrary code =
in the repository's CI environment with access to repository secrets and a = GITHUB_TOKEN with extensive write permissions (contents:write, packages:wri= te, pages:write, actions:write). An attacker could exfiltrate secrets, publ= ish malicious packages to the eclipse-theia organization, modify the offici=
al Theia website, and push malicious code to the repository. 2026-01-30 10 = CVE-2026-1699 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1699 ] https://= gitlab.eclipse.org/security/vulnerability-reports/-/issues/332
=C2=A0 Eclipse Foundation--Eclipse ThreadX The vulnerability stems from an = incorrect error-checking logic in the CreateCounter()=C2=A0function (in thr= eadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the re= turn value of osek_get_counter(). Specifically, the current code checks if = cntr_id=C2=A0equals 0u=C2=A0to determine failure, but @osek_get_counter()= =C2=A0actually returns E_OS_SYS_STACK=C2=A0(defined as 12U) when it fails. = This mismatch causes the error branch to never execute even when the counte=
r pool is exhausted. As a result, when the counter pool is depleted, the co=
de proceeds to cast the error code (12U) to a pointer (OSEK_COUNTER *), cre= ating a wild pointer. Subsequent writes to members of this pointer lead to = writes to illegal memory addresses (e.g., 0x0000000C), which can trigger im= mediate HardFaults or silent memory corruption. This vulnerability poses si= gnificant risks, including potential denial-of-service attacks (via repeate=
d calls to exhaust the counter pool) and unauthorized memory access. 2026-0= 1-27 7.8 CVE-2026-0648 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0648 ]=
https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-xj75-f= c68-h4rw
=C2=A0 Elaniin--Elaniin CMS Elaniin CMS 1.0 contains an authentication bypa=
ss vulnerability that allows attackers to access the dashboard by manipulat= ing the login page with SQL injection. Attackers can bypass authentication =
by sending crafted email and password parameters with '=3D''or' payload to = login.php, granting unauthorized access to the system. 2026-01-29 8.2 CVE-2= 020-36999 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36999 ] ExploitDB-4= 8705 [ https://www.exploit-db.com/exploits/48705 ]
Vendor Homepage [ https://elaniin.com/ ]
Elaniin CMS GitHub Repository [ https://github.com/elaniin/CMS ]
VulnCheck Advisory: elaniin CMS 1.0 - Authentication Bypass [ https://www.v= ulncheck.com/advisories/elaniin-cms-authentication-bypass ]
=C2=A0 Elektraweb--EasyPMS EasyPMS 1.0.0 contains an authentication bypass = vulnerability that allows unprivileged users to manipulate SQL queries in J= SON requests to access admin user information. Attackers can exploit weak i= nput validation by injecting single quotes in ID parameters and modify admi=
n user passwords without proper token authentication. 2026-01-29 7.5 CVE-20= 20-37008 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37008 ] ExploitDB-48= 858 [ https://www.exploit-db.com/exploits/48858 ]
Vendor Homepage [ https://www.elektraweb.com/en/ ]
VulnCheck Advisory: EasyPMS 1.0.0 - Authentication Bypass [ https://www.vul= ncheck.com/advisories/easypms-authentication-bypass ]
=C2=A0 Enigmasoftware--SpyHunter SpyHunter 4 contains an unquoted service p= ath vulnerability that allows local users to potentially execute arbitrary = code with elevated system privileges. Attackers can exploit the unquoted se= rvice path by placing malicious executables in specific file system locatio=
ns to gain elevated access during service startup. 2026-02-01 7.8 CVE-2020-= 37055 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37055 ] ExploitDB-48172=
[ https://www.exploit-db.com/exploits/48172 ]
Vendor Homepage [ https://www.enigmasoftware.com ]
VulnCheck Advisory: SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Pa=
th [ https://www.vulncheck.com/advisories/spyhunter-spyhunter-service-unquo= ted-service-path ]
=C2=A0 Epson--EPSON EPSON 1.124 contains an unquoted service path vulnerabi= lity in the SENADB service that allows local attackers to execute code with=
elevated system privileges. Attackers can exploit the unquoted path in C:\= Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject ma= licious executables that will run with LocalSystem permissions. 2026-01-28 = 7.8 CVE-2020-36984 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36984 ] Ex= ploitDB-48965 [ https://www.exploit-db.com/exploits/48965 ]
EPSON Official Support Page [ https://www.epson.co.uk/support?productID=3D1= 0820&os=3D22#drivers_and_manuals ]
VulnCheck Advisory: EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path [ htt= ps://www.vulncheck.com/advisories/epson-seksmdbexe-unquoted-service-path ] =C2=A0 Epson--EPSON EasyMP Network Projection EPSON EasyMP Network Projecti=
on 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV s= ervice that allows local users to potentially execute arbitrary code. Attac= kers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projecto= r\EasyMP Network Projection V2\ to inject malicious code that would execute=
with LocalSystem privileges. 2026-02-01 7.8 CVE-2020-37064 [ https://www.c= ve.org/CVERecord?id=3DCVE-2020-37064 ] ExploitDB-48069 [ https://www.exploi= t-db.com/exploits/48069 ]
EPSON EasyMP Network Projection Support Page [ https://epson.com/support/ea= symp-network-projection-v2-86-for-windows ]
VulnCheck Advisory: EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unq= uoted Service Path [ https://www.vulncheck.com/advisories/epson-easymp-netw= ork-projection-empnswlsv-unquoted-service-path ]
=C2=A0 ErugoOSS--Erugo Erugo is a self-hosted file-sharing platform. In ver= sions up to and including 0.2.14, an authenticated low-privileged user can = upload arbitrary files to any specified location due to insufficient valida= tion of user supplied paths when creating shares. By specifying a writable = path within the public web root, an attacker can upload and execute arbitra=
ry code on the server, resulting in remote code execution (RCE). This vulne= rability allows a low-privileged user to fully compromise the affected Erug=
o instance. Version 0.2.15 fixes the issue. 2026-01-28 10 CVE-2026-24897 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-24897 ] https://github.com/Erug= oOSS/Erugo/security/advisories/GHSA-336w-hgpq-6369 https://github.com/ErugoOSS/Erugo/commit/256bc63831a0b5e9a94cb024a0724e0cd5= fa5e38
https://github.com/ErugoOSS/Erugo/releases/tag/v0.2.15
=C2=A0 Filehorse--Motorola Device Manager Motorola Device Manager 2.4.5 con= tains an unquoted service path vulnerability in the PST Service that allows=
local users to potentially execute arbitrary code. Attackers can exploit t=
he unquoted path in ForwardDaemon.exe to inject malicious code that will ex= ecute with elevated system privileges during service startup. 2026-01-27 7.=
8 CVE-2020-36981 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36981 ] Expl= oitDB-49011 [ https://www.exploit-db.com/exploits/49011 ]
Motorola Device Manager Download Page [ https://www.filehorse.com/es/descar= gar-motorola-device-manager/ ]
ExploitDB-49013 [ https://www.exploit-db.com/exploits/49013 ]
VulnCheck Advisory: Motorola Device Manager 2.4.5 - 'ForwardDaemon.exe ' Un= quoted Service Path [ https://www.vulncheck.com/advisories/motorola-device-= manager-forwarddaemonexe-unquoted-service-path ]
=C2=A0 Filigran--OpenCTI OpenCTI 3.3.1 is vulnerable to a directory travers=
al attack via the static/css endpoint. An unauthenticated attacker can read=
arbitrary files from the filesystem by sending crafted GET requests with p= ath traversal sequences (e.g., '../') in the URL. For example, requesting /= static/css//../../../../../../../../etc/passwd returns the contents of /etc= /passwd. This vulnerability was discovered by Raif Berkay Dincel and confir= med on Linux Mint and Windows 10. 2026-01-30 7.5 CVE-2020-37041 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2020-37041 ] ExploitDB-48595 [ https://www.ex= ploit-db.com/exploits/48595 ]
OpenCTI Official Homepage [ https://www.opencti.io/ ]
OpenCTI GitHub Repository [ https://github.com/OpenCTI-Platform/opencti ] VulnCheck Advisory: OpenCTI 3.3.1 - Directory Traversal [ https://www.vulnc= heck.com/advisories/opencti-directory-traversal ]
=C2=A0 Flexense Ltd.--SyncBreeze SyncBreeze 10.0.28 contains a denial of se= rvice vulnerability in the login endpoint that allows remote attackers to c= rash the service. Attackers can send an oversized payload in the login requ= est to overwhelm the application and potentially disrupt service availabili= ty. 2026-01-27 7.5 CVE-2020-36946 [ https://www.cve.org/CVERecord?id=3DCVE-= 2020-36946 ] ExploitDB-49291 [ https://www.exploit-db.com/exploits/49291 ] Vendor Homepage [ http://www.syncbreeze.com ]
VulnCheck Advisory: SyncBreeze 10.0.28 - 'login' Denial of Service [ https:= //www.vulncheck.com/advisories/syncbreeze-login-denial-of-service ]
=C2=A0 Forensit--ForensiTAppxService ForensiT AppX Management Service 2.2.0=
.4 contains an unquoted service path vulnerability that allows local users =
to potentially execute arbitrary code with elevated system privileges. Atta= ckers can exploit the unquoted path in the service configuration to inject = malicious code that would execute with LocalSystem account permissions duri=
ng service startup. 2026-01-28 7.8 CVE-2020-36989 [ https://www.cve.org/CVE= Record?id=3DCVE-2020-36989 ] ExploitDB-48821 [ https://www.exploit-db.com/e= xploits/48821 ]
ForensiT Official Downloads Page [ https://www.forensit.com/downloads.html ] VulnCheck Advisory: ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe'=
Unquoted Service Path [ https://www.vulncheck.com/advisories/forensitappxs= ervice-forensitappxserviceexe-unquoted-service-path ]
=C2=A0 Fortinet--FortiProxy An Authentication Bypass Using an Alternate Pat=
h or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyze=
r 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2=
.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 t= hrough 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through = 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, For= tiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 thro= ugh 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12=
, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWe=
b 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through=
7.4.11 may allow an attacker with a FortiCloud account and a registered de= vice to log into other devices registered to other accounts, if FortiCloud = SSO authentication is enabled on those devices. 2026-01-27 9.4 CVE-2026-248=
58 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24858 ] https://fortiguard= .fortinet.com/psirt/FG-IR-26-060
=C2=A0 Frigate3--Frigate Professional Frigate Professional 3.36.0.9 contain=
s a local buffer overflow vulnerability in the Pack File feature that allow=
s attackers to execute arbitrary code by overflowing the 'Archive To' input=
field. Attackers can craft a malicious payload that overwrites the Structu= red Exception Handler (SEH) and uses an egghunter technique to execute a re= verse shell payload. 2026-01-29 8.4 CVE-2020-37001 [ https://www.cve.org/CV= ERecord?id=3DCVE-2020-37001 ] ExploitDB-48688 [ https://www.exploit-db.com/= exploits/48688 ]
Archived Vendor Homepage [ https://web.archive.org/web/20171116000613/http:= //www.frigate3.com/index.php ]
VulnCheck Advisory: Frigate Professional 3.36.0.9 - 'Pack File' Buffer Over= flow (SEH Egghunter) [ https://www.vulncheck.com/advisories/frigate-profess= ional-pack-file-buffer-overflow-seh-egghunter ]
=C2=A0 Gearboxcomputers--IP Watcher IP Watcher 3.0.0.30 contains an unquote=
d service path vulnerability in its Windows service configuration that allo=
ws local attackers to execute arbitrary code. Attackers can exploit the unq= uoted binary path to inject malicious executables that will be launched wit=
h elevated LocalSystem privileges during service startup. 2026-01-28 7.8 CV= E-2020-36985 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36985 ] ExploitD= B-48968 [ https://www.exploit-db.com/exploits/48968 ]
Vendor Homepage [ https://www.gearboxcomputers.com/ ]
VulnCheck Advisory: IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Servic=
e Path [ https://www.vulncheck.com/advisories/ip-watcher-pacserviceexe-unqu= oted-service-path ]
=C2=A0 Gearboxcomputers--Program Access Controller Program Access Controlle=
r 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe=
that allows local attackers to execute code with elevated privileges. Atta= ckers can exploit the unquoted path during system startup or reboot to inje=
ct and run malicious executables with LocalSystem permissions. 2026-01-28 7=
.8 CVE-2020-36987 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36987 ] Exp= loitDB-48966 [ https://www.exploit-db.com/exploits/48966 ]
Vendor Homepage [ https://www.gearboxcomputers.com/ ]
VulnCheck Advisory: Program Access Controller v1.2.0.0 - 'PACService.exe' U= nquoted Service Path [ https://www.vulncheck.com/advisories/program-access-= controller-pacserviceexe-unquoted-service-path ]
=C2=A0 geraked--phpscript-sgh Phpscript-sgh 0.1.0 contains a time-based bli=
nd SQL injection vulnerability in the admin interface that allows attackers=
to manipulate database queries through the 'id' parameter. Attackers can e= xploit this vulnerability by crafting malicious payloads that trigger time = delays, enabling them to extract sensitive database information through con= ditional sleep techniques. 2026-01-27 8.2 CVE-2020-36951 [ https://www.cve.= org/CVERecord?id=3DCVE-2020-36951 ] ExploitDB-49192 [ https://www.exploit-d= b.com/exploits/49192 ]
Vendor Homepage [ https://github.com/geraked/phpscript-sgh ]
VulnCheck Advisory: Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection [ = https://www.vulncheck.com/advisories/phpscript-sgh-time-based-blind-sql-inj= ection ]
=C2=A0 gerstrong--Commander-Genius Out-of-bounds Write vulnerability in ger= strong Commander-Genius. This issue affects Commander-Genius: before Releas=
e refs/pull/358/merge. 2026-01-27 7.5 CVE-2026-24827 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-24827 ] https://github.com/gerstrong/Commander-Geni= us/pull/379
=C2=A0 Getoutline--Outline Service Outline Service 1.3.3 contains an unquot=
ed service path vulnerability that allows local users to potentially execut=
e arbitrary code with elevated system privileges. Attackers can exploit the=
unquoted binary path in C:\Program Files (x86)\Outline to inject malicious=
code that would execute with LocalSystem permissions during service startu=
p. 2026-01-30 7.8 CVE-2020-37030 [ https://www.cve.org/CVERecord?id=3DCVE-2= 020-37030 ] ExploitDB-48414 [ https://www.exploit-db.com/exploits/48414 ] Outline Service Official Homepage [ https://getoutline.org/vi/home ]
VulnCheck Advisory: Outline Service 1.3.3 - 'Outline Service ' Unquoted Ser= vice Path [ https://www.vulncheck.com/advisories/outline-service-outline-se= rvice-unquoted-service-path ]
=C2=A0 Getpopcorntime--Popcorn Time Popcorn Time 6.2.1.14 contains an unquo= ted service path vulnerability that allows local non-privileged users to po= tentially execute code with elevated system privileges. Attackers can inser=
t malicious executables in Program Files (x86) or system root directories t=
o be executed with SYSTEM-level permissions during service startup. 2026-01= -30 7.8 CVE-2020-37059 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37059 =
] ExploitDB-48378 [ https://www.exploit-db.com/exploits/48378 ]
Popcorn Time Official Homepage [ https://getpopcorntime.is ]
VulnCheck Advisory: Popcorn Time 6.2 - 'Update service' Unquoted Service Pa=
th [ https://www.vulncheck.com/advisories/popcorn-time-update-service-unquo= ted-service-path ]
=C2=A0 Gila CMS--Gila CMS Gila CMS versions prior to 2.0.0 contain a remote=
code execution vulnerability that allows unauthenticated attackers to exec= ute arbitrary system commands through manipulated HTTP headers. Attackers c=
an inject PHP code in the User-Agent header with shell_exec() to run system=
commands by sending crafted requests to the admin endpoint. 2026-01-27 9.8=
CVE-2021-47900 [ https://www.cve.org/CVERecord?id=3DCVE-2021-47900 ] Explo= itDB-49412 [ https://www.exploit-db.com/exploits/49412 ]
Official Vendor Homepage [ https://gilacms.com/ ]
Gila CMS GitHub Repository [ https://github.com/GilaCMS/gila ]
VulnCheck Advisory: Gila CMS < 2.0.0 - Remote Code Execution [ https://www.= vulncheck.com/advisories/gila-cms-remote-code-execution ]
=C2=A0 Global Interactive Design Media Software Inc.--Content Management Sy= stem (CMS) Improper Neutralization of Input During Web Page Generation (XSS=
or 'Cross-site Scripting') vulnerability in Global Interactive Design Medi=
a Software Inc. Content Management System (CMS) allows XSS Through HTTP Hea= ders. This issue affects Content Management System (CMS): through 21072025.=
2026-01-29 7.5 CVE-2025-7713 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -7713 ] https://www.usom.gov.tr/bildirim/tr-26-0008
=C2=A0 Global Interactive Design Media Software Inc.--Content Management Sy= stem (CMS) Improper Neutralization of Special Elements used in an SQL Comma=
nd ('SQL Injection') vulnerability in Global Interactive Design Media Softw= are Inc. Content Management System (CMS) allows Command Line Execution thro= ugh SQL Injection. This issue affects Content Management System (CMS): thro= ugh 21072025. 2026-01-29 7.5 CVE-2025-7714 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-7714 ] https://www.usom.gov.tr/bildirim/tr-26-0008
=C2=A0 GNOME--Fonts Viewer Gnome Fonts Viewer 3.34.0 contains a heap corrup= tion vulnerability that allows attackers to trigger an out-of-bounds write =
by crafting a malicious TTF font file. Attackers can generate a specially c= rafted TTF file with an oversized pattern to cause an infinite malloc() loo=
p and potentially crash the gnome-font-viewer process. 2026-01-29 7.5 CVE-2= 020-37011 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37011 ] ExploitDB-4= 8803 [ https://www.exploit-db.com/exploits/48803 ]
Gnome Official Website [ https://help.gnome.org/ ]
Gnome Font Viewer App Webpage [ https://apps.gnome.org/FontViewer/ ]
VulnCheck Advisory: Gnome Fonts Viewer 3.34.0 Heap Corruption [ https://www= .vulncheck.com/advisories/gnome-fonts-viewer-heap-corruption ]
=C2=A0 GnuPG--GnuPG In GnuPG before 2.5.17, a crafted CMS (S/MIME) Envelope= dData message carrying an oversized wrapped session key can cause a stack-b= ased buffer overflow in gpg-agent during PKDECRYPT--kem=3DCMS handling. Thi=
s can easily be leveraged for denial of service; however, there is also mem= ory corruption that could lead to remote code execution. 2026-01-27 8.1 CVE= -2026-24881 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24881 ] https://w= ww.openwall.com/lists/oss-security/2026/01/27/8
https://dev.gnupg.org/T8044
=C2=A0 GnuPG--GnuPG In GnuPG before 2.5.17, a stack-based buffer overflow e= xists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed=
RSA and ECC keys. 2026-01-27 8.4 CVE-2026-24882 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-24882 ] https://www.openwall.com/lists/oss-security/202= 6/01/27/8
https://dev.gnupg.org/T8045
=C2=A0 Grafana--grafana/grafana The dashboard permissions API does not veri=
fy the target dashboard scope and only checks the dashboards.permissions:* = action. As a result, a user who has permission management rights on one das= hboard can read and modify permissions on other dashboards. This is an orga= nization internal privilege escalation. 2026-01-27 8.1 CVE-2026-21721 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-21721 ] https://grafana.com/securi= ty/security-advisories/CVE-2026-21721
=C2=A0 Grafana--grafana/grafana-enterprise Every uncached /avatar/:hash req= uest spawns a goroutine that refreshes the Gravatar image. If the refresh s= its in the 10-slot worker queue longer than three seconds, the handler time=
s out and stops listening for the result, so that goroutine blocks forever = trying to send on an unbuffered channel. Sustained traffic with random hash=
es keeps tripping this timeout, so goroutine count grows linearly, eventual=
ly exhausting memory and causing Grafana to crash on some systems. 2026-01-=
27 7.5 CVE-2026-21720 [ https://www.cve.org/CVERecord?id=3DCVE-2026-21720 ]=
https://grafana.com/security/security-advisories/CVE-2026-21720
=C2=A0 guelfoweb--knock Knockpy 4.1.1 contains a CSV injection vulnerabilit=
y that allows attackers to inject malicious formulas into CSV reports throu=
gh unfiltered server headers. Attackers can manipulate server response head= ers to include spreadsheet formulas that will execute when the CSV is opene=
d in spreadsheet applications. 2026-01-27 9.8 CVE-2020-36941 [ https://www.= cve.org/CVERecord?id=3DCVE-2020-36941 ] ExploitDB-49342 [ https://www.explo= it-db.com/exploits/49342 ]
Knockpy GitHub Repository [ https://github.com/guelfoweb/knock ]
VulnCheck Advisory: Knockpy 4.1.1 - CSV Injection [ https://www.vulncheck.c= om/advisories/knockpy-csv-injection ]
=C2=A0 hayyatapps--Sell BTC Cryptocurrency Selling Calculator The Sell BTC =
- Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to S= tored Cross-Site Scripting via the 'orderform_data' AJAX action in all vers= ions up to, and including, 1.5 due to insufficient input sanitization and o= utput escaping. This makes it possible for unauthenticated attackers to inj= ect arbitrary web scripts in order records that will execute whenever an ad= ministrator accesses the Orders page in the admin dashboard. The vulnerabil= ity was partially patched in version 1.5. 2026-01-31 7.2 CVE-2025-14554 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2025-14554 ] https://www.wordfence.co= m/threat-intel/vulnerabilities/id/720be34d-3fe4-4395-a27b-d386f8612ba9?sour= ce=3Dcve https://plugins.trac.wordpress.org/browser/sell-btc-by-hayyatapps/trunk/fun= ctions-admin.php#L39 https://plugins.trac.wordpress.org/browser/sell-btc-by-hayyatapps/trunk/fun= ctions/form_tab.php#L12 https://plugins.trac.wordpress.org/browser/sell-btc-by-hayyatapps/trunk/Pag= es/orders.php#L30
https://plugins.trac.wordpress.org/changeset/3433480/ https://plugins.trac.wordpress.org/changeset/3450361/
=C2=A0 HELLOWEB--HelloWeb HelloWeb 2.0 contains an arbitrary file download = vulnerability that allows remote attackers to download system files by mani= pulating filepath and filename parameters. Attackers can send crafted GET r= equests to download.asp with directory traversal to access sensitive config= uration and system files. 2026-01-30 7.5 CVE-2020-37034 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2020-37034 ] ExploitDB-48659 [ https://www.exploit-db= .com/exploits/48659 ]
Archived HelloWeb Vendor Homepage [ https://web.archive.org/web/20190109182= 037/https://helloweb.co.kr/ ]
VulnCheck Advisory: HelloWeb 2.0 - Arbitrary File Download [ https://www.vu= lncheck.com/advisories/helloweb-arbitrary-file-download ]
=C2=A0 Hewlett Packard Enterprise (HPE)--HPE Aruba Networking Fabric Compos=
er Insecure file operations in HPE Aruba Networking Fabric Composer=C3=83= =C2=A2=C3=A2=E2=80=9A=C2=AC=C3=A2=E2=80=9E=C2=A2s backup functionality coul=
d allow authenticated attackers to achieve remote code execution. Successfu=
l exploitation could allow an attacker to execute arbitrary commands on the=
underlying operating system. 2026-01-27 7.2 CVE-2026-23592 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-23592 ] https://support.hpe.com/hpesc/public= /docDisplay?docId=3Dhpesbnw04996en_us&docLocale=3Den_US
=C2=A0 Hewlett Packard Enterprise (HPE)--HPE Aruba Networking Fabric Compos=
er A vulnerability in the web-based management interface of HPE Aruba Netwo= rking Fabric Composer could allow an unauthenticated remote attacker to vie=
w some system files. Successful exploitation could allow an attacker to rea=
d files within the affected directory. 2026-01-27 7.5 CVE-2026-23593 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-23593 ] https://support.hpe.com/hpe= sc/public/docDisplay?docId=3Dhpesbnw04996en_us&docLocale=3Den_US
=C2=A0 HIKSEMI--HS-AFS-S1H1 Due to insufficient input parameter validation =
on the interface, authenticated users of certain HIKSEMI NAS products can e= xecute arbitrary commands on the device by crafting specific messages. 2026= -01-30 7.2 CVE-2026-22623 [ https://www.cve.org/CVERecord?id=3DCVE-2026-226=
23 ] https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html =C2=A0 Hikvision--DS-3WAP521-SI Some Hikvision Wireless Access Points are v= ulnerable to authenticated command execution due to insufficient input vali= dation. Attackers with valid credentials can exploit this flaw by sending c= rafted packets containing malicious commands to affected devices, leading t=
o arbitrary command execution. 2026-01-30 7.2 CVE-2026-0709 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-0709 ] https://www.hikvision.com/en/support/= cybersecurity/security-advisory/command-execution-vulnerability-in-some-hik= vision-wireless-access-point-products/
=C2=A0 Hisense TransTech--Smart Bus Management System A flaw has been found=
in Hisense TransTech Smart Bus Management System up to 20260113. Affected =
is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagemen= t/TireMng.aspx. Executing a manipulation of the argument key can lead to sq=
l injection. It is possible to launch the attack remotely. The exploit has = been published and may be used. The vendor was contacted early about this d= isclosure but did not respond in any way. 2026-01-26 7.3 CVE-2026-1449 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-1449 ] VDB-342881 | Hisense Trans= Tech Smart Bus Management System TireMng.aspx Page_Load sql injection [ htt= ps://vuldb.com/?id.342881 ]
VDB-342881 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342881 ]
Submit #737032 | Hisense TransTech Hisense Smart Bus Management System 1.0 = SQL Injection [ https://vuldb.com/?submit.737032 ] https://github.com/master-abc/cve/issues/15
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Windows=C2=A012.1.0=
- 12.1.3 could allow a local user with filesystem access to escalate their=
privileges due to the use of an unquoted search path element. 2026-01-30 8=
.4 CVE-2025-36384 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36384 ] htt= ps://www.ibm.com/support/pages/node/7257678
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server)=C2=A011.5.0 - 11.5.9 could allow an inst= ance owner to execute malicious code that escalate their privileges to root=
due to execution of unnecessary privileges operated at a higher than minim=
um level. 2026-01-30 7.2 CVE-2025-36184 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-36184 ] https://www.ibm.com/support/pages/node/7257519
=C2=A0 IDT--IDT PC Audio IDT PC Audio 1.0.6499.0 contains an unquoted servi=
ce path vulnerability that allows local users to potentially execute arbitr= ary code with elevated system privileges. Attackers can exploit the unquote=
d path in the STacSV service to inject malicious code that would execute wi=
th LocalSystem account permissions during service startup. 2026-01-26 7.8 C= VE-2020-36959 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36959 ] Exploit= DB-49191 [ https://www.exploit-db.com/exploits/49191 ]
Software Download Link [ https://www.pconlife.com/download/otherfile/20566/= 90674cffc8658c4f2bf58d43bb9b7ccb/ ]
VulnCheck Advisory: IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Pat=
h [ https://www.vulncheck.com/advisories/idt-pc-audio-stacsv-unquoted-servi= ce-path ]
=C2=A0 iForwarder and upRedSun Technologies, LLC.--Port Forwarding Wizard P= ort Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that a= llows local attackers to execute arbitrary code through a long request in t=
he Register feature. Attackers can craft a malicious payload with an egg ta=
g and overwrite SEH handlers to potentially execute shellcode on vulnerable=
Windows systems. 2026-01-30 8.4 CVE-2020-37025 [ https://www.cve.org/CVERe= cord?id=3DCVE-2020-37025 ] ExploitDB-48695 [ https://www.exploit-db.com/exp= loits/48695 ]
Vendor Homepage [ http://www.port-forwarding.net/ ]
VulnCheck Advisory: Port Forwarding Wizard 4.8.0 - Buffer Overflow [ https:= //www.vulncheck.com/advisories/port-forwarding-wizard-buffer-overflow ]
=C2=A0 ik80--YATinyWinFTP YATinyWinFTP contains a denial of service vulnera= bility that allows attackers to crash the FTP service by sending a 272-byte=
buffer with a trailing space. Attackers can exploit the service by connect= ing and sending a malformed command that triggers a buffer overflow and ser= vice crash. 2026-01-28 9.8 CVE-2020-36964 [ https://www.cve.org/CVERecord?i= d=3DCVE-2020-36964 ] ExploitDB-49127 [ https://www.exploit-db.com/exploits/= 49127 ]
YATinyWinFTP GitHub Repository [ https://github.com/ik80/YATinyWinFTP ] VulnCheck Advisory: YATinyWinFTP - Denial of Service [ https://www.vulnchec= k.com/advisories/yatinywinftp-denial-of-service ]
=C2=A0 immich-app--immich immich is a high performance self-hosted photo an=
d video management solution. Prior to version 2.5.0, API keys can escalate = their own permissions by calling the update endpoint, allowing a low-privil= ege API key to grant itself full administrative access to the system. Versi=
on 2.5.0 fixes the issue. 2026-01-29 7.2 CVE-2026-23896 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-23896 ] https://github.com/immich-app/immich/sec= urity/advisories/GHSA-237r-x578-h5mv
=C2=A0 inc2734--Snow Monkey Forms The Snow Monkey Forms plugin for WordPres=
s is vulnerable to arbitrary file deletion due to insufficient file path va= lidation in the 'generate_user_dirpath' function in all versions up to, and=
including, 12.0.3. This makes it possible for unauthenticated attackers to=
delete arbitrary files on the server, which can easily lead to remote code=
execution when the right file is deleted (such as wp-config.php). 2026-01-=
28 9.8 CVE-2026-1056 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1056 ] h= ttps://www.wordfence.com/threat-intel/vulnerabilities/id/37a8642d-07f5-4b1b= -8419-e30589089162?source=3Dcve https://plugins.trac.wordpress.org/browser/snow-monkey-forms/tags/12.0.3/sn= ow-monkey-forms.php#L186 https://plugins.trac.wordpress.org/browser/snow-monkey-forms/tags/12.0.3/Ap= p/Model/Directory.php#L58 https://plugins.trac.wordpress.org/browser/snow-monkey-forms/tags/12.0.3/Ap= p/Rest/Route/View.php#L189 https://plugins.trac.wordpress.org/changeset/3448278/
=C2=A0 infiniflow--ragflow RAGFlow is an open-source RAG (Retrieval-Augment=
ed Generation) engine. In version 0.23.1 and possibly earlier versions, the=
MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to=
overwrite arbitrary files on the server (leading to Remote Code Execution)=
via a malicious ZIP archive. The MinerUParser class retrieves and extracts=
ZIP files from an external source (mineru_server_url). The extraction logi=
c in `_extract_zip_no_root` fails to sanitize filenames within the ZIP arch= ive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for t=
he issue. 2026-01-27 9.8 CVE-2026-24770 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24770 ] https://github.com/infiniflow/ragflow/security/advisori= es/GHSA-v7cf-w7gj-pgf4 https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c20152= 6431d8338f
=C2=A0 Inputdirector--Input Director Input Director 1.4.3 contains an unquo= ted service path vulnerability in its Windows service configuration that al= lows local attackers to execute code with elevated privileges. Attackers ca=
n exploit the unquoted path during system startup or reboot to inject and r=
un malicious executables with LocalSystem permissions. 2026-01-28 7.8 CVE-2= 020-36990 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36990 ] ExploitDB-4= 8795 [ https://www.exploit-db.com/exploits/48795 ]
Input Director Official Homepage [ https://www.inputdirector.com/ ]
VulnCheck Advisory: Input Director 1.4.3 - 'Input Director' Unquoted Servic=
e Path [ https://www.vulncheck.com/advisories/input-director-input-director= -unquoted-service-path ]
=C2=A0 Insite Software--Infor Storefront B2B Infor Storefront B2B 1.0 conta= ins a SQL injection vulnerability that allows attackers to manipulate datab= ase queries through the 'usr_name' parameter in login requests. Attackers c=
an exploit the vulnerability by injecting malicious SQL code into the 'usr_= name' parameter to potentially extract or modify database information. 2026= -01-30 8.2 CVE-2020-37033 [ https://www.cve.org/CVERecord?id=3DCVE-2020-370=
33 ] ExploitDB-48674 [ https://www.exploit-db.com/exploits/48674 ]
Archived Infor Storefront Homepage [ https://web.archive.org/web/2019122305= 1205/https://www.insitesoft.com/infor-storefront/ ]
VulnCheck Advisory: Infor Storefront B2B 1.0 - 'usr_name' SQL Injection [ h= ttps://www.vulncheck.com/advisories/infor-storefront-bb-usrname-sql-injecti=
on ]
=C2=A0 Intelbras--Intelbras Router RF 301K Intelbras Router RF 301K firmwar=
e version 1.1.2 contains an authentication bypass vulnerability that allows=
unauthenticated attackers to download router configuration files. Attacker=
s can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cf=
g to retrieve sensitive router configuration without authentication. 2026-0= 1-28 7.5 CVE-2020-36963 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36963=
] ExploitDB-49126 [ https://www.exploit-db.com/exploits/49126 ]
Intelbras Official Homepage [ https://www.intelbras.com/pt-br/ ]
VulnCheck Advisory: Intelbras Router RF 301K 1.1.2 - Authentication Bypass =
[ https://www.vulncheck.com/advisories/intelbras-router-rf-k-authentication= -bypass ]
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Versions prior to 2.3.1.2 have an undefi= ned behavior issue when floating-point NaN values are converted to unsigned=
short integer types during ICC profile XML parsing potentially corrupting = memory structures and enabling arbitrary code execution. This vulnerability=
affects users of the iccDEV library who process ICC color profiles. ICC Pr= ofile Injection vulnerabilities arise when user-controllable input is incor= porated into ICC profile data or other structured binary blobs in an unsafe=
manner. Version 2.3.1.2 contains a fix for the issue. No known workarounds=
are available. 2026-01-28 7.8 CVE-2026-24856 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-24856 ] https://github.com/InternationalColorConsortium/ic= cDEV/security/advisories/GHSA-w585-cv3v-c396 https://github.com/InternationalColorConsortium/iccDEV/issues/532 https://github.com/InternationalColorConsortium/iccDEV/pull/541 https://github.com/InternationalColorConsortium/iccDEV/commit/5e53a5d25923b= 7794ba44e390e9b35d391f2b9c1
=C2=A0 Iobit--IObit Uninstaller IObit Uninstaller 10 Pro contains an unquot=
ed service path vulnerability that allows local users to potentially execut=
e code with elevated system privileges. Attackers can exploit the unquoted = service path in the IObit Uninstaller Service to insert malicious code that=
would execute with SYSTEM-level permissions during service startup. 2026-0= 1-26 7.8 CVE-2020-36952 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36952=
] ExploitDB-49371 [ https://www.exploit-db.com/exploits/49371 ]
IObit Official Homepage [ https://www.iobit.com ]
VulnCheck Advisory: IObit Uninstaller 10 Pro - Unquoted Service Path [ http= s://www.vulncheck.com/advisories/iobit-uninstaller-pro-unquoted-service-pat=
h ]
=C2=A0 Is-Daouda--is-Engine Missing Release of Memory after Effective Lifet= ime vulnerability in Is-Daouda is-Engine. This issue affects is-Engine: bef= ore 3.3.4. 2026-01-27 7.5 CVE-2026-24828 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24828 ] https://github.com/Is-Daouda/is-Engine/pull/6
=C2=A0 isaacs--node-tar node-tar,a Tar for Node.js, contains a vulnerabilit=
y in versions prior to 7.5.7 where the security check for hardlink entries = uses different path resolution semantics than the actual hardlink creation = logic. This mismatch allows an attacker to craft a malicious TAR archive th=
at bypasses path traversal protections and creates hardlinks to arbitrary f= iles outside the extraction directory. Version 7.5.7 contains a fix for the=
issue. 2026-01-28 8.2 CVE-2026-24842 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-24842 ] https://github.com/isaacs/node-tar/security/advisories/GHS= A-34x7-hfp2-rc4v https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e8= 7ffdb46
=C2=A0 Iskysoft--Iskysoft Application Framework Service Iskysoft Applicatio=
n Framework Service 2.4.3.241 contains an unquoted service path vulnerabili=
ty that allows local users to potentially execute arbitrary code with eleva= ted privileges. Attackers can exploit the unquoted path in the service conf= iguration to inject malicious executables that would be run with the servic= e's high-level system permissions. 2026-02-01 7.8 CVE-2020-37048 [ https://= www.cve.org/CVERecord?id=3DCVE-2020-37048 ] ExploitDB-48171 [ https://www.e= xploit-db.com/exploits/48171 ]
Vendor Homepage [ https://www.iskysoft.us ]
VulnCheck Advisory: Iskysoft Application Framework Service 2.4.3.241 - 'IsA= ppService' Unquoted Service Path [ https://www.vulncheck.com/advisories/isk= ysoft-application-framework-service-isappservice-unquoted-service-path ]
=C2=A0 itsourcecode--Directory Management System A security vulnerability h=
as been detected in itsourcecode Directory Management System 1.0. The affec= ted element is an unknown function of the file /admin/index.php. The manipu= lation of the argument Username leads to sql injection. The attack can be i= nitiated remotely. The exploit has been disclosed publicly and may be used.=
2026-01-30 7.3 CVE-2026-1688 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -1688 ] VDB-343482 | itsourcecode Directory Management System index.php sql=
injection [ https://vuldb.com/?id.343482 ]
VDB-343482 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343482 ]
Submit #741283 | itsourcecode Directory Management System V1.0 SQL Injectio=
n [ https://vuldb.com/?submit.741283 ] https://github.com/jackhong1236/CVE_1/issues/1
https://itsourcecode.com/
=C2=A0 itsourcecode--School Management System A weakness has been identifie=
d in itsourcecode School Management System 1.0. The affected element is an = unknown function of the file /course/index.php. Executing a manipulation of=
the argument ID can lead to sql injection. The attack may be performed fro=
m remote. The exploit has been made available to the public and could be us=
ed for attacks. 2026-01-28 7.3 CVE-2026-1545 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-1545 ] VDB-343229 | itsourcecode School Management System i= ndex.php sql injection [ https://vuldb.com/?id.343229 ]
VDB-343229 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343229 ]
Submit #739647 | itsourcecode School Management System V1.0 SQL Injection [=
https://vuldb.com/?submit.739647 ] https://github.com/ltranquility/CVE/issues/33
https://itsourcecode.com/
=C2=A0 itsourcecode--School Management System A vulnerability was determine=
d in itsourcecode School Management System 1.0. This affects an unknown fun= ction of the file /ramonsys/inquiry/index.php. This manipulation of the arg= ument txtsearch causes sql injection. The attack can be initiated remotely.=
The exploit has been publicly disclosed and may be utilized. 2026-01-29 7.=
3 CVE-2026-1589 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1589 ] VDB-34= 3352 | itsourcecode School Management System index.php sql injection [ http= s://vuldb.com/?id.343352 ]
VDB-343352 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343352 ]
Submit #740686 | itsourcecode School Management System v1.0 SQL Injection [=
https://vuldb.com/?submit.740686 ] https://mega.nz/file/DQUWSY7Y#CLcuhD1KE2s0VtEvYqH_PDCyhpGS0HDo_MKj9sheUPA https://itsourcecode.com/
=C2=A0 itsourcecode--School Management System A vulnerability was identifie=
d in itsourcecode School Management System 1.0. This impacts an unknown fun= ction of the file /ramonsys/faculty/index.php. Such manipulation of the arg= ument ID leads to sql injection. The attack can be launched remotely. The e= xploit is publicly available and might be used. 2026-01-29 7.3 CVE-2026-159=
0 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1590 ] VDB-343353 | itsourc= ecode School Management System index.php sql injection [ https://vuldb.com/= ?id.343353 ]
VDB-343353 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343353 ]
Submit #740687 | itsourcecode School Management System v1.0 SQL Injection [=
https://vuldb.com/?submit.740687 ] https://mega.nz/file/GYsm2Q7K#B7NUGX5Fy9iLYssM474U3zFsmZp_14v0n5Sp-5N95yI https://itsourcecode.com/
=C2=A0 itsourcecode--Society Management System A weakness has been identifi=
ed in itsourcecode Society Management System 1.0. Affected by this vulnerab= ility is an unknown functionality of the file /admin/edit_expenses_query.ph=
p. Executing a manipulation of the argument detail can lead to sql injectio=
n. The attack may be launched remotely. The exploit has been made available=
to the public and could be used for attacks. 2026-01-29 7.3 CVE-2026-1593 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-1593 ] VDB-343355 | itsourcec= ode Society Management System edit_expenses_query.php sql injection [ https= ://vuldb.com/?id.343355 ]
VDB-343355 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343355 ]
Submit #740689 | itsourcecode Society Management System V1.0 SQL injection =
[ https://vuldb.com/?submit.740689 ] https://github.com/yyzq-wsx/for_cve/issues/3
https://itsourcecode.com/
=C2=A0 itsourcecode--Society Management System A security vulnerability has=
been detected in itsourcecode Society Management System 1.0. Affected by t= his issue is some unknown functionality of the file /admin/add_expenses.php=
. The manipulation of the argument detail leads to sql injection. Remote ex= ploitation of the attack is possible. The exploit has been disclosed public=
ly and may be used. 2026-01-29 7.3 CVE-2026-1594 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-1594 ] VDB-343356 | itsourcecode Society Management Sys= tem add_expenses.php sql injection [ https://vuldb.com/?id.343356 ]
VDB-343356 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343356 ]
Submit #740691 | itsourcecode Society Management System V1.0 SQL Injection =
[ https://vuldb.com/?submit.740691 ] https://github.com/yyzq-wsx/for_cve/issues/2
https://itsourcecode.com/
=C2=A0 itsourcecode--Society Management System A vulnerability was detected=
in itsourcecode Society Management System 1.0. This affects an unknown par=
t of the file /admin/edit_student_query.php. The manipulation of the argume=
nt student_id results in sql injection. The attack can be executed remotely=
. The exploit is now public and may be used. 2026-01-29 7.3 CVE-2026-1595 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-1595 ] VDB-343357 | itsourceco=
de Society Management System edit_student_query.php sql injection [ https:/= /vuldb.com/?id.343357 ]
VDB-343357 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343357 ]
Submit #740692 | itsourcecode Society Management System V1.0 SQL Injection =
[ https://vuldb.com/?submit.740692 ] https://github.com/yyzq-wsx/for_cve/issues/1
https://itsourcecode.com/
=C2=A0 itsourcecode--Student Management System A security vulnerability has=
been detected in itsourcecode Student Management System 1.0. This issue af= fects some unknown processing of the file /enrollment/index.php. Such manip= ulation of the argument ID leads to sql injection. It is possible to launch=
the attack remotely. The exploit has been disclosed publicly and may be us= ed. 2026-01-30 7.3 CVE-2026-1701 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-1701 ] VDB-343491 | itsourcecode Student Management System index.php sq=
l injection [ https://vuldb.com/?id.343491 ]
VDB-343491 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343491 ]
Submit #742024 | itsourcecode Student Management System V1.0 SQL Injection =
[ https://vuldb.com/?submit.742024 ] https://github.com/ltranquility/CVE/issues/34
https://itsourcecode.com/
=C2=A0 Ivanti--Endpoint Manager Mobile A code injection in Ivanti Endpoint = Manager Mobile allowing attackers to achieve unauthenticated remote code ex= ecution. 2026-01-29 9.8 CVE-2026-1281 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-1281 ] https://forums.ivanti.com/s/article/Security-Advisory-Ivant= i-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340
=C2=A0 Ivanti--Endpoint Manager Mobile A code injection in Ivanti Endpoint = Manager Mobile allowing attackers to achieve unauthenticated remote code ex= ecution. 2026-01-29 9.8 CVE-2026-1340 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-1340 ] https://forums.ivanti.com/s/article/Security-Advisory-Ivant= i-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340
=C2=A0 ixray-team--ixray-1.6-stcop Out-of-bounds Write vulnerability in ixr= ay-team ixray-1.6-stcop. This issue affects ixray-1.6-stcop: before 1.3. 20= 26-01-27 9.8 CVE-2026-24832 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2= 4832 ] https://github.com/ixray-team/ixray-1.6-stcop/pull/257
=C2=A0 ixray-team--ixray-1.6-stcop Loop with Unreachable Exit Condition ('I= nfinite Loop') vulnerability in ixray-team ixray-1.6-stcop. This issue affe= cts ixray-1.6-stcop: before 1.3. 2026-01-27 7.5 CVE-2026-24831 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-24831 ] https://github.com/ixray-team/ixr= ay-1.6-stcop/pull/248
=C2=A0 Juniper Networks--Session Smart Router An Authentication Bypass Usin=
g an Alternate Path or Channel vulnerability in Juniper Networks Session Sm= art Router may allows a network-based attacker to bypass authentication and=
take administrative control of the device. This issue affects Session Smar=
t Router:=C2=A0 * from 5.6.7 before 5.6.17,=C2=A0 * from 6.0 before 6.0.8 (= affected from 6.0.8), * from 6.1 before 6.1.12-lts,=C2=A0 * from 6.2 before=
6.2.8-lts,=C2=A0 * from 6.3 before 6.3.3-r2;=C2=A0 This issue affects Sess= ion Smart Conductor:=C2=A0 * from 5.6.7 before 5.6.17,=C2=A0 * from 6.0 bef= ore 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,=C2=A0 * from=
6.2 before 6.2.8-lts,=C2=A0 * from 6.3 before 6.3.3-r2;=C2=A0 This issue a= ffects WAN Assurance Managed Routers:=C2=A0 * from 5.6.7 before 5.6.17,=C2=
=A0 * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12= -lts,=C2=A0 * from 6.2 before 6.2.8-lts,=C2=A0 * from 6.3 before 6.3.3-r2. = 2026-01-27 9.8 CVE-2025-21589 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -21589 ] https://supportportal.juniper.net/ https://support.juniper.net/support/eol/software/ssr/ https://kb.juniper.net/JSA94663
=C2=A0 K.soft--FTPDummy FTPDummy 4.80 contains a local buffer overflow vuln= erability in its preference file handling that allows attackers to execute = arbitrary code. Attackers can craft a malicious preference file with carefu= lly constructed shellcode to trigger a structured exception handler overwri=
te and execute system commands. 2026-01-30 8.4 CVE-2020-37029 [ https://www= .cve.org/CVERecord?id=3DCVE-2020-37029 ] ExploitDB-48685 [ https://www.expl= oit-db.com/exploits/48685 ]
Official FTPDummy Software Homepage [ http://www.dummysoftware.com/ftpdummy= .html ]
VulnCheck Advisory: FTPDummy 4.80 - Local Buffer Overflow [ https://www.vul= ncheck.com/advisories/ftpdummy-local-buffer-overflow ]
=C2=A0 KiloView--Encoder Series E1 hardware Version 1.4 A missing authentic= ation for critical function vulnerability in KiloView Encoder Series could = allow an unauthenticated attacker to create or delete administrator account=
s. This vulnerability can grant the attacker full administrative control ov=
er the product. 2026-01-29 9.8 CVE-2026-1453 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-1453 ] https://www.cisa.gov/news-events/ics-advisories/icsa= -26-029-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-= 26-029-01.json
=C2=A0 Kite--Kite Kite 1.2020.1119.0 contains an unquoted service path vuln= erability in the KiteService Windows service that allows local attackers to=
potentially execute arbitrary code. Attackers can exploit the unquoted pat=
h in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executable=
s and escalate privileges on the system. 2026-01-26 7.8 CVE-2020-36958 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2020-36958 ] ExploitDB-49205 [ https:/= /www.exploit-db.com/exploits/49205 ]
Vendor Homepage [ https://www.kite.com/ ]
VulnCheck Advisory: Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Pat=
h [ https://www.vulncheck.com/advisories/kite-kiteservice-unquoted-service-= path ]
=C2=A0 Kludex--python-multipart Python-Multipart is a streaming multipart p= arser for Python. Prior to version 0.0.22, a Path Traversal vulnerability e= xists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD= _KEEP_FILENAME=3DTrue`. An attacker can write uploaded files to arbitrary l= ocations on the filesystem by crafting a malicious filename. Users should u= pgrade to version 0.0.22 to receive a patch or, as a workaround, avoid usin=
g `UPLOAD_KEEP_FILENAME=3DTrue` in project configurations. 2026-01-27 8.6 C= VE-2026-24486 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24486 ] https:/= /github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380= 984e32f8cfc89c4
https://github.com/Kludex/python-multipart/releases/tag/0.0.22
=C2=A0 Kodmatic Computer Software Tourism Construction Industry and Trade L= td. Co.--Online Exam and Assessment Improper Neutralization of Special Elem= ents used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Com= puter Software Tourism Construction Industry and Trade Ltd. Co. Online Exam=
and Assessment allows SQL Injection. This issue affects Online Exam and As= sessment: through 30012026.=C2=A0 NOTE: The vendor was contacted early abou=
t this disclosure but did not respond in any way. 2026-01-30 8.6 CVE-2025-4= 686 [ https://www.cve.org/CVERecord?id=3DCVE-2025-4686 ] https://www.usom.g= ov.tr/bildirim/tr-26-0010
=C2=A0 kohler--hotcrp HotCRP is conference review software. HotCRP versions=
from October 2025 through January 2026 delivered documents of all types wi=
th inline Content-Disposition, causing them to be rendered in the user's br= owser rather than downloaded. (The intended behavior was for only `text/pla= in`, `application/pdf`, `image/gif`, `image/jpeg`, and `image/png` to be de= livered inline, though adding `save=3D0` to the document URL could request = inline delivery for any document.) This made users who clicked a document l= ink vulnerable to cross-site scripting attacks. An uploaded HTML or SVG doc= ument would run in the viewer's browser with access to their HotCRP credent= ials, and Javascript in that document could eventually make arbitrary calls=
to HotCRP's API. Malicious documents could be uploaded to submission field=
s with "file upload" or "attachment" type, or as attachments to comments. P=
DF upload fields were not vulnerable. A search of documents uploaded to hot= crp.com found no evidence of exploitation. The vulnerability was introduced=
in commit aa20ef288828b04550950cf67c831af8a525f508 (11 October 2025), pres= ent in development versions and v3.2, and fixed in commit 8933e86c9f384b356= dc4c6e9e2814dee1074b323 and v3.2.1. Additionally, c3d88a7e18d52119c65df31c2= cc994edd2beccc5 and v3.2.1 remove support for `save=3D0`. 2026-01-30 7.3 CV= E-2026-25156 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25156 ] https://= github.com/kohler/hotcrp/security/advisories/GHSA-p88p-2f2p-2476 https://github.com/kohler/hotcrp/commit/8933e86c9f384b356dc4c6e9e2814dee107= 4b323 https://github.com/kohler/hotcrp/commit/aa20ef288828b04550950cf67c831af8a52= 5f508 https://github.com/kohler/hotcrp/commit/c3d88a7e18d52119c65df31c2cc994edd2b= eccc5
=C2=A0 Koken--Koken CMS Koken CMS 0.22.24 contains a file upload vulnerabil= ity that allows authenticated attackers to bypass file extension restrictio=
ns by renaming malicious PHP files. Attackers can upload PHP files with sys= tem command execution capabilities by manipulating the file upload request = through a web proxy and changing the file extension. 2026-01-30 8.8 CVE-202= 0-37023 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37023 ] ExploitDB-487=
06 [ https://www.exploit-db.com/exploits/48706 ]
Koken CMS Official Homepage [ http://koken.me/ ]
Softaculous Koken CMS Software Page [ https://www.softaculous.com/apps/cms/= Koken ]
Researcher PoC [ https://github.com/V1n1v131r4/Bypass-File-Upload-on-Koken-= CMS/blob/master/README.md ]
VulnCheck Advisory: Koken CMS 0.22.24 - Arbitrary File Upload [ https://www= .vulncheck.com/advisories/koken-cms-arbitrary-file-upload ]
=C2=A0 kyverno--kyverno Kyverno is a policy engine designed for cloud nativ=
e platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a cr= itical authorization boundary bypass in namespaced Kyverno Policy apiCall. = The resolved `urlPath` is executed using the Kyverno admission controller S= erviceAccount, with no enforcement that the request is limited to the polic= y's namespace. As a result, any authenticated user with permission to creat=
e a namespaced Policy can cause Kyverno to perform Kubernetes API requests = using Kyverno's admission controller identity, targeting any API path allow=
ed by that ServiceAccount's RBAC. This breaks namespace isolation by enabli=
ng cross-namespace reads (for example, ConfigMaps and, where permitted, Sec= rets) and allows cluster-scoped or cross-namespace writes (for example, cre= ating ClusterPolicies) by controlling the urlPath through context variable = substitution. Versions 1.16.3 and 1.15.3 contain a patch for the vulnerabil= ity. 2026-01-27 10 CVE-2026-22039 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-22039 ] https://github.com/kyverno/kyverno/security/advisories/GHSA-8p= 9x-46gm-qfx2 https://github.com/kyverno/kyverno/commit/e0ba4de4f1e0ca325066d5095db51aec4= 5b1407b https://github.com/kyverno/kyverno/commit/eba60fa856c781bcb9c3be066061a3df0= 3ae4e3e
=C2=A0 kyverno--kyverno Kyverno is a policy engine designed for cloud nativ=
e platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbo= unded memory consumption in Kyverno's policy engine that allows users with = policy creation privileges to cause denial of service by crafting policies = that exponentially amplify string data through context variables. Versions = 1.16.3 and 1.15.3 contain a patch for the vulnerability. 2026-01-27 7.7 CVE= -2026-23881 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23881 ] https://g= ithub.com/kyverno/kyverno/security/advisories/GHSA-r2rj-wwm5-x6mq https://github.com/kyverno/kyverno/commit/7a651be3a8c78dcabfbf4178b8d89026b= f3b850f https://github.com/kyverno/kyverno/commit/f5617f60920568a301740485472bf7048= 92175b7
=C2=A0 LibreNMS--LibreNMS LibreNMS 1.46 contains an authenticated SQL injec= tion vulnerability in the MAC accounting graph endpoint that allows remote = attackers to extract database information. Attackers can exploit the vulner= ability by manipulating the 'sort' parameter with crafted SQL injection tec= hniques to retrieve sensitive database contents through time-based blind SQ=
L injection. 2026-01-27 7.1 CVE-2020-36947 [ https://www.cve.org/CVERecord?= id=3DCVE-2020-36947 ] ExploitDB-49246 [ https://www.exploit-db.com/exploits= /49246 ]
LibreNMS Official Website [ https://www.librenms.org ]
LibreNMS GitHub Repository [ https://github.com/librenms/librenms ]
LibreNMS Community [ https://community.librenms.org/ ]
VulnCheck Advisory: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL = Injection [ https://www.vulncheck.com/advisories/librenms-mac-accounting-gr= aph-authenticated-sql-injection ]
=C2=A0 loft-sh--loft vCluster Platform provides a Kubernetes platform for m= anaging virtual clusters, multi-tenancy, and cluster sharing. Prior to vers= ions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a = limited scope, the scope can be bypassed to access resources outside of it.=
However, the user still cannot access resources beyond what is accessible =
to the owner of the access key. Versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10 fi=
x the vulnerability. Some other mitigations are available. Users can limit = exposure by reviewing access keys which are scoped and ensuring any users w= ith access to them have appropriate permissions set. Creating automation us= ers with very limited permissions and using access keys for these automatio=
n users can be used as a temporary workaround where upgrading is not immedi= ately possible but scoped access keys are needed. 2026-01-29 9.1 CVE-2026-2= 2806 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22806 ] https://github.c= om/loft-sh/loft/security/advisories/GHSA-c539-w4ch-7wxq
=C2=A0 M.J.M Soft--Quick Player Quick Player 1.3 contains a buffer overflow=
vulnerability that allows attackers to execute arbitrary code by crafting =
a malicious .m3l file with carefully constructed payload. Attackers can tri= gger the vulnerability by loading a specially crafted file through the appl= ication's file loading mechanism, potentially enabling remote code executio=
n. 2026-01-30 9.8 CVE-2020-37050 [ https://www.cve.org/CVERecord?id=3DCVE-2= 020-37050 ] ExploitDB-48564 [ https://www.exploit-db.com/exploits/48564 ] Software Download Link [ https://download.cnet.com/quick-player/3000-2168_4= -10871417.html ]
Archived Researcher Blog Post [ https://web.archive.org/web/20201022211753/= https://whitecr0wz.github.io/posts/Exploiting-Quick-Player/ ]
Archived Researcher Video PoC [ https://web.archive.org/web/20210105222205/= https://whitecr0wz.github.io/assets/img/Findings6/18.gif ]
VulnCheck Advisory: Quick Player 1.3 - '.m3l' Buffer Overflow [ https://www= .vulncheck.com/advisories/quick-player-ml-buffer-overflow ]
=C2=A0 maurosoria--dirsearch Dirsearch 0.4.1 contains a CSV injection vulne= rability when using the --csv-report flag that allows attackers to inject f= ormulas through redirected endpoints. Attackers can craft malicious server = redirects with comma-separated paths containing Excel formulas to manipulat=
e the generated CSV report. 2026-01-27 9.8 CVE-2021-47901 [ https://www.cve= .org/CVERecord?id=3DCVE-2021-47901 ] ExploitDB-49370 [ https://www.exploit-= db.com/exploits/49370 ]
dirsearch GitHub Repository [ https://github.com/maurosoria/dirsearch ] VulnCheck Advisory: dirsearch 0.4.1 - CSV Injection [ https://www.vulncheck= .com/advisories/dirsearch-csv-injection ]
=C2=A0 MedDream--MedDream PACS Server MedDream PACS Server 6.8.3.751 contai=
ns an authenticated remote code execution vulnerability that allows authori= zed users to upload malicious PHP files. Attackers can exploit the uploadIm= age.php endpoint by authenticating and uploading a PHP shell to execute arb= itrary system commands with elevated privileges. 2026-01-29 8.8 CVE-2020-37= 009 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37009 ] ExploitDB-48853 [=
https://www.exploit-db.com/exploits/48853 ]
MedDream PACS Server Product Page [ https://meddream.com/products/meddream-= pacs-server/ ]
VulnCheck Advisory: MedDream PACS Server 6.8.3.751 - Remote Code Execution =
[ https://www.vulncheck.com/advisories/meddream-pacs-server-remote-code-exe= cution ]
=C2=A0 meshtastic--firmware Meshtastic is an open source mesh networking so= lution. In the current Meshtastic architecture, a Node is identified by the=
ir NodeID, generated from the MAC address, rather than their public key. Th=
is aspect downgrades the security, specifically by abusing the HAM mode whi=
ch doesn't use encryption. An attacker can, as such, forge a NodeInfo on be= half of a victim node advertising that the HAM mode is enabled. This, in tu= rn, will allow the other nodes on the mesh to accept the new information an=
d overwriting the NodeDB. The other nodes will then only be able to send di= rect messages to the victim by using the shared channel key instead of the = PKC. Additionally, because HAM mode by design doesn't provide any confident= iality or authentication of information, the attacker could potentially als=
o be able to change the Node details, like the full name, short code, etc. =
To keep the attack persistent, it is enough to regularly resend the forged = NodeInfo, in particular right after the victim sends their own. A patch is = available in version 2.7.6.834c3c5. 2026-01-27 8.2 CVE-2025-55292 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-55292 ] https://github.com/meshtastic/= firmware/security/advisories/GHSA-45vg-3f35-7ch2 https://github.com/meshtastic/firmware/commit/e5e8683cdba133e726033101586c3= 235a8678893
=C2=A0 Microsoft--Microsoft Office 2019 Reliance on untrusted inputs in a s= ecurity decision in Microsoft Office allows an unauthorized attacker to byp= ass a security feature locally. 2026-01-26 7.8 CVE-2026-21509 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-21509 ] Microsoft Office Security Feature = Bypass Vulnerability [ https://msrc.microsoft.com/update-guide/vulnerabilit= y/CVE-2026-21509 ]
=C2=A0 midgetspy--Sickbeard Sickbeard alpha contains a remote command injec= tion vulnerability that allows unauthenticated attackers to execute arbitra=
ry commands through the extra scripts configuration. Attackers can set mali= cious commands in the extra scripts field and trigger processing to execute=
remote code on the vulnerable Sickbeard installation. 2026-01-30 9.8 CVE-2= 020-37027 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37027 ] ExploitDB-4= 8646 [ https://www.exploit-db.com/exploits/48646 ]
Archived Sickbeard Official Homepage [ https://web.archive.org/web/20190722= 085652/https://sickbeard.com/ ]
Sickbeard GitHub Repository [ https://github.com/midgetspy/Sick-Beard ] VulnCheck Advisory: Sickbeard 0.1 - Remote Command Injection [ https://www.= vulncheck.com/advisories/sickbeard-remote-command-injection ]
=C2=A0 Mini-stream Software--RM Downloader RM Downloader 2.50.60 contains a=
local buffer overflow vulnerability in the 'Load' parameter that allows at= tackers to execute arbitrary code by overwriting memory. Attackers can craf=
t a malicious payload with an egg hunter technique to bypass memory protect= ions and execute commands like launching calc.exe. 2026-01-30 8.4 CVE-2020-= 37036 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37036 ] ExploitDB-48628=
[ https://www.exploit-db.com/exploits/48628 ]
Software v2.50.60 Archive [ https://github.com/x00x00x00x00/RMDownloader_2.= 50.60 ]
Software Informer Product Page [ https://rm-downloader.software.informer.co=
m/ ]
VulnCheck Advisory: RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer = Overflow [ https://www.vulncheck.com/advisories/rm-downloader-load-local-bu= ffer-overflow ]
=C2=A0 Minitool--MiniTool ShadowMaker MiniTool ShadowMaker 3.2 contains an = unquoted service path vulnerability in the MTAgentService that allows local=
attackers to potentially execute arbitrary code. Attackers can exploit the=
unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' =
to inject malicious executables and escalate privileges. 2026-01-26 7.8 CVE= -2020-36953 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36953 ] ExploitDB= -49336 [ https://www.exploit-db.com/exploits/49336 ]
Vendor Homepage [ https://www.minitool.com ]
VulnCheck Advisory: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Se= rvice Path [ https://www.vulncheck.com/advisories/minitool-shadowmaker-mtag= entservice-unquoted-service-path ]
=C2=A0 Mintplex-Labs--anything-llm AnythingLLM is an application that turns=
pieces of content into context that any LLM can use as references during c= hatting. Prior to version 1.10.0, a critical Path Traversal vulnerability i=
n the DrupalWiki integration allows a malicious admin (or an attacker who c=
an convince an admin to configure a malicious DrupalWiki URL) to write arbi= trary files to the server. This can lead to Remote Code Execution (RCE) by = overwriting configuration files or writing executable scripts. Version 1.10=
.0 fixes the issue. 2026-01-26 7.2 CVE-2026-24478 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-24478 ] https://github.com/Mintplex-Labs/anything-llm/= security/advisories/GHSA-jp2f-99h9-7vjv
=C2=A0 MobSF--Mobile-Security-Framework-MobSF MobSF is a mobile application=
security testing tool used. Prior to version 4.4.5, a Stored Cross-site Sc= ripting (XSS) vulnerability in MobSF's Android manifest analysis allows an = attacker to execute arbitrary JavaScript in the context of a victim's brows=
er session by uploading a malicious APK. The `android:host` attribute from = `<data android:scheme=3D"android_secret_code">` elements is rendered in HTM=
L reports without sanitization, enabling session hijacking and account take= over. Version 4.4.5 fixes the issue. 2026-01-27 8.1 CVE-2026-24490 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-24490 ] https://github.com/MobSF/Mobi= le-Security-Framework-MobSF/security/advisories/GHSA-8hf7-h89p-3pqj https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/2b08dd050e7= 685ee2a14fdbb454affab94129eae https://github.com/MobSF/Mobile-Security-Framework-MobSF/releases/tag/v4.4.5 =C2=A0 Motorola-Device-Manager--Motorola Device Manager Motorola Device Man= ager 2.5.4 contains an unquoted service path vulnerability in the MotoHelpe= rService.exe service that allows local users to potentially inject maliciou=
s code. Attackers can exploit the unquoted path in the service configuratio=
n to execute arbitrary code with elevated system privileges during service = startup. 2026-01-27 7.8 CVE-2020-36982 [ https://www.cve.org/CVERecord?id= =3DCVE-2020-36982 ] ExploitDB-49012 [ https://www.exploit-db.com/exploits/4= 9012 ]
Motorola Device Manager Vendor Homepage [ https://motorola-device-manager.p= rogramas-gratis.net/gracias ]
VulnCheck Advisory: Motorola Device Manager 2.5.4 - 'MotoHelperService.exe'=
Unquoted Service Path [ https://www.vulncheck.com/advisories/motorola-devi= ce-manager-motohelperserviceexe-unquoted-service-path ]
=C2=A0 n8n--n8n n8n contains a critical Remote Code Execution (RCE) vulnera= bility in its workflow Expression evaluation system. Expressions supplied b=
y authenticated users during workflow configuration may be evaluated in an = execution context that is not sufficiently isolated from the underlying run= time. An authenticated attacker could abuse this behavior to execute arbitr= ary code with the privileges of the n8n process. Successful exploitation ma=
y lead to full compromise of the affected instance, including unauthorized = access to sensitive data, modification of workflows, and execution of syste= m-level operations. 2026-01-27 9.9 CVE-2026-1470 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-1470 ] https://github.com/n8n-io/n8n/commit/aa4d1e58258= 29182afa0ad5b81f602638f55fa04 https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/
=C2=A0 NaturalIntelligence--fast-xml-parser fast-xml-parser allows users to=
validate XML, parse XML to JS object, or build XML from JS object without = C/C++ based libraries and no callback. In versions 4.3.6 through 5.3.3, a R= angeError vulnerability exists in the numeric entity processing of fast-xml= -parser when parsing XML with out-of-range entity code points (e.g., `&#999= 9999;` or `&#xFFFFFF;`). This causes the parser to throw an uncaught except= ion, crashing any application that processes untrusted XML input. Version 5= .3.4 fixes the issue. 2026-01-30 7.5 CVE-2026-25128 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-25128 ] https://github.com/NaturalIntelligence/fast-= xml-parser/security/advisories/GHSA-37qj-frw5-hhjh https://github.com/NaturalIntelligence/fast-xml-parser/commit/4e387f61c4a5c= ef792f6a2f42467013290bf95dc https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.4 =C2=A0 Naviwebs S.C.--Navigate CMS Navigate CMS 2.8.7 contains an authentic= ated SQL injection vulnerability that allows attackers to leak database inf= ormation by manipulating the 'sidx' parameter in comments. Attackers can ex= ploit the vulnerability to extract user activation keys by using time-based=
blind SQL injection techniques, potentially enabling password reset for ad= ministrative accounts. 2026-01-30 7.1 CVE-2020-37053 [ https://www.cve.org/= CVERecord?id=3DCVE-2020-37053 ] ExploitDB-48545 [ https://www.exploit-db.co= m/exploits/48545 ]
Navigate CMS Official Homepage [ https://www.navigatecms.com/en/home ]
Navigate CMS SourceForge Page [ https://sourceforge.net/projects/navigatecm=
s ]
VulnCheck Advisory: Navigate CMS 2.8.7 - ''sidx' SQL Injection [ https://ww= w.vulncheck.com/advisories/navigate-cms-sidx-sql-injection ]
=C2=A0 NetPCLinker--NetPCLinker NetPCLinker 1.0.0.0 contains a buffer overf= low vulnerability in the Clients Control Panel DNS/IP field that allows att= ackers to execute arbitrary shellcode. Attackers can craft a malicious payl= oad in the DNS/IP input to overwrite SEH handlers and execute shellcode whe=
n adding a new client. 2026-01-30 9.8 CVE-2019-25232 [ https://www.cve.org/= CVERecord?id=3DCVE-2019-25232 ] ExploitDB-48680 [ https://www.exploit-db.co= m/exploits/48680 ]
NetPCLinker SourceForge Page [ https://sourceforge.net/projects/netpclinker=
/ ]
VulnCheck Advisory: NetPCLinker 1.0.0.0 - Buffer Overflow [ https://www.vul= ncheck.com/advisories/netpclinker-buffer-overflow ]
=C2=A0 neutrinolabs--xrdp xrdp is an open source RDP server. xrdp before v0= .10.5 contains an unauthenticated stack-based buffer overflow vulnerability=
. The issue stems from improper bounds checking when processing user domain=
information during the connection sequence. If exploited, the vulnerabilit=
y could allow remote attackers to execute arbitrary code on the target syst= em. The vulnerability allows an attacker to overwrite the stack buffer and = the return address, which could theoretically be used to redirect the execu= tion flow. The impact of this vulnerability is lessened if a compiler flag = has been used to build the xrdp executable with stack canary protection. If=
this is the case, a second vulnerability would need to be used to leak the=
stack canary value. Upgrade to version 0.10.5 to receive a patch. Addition= ally, do not rely on stack canary protection on production systems. 2026-01= -27 9.1 CVE-2025-68670 [ https://www.cve.org/CVERecord?id=3DCVE-2025-68670 =
] https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rwvg-gp87-g= h6f https://github.com/neutrinolabs/xrdp/commit/488c8c7d4d189514a366cd8301b6e81= 6c5218ffa
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.5
=C2=A0 Nidesoft Studio--Nidesoft DVD Ripper Nidesoft DVD Ripper 5.2.18 cont= ains a local buffer overflow vulnerability in the License Code registration=
parameter that allows attackers to execute arbitrary code. Attackers can c= raft a malicious payload and paste it into the License Code field to trigge=
r a stack-based buffer overflow and execute shellcode. 2026-01-30 8.4 CVE-2= 020-37024 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37024 ] ExploitDB-4= 8687 [ https://www.exploit-db.com/exploits/48687 ]
Nidesoft DVD Ripper Software Download Page [ https://nidesoft-dvd-ripper.so= ftonic.com/ ]
VulnCheck Advisory: Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow [ ht= tps://www.vulncheck.com/advisories/nidesoft-dvd-ripper-local-buffer-overflo=
w ]
=C2=A0 Nidesoft--Nidesoft 3GP Video Converter Nidesoft 3GP Video Converter = 2.6.18 contains a local stack buffer overflow vulnerability in the license = registration parameter. Attackers can craft a malicious payload and paste i=
t into the 'License Code' field to execute arbitrary code on the system. 20= 26-01-28 8.4 CVE-2020-36971 [ https://www.cve.org/CVERecord?id=3DCVE-2020-3= 6971 ] ExploitDB-49034 [ https://www.exploit-db.com/exploits/49034 ]
Archived Software Repository [ https://nidesoft-3gp-video-converter.softwar= e.informer.com/2.6/ ]
VulnCheck Advisory: Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffe=
r Overflow [ https://www.vulncheck.com/advisories/nidesoft-gp-video-convert= er-local-stack-buffer-overflow ]
=C2=A0 nmedia--Frontend File Manager Plugin The Frontend File Manager Plugi=
n for WordPress is vulnerable to unauthorized file sharing due to a missing=
capability check on the 'wpfm_send_file_in_email' AJAX action in all versi= ons up to, and including, 23.5. This makes it possible for unauthenticated = attackers to share arbitrary uploaded files via email by supplying a file I=
D. Since file IDs are sequential integers, attackers can enumerate all uplo= aded files on the site and exfiltrate sensitive data that was intended to b=
e restricted to administrators only. 2026-01-28 7.5 CVE-2026-1280 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-1280 ] https://www.wordfence.com/threa= t-intel/vulnerabilities/id/e739e7d3-756a-4c93-9ca7-f7b9f9657033?source=3Dcve https://plugins.trac.wordpress.org/browser/nmedia-user-file-uploader/trunk/= inc/callback-functions.php#L98 https://plugins.trac.wordpress.org/browser/nmedia-user-file-uploader/tags/2= 3.5/inc/callback-functions.php#L98
=C2=A0 nmedia--Simple User Registration The Simple User Registration plugin=
for WordPress is vulnerable to privilege escalation in versions up to, and=
including, 6.7 due to insufficient restriction on the 'profile_save_field'=
function. This makes it possible for authenticated attackers, with minimal=
permissions such as a subscriber, to modify their user role by supplying t=
he 'wp_capabilities' parameter during a profile update. 2026-01-28 8.8 CVE-= 2026-0844 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0844 ] https://www.= wordfence.com/threat-intel/vulnerabilities/id/bb0e77e1-7e9f-4f7e-8953-c86ab= 0e5ae7a?source=3Dcve https://plugins.trac.wordpress.org/browser/wp-registration/tags/6.7/inc/cla= sses/class.profile.php#L401 https://plugins.trac.wordpress.org/browser/wp-registration/tags/6.7/inc/cla= sses/class.user.php#L305
=C2=A0 nordvpn--nordvpn Nord VPN 6.31.13.0 contains an unquoted service pat=
h vulnerability in its nordvpn-service that allows local attackers to execu=
te code with elevated privileges. Attackers can exploit the unquoted binary=
path during system startup or reboot to potentially run malicious code wit=
h LocalSystem permissions. 2026-01-28 7.8 CVE-2020-36992 [ https://www.cve.= org/CVERecord?id=3DCVE-2020-36992 ] ExploitDB-48790 [ https://www.exploit-d= b.com/exploits/48790 ]
NordVPN Official Homepage [ https://nordvpn.com ]
VulnCheck Advisory: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service=
Path [ https://www.vulncheck.com/advisories/nord-vpn-nordvpn-service-unquo= ted-service-path ]
=C2=A0 NVIDIA--GeForce NVIDIA Display Driver for Windows contains a vulnera= bility where an attacker could trigger a use after free. A successful explo=
it of this vulnerability might lead to code execution, escalation of privil= eges, data tampering, denial of service, and information disclosure. 2026-0= 1-28 7.8 CVE-2025-33217 [ https://www.cve.org/CVERecord?id=3DCVE-2025-33217=
] https://nvd.nist.gov/vuln/detail/CVE-2025-33217 https://www.cve.org/CVERecord?id=3DCVE-2025-33217 https://nvidia.custhelp.com/app/answers/detail/a_id/5747
=C2=A0 NVIDIA--GeForce NVIDIA GPU Display Driver for Windows contains a vul= nerability in the kernel mode layer (nvlddmkm.sys), where an attacker could=
cause an integer overflow. A successful exploit of this vulnerability migh=
t lead to code execution, escalation of privileges, data tampering, denial =
of service, or information disclosure. 2026-01-28 7.8 CVE-2025-33218 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-33218 ] https://nvd.nist.gov/vuln/d= etail/CVE-2025-33218
https://www.cve.org/CVERecord?id=3DCVE-2025-33218 https://nvidia.custhelp.com/app/answers/detail/a_id/5747
=C2=A0 NVIDIA--GeForce NVIDIA Display Driver for Linux contains a vulnerabi= lity in the NVIDIA kernel module where an attacker could cause an integer o= verflow or wraparound. A successful exploit of this vulnerability might lea=
d to code execution, escalation of privileges, data tampering, denial of se= rvice, or information disclosure. 2026-01-28 7.8 CVE-2025-33219 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-33219 ] https://nvd.nist.gov/vuln/detail= /CVE-2025-33219
https://www.cve.org/CVERecord?id=3DCVE-2025-33219 https://nvidia.custhelp.com/app/answers/detail/a_id/5747
=C2=A0 NVIDIA--GeForce NVIDIA vGPU software contains a vulnerability in the=
Virtual GPU Manager, where a malicious guest could cause heap memory acces=
s after the memory is freed. A successful exploit of this vulnerability mig=
ht lead to code execution, escalation of privileges, data tampering, denial=
of service, or information disclosure. 2026-01-28 7.8 CVE-2025-33220 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-33220 ] https://nvd.nist.gov/vuln/= detail/CVE-2025-33220
https://www.cve.org/CVERecord?id=3DCVE-2025-33220 https://nvidia.custhelp.com/app/answers/detail/a_id/5747
=C2=A0 NVIDIA--NVIDIA runx NVIDIA runx contains a vulnerability where an at= tacker could cause a code injection. A successful exploit of this vulnerabi= lity might lead to code execution, denial of service, escalation of privile= ges, information disclosure, and data tampering. 2026-01-27 7.8 CVE-2025-33= 234 [ https://www.cve.org/CVERecord?id=3DCVE-2025-33234 ] https://nvd.nist.= gov/vuln/detail/CVE-2025-33234 https://www.cve.org/CVERecord?id=3DCVE-2025-33234 https://nvidia.custhelp.com/app/answers/detail/a_id/5764
=C2=A0 nyariv--SandboxJS SandboxJS is a JavaScript sandboxing library. Vers= ions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunct= ion` not being isolated in `SandboxFunction`. The library attempts to sandb=
ox code execution by replacing the global `Function` constructor with a saf=
e, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by = mapping `Function` to `sandboxFunction` within a map used for lookups. Howe= ver, before version 0.8.26, the library did not include mappings for `Async= Function`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constru= ctors are not global properties but can be accessed via the `.constructor` = property of an instance (e.g., `(async () =3D> {}).constructor`). In `execu= tor.ts`, property access is handled. When code running inside the sandbox a= ccesses `.constructor` on an async function (which the sandbox allows creat= ing), the `executor` retrieves the property value. Since `AsyncFunction` wa=
s not in the safe-replacement map, the `executor` returns the actual native=
host `AsyncFunction` constructor. Constructors for functions in JavaScript=
(like `Function`, `AsyncFunction`) create functions that execute in the gl= obal scope. By obtaining the host `AsyncFunction` constructor, an attacker = can create a new async function that executes entirely outside the sandbox = context, bypassing all restrictions and gaining full access to the host env= ironment (Remote Code Execution). Version 0.8.26 patches this vulnerability=
. 2026-01-27 10 CVE-2026-23830 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-23830 ] https://github.com/nyariv/SandboxJS/security/advisories/GHSA-wxhw= -j4hc-fmq6 https://github.com/nyariv/SandboxJS/commit/345aee6566e47979dee5c337b925b141= e7f78ccd
=C2=A0 OISF--suricata Suricata is a network IDS, IPS and NSM engine. Prior =
to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to = expand a buffer w/o limits, leading to memory exhaustion and the process ge= tting killed. While reported for DCERPC over UDP, it is believed that DCERP=
C over TCP and SMB are also vulnerable. DCERPC/TCP in the default configura= tion should not be vulnerable as the default stream depth is limited to 1Mi=
B. Versions 8.0.3 and 7.0.14 contain a patch. Some workarounds are availabl=
e. For DCERPC/UDP, disable the parser. For DCERPC/TCP, the `stream.reassemb= ly.depth` setting will limit the amount of data that can be buffered. For D= CERPC/SMB, the `stream.reassembly.depth` can be used as well, but is set to=
unlimited by default. Imposing a limit here may lead to loss of visibility=
in SMB. 2026-01-27 7.5 CVE-2026-22258 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-22258 ] https://github.com/OISF/suricata/security/advisories/GH= SA-289c-h599-3xcx https://github.com/OISF/suricata/commit/39d8c302af3422a096b75474a4f295a754e= c6a74 https://github.com/OISF/suricata/commit/f82a388d0283725cb76782cf64e8341cab3= 70830
https://redmine.openinfosecfoundation.org/issues/8182
=C2=A0 OISF--suricata Suricata is a network IDS, IPS and NSM engine. Prior =
to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata =
to consume large amounts of memory while parsing DNP3 traffic. This can lea=
d to the process slowing down and running out of memory, potentially leadin=
g to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain =
a patch. As a workaround, disable the DNP3 parser in the suricata yaml (dis= abled by default). 2026-01-27 7.5 CVE-2026-22259 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-22259 ] https://github.com/OISF/suricata/security/advis= ories/GHSA-878h-2x6v-84q9 https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e903= 7bb7e https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d= 54942
https://redmine.openinfosecfoundation.org/issues/8181
=C2=A0 OISF--suricata Suricata is a network IDS, IPS and NSM engine. Starti=
ng in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a s= tack overflow. Version 8.0.3 patches the issue. As a workaround, use defaul=
t values for `request-body-limit` and `response-body-limit`. 2026-01-27 7.5=
CVE-2026-22260 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22260 ] https= ://github.com/OISF/suricata/security/advisories/GHSA-3gm8-84cm-5x22 https://github.com/OISF/suricata/commit/0dddac7278c8b9cf3c1e4c1c71e620a78ec= 1c185
https://redmine.openinfosecfoundation.org/issues/8185
=C2=A0 OISF--suricata Suricata is a network IDS, IPS and NSM engine. Prior =
to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a hea=
p use-after-free condition when generating excessive amounts of alerts for =
a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround=
, do not run untrusted rulesets or run with less than 65536 signatures that=
can match on the same packet. 2026-01-27 7.4 CVE-2026-22264 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-22264 ] https://github.com/OISF/suricata/se= curity/advisories/GHSA-mqr8-m3m4-2hw5 https://github.com/OISF/suricata/commit/549d7bf60616de8e54686a188196453b5b2= 2f715 https://github.com/OISF/suricata/commit/5789a3d3760dbf33d93fc56c27bd9529e5b= dc8f2 https://github.com/OISF/suricata/commit/ac1eb394181530430fb7262969f423a1bf8= f209b
https://redmine.openinfosecfoundation.org/issues/8190
=C2=A0 OpenClaw--OpenClaw OpenClaw (aka clawdbot or Moltbot) before 2026.1.=
29 obtains a gatewayUrl value from a query string and automatically makes a=
WebSocket connection without prompting, sending a token value. 2026-02-01 = 8.8 CVE-2026-25253 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25253 ] ht= tps://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq https://openclaw.ai/blog
=C2=A0 openemr--openemr OpenEMR is a free and open source electronic health=
records and medical practice management application. Versions prior to 7.0=
.4 have a broken access control in the Profile Edit endpoint. An authentica= ted normal user can modify the request parameters (pubpid / pid) to referen=
ce another user's record; the server accepts the modified IDs and applies t=
he changes to that other user's profile. This allows one user to alter anot= her user's profile data (name, contact info, etc.), and could enable accoun=
t takeover. Version 7.0.4 fixes the issue. 2026-01-27 8.8 CVE-2025-67645 [ = https://www.cve.org/CVERecord?id=3DCVE-2025-67645 ] https://github.com/open= emr/openemr/security/advisories/GHSA-vjmv-cf46-gffv https://github.com/openemr/openemr/commit/e2a682ee71aac71a9f04ae566f4ffca10= 052bc4a
=C2=A0 opf--openproject OpenProject is an open-source, web-based project ma= nagement software. To enable the real time collaboration on documents, Open= Project 17.0 introduced a synchronization server. The OpenPrioject backend = generates an authentication token that is currently valid for 24 hours, enc= rypts it with a shared secret only known to the synchronization server. The=
frontend hands this encrypted token and the backend URL over to the synchr= onization server to check user's ability to work on the document and perfor=
m intermittent saves while editing. The synchronization server does not pro= perly validate the backend URL and sends a request with the decrypted authe= ntication token to the endpoint that was given to the server. An attacker c= ould use this vulnerability to decrypt a token that he intercepted by other=
means to gain an access token to interact with OpenProject on the victim's=
behalf. This vulnerability was introduced with OpenProject 17.0.0 and was = fixed in 17.0.2. As a workaround, disable the collaboration feature via Set= tings -> Documents -> Real time collaboration -> Disable. Additionally the = `hocuspocus` container should also be disabled. 2026-01-28 8.9 CVE-2026-247=
72 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24772 ] https://github.com= /opf/openproject/security/advisories/GHSA-r854-p5qj-x974
=C2=A0 Pablosoftwaresolutions--Quick 'n Easy FTP Service Quick 'n Easy FTP = Service 3.2 contains an unquoted service path vulnerability that allows loc=
al attackers to execute arbitrary code during service startup. Attackers ca=
n exploit the misconfigured service binary path to inject malicious executa= bles with elevated LocalSystem privileges during system boot or service res= tart. 2026-01-27 7.8 CVE-2020-36983 [ https://www.cve.org/CVERecord?id=3DCV= E-2020-36983 ] ExploitDB-48983 [ https://www.exploit-db.com/exploits/48983 ] Vendor Homepage [ https://www.pablosoftwaresolutions.com/html/quick__n_easy= _ftp_service.html ]
Software Download Page [ https://www.pablosoftwaresolutions.com/download.ph= p?id=3D10 ]
VulnCheck Advisory: Quick 'n Easy FTP Service 3.2 - Unquoted Service Path [=
https://www.vulncheck.com/advisories/quick-n-easy-ftp-service-unquoted-ser= vice-path ]
=C2=A0 patriksimek--vm2 vm2 is an open source vm/sandbox for Node.js. In vm=
2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catc=
h` callback sanitization can be bypassed. This allows attackers to escape t=
he sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback fu= nction of `localPromise.prototype.then` is sanitized, but `globalPromise.pr= ototype.then` is not sanitized. The return value of async functions is `glo= balPromise` object. Version 3.10.2 fixes the issue. 2026-01-26 9.8 CVE-2026= -22709 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22709 ] https://github= .com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8 https://github.com/patriksimek/vm2/commit/4b009c2d4b1131c01810c1205e641d614= c322a29
https://github.com/patriksimek/vm2/releases/tag/v3.10.2
=C2=A0 Pdf-Complete--PDF Complete PDF Complete 3.5.310.2002 contains an unq= uoted service path vulnerability in its pdfsvc.exe service configuration. A= ttackers can exploit the unquoted path to inject and execute malicious code=
with elevated LocalSystem privileges. 2026-01-26 7.8 CVE-2020-36957 [ http= s://www.cve.org/CVERecord?id=3DCVE-2020-36957 ] ExploitDB-49226 [ https://w= ww.exploit-db.com/exploits/49226 ]
PDF Complete Vendor Homepage [ https://pdf-complete.informer.com/3.5/ ] VulnCheck Advisory: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Servi=
ce Path [ https://www.vulncheck.com/advisories/pdf-complete-pdfsvcexe-unquo= ted-service-path ]
=C2=A0 PHPSUGAR--PHP Melody PHP Melody version 3.0 contains a remote SQL in= jection vulnerability in the video edit module that allows authenticated at= tackers to inject malicious SQL commands. Attackers can exploit the unvalid= ated 'vid' parameter to execute arbitrary database queries and potentially = compromise the web application and database management system. 2026-02-01 8=
.1 CVE-2021-47915 [ https://www.cve.org/CVERecord?id=3DCVE-2021-47915 ] Vul= nerability Lab Advisory [ https://www.vulnerability-lab.com/get_content.php= ?id=3D2295 ]
Vulnerability Lab Advisory [ https://www.phpsugar.com/blog/2021/09/php-melo= dy-3-0-vulnerability-report-fix/ ]
Product Homepage [ https://www.phpsugar.com/phpmelody.html ]
VulnCheck Advisory: PHP Melody 3.0 SQL Injection Vulnerability via Edit Vid=
eo Parameter [ https://www.vulncheck.com/advisories/php-melody-sql-injectio= n-vulnerability-via-edit-video-parameter ]
=C2=A0 PMB Services--PMB Services PMB 5.6 contains a local file disclosure = vulnerability in getgif.php that allows attackers to read arbitrary system = files by manipulating the 'chemin' parameter. Attackers can exploit the uns= anitized file path input to access sensitive files like /etc/passwd by send= ing crafted requests to the getgif.php endpoint. 2026-01-28 8.4 CVE-2020-36= 970 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36970 ] ExploitDB-49054 [=
https://www.exploit-db.com/exploits/49054 ]
Vendor Homepage [ http://www.sigb.net ]
Software Download Repository [ http://forge.sigb.net/redmine/projects/pmb/f= iles ]
VulnCheck Advisory: PMB 5.6 - 'chemin' Local File Disclosure [ https://www.= vulncheck.com/advisories/pmb-chemin-local-file-disclosure ]
=C2=A0 polarnl--PolarLearn PolarLearn is a free and open-source learning pr= ogram. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/= forum/vote`) trusts the JSON body's `direction` value without runtime valid= ation. TypeScript types are not enforced at runtime, so an attacker can sen=
d arbitrary strings (e.g., `"x"`) as `direction`. Downstream (`VoteServer`)=
treats any non-`"up"` and non-`null` value as a downvote and persists the = invalid value in `votes_data`. This can be exploited to bypass intended bus= iness logic. Version 0-PRERELEASE-15 fixes the vulnerability. 2026-01-29 7.=
1 CVE-2026-25126 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25126 ] http= s://github.com/polarnl/PolarLearn/security/advisories/GHSA-ghpx-5w2p-p3qp https://github.com/polarnl/PolarLearn/commit/e6227d94d0e53e854f6a46480db8cd= 1051184d41
=C2=A0 Preyproject--Prey Prey 1.9.6 contains an unquoted service path vulne= rability that allows local users to potentially execute code with elevated = privileges. Attackers can exploit the unquoted path in the CronService to i= nsert malicious code that would execute during application startup or syste=
m reboot. 2026-01-28 7.8 CVE-2020-36986 [ https://www.cve.org/CVERecord?id= =3DCVE-2020-36986 ] ExploitDB-48967 [ https://www.exploit-db.com/exploits/4= 8967 ]
Vendor Homepage [ https://preyproject.com/ ]
VulnCheck Advisory: Prey 1.9.6 - "CronService" Unquoted Service Path [ http= s://www.vulncheck.com/advisories/prey-cronservice-unquoted-service-path ] =C2=A0 ProjectSkyfire--SkyFire_548 improper pointer arithmetic vulnerabilit=
y in ProjectSkyfire SkyFire_548. This issue affects SkyFire_548: before 5.4= .8-stable5. 2026-01-27 9.8 CVE-2026-24872 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-24872 ] https://github.com/cadaver/turso3d/pull/11
=C2=A0 pytorch--pytorch PyTorch is a Python package that provides tensor co= mputation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_o= nly` unpickler allows an attacker to craft a malicious checkpoint file (`.p= th`) that, when loaded with `torch.load(..., weights_only=3DTrue)`, can cor= rupt memory and potentially lead to arbitrary code execution. Version 2.10.=
0 fixes the issue. 2026-01-27 8.8 CVE-2026-24747 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-24747 ] https://github.com/pytorch/pytorch/security/adv= isories/GHSA-63cw-57p8-fm3p
https://github.com/pytorch/pytorch/issues/163105 https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad0= 5dd2d9ae752139
https://github.com/pytorch/pytorch/releases/tag/v2.10.0
=C2=A0 Raimersoft--TapinRadio TapinRadio 2.13.7 contains a denial of servic=
e vulnerability in the application proxy settings that allows attackers to = crash the program by overflowing input fields. Attackers can paste a large = buffer of 20,000 characters into the username and address fields to cause t=
he application to become unresponsive and require reinstallation. 2026-01-2=
7 7.5 CVE-2020-36949 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36949 ] = ExploitDB-49206 [ https://www.exploit-db.com/exploits/49206 ]
Vendor Homepage [ http://www.raimersoft.com/ ]
VulnCheck Advisory: TapinRadio 2.13.7 - Denial of Service [ https://www.vul= ncheck.com/advisories/tapinradio-denial-of-service ]
=C2=A0 Ralim--IronOS Integer Overflow or Wraparound vulnerability in Ralim = IronOS. This issue affects IronOS: before v2.23-rc2. 2026-01-27 9.8 CVE-202= 6-24830 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24830 ] https://githu= b.com/Ralim/IronOS/pull/2083
=C2=A0 Realtek--Realtek Andrea RT Filters Realtek Andrea RT Filters 1.0.64.=
7 contains an unquoted service path vulnerability that allows local users t=
o potentially execute arbitrary code with elevated system privileges. Attac= kers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.ex=
e' to inject malicious code that would execute during service startup or sy= stem reboot. 2026-01-27 7.8 CVE-2020-36974 [ https://www.cve.org/CVERecord?= id=3DCVE-2020-36974 ] ExploitDB-49158 [ https://www.exploit-db.com/exploits= /49158 ]
Realtek Official Homepage [ https://www.realtek.com/en/ ]
VulnCheck Advisory: Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unq= uoted Service Path [ https://www.vulncheck.com/advisories/realtek-andrea-rt= -filters-aertsrexe-unquoted-service-path ]
=C2=A0 Red Hat--OpenShift Serverless A flaw was found in Undertow. Servlets=
using a method that calls HttpServletRequestImpl.getParameterNames() can c= ause an OutOfMemoryError when the client sends a request with large paramet=
er names. This issue can be exploited by an unauthorized user to cause a re= mote denial-of-service (DoS) attack. 2026-01-30 7.5 CVE-2024-4027 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2024-4027 ] https://access.redhat.com/secur= ity/cve/CVE-2024-4027
RHBZ#2276410 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2276410 ]
=C2=A0 Red Hat--osim The $uri$args concatenation in nginx configuration fil=
e present in Open Security Issue Management (OSIM) prior v2025.9.0 allows p= ath traversal attacks via query parameters. 2026-01-29 7.5 CVE-2026-1616 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-1616 ] https://github.com/RedHa= tProductSecurity/osim/pull/615
=C2=A0 Red Hat--RHEL-9-CNV-4.19 A flaw was found in KubeVirt Containerized = Data Importer (CDI). This vulnerability allows a user to clone PersistentVo= lumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized a= ccess to data via the DataImportCron PVC source mechanism. 2026-01-26 8.5 C= VE-2025-14459 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14459 ] RHSA-20= 26:0950 [ https://access.redhat.com/errata/RHSA-2026:0950 ] https://access.redhat.com/security/cve/CVE-2025-14459
RHBZ#2420938 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2420938 ]
=C2=A0 Rinnegatamante--lpp-vita Out-of-bounds Read vulnerability in Rinnega= tamante lpp-vita. This issue affects lpp-vita: before lpp-vita r6. 2026-01-=
27 7.8 CVE-2026-24873 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24873 ]=
https://github.com/Rinnegatamante/lpp-vita/pull/82
=C2=A0 Ruijienetworks--Ruijie Networks Switch eWeb S29_RGOS Ruijie Networks=
Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability tha=
t allows unauthenticated attackers to access sensitive configuration files =
by manipulating file path parameters. Attackers can exploit the /download.d=
o endpoint with '../' sequences to retrieve system configuration files cont= aining credentials and network settings. 2026-01-29 7.5 CVE-2020-37015 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2020-37015 ] ExploitDB-48755 [ https:/= /www.exploit-db.com/exploits/48755 ]
Ruijie Networks Official Homepage [ https://www.ruijienetworks.com/ ]
Directory Traversal Vulnerability Source [ https://faruktuygun.com/director= ytraversal.html ]
VulnCheck Advisory: Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory T= raversal [ https://www.vulncheck.com/advisories/ruijie-networks-switch-eweb= -srgos-directory-traversal ]
=C2=A0 runtipi--runtipi Runtipi is a personal homeserver orchestrator. Star= ting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path T= raversal vulnerability in the `UserConfigController` allows any remote user=
to overwrite the system's `docker-compose.yml` configuration file. By expl= oiting insecure URN parsing, an attacker can replace the primary stack conf= iguration with a malicious one, resulting in full Remote Code Execution (RC=
E) and host filesystem compromise the next time the instance is restarted b=
y the operator. Version 4.7.2 fixes the vulnerability. 2026-01-29 7.6 CVE-2= 026-25116 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25116 ] https://git= hub.com/runtipi/runtipi/security/advisories/GHSA-mwg8-x997-cqw6 https://github.com/runtipi/runtipi/releases/tag/v4.7.2
=C2=A0 saadiqbal--New User Approve The New User Approve plugin for WordPres=
s is vulnerable to unauthorized access of data and modification of data due=
to a missing capability check on multiple REST API endpoints in all versio=
ns up to, and including, 3.2.2. This makes it possible for unauthenticated = attackers to approve or deny user accounts, retrieve sensitive user informa= tion including emails and roles, and force logout of privileged users. 2026= -01-28 7.3 CVE-2026-0832 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0832=
] https://www.wordfence.com/threat-intel/vulnerabilities/id/f86a69ab-2fc5-= 4c84-872b-929dbec429cd?source=3Dcve https://plugins.trac.wordpress.org/browser/new-user-approve/trunk/includes/= end-points/mobile-api.php#L60 https://plugins.trac.wordpress.org/browser/new-user-approve/tags/3.2.1/incl= udes/end-points/mobile-api.php#L60 https://plugins.trac.wordpress.org/browser/new-user-approve/trunk/includes/= end-points/mobile-api.php#L24 https://plugins.trac.wordpress.org/browser/new-user-approve/tags/3.2.1/incl= udes/end-points/mobile-api.php#L24 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3425140%40new-user-approve&new=3D3425140%40new-user-approve&s= fp_email=3D&sfph_mail=3D https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3442291%40new-user-approve&new=3D3442291%40new-user-approve&s= fp_email=3D&sfph_mail=3D
=C2=A0 Salt Project--Salt Salt's junos execution module contained an unsafe=
YAML decode/load usage. A specially crafted YAML payload processed by the = junos module could lead to unintended code execution under the context of t=
he Salt process. 2026-01-30 7.8 CVE-2025-62348 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-62348 ] Salt 3006.17 release notes (fix for CVE-2025-6234=
8) [ https://docs.saltproject.io/en/latest/topics/releases/3006.17.html ] =C2=A0 Sangfor--Operation and Maintenance Security Management System A vuln= erability has been found in Sangfor Operation and Maintenance Security Mana= gement System up to 3.0.12. The impacted element is an unknown function of = the file /fort/audit/get_clip_img of the component HTTP POST Request Handle=
r. Such manipulation of the argument frame/dirno leads to command injection=
. It is possible to launch the attack remotely. The exploit has been disclo= sed to the public and may be used. 2026-01-26 7.3 CVE-2026-1412 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-1412 ] VDB-342801 | Sangfor Operation an=
d Maintenance Security Management System HTTP POST Request get_clip_img com= mand injection [ https://vuldb.com/?id.342801 ]
VDB-342801 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342801 ]
Submit #736513 | Sangfor Operation and Maintenance Security Management Syst=
em (OSM / =C3=A8=C2=BF=C2=90=C3=A7=C2=BB=C2=B4=C3=A5=C2=AE=E2=80=B0=C3=A5= =E2=80=A6=C2=A8=C3=A7=C2=AE=C2=A1=C3=A7=C2=90=E2=80=A0=C3=A7=C2=B3=C2=BB=C3= =A7=C2=BB=C5=B8) v3.0.12 Command Injectiona [ https://vuldb.com/?submit.736= 513 ]
https://github.com/LX-LX88/cve/issues/22
=C2=A0 Scille--parsec-cloud Parsec is a cloud-based application for cryptog= raphically secure file sharing. In versions on the 3.x branch prior to 3.6.=
0, `libparsec_crypto`, a component of the Parsec application, does not chec=
k for weak order point of Curve25519 when compiled with its RustCrypto back= end. In practice this means an attacker in a man-in-the-middle position wou=
ld be able to provide weak order points to both parties in the Diffie-Hellm=
an exchange, resulting in a high probability to for both parties to obtain = the same shared key (hence leading to a successful SAS code exchange, misle= ading both parties into thinking no MITM has occurred) which is also known =
by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `= libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patc= hes the issue. 2026-01-29 8.3 CVE-2025-62514 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-62514 ] https://github.com/Scille/parsec-cloud/security/adv= isories/GHSA-hrc9-gm58-pgj9 https://github.com/Scille/parsec-cloud/commit/197bb6387b49fec872b5e4a04dcdb= 82b3d2995b2 https://github.com/Scille/parsec-cloud/blob/e7c5cdbc4234f606ccf3ab2be7e9edc= 22db16feb/libparsec/crates/crypto/src/rustcrypto/private.rs#L136-L138 https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2= fd65069437e3576e49b390e7a/curve25519-dalek/src/montgomery.rs#L132-L146 https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2= fd65069437e3576e49b390e7a/x25519-dalek/src/x25519.rs#L364-L366
=C2=A0 script3--soroban-fixed-point-math soroban-fixed-point-math is a fixe= d-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.=
0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the = intermediate product $x * y$ and the divisor $z$ were negative. The logic a= ssumed that if the intermediate product was negative, the final result must=
also be negative, neglecting the sign of $z$. This resulted in rounding be= ing applied in the wrong direction for cases where both $x * y$ and $z$ wer=
e negative. The functions most at risk are `fixed_div_floor` and `fixed_div= _ceil`, as they often use non-constant numbers as the divisor $z$ in `mulDi= v`. This error is present in all signed `FixedPoint` and `SorobanFixedPoint=
` implementations, including `i64`, `i128`, and `I256`. Versions 1.3.1 and = 1.4.1 contain a patch. No known workarounds for this issue are available. 2= 026-01-27 7.5 CVE-2026-24783 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 24783 ] https://github.com/script3/soroban-fixed-point-math/security/adviso= ries/GHSA-x5m4-43jf-hh65 https://github.com/script3/soroban-fixed-point-math/commit/c9233f7094198a49= ed66a4d75786a8a3755c936a https://github.com/script3/soroban-fixed-point-math/releases/tag/v1.3.1 https://github.com/script3/soroban-fixed-point-math/releases/tag/v1.4.1
=C2=A0 sebastianbergmann--phpunit PHPUnit is a testing framework for PHP. A=
vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10= .5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage=
data in PHPT test execution. The vulnerability exists in the `cleanupForCo= verage()` method, which deserializes code coverage files without validation=
, potentially allowing remote code execution if malicious `.coverage` files=
are present prior to the execution of the PHPT test. The vulnerability occ= urs when a `.coverage` file, which should not exist before test execution, =
is deserialized without the `allowed_classes` parameter restriction. An att= acker with local file write access can place a malicious serialized object = with a `__wakeup()` method into the file system, leading to arbitrary code = execution during test runs with code coverage instrumentation enabled. This=
vulnerability requires local file write access to the location where PHPUn=
it stores or expects code coverage files for PHPT tests. This can occur thr= ough CI/CD pipeline attacks, the local development environment, and/or comp= romised dependencies. Rather than just silently sanitizing the input via `[= 'allowed_classes' =3D> false]`, the maintainer has chosen to make the anoma= lous state explicit by treating pre-existing `.coverage` files for PHPT tes=
ts as an error condition. Starting in versions in versions 12.5.8, 11.5.50,=
10.5.62, 9.6.33, when a `.coverage` file is detected for a PHPT test prior=
to execution, PHPUnit will emit a clear error message identifying the anom= alous state. Organizations can reduce the effective risk of this vulnerabil= ity through proper CI/CD configuration, including ephemeral runners, code r= eview enforcement, branch protection, artifact isolation, and access contro=
l. 2026-01-27 7.8 CVE-2026-24765 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-24765 ] https://github.com/sebastianbergmann/phpunit/security/advisorie= s/GHSA-vvj3-c3rp-c85p https://github.com/sebastianbergmann/phpunit/commit/3141742e00620e2968d3d2e= 732d320de76685fda https://github.com/sebastianbergmann/phpunit/releases/tag/10.5.63 https://github.com/sebastianbergmann/phpunit/releases/tag/11.5.50 https://github.com/sebastianbergmann/phpunit/releases/tag/12.5.8 https://github.com/sebastianbergmann/phpunit/releases/tag/8.5.52 https://github.com/sebastianbergmann/phpunit/releases/tag/9.6.33
=C2=A0 Segurazo--SAntivirus IC SAntivirus IC 10.0.21.61 contains an unquote=
d service path vulnerability in its Windows service configuration that allo=
ws local attackers to potentially execute arbitrary code. Attackers can exp= loit the unquoted executable path to inject malicious files in the service = binary path, enabling privilege escalation to system-level permissions. 202= 6-01-27 7.8 CVE-2020-36980 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36= 980 ] ExploitDB-49042 [ https://www.exploit-db.com/exploits/49042 ]
Vendor Homepage [ https://www.segurazo.com/download.html ]
VulnCheck Advisory: SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Serv= ice Path [ https://www.vulncheck.com/advisories/santivirus-ic-santivirusic-= unquoted-service-path ]
=C2=A0 SEIKO EPSON Corp--Status Monitor 3 EPSON Status Monitor 3 version 8.=
0 contains an unquoted service path vulnerability that allows local attacke=
rs to potentially execute arbitrary code by exploiting the service binary p= ath. Attackers can leverage the unquoted path in 'C:\Program Files\Common F= iles\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and esca= late privileges. 2026-01-27 7.8 CVE-2020-36975 [ https://www.cve.org/CVERec= ord?id=3DCVE-2020-36975 ] ExploitDB-49141 [ https://www.exploit-db.com/expl= oits/49141 ]
Official EPSON Corporate Homepage [ https://epson.com ]
VulnCheck Advisory: EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted S= ervice Path [ https://www.vulncheck.com/advisories/epson-status-monitor-eps= onpmrpcv-unquoted-service-path ]
=C2=A0 shahrukhlinkgraph--Search Atlas SEO Premier SEO Plugin for One-Click=
WP Publishing & Integrated AI Optimization The Search Atlas SEO - Premier = SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin = for WordPress is vulnerable to authentication bypass due to a missing capab= ility check on the 'generate_sso_url' and 'validate_sso_token' functions in=
versions 2.4.4 to 2.5.12. This makes it possible for authenticated attacke= rs, with Subscriber-level access and above, to extract the 'nonce_token' au= thentication value to log in to the first Administrator's account. 2026-01-=
28 8.8 CVE-2025-14386 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14386 ]=
https://www.wordfence.com/threat-intel/vulnerabilities/id/6f63d2c4-cbae-41= 77-8494-daca96449ecc?source=3Dcve https://plugins.trac.wordpress.org/browser/metasync/tags/2.5.12/admin/class= -metasync-admin.php#L1042 https://plugins.trac.wordpress.org/browser/metasync/tags/2.5.12/admin/class= -metasync-admin.php#L851 https://plugins.trac.wordpress.org/browser/metasync/tags/2.5.12/admin/class= -metasync-admin.php#L1141
=C2=A0 Sharemouse--ShareMouse ShareMouse 5.0.43 contains an unquoted servic=
e path vulnerability that allows local users to potentially execute arbitra=
ry code with elevated system privileges. Attackers can exploit the insecure=
service path configuration by placing malicious executables in specific sy= stem directories to gain elevated access during service startup. 2026-01-28=
7.8 CVE-2020-36991 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36991 ] E= xploitDB-48794 [ https://www.exploit-db.com/exploits/48794 ]
ShareMouse Official Vendor Homepage [ https://www.sharemouse.com/ ]
VulnCheck Advisory: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Servi=
ce Path [ https://www.vulncheck.com/advisories/sharemouse-sharemouse-servic= e-unquoted-service-path ]
=C2=A0 Simplephpscripts--Simple CMS Simple CMS 2.1 contains a remote SQL in= jection vulnerability that allows privileged attackers to inject unfiltered=
SQL commands in the users module. Attackers can exploit unvalidated input = parameters in the admin.php file to compromise the database management syst=
em and web application. 2026-02-01 8.1 CVE-2021-47918 [ https://www.cve.org= /CVERecord?id=3DCVE-2021-47918 ] Vulnerability Lab Advisory [ https://www.v= ulnerability-lab.com/get_content.php?id=3D2303 ]
Product Homepage [ https://simplephpscripts.com/simple-cms-php ]
VulnCheck Advisory: Simple CMS 2.1 SQL Injection Vulnerability via Users Mo= dule [ https://www.vulncheck.com/advisories/simple-cms-sql-injection-vulner= ability-via-users-module2 ]
=C2=A0 smartdatasoft--SmartBlog SmartBlog 2.0.1 contains a blind SQL inject= ion vulnerability in the 'id_post' parameter of the details controller that=
allows attackers to extract database information. Attackers can systematic= ally test and retrieve database contents by injecting crafted SQL queries t= hat compare character-by-character of database information. 2026-01-28 8.2 = CVE-2020-36972 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36972 ] Exploi= tDB-48995 [ https://www.exploit-db.com/exploits/48995 ]
SmartBlog GitHub Repository [ https://github.com/smartdatasoft/smartblog ] VulnCheck Advisory: SmartBlog 2.0.1 - 'id_post' Blind SQL injection [ https= ://www.vulncheck.com/advisories/smartblog-idpost-blind-sql-injection ]
=C2=A0 SOCUSOFT--Photo to Video Converter Professional Socusoft Photo to Vi= deo Converter Professional 8.07 contains a local buffer overflow vulnerabil= ity in the 'Output Folder' input field that allows attackers to execute arb= itrary code. Attackers can craft a malicious payload and paste it into the = output folder field to trigger a stack-based buffer overflow and potentiall=
y execute shellcode. 2026-01-30 8.4 CVE-2020-37028 [ https://www.cve.org/CV= ERecord?id=3DCVE-2020-37028 ] ExploitDB-48691 [ https://www.exploit-db.com/= exploits/48691 ]
Archived Vendor Homepage [ https://web.archive.org/web/20190314225058/http:= //www.dvd-photo-slideshow.com/photo-to-video-converter.html ]
VulnCheck Advisory: Socusoft Photo to Video Converter Professional 8.07 - '= Output Folder' Buffer Overflow [ https://www.vulncheck.com/advisories/socus= oft-photo-to-video-converter-professional-output-folder-buffer-overflow ] =C2=A0 SolarWinds--Web Help Desk SolarWinds Web Help Desk was found to be s= usceptible to an untrusted data deserialization vulnerability that could le=
ad to remote code execution, which would allow an attacker to run commands =
on the host machine. This could be exploited without authentication. 2026-0= 1-28 9.8 CVE-2025-40551 [ https://www.cve.org/CVERecord?id=3DCVE-2025-40551=
] https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-405=
51
https://documentation.solarwinds.com/en/success_center/whd/content/release_= notes/whd_2026-1_release_notes.htm
=C2=A0 SolarWinds--Web Help Desk SolarWinds Web Help Desk was found to be s= usceptible to an authentication bypass vulnerability that if exploited, wou=
ld allow a malicious actor to execute actions and methods that should be pr= otected by authentication. 2026-01-28 9.8 CVE-2025-40552 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-40552 ] https://www.solarwinds.com/trust-center= /security-advisories/CVE-2025-40552 https://documentation.solarwinds.com/en/success_center/whd/content/release_= notes/whd_2026-1_release_notes.htm
=C2=A0 SolarWinds--Web Help Desk SolarWinds Web Help Desk was found to be s= usceptible to an untrusted data deserialization vulnerability that could le=
ad to remote code execution, which would allow an attacker to run commands =
on the host machine. This could be exploited without authentication. 2026-0= 1-28 9.8 CVE-2025-40553 [ https://www.cve.org/CVERecord?id=3DCVE-2025-40553=
] https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-405=
53
https://documentation.solarwinds.com/en/success_center/whd/content/release_= notes/whd_2026-1_release_notes.htm
=C2=A0 SolarWinds--Web Help Desk SolarWinds Web Help Desk was found to be s= usceptible to an authentication bypass vulnerability that, if exploited, co= uld allow an attacker to invoke specific actions within Web Help Desk. 2026= -01-28 9.8 CVE-2025-40554 [ https://www.cve.org/CVERecord?id=3DCVE-2025-405=
54 ] https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-4= 0554 https://documentation.solarwinds.com/en/success_center/whd/content/release_= notes/whd_2026-1_release_notes.htm
=C2=A0 SolarWinds--Web Help Desk SolarWinds Web Help Desk was found to be s= usceptible to a security control bypass vulnerability that if exploited, co= uld allow an unauthenticated attacker to gain access to certain restricted = functionality. 2026-01-28 8.1 CVE-2025-40536 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-40536 ] https://www.solarwinds.com/trust-center/security-ad= visories/CVE-2025-40536 https://documentation.solarwinds.com/en/success_center/whd/content/release_= notes/whd_2026-1_release_notes.htm
=C2=A0 SolarWinds--Web Help Desk SolarWinds Web Help Desk was found to be s= usceptible to a hardcoded credentials vulnerability that, under certain sit= uations, could allow access to administrative functions. 2026-01-28 7.5 CVE= -2025-40537 [ https://www.cve.org/CVERecord?id=3DCVE-2025-40537 ] https://w= ww.solarwinds.com/trust-center/security-advisories/CVE-2025-40537 https://documentation.solarwinds.com/en/success_center/whd/content/release_= notes/whd_2026-1_release_notes.htm
=C2=A0 Sonarqube--SonarQube SonarQube 8.3.1 contains an unquoted service pa=
th vulnerability that allows local attackers to gain SYSTEM privileges by e= xploiting the service executable path. Attackers can replace the wrapper.ex=
e in the service path with a malicious executable to execute code with high= est system privileges during service restart. 2026-01-29 7.8 CVE-2020-37020=
[ https://www.cve.org/CVERecord?id=3DCVE-2020-37020 ] ExploitDB-48677 [ ht= tps://www.exploit-db.com/exploits/48677 ]
SonarQube Official Homepage [ https://www.sonarqube.org ]
VulnCheck Advisory: SonarQube 8.3.1 - Unquoted Service Path [ https://www.v= ulncheck.com/advisories/sonarqube-unquoted-service-path ]
=C2=A0 Squidex--squidex Squidex is an open source headless content manageme=
nt system and content management hub. Versions of the application up to and=
including 7.21.0 allow users to define "Webhooks" as actions within the Ru= les engine. The url parameter in the webhook configuration does not appear =
to validate or restrict destination IP addresses. It accepts local addresse=
s such as 127.0.0.1 or localhost. When a rule is triggered (Either manual t= rigger by manually calling the trigger endpoint or by a content update or a=
ny other triggers), the backend server executes an HTTP request to the user= -supplied URL. Crucially, the server logs the full HTTP response in the rul=
e execution log (lastDump field), which is accessible via the API. Which tu= rns a "Blind" SSRF into a "Full Read" SSRF. As of time of publication, no p= atched versions are available. 2026-01-27 9.1 CVE-2026-24736 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-24736 ] https://github.com/Squidex/squidex/= security/advisories/GHSA-wxg2-953m-fg2w
=C2=A0 sunnygkp10--Online-Exam-System Online-Exam-System 2015 contains a ti= me-based blind SQL injection vulnerability in the feedback form that allows=
attackers to extract database password hashes. Attackers can exploit the '= feed.php' endpoint by crafting malicious payload requests that use time del= ays to systematically enumerate user password characters. 2026-01-30 8.2 CV= E-2020-37051 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37051 ] ExploitD= B-48560 [ https://www.exploit-db.com/exploits/48560 ]
Software Repository [ https://github.com/sunnygkp10/Online-Exam-System-.git=
]
VulnCheck Advisory: Online-Exam-System 2015 - 'feedback' SQL Injection [ ht= tps://www.vulncheck.com/advisories/online-exam-system-feedback-sql-injectio=
n ]
=C2=A0 sunnygkp10--Online-Exam-System Online-Exam-System 2015 contains a SQ=
L injection vulnerability in the feedback module that allows attackers to m= anipulate database queries through the 'fid' parameter. Attackers can injec=
t malicious SQL code into the 'fid' parameter to potentially extract, modif=
y, or delete database information. 2026-01-30 8.2 CVE-2020-37057 [ https://= www.cve.org/CVERecord?id=3DCVE-2020-37057 ] ExploitDB-48529 [ https://www.e= xploit-db.com/exploits/48529 ]
Software Repository [ https://github.com/sunnygkp10/Online-Exam-System-.git=
]
VulnCheck Advisory: Online-Exam-System 2015 - 'fid' SQL Injection [ https:/= /www.vulncheck.com/advisories/online-exam-system-fid-sql-injection ]
=C2=A0 Techraft--Digital Multivendor Marketplace Online Store Mult-E-Cart U= ltimate 2.4 contains multiple SQL injection vulnerabilities in inventory, c= ustomer, vendor, and order modules. Remote attackers with privileged vendor=
or admin roles can exploit the 'id' parameter to execute malicious SQL com= mands and compromise the database management system. 2026-02-01 8.1 CVE-202= 1-47909 [ https://www.cve.org/CVERecord?id=3DCVE-2021-47909 ] Vulnerability=
Lab Advisory [ https://www.vulnerability-lab.com/get_content.php?id=3D2306=
]
Product Homepage [ https://ultimate.multecart.com/ ]
Product Homepage [ https://www.techraft.in/ ]
VulnCheck Advisory: Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable I=
D Parameters [ https://www.vulncheck.com/advisories/mult-e-cart-ultimate-sq= l-injection-via-vulnerable-id-parameters ]
=C2=A0 telnet-lite--Mocha Telnet Lite for iOS Mocha Telnet Lite for iOS 4.2=
contains a denial of service vulnerability that allows attackers to crash = the application by manipulating the user configuration input. Attackers can=
overwrite the 'User' field with 350 bytes of repeated characters to trigge=
r an application crash and prevent normal functionality. 2026-01-29 7.5 CVE= -2020-36995 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36995 ] ExploitDB= -48728 [ https://www.exploit-db.com/exploits/48728 ]
Official App Store Page for Mocha Telnet Lite [ https://apps.apple.com/us/a= pp/telnet-lite/id286893976 ]
VulnCheck Advisory: Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Servic=
e [ https://www.vulncheck.com/advisories/mocha-telnet-lite-for-ios-user-den= ial-of-service ]
=C2=A0 Tenda--AC21 A vulnerability was identified in Tenda AC21 16.03.08.16=
. The affected element is the function fromAdvSetMacMtuWan of the file /gof= orm/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow.=
Remote exploitation of the attack is possible. The exploit is publicly ava= ilable and might be used. 2026-01-29 8.8 CVE-2026-1637 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-1637 ] VDB-343416 | Tenda AC21 AdvSetMacMtuWan fr= omAdvSetMacMtuWan stack-based overflow [ https://vuldb.com/?id.343416 ] VDB-343416 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3434=
16 ]
Submit #740865 | Tenda AC21 V16.03.08.16 Buffer Overflow [ https://vuldb.co= m/?submit.740865 ]
https://github.com/LX-LX88/cve/issues/25
https://www.tenda.com.cn/
=C2=A0 Tenda--AC23 A flaw has been found in Tenda AC23 16.03.07.52. This im= pacts an unknown function of the file /goform/WifiExtraSet. This manipulati=
on of the argument wpapsk_crypto causes buffer overflow. Remote exploitatio=
n of the attack is possible. The exploit has been published and may be used=
. 2026-01-26 8.8 CVE-2026-1420 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-1420 ] VDB-342836 | Tenda AC23 WifiExtraSet buffer overflow [ https://vul= db.com/?id.342836 ]
VDB-342836 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3428=
36 ]
Submit #736559 | Tenda AC23 V16.03.07.52 Buffer Overflow [ https://vuldb.co= m/?submit.736559 ] https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_Wi= fiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_Wi= fiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md#poc https://www.tenda.com.cn/
=C2=A0 Tenda--AX12 Pro V2 A vulnerability was found in Tenda AX12 Pro V2 16= .03.49.24_cn. Affected by this issue is some unknown functionality of the c= omponent Telnet Service. Performing a manipulation results in hard-coded cr= edentials. The attack is possible to be carried out remotely. A high degree=
of complexity is needed for the attack. The exploitation is known to be di= fficult. The exploit has been made public and could be used. 2026-01-29 8.1=
CVE-2026-1610 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1610 ] VDB-343= 378 | Tenda AX12 Pro V2 Telnet Service hard-coded credentials [ https://vul= db.com/?id.343378 ]
VDB-343378 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3433=
78 ]
Submit #740766 | Tenda AX12 pro V2 V16.03.49.24_cn Hard-coded Credentials [=
https://vuldb.com/?submit.740766 ]
https://github.com/QIU-DIE/CVE/issues/49
https://www.tenda.com.cn/
=C2=A0 Tenda--HG10 A weakness has been identified in Tenda HG10 US_HG7_HG9_= HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaf= orm/formSamba of the component Boa Webserver. Executing a manipulation of t=
he argument serverString can lead to command injection. It is possible to l= aunch the attack remotely. The exploit has been made available to the publi=
c and could be used for attacks. 2026-01-30 7.3 CVE-2026-1687 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-1687 ] VDB-343481 | Tenda HG10 Boa Webserv=
er formSamba command injection [ https://vuldb.com/?id.343481 ]
VDB-343481 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343481 ]
Submit #741281 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Command Inj= ection [ https://vuldb.com/?submit.741281 ] https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/= HG10/formSamba-serverString-command.md https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/= HG10/formSamba-serverString-command.md#poc
https://www.tenda.com.cn/
=C2=A0 Tenda--HG10 A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG= 10re_300001138_en_xpon. The impacted element is the function checkUserFromL= anOrWan of the file /boaform/admin/formLogin of the component Login Interfa= ce. The manipulation of the argument Host results in command injection. The=
attack can be launched remotely. The exploit is now public and may be used=
. 2026-01-30 7.3 CVE-2026-1689 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-1689 ] VDB-343483 | Tenda HG10 Login formLogin checkUserFromLanOrWan comm= and injection [ https://vuldb.com/?id.343483 ]
VDB-343483 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343483 ]
Submit #741411 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Command Inj= ection [ https://vuldb.com/?submit.741411 ] https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/= HG10/formLogin-Host-command.md https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/= HG10/formLogin-Host-command.md#poc
https://www.tenda.com.cn/
=C2=A0 Tendenci--Tendenci Tendenci 12.3.1 contains a CSV formula injection = vulnerability in the contact form message field that allows attackers to in= ject malicious formulas during export. Attackers can submit crafted payload=
s like '=3D10+20+cmd|' /C calc'!A0' in the message field to trigger arbitra=
ry command execution when the CSV is opened in spreadsheet applications. 20= 26-01-28 9.8 CVE-2020-36962 [ https://www.cve.org/CVERecord?id=3DCVE-2020-3= 6962 ] ExploitDB-49145 [ https://www.exploit-db.com/exploits/49145 ]
Official Vendor Homepage [ https://www.tendenci.com/ ]
Tendenci GitHub Repository [ https://github.com/tendenci/tendenci ]
VulnCheck Advisory: Tendenci 12.3.1 - CSV/ Formula Injection [ https://www.= vulncheck.com/advisories/tendenci-csv-formula-injection ]
=C2=A0 Testa--Testa Online Test Management System Testa Online Test Managem= ent System 3.4.7 contains a SQL injection vulnerability that allows attacke=
rs to manipulate database queries through the 'q' search parameter. Attacke=
rs can inject malicious SQL code in the search field to extract database in= formation, potentially accessing sensitive user or system data. 2026-01-27 = 8.2 CVE-2021-47902 [ https://www.cve.org/CVERecord?id=3DCVE-2021-47902 ] Ex= ploitDB-49194 [ https://www.exploit-db.com/exploits/49194 ]
Archived Vendor Homepage [ https://web.archive.org/web/20220406031253/https= ://testa.cc/ ]
VulnCheck Advisory: Testa Online Test Management System 3.4.7 - 'q' SQL Inj= ection [ https://www.vulncheck.com/advisories/testa-online-test-management-= system-q-sql-injection ]
=C2=A0 themrdemonized--xray-monolith Access of Resource Using Incompatible = Type ('Type Confusion') vulnerability in themrdemonized xray-monolith. This=
issue affects xray-monolith: before 2025.12.30. 2026-01-27 9.1 CVE-2026-24= 874 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24874 ] https://github.co= m/themrdemonized/xray-monolith/pull/399
=C2=A0 tigroumeow--AI Engine The Chatbot and AI Framework for WordPress The=
AI Engine - The Chatbot and AI Framework for WordPress plugin for WordPres=
s is vulnerable to arbitrary file uploads due to missing file type validati=
on in the `rest_helpers_update_media_metadata` function in all versions up = to, and including, 3.3.2. This makes it possible for authenticated attacker=
s, with Editor-level access and above, to upload arbitrary files on the aff= ected site's server which may make remote code execution possible. The atta= cker can upload a benign image file, then use the `update_media_metadata` e= ndpoint to rename it to a PHP file, creating an executable PHP file in the = uploads directory. 2026-01-28 7.2 CVE-2026-1400 [ https://www.cve.org/CVERe= cord?id=3DCVE-2026-1400 ] https://www.wordfence.com/threat-intel/vulnerabil= ities/id/d5227269-4406-4fcf-af37-f1db0af857d6?source=3Dcve https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.0/classes/res= t.php#L1104 https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.0/classes/res= t.php#L1141 https://plugins.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classe= s/rest.php
=C2=A0 Tildeslash Ltd.--M/Monit M/Monit 3.7.4 contains a privilege escalati=
on vulnerability that allows authenticated users to modify user permissions=
by manipulating the admin parameter. Attackers can send a POST request to = the /api/1/admin/users/update endpoint with a crafted payload to grant admi= nistrative access to a standard user account. 2026-01-28 8.8 CVE-2020-36969=
[ https://www.cve.org/CVERecord?id=3DCVE-2020-36969 ] ExploitDB-49080 [ ht= tps://www.exploit-db.com/exploits/49080 ]
M/Monit Official Vendor Homepage [ https://mmonit.com/ ]
VulnCheck Advisory: M/Monit 3.7.4 - Privilege Escalation [ https://www.vuln= check.com/advisories/mmonit-privilege-escalation ]
=C2=A0 TimeClock Software--TimeClock Software TimeClock Software 1.01 conta= ins an authenticated time-based SQL injection vulnerability that allows att= ackers to enumerate valid usernames by manipulating the 'notes' parameter. = Attackers can inject conditional time delays in the add_entry.php endpoint =
to determine user existence by measuring response time differences. 2026-01= -29 7.1 CVE-2020-37005 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37005 =
] ExploitDB-48874 [ https://www.exploit-db.com/exploits/48874 ]
Archived Product Homepage [ https://web.archive.org/web/20190104104315/http= ://timeclock-software.net/ ]
VulnCheck Advisory: TimeClock Software 1.01 Authenticated Time-Based SQL In= jection [ https://www.vulncheck.com/advisories/timeclock-software-authentic= ated-time-based-sql-injection ]
=C2=A0 Totolink--A3600R A security flaw has been discovered in Totolink A36= 00R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in th=
e library /lib/cste_modules/app.so. Performing a manipulation of the argume=
nt apcliSsid results in buffer overflow. It is possible to initiate the att= ack remotely. The exploit has been released to the public and may be used f=
or attacks. 2026-01-30 8.8 CVE-2026-1686 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1686 ] VDB-343480 | Totolink A3600R app.so setAppEasyWizardConf=
ig buffer overflow [ https://vuldb.com/?id.343480 ]
VDB-343480 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3434=
80 ]
Submit #740888 | TOTOLINK A3600R V5.9c.4959 Buffer Overflow [ https://vuldb= .com/?submit.740888 ] https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToToli= nk/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToToli= nk/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md#poc https://www.totolink.net/
=C2=A0 TrustTunnel--TrustTunnel TrustTunnel is an open-source VPN protocol = with a server-side request forgery and and private network restriction bypa=
ss in versions prior to 0.9.114. In `tcp_forwarder.rs`, SSRF protection for=
`allow_private_network_connections =3D false` was only applied in the `Tcp= Destination::HostName(peer)` path. The `TcpDestination::Address(peer) =3D> = peer` path proceeded to `TcpStream::connect()` without equivalent checks (f=
or example `is_global_ip`, `is_loopback`), allowing loopback/private target=
s to be reached by supplying a numeric IP. The vulnerability is fixed in ve= rsion 0.9.114. 2026-01-29 7.1 CVE-2026-24902 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-24902 ] https://github.com/TrustTunnel/TrustTunnel/security= /advisories/GHSA-hgr9-frvw-5r76 https://github.com/TrustTunnel/TrustTunnel/commit/734bb5cf103b72390a95c853c= bf91e699cc01bc0
=C2=A0 TryGhost--Ghost Ghost is an open source content management system. I=
n Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attack=
er was able to craft a malicious link that, when accessed by an authenticat=
ed staff user or member, would execute JavaScript with the victim's permiss= ions, potentially leading to account takeover. Ghost Portal versions 2.29.1=
through 2.51.4 and 2.52.0 through 2.57.0 were vulnerable to this issue. Gh= ost automatically loads the latest patch of the members Portal component vi=
a CDN. For Ghost 5.x users, upgrading to v5.121.0 or later fixes the vulner= ability. v5.121.0 loads Portal v2.51.5, which contains the patch. For Ghost=
6.x users, upgrading to v6.15.0 or later fixes the vulnerability. v6.15.0 = loads Portal v2.57.1, which contains the patch. For Ghost installations usi=
ng a customized or self-hosted version of Portal, it will be necessary to m= anually rebuild from or update to the latest patch version. 2026-01-27 8.8 = CVE-2026-24778 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24778 ] https:= //github.com/TryGhost/Ghost/security/advisories/GHSA-gv6q-2m97-882h https://github.com/TryGhost/Ghost/commit/da858e640e88e69c1773a7b7ecdc2008fa= 143849
=C2=A0 Tucows Inc.--Audio Playback Recorder Audio Playback Recorder 3.2.2 c= ontains a local buffer overflow vulnerability in the eject and registration=
parameters that allows attackers to execute arbitrary code. Attackers can = craft malicious payloads and overwrite Structured Exception Handler (SEH) t=
o execute shellcode when pasting specially crafted input into the applicati= on's input fields. 2026-01-29 8.4 CVE-2020-37013 [ https://www.cve.org/CVER= ecord?id=3DCVE-2020-37013 ] ExploitDB-48796 [ https://www.exploit-db.com/ex= ploits/48796 ]
Archived Researcher Proof of Concept Video [ https://web.archive.org/web/20= 210105222148/https://whitecr0wz.github.io/assets/img/Findings11/11-proof.gi=
f ]
Product Software Archive [ https://archive.org/details/tucows_288670_Audio_= Playback_Recorder ]
VulnCheck Advisory: Audio Playback Recorder 3.2.2 - Local Buffer Overflow (= SEH) [ https://www.vulncheck.com/advisories/audio-playback-recorder-local-b= uffer-overflow-seh ]
=C2=A0 Tucows--Easy CD & DVD Cover Creator Easy CD & DVD Cover Creator 4.13=
contains a buffer overflow vulnerability in the serial number input field = that allows attackers to crash the application. Attackers can generate a 60= 00-byte payload and paste it into the serial number field to trigger an app= lication crash. 2026-01-27 9.8 CVE-2020-36940 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2020-36940 ] ExploitDB-49337 [ https://www.exploit-db.com/explo= its/49337 ]
VulnCheck Advisory: Easy CD & DVD Cover Creator 4.13 - Denial of Service [ = https://www.vulncheck.com/advisories/easy-cd-dvd-cover-creator-denial-of-se= rvice ]
=C2=A0 Ubiquiti, Inc.--AirControl AirControl 1.4.2 contains a pre-authentic= ation remote code execution vulnerability that allows unauthenticated attac= kers to execute arbitrary system commands through malicious Java expression=
injection. Attackers can exploit the /.seam endpoint by crafting a special=
ly constructed URL with embedded Java expressions to run commands with the = application's system privileges. 2026-01-30 9.8 CVE-2020-37052 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2020-37052 ] ExploitDB-48541 [ https://www.exp= loit-db.com/exploits/48541 ]
Vendor Homepage [ https://www.ui.com/ ]
VulnCheck Advisory: AirControl 1.4.2 - PreAuth Remote Code Execution [ http= s://www.vulncheck.com/advisories/aircontrol-preauth-remote-code-execution ] =C2=A0 Veritas--NetBackup Veritas NetBackup 7.0 contains an unquoted servic=
e path vulnerability in the NetBackup INET Daemon service that allows local=
users to potentially execute arbitrary code. Attackers can exploit the unq= uoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject = malicious code that would execute with elevated LocalSystem privileges. 202= 6-02-01 7.8 CVE-2020-37045 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37= 045 ] ExploitDB-48227 [ https://www.exploit-db.com/exploits/48227 ]
Veritas Official Homepage [ https://www.veritas.com/ ]
VulnCheck Advisory: NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Servic=
e Path [ https://www.vulncheck.com/advisories/netbackup-netbackup-inet-daem= on-unquoted-service-path ]
=C2=A0 VeryPDF.com, Inc.--docPrint Pro docPrint Pro 8.0 contains a local bu= ffer overflow vulnerability in the 'Add URL' input field that allows attack= ers to execute arbitrary code by overwriting memory. Attackers can craft a = malicious payload that triggers a structured exception handler (SEH) overwr= ite to execute shellcode and gain remote system access. 2026-01-28 8.4 CVE-= 2020-36965 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36965 ] ExploitDB-= 49100 [ https://www.exploit-db.com/exploits/49100 ]
Vendor Homepage [ http://www.verypdf.com ]
VulnCheck Advisory: docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghu= nter) [ https://www.vulncheck.com/advisories/docprint-pro-add-url-buffer-ov= erflow-seh-egghunter ]
=C2=A0 VestaCP--VestaCP VestaCP 0.9.8-26 contains a session token vulnerabi= lity in the LoginAs module that allows remote attackers to manipulate authe= ntication tokens. Attackers can exploit insufficient token validation to ac= cess user accounts and perform unauthorized login requests without proper a= dministrative permissions. 2026-01-27 9.8 CVE-2020-36948 [ https://www.cve.= org/CVERecord?id=3DCVE-2020-36948 ] ExploitDB-49219 [ https://www.exploit-d= b.com/exploits/49219 ]
VestaCP Official Homepage [ https://vestacp.com/ ]
Vulnerability Lab Advisory [ https://www.vulnerability-lab.com/get_content.= php?id=3D2240 ]
Benjamin Kunz Mejri Profile [ https://www.vulnerability-lab.com/show.php?us= er=3DBenjamin%20K.M. ]
VulnCheck Advisory: VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Valid= ation [ https://www.vulncheck.com/advisories/vestacp-loginas-insufficient-s= ession-validation ]
=C2=A0 VictorAlagwu--CMSsite Victor CMS 1.0 contains a file upload vulnerab= ility that allows authenticated users to upload malicious PHP files through=
the profile image upload feature. Attackers can upload a PHP shell to the = /img directory and execute system commands by accessing the uploaded file v=
ia web browser. 2026-01-27 8.8 CVE-2020-36942 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2020-36942 ] ExploitDB-49310 [ https://www.exploit-db.com/explo= its/49310 ]
Victor CMS Project Repository [ https://github.com/VictorAlagwu/CMSsite ] VulnCheck Advisory: Victor CMS 1.0 - File Upload To RCE [ https://www.vulnc= heck.com/advisories/victor-cms-file-upload-to-rce ]
=C2=A0 vllm-project--vllm vLLM is an inference and serving engine for large=
language models (LLMs). Prior to version 0.14.1, a Server-Side Request For= gery (SSRF) vulnerability exists in the `MediaConnector` class within the v= LLM project's multimodal feature set. The load_from_url and load_from_url_a= sync methods obtain and process media from URLs provided by users, using di= fferent Python parsing libraries when restricting the target host. These tw=
o parsing libraries have different interpretations of backslashes, which al= lows the host name restriction to be bypassed. This allows an attacker to c= oerce the vLLM server into making arbitrary requests to internal network re= sources. This vulnerability is particularly critical in containerized envir= onments like `llm-d`, where a compromised vLLM pod could be used to scan th=
e internal network, interact with other pods, and potentially cause denial =
of service or access sensitive data. For example, an attacker could make th=
e vLLM pod send malicious requests to an internal `llm-d` management endpoi= nt, leading to system instability by falsely reporting metrics like the KV = cache state. Version 0.14.1 contains a patch for the issue. 2026-01-27 7.1 = CVE-2026-24779 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24779 ] https:= //github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc https://github.com/vllm-project/vllm/pull/32746 https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850be= d38ef17d7
=C2=A0 WEBDAMN.COM--WebDamn User Registration & Login System with User Pane=
l WebDamn User Registration Login System contains a SQL injection vulnerabi= lity that allows unauthenticated attackers to bypass login authentication b=
y manipulating email credentials. Attackers can inject the payload '<email>=
' OR '1'=3D'1' in both username and password fields to gain unauthorized ac= cess to the user panel. 2026-01-28 8.2 CVE-2020-36945 [ https://www.cve.org= /CVERecord?id=3DCVE-2020-36945 ] ExploitDB-49170 [ https://www.exploit-db.c= om/exploits/49170 ]
Vendor Homepage [ https://webdamn.com/ ]
Software Product Page [ https://webdamn.com/user-management-system-with-php= -mysql/ ]
VulnCheck Advisory: WebDamn User Registration & Login System with User Pane=
l - SQLi Auth Bypass [ https://www.vulncheck.com/advisories/webdamn-user-re= gistration-login-system-with-user-panel-sqli-auth-bypass ]
=C2=A0 Weird Solutions--DHCP Turbo DHCP Turbo 4.61298 contains an unquoted = service path vulnerability that allows local attackers to potentially execu=
te arbitrary code by exploiting the service binary path. Attackers can plac=
e malicious executables in the service path to gain elevated privileges whe=
n the service starts. 2026-02-01 7.8 CVE-2020-37062 [ https://www.cve.org/C= VERecord?id=3DCVE-2020-37062 ] ExploitDB-48080 [ https://www.exploit-db.com= /exploits/48080 ]
Vendor Homepage [ https://www.weird-solutions.com ]
VulnCheck Advisory: DHCP Turbo 4.6.1298- 'DHCP Turbo 4' Unquoted Service Pa=
th [ https://www.vulncheck.com/advisories/dhcp-turbo-dhcp-turbo-unquoted-se= rvice-path ]
=C2=A0 Weird-Solutions--BOOTP Turbo BOOTP Turbo 2.0.1214 contains an unquot=
ed service path vulnerability that allows local attackers to potentially ex= ecute arbitrary code with elevated system privileges. Attackers can exploit=
the unquoted executable path to inject malicious code that will be execute=
d when the service starts with LocalSystem permissions. 2026-02-01 7.8 CVE-= 2020-37061 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37061 ] ExploitDB-= 48078 [ https://www.exploit-db.com/exploits/48078 ]
Vendor Homepage [ https://www.weird-solutions.com ]
VulnCheck Advisory: BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service P= ath [ https://www.vulncheck.com/advisories/bootp-turbo-bootp-turbo-unquoted= -service-path ]
=C2=A0 Weird-Solutions--TFTP Turbo TFTP Turbo 4.6.1273 contains an unquoted=
service path vulnerability that allows local attackers to potentially exec= ute arbitrary code with elevated privileges. Attackers can exploit the unqu= oted path in the service configuration to inject malicious executables that=
will be launched with LocalSystem permissions. 2026-02-01 7.8 CVE-2020-370=
63 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37063 ] ExploitDB-48085 [ = https://www.exploit-db.com/exploits/48085 ]
Vendor Homepage [ https://www.weird-solutions.com ]
VulnCheck Advisory: TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service P= ath [ https://www.vulncheck.com/advisories/tftp-turbo-tftp-turbo-unquoted-s= ervice-path ]
=C2=A0 WellChoose--Single Sign-On Portal System Single Sign-On Portal Syste=
m developed by WellChoose has a OS Command Injection vulnerability, allowin=
g authenticated remote attackers to inject arbitrary OS commands and execut=
e them on the server. 2026-01-26 8.8 CVE-2026-1427 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-1427 ] https://www.twcert.org.tw/tw/cp-132-10654-23f4= 0-1.html
https://www.twcert.org.tw/en/cp-139-10655-59160-2.html
=C2=A0 WellChoose--Single Sign-On Portal System Single Sign-On Portal Syste=
m developed by WellChoose has a OS Command Injection vulnerability, allowin=
g authenticated remote attackers to inject arbitrary OS commands and execut=
e them on the server. 2026-01-26 8.8 CVE-2026-1428 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-1428 ] https://www.twcert.org.tw/tw/cp-132-10654-23f4= 0-1.html
https://www.twcert.org.tw/en/cp-139-10655-59160-2.html
=C2=A0 Wibu--CodeMeter CodeMeter 6.60 contains an unquoted service path vul= nerability that allows local users to potentially execute arbitrary code wi=
th elevated system privileges. Attackers can exploit the unquoted binary pa=
th in the CodeMeter Runtime Server service to inject malicious code that wo= uld execute with LocalSystem permissions. 2026-01-29 7.8 CVE-2020-37017 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2020-37017 ] ExploitDB-48735 [ https:= //www.exploit-db.com/exploits/48735 ]
CodeMeter Runtime Product Homepage [ https://www.wibu.com/us/products/codem= eter/runtime.html ]
VulnCheck Advisory: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path =
[ https://www.vulncheck.com/advisories/codemeter-codemeterexe-unquoted-serv= ice-path ]
=C2=A0 WinAVR--WinAVR WinAVR version 20100110 contains an insecure permissi= ons vulnerability that allows authenticated users to modify system files an=
d executables. Attackers can leverage the overly permissive access controls=
to potentially modify critical DLLs and executable files in the WinAVR ins= tallation directory. 2026-01-27 8.8 CVE-2020-36938 [ https://www.cve.org/CV= ERecord?id=3DCVE-2020-36938 ] ExploitDB-49379 [ https://www.exploit-db.com/= exploits/49379 ]
WinAVR Official Project Homepage [ https://sourceforge.net/projects/winavr/=
]
VulnCheck Advisory: WinAVR Version 20100110 - Insecure Folder Permissions [=
https://www.vulncheck.com/advisories/winavr-version-insecure-folder-permis= sions ]
=C2=A0 WinFrigate--Frigate 2 Frigate 2.02 contains a denial of service vuln= erability that allows attackers to crash the application by sending oversiz=
ed input to the command line interface. Attackers can generate a payload of=
8000 repeated characters and paste it into the application's command line = field to trigger an application crash. 2026-01-30 7.5 CVE-2020-37039 [ http= s://www.cve.org/CVERecord?id=3DCVE-2020-37039 ] ExploitDB-48613 [ https://w= ww.exploit-db.com/exploits/48613 ]
Archived Vendor Homepage [ https://web.archive.org/web/20190623044943/http:= //www.frigate3.com/index.php ]
VulnCheck Advisory: Frigate 2.02 - Denial Of Service [ https://www.vulnchec= k.com/advisories/frigate-denial-of-service ]
=C2=A0 WinFrigate--Frigate 3 Professional Frigate Professional 3.36.0.9 con= tains a local buffer overflow vulnerability in the 'Find Computer' feature = that allows attackers to execute arbitrary code by overflowing the computer=
name input field. Attackers can craft a malicious payload that triggers a = buffer overflow, enabling code execution and launching calculator as a proo=
f of concept. 2026-01-30 8.4 CVE-2020-37042 [ https://www.cve.org/CVERecord= ?id=3DCVE-2020-37042 ] ExploitDB-48579 [ https://www.exploit-db.com/exploit= s/48579 ]
Archived Vendor Homepage [ https://web.archive.org/web/20190623044943/http:= //www.frigate3.com/index.php ]
VulnCheck Advisory: Frigate Professional 3.36.0.9 - 'Find Computer' Local B= uffer Overflow [ https://www.vulncheck.com/advisories/frigate-professional-= find-computer-local-buffer-overflow ]
=C2=A0 WinFrigate--Frigate 3 Professional Frigate 3.36.0.9 contains a local=
buffer overflow vulnerability in the Command Line input field that allows = attackers to execute arbitrary code. Attackers can craft a malicious payloa=
d to overflow the buffer, bypass DEP, and execute commands like launching c= alc.exe through a specially crafted input sequence. 2026-01-30 8.4 CVE-2020= -37049 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37049 ] ExploitDB-4856=
3 [ https://www.exploit-db.com/exploits/48563 ]
Archived Vendor Homepage [ https://web.archive.org/web/20190623044943/http:= //www.frigate3.com/index.php ]
VulnCheck Advisory: Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow=
[ https://www.vulncheck.com/advisories/frigate-command-line-local-buffer-o= verflow ]
=C2=A0 Wing FTP Server--Wing FTP Server Wing FTP Server 6.3.8 contains a re= mote code execution vulnerability in its Lua-based web console that allows = authenticated users to execute system commands. Attackers can leverage the = console to send POST requests with malicious commands that trigger operatin=
g system execution through the os.execute() function. 2026-01-30 8.8 CVE-20= 20-37032 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37032 ] ExploitDB-48= 676 [ https://www.exploit-db.com/exploits/48676 ]
Wing FTP Server Official Homepage [ https://www.wftpserver.com/ ]
VulnCheck Advisory: Wing FTP Server 6.3.8 - Remote Code Execution [ https:/= /www.vulncheck.com/advisories/wing-ftp-server-remote-code-execution ]
=C2=A0 Wondershare--Wondershare Driver Install Service help Wondershare Dri= ver Install Service contains an unquoted service path vulnerability in the = ElevationService executable that allows local attackers to potentially inje=
ct malicious code. Attackers can exploit the unquoted path to replace the s= ervice binary with a malicious executable, enabling privilege escalation to=
LocalSystem account. 2026-01-27 7.8 CVE-2020-36977 [ https://www.cve.org/C= VERecord?id=3DCVE-2020-36977 ] ExploitDB-49101 [ https://www.exploit-db.com= /exploits/49101 ]
Vendor Homepage [ https://www.wondershare.com/ ]
Software Product Page [ https://www.wondershare.com/drfone/ ]
VulnCheck Advisory: Wondershare Driver Install Service help 10.7.1.321 - 'E= levationService' Unquote Service Path [ https://www.vulncheck.com/advisorie= s/wondershare-driver-install-service-help-elevationservice-unquote-service-= path ]
=C2=A0 wpcreatix--VidShop Shoppable Videos for WooCommerce The VidShop - Sh= oppable Videos for WooCommerce plugin for WordPress is vulnerable to time-b= ased SQL Injection via the 'fields' parameter in all versions up to, and in= cluding, 1.1.4 due to insufficient escaping on the user supplied parameter = and lack of sufficient preparation on the existing SQL query. This makes it=
possible for unauthenticated attackers to append additional SQL queries in=
to already existing queries that can be used to extract sensitive informati=
on from the database. 2026-01-28 7.5 CVE-2026-0702 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-0702 ] https://www.wordfence.com/threat-intel/vulnera= bilities/id/a61d8d2a-742f-45f1-9146-f733b80ef195?source=3Dcve https://plugins.trac.wordpress.org/browser/vidshop-for-woocommerce/trunk/in= cludes/rest-api/v1/class-videos-controller.php#L224 https://plugins.trac.wordpress.org/browser/vidshop-for-woocommerce/trunk/in= cludes/rest-api/v1/class-videos-controller.php#L297 https://plugins.trac.wordpress.org/browser/vidshop-for-woocommerce/trunk/in= cludes/utils/class-query-builder.php#L778 https://plugins.trac.wordpress.org/changeset/3441106/
=C2=A0 yoyofr--modizer Integer Overflow or Wraparound vulnerability in yoyo=
fr modizer. This issue affects modizer: before 4.1.1. 2026-01-27 7.8 CVE-20= 26-24875 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24875 ] https://gith= ub.com/yoyofr/modizer/pull/133
=C2=A0 zalando--skipper Skipper is an HTTP router and reverse proxy for ser= vice composition. Prior to version 0.24.0, when running Skipper as an Ingre=
ss controller, users with permissions to create an Ingress and a Service of=
type ExternalName can create routes that enable them to use Skipper's netw= ork access to reach internal services. Version 0.24.0 disables Kubernetes E= xternalName by default. As a workaround, developers can allow list targets =
of an ExternalName and allow list via regular expressions. 2026-01-26 8.1 C= VE-2026-24470 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24470 ] https:/= /github.com/zalando/skipper/security/advisories/GHSA-mxxc-p822-2hx9 https://github.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a3= 9cf6219 https://kubernetes.io/docs/concepts/services-networking/service/#externalna=
me
=C2=A0 Zortam.com--Zortam Mp3 Media Studio Zortam Mp3 Media Studio 27.60 co= ntains a buffer overflow vulnerability in the library creation file selecti=
on process that allows remote code execution. Attackers can craft a malicio=
us text file with shellcode to trigger a structured exception handler (SEH)=
overwrite and execute arbitrary commands on the target system. 2026-01-28 = 9.8 CVE-2020-36967 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36967 ] Ex= ploitDB-49084 [ https://www.exploit-db.com/exploits/49084 ]
Zortam Official Homepage [ https://www.zortam.com/index.html ]
Zortam Software Download Page [ https://www.zortam.com/download.html ] VulnCheck Advisory: Zortam Mp3 Media Studio 27.60 - Remote Code Execution (= SEH) [ https://www.vulncheck.com/advisories/zortam-mp-media-studio-remote-c= ode-execution-seh ]
=C2=A0=20

Back to top [ #top ]

Medium Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info 2= 100 Technology--Official Document Management System Official Document Manag= ement System developed by 2100 Technology has a Incorrect Authorization vul= nerability, allowing authenticated remote attackers to modify front-end cod=
e to read all official documents. 2026-01-28 6.5 CVE-2026-1514 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-1514 ] https://www.twcert.org.tw/tw/cp-13= 2-10658-c5a07-1.html
https://www.twcert.org.tw/en/cp-139-10659-264cd-2.html
=C2=A0 Adikiss--Sistem Informasi Pengumuman Kelulusan Online Sistem Informa=
si Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vu= lnerability that allows attackers to add unauthorized admin users through t=
he tambahuser.php endpoint. Attackers can craft a malicious HTML form to su= bmit admin credentials and create new administrative accounts without the v= ictim's consent. 2026-01-30 5.3 CVE-2020-37046 [ https://www.cve.org/CVERec= ord?id=3DCVE-2020-37046 ] ExploitDB-48571 [ https://www.exploit-db.com/expl= oits/48571 ]
Vendor Homepage [ https://adikiss.net/ ]
Software Download Page [ https://adikiss.net/2014/06/aplikasi-sistem-inform= asi-pengumuman-kelulusan-online-2/ ]
VulnCheck Advisory: Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cros= s-Site Request Forgery [ https://www.vulncheck.com/advisories/sistem-inform= asi-pengumuman-kelulusan-online-cross-site-request-forgery ]
=C2=A0 ajay138--Knap Advanced PHP Login Knap Advanced PHP Login 3.1.3 conta= ins a persistent cross-site scripting vulnerability that allows remote atta= ckers to inject malicious script code in the name parameter. Attackers can = exploit the vulnerability to execute arbitrary scripts in users and activit=
y log backend modules, potentially leading to session hijacking and persist= ent phishing attacks. 2026-02-01 6.4 CVE-2022-50940 [ https://www.cve.org/C= VERecord?id=3DCVE-2022-50940 ] Vulnerability Lab Advisory [ https://www.vul= nerability-lab.com/get_content.php?id=3D2307 ]
Laravel & Vue.js [ https://laravel-vuejs.com/ ]
VulnCheck Advisory: Knap Advanced PHP Login 3.1.3 Persistent Cross-Site Scr= ipting via Name Parameter [ https://www.vulncheck.com/advisories/knap-advan= ced-php-login-persistent-cross-site-scripting-via-name-parameter ]
=C2=A0 Akn Software Computer Import Export Industry and Trade Ltd.--QR Menu=
Session Fixation vulnerability in Ak=C3=84=C2=B1n Software Computer Import=
Export Industry and Trade Ltd. QR Menu allows Session Fixation. This issue=
affects QR Menu: before s1.05.12. 2026-01-29 5.7 CVE-2025-7015 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-7015 ] https://www.usom.gov.tr/bildirim/= tr-26-0006
=C2=A0 Author: Scott Ferreira--Free Photo & Video Vault - WiFi Transfer Fre=
e Photo & Video Vault 0.0.2 contains a directory traversal web vulnerabilit=
y that allows remote attackers to manipulate application path requests and = access sensitive system files. Attackers can exploit the vulnerability with= out privileges to retrieve environment variables and access unauthorized sy= stem paths. 2026-02-01 6.5 CVE-2021-47921 [ https://www.cve.org/CVERecord?i= d=3DCVE-2021-47921 ] Vulnerability Lab Advisory [ https://www.vulnerability= -lab.com/get_content.php?id=3D2271 ]
Product Homepage [ https://apps.apple.com/us/app/free-photo-video-vault-wif= i-transfer/id981034501 ]
VulnCheck Advisory: Free Photo & Video Vault 0.0.2 Directory Traversal Vuln= erability via Web Request [ https://www.vulncheck.com/advisories/free-photo= -video-vault-directory-traversal-vulnerability-via-web-request ]
=C2=A0 ays-pro--Popup Box Create Countdown, Coupon, Video, Contact Form Pop= ups The Popup Box plugin for WordPress is vulnerable to Cross-Site Request = Forgery in all versions up to, and including, 6.1.1. This is due to a flawe=
d nonce implementation in the 'publish_unpublish_popupbox' function that ve= rifies a self-created nonce rather than one submitted in the request. This = makes it possible for unauthenticated attackers to change the publish statu=
s of popups via a forged request, granted they can trick a site administrat=
or into performing an action such as clicking a link. 2026-01-31 4.3 CVE-20= 26-1165 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1165 ] https://www.wo= rdfence.com/threat-intel/vulnerabilities/id/585a9eb4-f394-4cb2-9050-659171a= 994d9?source=3Dcve https://plugins.trac.wordpress.org/browser/ays-popup-box/tags/6.1.0/admin/p= artials/ays-pb-admin-display.php#L22 https://plugins.trac.wordpress.org/browser/ays-popup-box/tags/6.1.0/include= s/lists/class-ays-pb-list-table.php#L701 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3439514@ays-popup-box/tags/6.1.1/&new=3D3444612@ays-popup-box= /tags/6.1.2/
=C2=A0 B&R Industrial Automation GmbH--Process Visualization Interface (PVI=
) An Insertion of Sensitive Information into Log File vulnerability in B&R = PVI client versions prior to 6.5 may be abused by an authenticated local at= tacker to gather credential information which is processed by the PVI clien=
t application. The logging function of the PVI client application is disabl=
ed by default and must be explicitly enabled by the user. 2026-01-29 5 CVE-= 2026-0936 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0936 ] https://www.= br-automation.com/fileadmin/SA26P001-2862434c.pdf
=C2=A0 backstage--backstage Backstage is an open framework for building dev= eloper portals, and @backstage/plugin-techdocs-node provides common node.js=
functionalities for TechDocs. In versions of @backstage/plugin-techdocs-no=
de prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechD= ocs local generator allows attackers to read arbitrary files from the host = filesystem when Backstage is configured with `techdocs.generator.runIn: loc= al`. When processing documentation from untrusted sources, symlinks within = the docs directory are followed by MkDocs during the build process. File co= ntents are embedded into generated HTML and exposed to users who can view t=
he documentation. This vulnerability is fixed in` @backstage/plugin-techdoc= s-node` versions 1.13.11 and 1.14.1. Some workarounds are available. Switch=
to `runIn: docker` in `app-config.yaml` and/or restrict write access to Te= chDocs source repositories to trusted users only. 2026-01-30 5.3 CVE-2026-2= 5152 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25152 ] https://github.c= om/backstage/backstage/security/advisories/GHSA-w669-jj7h-88m9
=C2=A0 Banco de Guayaquil--Banco Guayaquil Banco Guayaquil 8.0.0 mobile iOS=
application contains a persistent cross-site scripting vulnerability in th=
e TextBox Name Profile input. Attackers can inject malicious script code th= rough a POST request that executes on application review without user inter= action. 2026-02-01 6.4 CVE-2022-50952 [ https://www.cve.org/CVERecord?id=3D= CVE-2022-50952 ] Vulnerability Lab Advisory [ https://www.vulnerability-lab= .com/get_content.php?id=3D2315 ]
Product Homepage [ https://apps.apple.com/ec/app/banco-guayaquil/id62496306=
6 ]
VulnCheck Advisory: Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting v=
ia Profile Name Input [ https://www.vulncheck.com/advisories/banco-guayaqui= l-mobile-ios-cross-site-scripting-via-profile-name-input ]
=C2=A0 Bdtask--Bhojon All-In-One Restaurant Management System A vulnerabili=
ty was determined in Bdtask Bhojon All-In-One Restaurant Management System =
up to 20260116. The affected element is an unknown function of the file /hu= ngry/placeorder of the component Checkout. Executing a manipulation of the = argument orggrandTotal/vat/service_charge/grandtotal can lead to business l= ogic errors. It is possible to launch the attack remotely. The exploit has = been publicly disclosed and may be utilized. The vendor was contacted early=
about this disclosure but did not respond in any way. 2026-01-29 4.3 CVE-2= 026-1599 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1599 ] VDB-343361 | = Bdtask Bhojon All-In-One Restaurant Management System Checkout placeorder l= ogic error [ https://vuldb.com/?id.343361 ]
VDB-343361 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3433=
61 ]
Submit #740740 | Bdtask Bhojon All-In-One Restaurant Management System late=
st Business Logic Errors [ https://vuldb.com/?submit.740740 ] https://github.com/4m3rr0r/PoCVulDb/issues/13 https://www.youtube.com/watch?v=3Dn7xLBAOrKAU
=C2=A0 Bdtask--Bhojon All-In-One Restaurant Management System A vulnerabili=
ty was identified in Bdtask Bhojon All-In-One Restaurant Management System =
up to 20260116. The impacted element is an unknown function of the file /hu= ngry/addtocart of the component Add-to-Cart Submission Endpoint. The manipu= lation of the argument price/allprice leads to business logic errors. The a= ttack can be initiated remotely. The exploit is publicly available and migh=
t be used. The vendor was contacted early about this disclosure but did not=
respond in any way. 2026-01-29 4.3 CVE-2026-1600 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-1600 ] VDB-343362 | Bdtask Bhojon All-In-One Restauran=
t Management System Add-to-Cart Submission Endpoint addtocart logic error [=
https://vuldb.com/?id.343362 ]
VDB-343362 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3433=
62 ]
Submit #740741 | Bdtask Bhojon All-In-One Restaurant Management System late=
st Business Logic Errors [ https://vuldb.com/?submit.740741 ] https://github.com/4m3rr0r/PoCVulDb/issues/14 https://www.youtube.com/watch?v=3DUESZTjVS4Fs
=C2=A0 Bdtask--SalesERP A vulnerability has been found in Bdtask SalesERP u=
p to 20260116. This issue affects some unknown processing of the component = Administrative Endpoint. Such manipulation of the argument ci_session leads=
to improper authorization. The attack may be performed from remote. The ex= ploit has been disclosed to the public and may be used. The vendor was cont= acted early about this disclosure but did not respond in any way. 2026-01-2=
9 6.3 CVE-2026-1597 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1597 ] VD= B-343359 | Bdtask SalesERP Administrative Endpoint improper authorization [=
https://vuldb.com/?id.343359 ]
VDB-343359 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343359 ]
Submit #740735 | Bdtask SalesERP -- AI-Powered ERP Software For Small Busin= ess Unknown Broken Access Control / Privilege Escalation [ https://vuldb.co= m/?submit.740735 ]
https://github.com/4m3rr0r/PoCVulDb/issues/11 https://www.youtube.com/watch?v=3DKSducixS3pk
=C2=A0 Beckhoff Automation--Beckhoff.Device.Manager.XAR A low privileged re= mote attacker may be able to disclose confidential information from the mem= ory of a privileged process by sending specially crafted calls to the Devic=
e Manager web service that cause an out-of-bounds read operation under cert= ain circumstances due to ASLR and thereby potentially copy confidential inf= ormation into a response. 2026-01-27 5.3 CVE-2025-41728 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2025-41728 ] https://certvde.com/de/advisories/VDE-20= 25-092
=C2=A0 Beetel--777VR1 A vulnerability was detected in Beetel 777VR1 up to 0= 1.00.09/01.00.09_55. Impacted is an unknown function of the component UART = Interface. The manipulation results in missing authentication. An attack on=
the physical device is feasible. This attack is characterized by high comp= lexity. The exploitability is considered difficult. The exploit is now publ=
ic and may be used. The vendor was contacted early about this disclosure bu=
t did not respond in any way. 2026-01-26 6.4 CVE-2026-1410 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-1410 ] VDB-342799 | Beetel 777VR1 UART missin=
g authentication [ https://vuldb.com/?id.342799 ]
VDB-342799 | CTI Indicators (IOB, IOC) [ https://vuldb.com/?ctiid.342799 ] Submit #739433 | Beetel Beetel 777VR1 Broadband Router Firmware Versions: V= 01.00.09 / V01.00.09_55 CWE-306=E2=80=9D Missing Authentication for Critica=
l Function [ https://vuldb.com/?submit.739433 ] https://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f
=C2=A0 Beetel--777VR1 A flaw has been found in Beetel 777VR1 up to 01.00.09= /01.00.09_55. The affected element is an unknown function of the component = UART Interface. This manipulation causes improper access controls. It is fe= asible to perform the attack on the physical device. The complexity of an a= ttack is rather high. The exploitability is described as difficult. The exp= loit has been published and may be used. The vendor was contacted early abo=
ut this disclosure but did not respond in any way. 2026-01-26 6.1 CVE-2026-= 1411 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1411 ] VDB-342800 | Beet=
el 777VR1 UART access control [ https://vuldb.com/?id.342800 ]
VDB-342800 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3428=
00 ]
Submit #740674 | Beetel Beetel 777VR1 Broadband Router Firmware Versions: V= 01.00.09 / V01.00.09_55 CWE-284=E2=80=9D Improper Access Control [ https://= vuldb.com/?submit.740674 ] https://gist.github.com/raghav20232023/ea6adcd6d1eca35683570a1094164bd3
=C2=A0 bfintal--Interactions Create Interactive Experiences in the Block Ed= itor The Interactions - Create Interactive Experiences in the Block Editor = plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event=
selectors in all versions up to, and including, 1.3.1 due to insufficient = input sanitization and output escaping. This makes it possible for authenti= cated attackers, with Contributor-level access and above, to inject arbitra=
ry web scripts in pages that will execute whenever a user accesses an injec= ted page. 2026-01-28 6.4 CVE-2025-12709 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-12709 ] https://www.wordfence.com/threat-intel/vulnerabilities/= id/ab97f125-3a4a-4293-b218-07586c1c021c?source=3Dcve https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3448073%40interactions&new=3D3448073%40interactions
=C2=A0 birkir--prime birkir prime <=3D 0.4.0.beta.0 contains a cross-site r= equest forgery vulnerability in its GraphQL endpoint that allows attackers =
to exploit GET-based query requests. Attackers can craft malicious GET requ= ests to trigger unauthorized actions against privileged users by manipulati=
ng GraphQL query parameters. 2026-01-29 5.3 CVE-2025-15550 [ https://www.cv= e.org/CVERecord?id=3DCVE-2025-15550 ] GitHub Issue #547 [ https://github.co= m/birkir/prime/issues/547 ]
VulnCheck Advisory: birkir prime <=3D 0.4.0.beta.0 - Cross-Site Request For= gery in GraphQL [ https://www.vulncheck.com/advisories/birkir-prime-beta-cr= oss-site-request-forgery-in-graphql ]
=C2=A0 bobthecow--psysh PsySH is a runtime developer console, interactive d= ebugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH aut= omatically loads and executes a `.psysh.php` file from the Current Working = Directory (CWD) on startup. If an attacker can write to a directory that a = victim later uses as their CWD when launching PsySH, the attacker can trigg=
er arbitrary code execution in the victim's context. When the victim runs P= sySH with elevated privileges (e.g., root), this results in local privilege=
escalation. This is a CWD configuration poisoning issue leading to arbitra=
ry code execution in the victim user's context. If a privileged user (e.g.,=
root, a CI runner, or an ops/debug account) launches PsySH with CWD set to=
an attacker-writable directory containing a malicious `.psysh.php`, the at= tacker can execute commands with that privileged user's permissions, result= ing in local privilege escalation. Downstream consumers that embed PsySH in= herit this risk. For example, Laravel Tinker (`php artisan tinker`) uses Ps= ySH. If a privileged user runs Tinker while their shell is in an attacker-w= ritable directory, the `.psysh.php` auto-load behavior can be abused in the=
same way to execute attacker-controlled code under the victim's privileges=
. Versions 0.11.23 and 0.12.19 patch the issue. 2026-01-30 6.7 CVE-2026-251=
29 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25129 ] https://github.com= /bobthecow/psysh/security/advisories/GHSA-4486-gxhx-5mg7 https://github.com/bobthecow/psysh/releases/tag/v0.11.23 https://github.com/bobthecow/psysh/releases/tag/v0.12.19
=C2=A0 bolo-solo--bolo-solo A vulnerability has been found in bolo-solo up =
to 2.6.4. This impacts the function importMarkdownsSync of the file src/mai= n/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYA= ML. Such manipulation leads to deserialization. The attack may be launched = remotely. The exploit has been disclosed to the public and may be used. 202= 6-01-30 6.3 CVE-2026-1691 [ https://www.cve.org/CVERecord?id=3DCVE-2026-169=
1 ] VDB-343485 | bolo-solo SnakeYAML BackupService.java importMarkdownsSync=
deserialization [ https://vuldb.com/?id.343485 ]
VDB-343485 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3434=
85 ]
Submit #741899 | bolo-solo V2.6.4 SnakeYAML deserialization vulnerability [=
https://vuldb.com/?submit.741899 ] https://github.com/bolo-blog/bolo-solo/issues/325 https://github.com/bolo-blog/bolo-solo/issues/325#issue-3828755519
=C2=A0 bplugins--Document Embedder Embed PDFs, Word, Excel, and Other Files=
The Document Embedder - Embed PDFs, Word, Excel, and Other Files plugin fo=
r WordPress is vulnerable to Insecure Direct Object Reference in all versio=
ns up to, and including, 2.0.4. This is due to the plugin not verifying tha=
t a user has permission to access the requested resource in the 'bplde_save= _document_library', 'bplde_get_single', and 'bplde_delete_document_library'=
AJAX actions. This makes it possible for authenticated attackers, with Aut= hor-level access and above, to read, modify, and delete Document Library en= tries created by other users, including administrators, via the 'id' parame= ter. 2026-01-28 5.3 CVE-2026-1389 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-1389 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/59d14= f6c-6286-454c-8629-96a0c2de943c?source=3Dcve https://plugins.trac.wordpress.org/browser/document-emberdder/tags/2.0.3/in= cludes/DocumentLibrary/Init-DocumentLibrary.php#L66 https://plugins.trac.wordpress.org/browser/document-emberdder/tags/2.0.3/in= cludes/DocumentLibrary/Init-DocumentLibrary.php#L103 https://plugins.trac.wordpress.org/browser/document-emberdder/tags/2.0.3/in= cludes/DocumentLibrary/Init-DocumentLibrary.php#L159 https://plugins.trac.wordpress.org/browser/document-emberdder/tags/2.0.5/in= cludes/DocumentLibrary/Init-DocumentLibrary.php
=C2=A0 Broadcom--Symantec Endpoint Protection Windows Client Symantec Endpo= int Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, m=
ay be susceptible to a Elevation of Privilege vulnerability, which is a typ=
e of issue whereby an attacker may attempt to compromise the software appli= cation to gain elevated access to resources that are normally protected fro=
m an application or user. 2026-01-28 6.7 CVE-2025-13918 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2025-13918 ] https://support.broadcom.com/web/ecx/sup= port-content-notification/-/external/content/SecurityAdvisories/0/36774
=C2=A0 Broadcom--Symantec Endpoint Protection Windows Client Symantec Endpo= int Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, m=
ay be susceptible to a COM Hijacking vulnerability, which is a type of issu=
e whereby an attacker attempts to establish persistence and evade detection=
by hijacking COM references in the Windows Registry. 2026-01-28 4.4 CVE-20= 25-13919 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13919 ] https://supp= ort.broadcom.com/web/ecx/support-content-notification/-/external/content/Se= curityAdvisories/0/36774
=C2=A0 Brother Industries, Ltd.--Multiple MFPs Hidden functionality issue e= xists in multiple MFPs provided by Brother Industries, Ltd., which may allo=
w an attacker to obtain the logs of the affected product and obtain sensiti=
ve information within the logs. 2026-01-29 5.3 CVE-2025-55704 [ https://www= .cve.org/CVERecord?id=3DCVE-2025-55704 ] https://faq.brother.co.jp/app/answ= ers/detail/a_id/13716 https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.= pdf
https://jvn.jp/en/vu/JVNVU92878805/
=C2=A0 Bun--Bun In Bun before 1.3.5, the default trusted dependencies list = (aka trust allow list) can be spoofed by a non-npm package in the case of a=
matching name (for file, link, git, or github). 2026-01-27 5.9 CVE-2026-24= 910 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24910 ] https://www.scwor= ld.com/news/six-javascript-zero-day-bugs-lead-to-fears-of-supply-chain-atta=
ck
https://bun.com/blog/bun-v1.3.5 https://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-= npm-wont-act
=C2=A0 chainguard-dev--malcontent malcontent discovers supply-chain comprom= ises through. context, differential analysis, and YARA. Starting in version=
0.10.0 and prior to version 1.20.3, malcontent could be made to expose Doc= ker registry credentials if it scanned a specially crafted OCI image refere= nce. malcontent uses google/go-containerregistry for OCI image pulls, which=
by default uses the Docker credential keychain. A malicious registry could=
return a `WWW-Authenticate` header redirecting token authentication to an = attacker-controlled endpoint, causing credentials to be sent to that endpoi= nt. Version 1.20.3 fixes the issue by defaulting to anonymous auth for OCI = pulls. 2026-01-29 6.5 CVE-2026-24845 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-24845 ] https://github.com/chainguard-dev/malcontent/security/advis= ories/GHSA-9m43-p3cx-w8j5 https://github.com/chainguard-dev/malcontent/commit/538ed00cdc639d687a4bd1e= 843a2be0428a3b3e7
=C2=A0 chainguard-dev--malcontent malcontent discovers supply-chain comprom= ises through. context, differential analysis, and YARA. Starting in version=
1.8.0 and prior to version 1.20.3, malcontent could be made to create syml= inks outside the intended extraction directory when scanning a specially cr= afted tar or deb archive. The `handleSymlink` function received arguments i=
n the wrong order, causing the symlink target to be used as the symlink loc= ation. Additionally, symlink targets were not validated to ensure they reso= lved within the extraction directory. Version 1.20.3 introduces fixes that = swap handleSymlink arguments, validate symlink location, and validate symli=
nk targets that resolve within an extraction directory. 2026-01-29 5.5 CVE-= 2026-24846 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24846 ] https://gi= thub.com/chainguard-dev/malcontent/security/advisories/GHSA-923j-vrcg-hxwh https://github.com/chainguard-dev/malcontent/commit/259fca5abc004f3ab238895= 463ef280a87f30e96 https://github.com/chainguard-dev/malcontent/commit/a7dd8a5328ddbaf23556843= 7813efa7591e00017
=C2=A0 chrisnowak--Change WP URL The Change WP URL plugin for WordPress is = vulnerable to Cross-Site Request Forgery in all versions up to, and includi= ng, 1.0. This is due to missing or incorrect nonce validation on the 'chang= e-wp-url' page. This makes it possible for unauthenticated attackers to cha= nge the WP Login URL via a forged request granted they can trick a site adm= inistrator into performing an action such as clicking on a link. 2026-01-28=
4.3 CVE-2026-1398 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1398 ] htt= ps://www.wordfence.com/threat-intel/vulnerabilities/id/f5dead05-5960-4ccb-8= 9c2-c8bb0cd9c9e9?source=3Dcve https://plugins.trac.wordpress.org/browser/change-wp-url/trunk/change-wp-ur= l.php#L18 https://plugins.trac.wordpress.org/browser/change-wp-url/tags/1.0/change-wp= -url.php#L18 https://plugins.trac.wordpress.org/browser/change-wp-url/trunk/change-wp-ur= l.php#L85 https://plugins.trac.wordpress.org/browser/change-wp-url/tags/1.0/change-wp= -url.php#L85
=C2=A0 code-projects--Online Examination System A vulnerability was determi= ned in code-projects Online Examination System 1.0. Affected by this issue =
is some unknown functionality of the file /admin_pic.php. Executing a manip= ulation can lead to unrestricted upload. The attack may be performed from r= emote. The exploit has been publicly disclosed and may be utilized. 2026-01= -26 6.3 CVE-2026-1423 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1423 ] = VDB-342839 | code-projects Online Examination System admin_pic.php unrestri= cted upload [ https://vuldb.com/?id.342839 ]
VDB-342839 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342839 ]
Submit #736607 | code-projects Online Examination System 1 Unrestricted Upl= oad [ https://vuldb.com/?submit.736607 ] https://github.com/geo-chen/code-projects/blob/main/Online%20Examination%20= System%20In%20PHP%20With%20Source%20Code.md#finding-3-remote-code-execution= -via-unsafe-file-upload
https://code-projects.org/
=C2=A0 code-projects--Online Music Site A security flaw has been discovered=
in code-projects Online Music Site 1.0. The impacted element is an unknown=
function of the file /Administrator/PHP/AdminAddCategory.php. The manipula= tion results in sql injection. The attack may be performed from remote. The=
exploit has been released to the public and may be used for attacks. 2026-= 01-28 4.7 CVE-2026-1533 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1533 =
] VDB-343219 | code-projects Online Music Site AdminAddCategory.php sql inj= ection [ https://vuldb.com/?id.343219 ]
VDB-343219 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343219 ]
Submit #738704 | Code-Projects ONLINE MUSIC SITE V1.0 SQL injection [ https= ://vuldb.com/?submit.738704 ]
https://github.com/yuji0903/silver-guide/issues/2
https://code-projects.org/
=C2=A0 codeccoop--Forms Bridge Infinite integrations The Forms Bridge - Inf= inite integrations plugin for WordPress is vulnerable to Stored Cross-Site = Scripting via the 'id' shortcode attribute in the 'financoop_campaign' shor= tcode in all versions up to, and including, 4.2.5. This is due to insuffici= ent input sanitization and output escaping on the user-supplied 'id' parame= ter in the forms_bridge_financoop_shortcode_error function. This makes it p= ossible for authenticated attackers, with Contributor-level access and abov=
e, to inject arbitrary web scripts in pages that will execute whenever a us=
er accesses an injected page. 2026-01-28 6.4 CVE-2026-1244 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-1244 ] https://www.wordfence.com/threat-intel= /vulnerabilities/id/3e047822-5766-4e7f-be89-f4a15f0e6d51?source=3Dcve https://plugins.trac.wordpress.org/browser/forms-bridge/trunk/addons/financ= oop/shortcodes.php#L389 https://plugins.trac.wordpress.org/browser/forms-bridge/tags/4.2.3/addons/f= inancoop/shortcodes.php#L389 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3446693%40forms-bridge&new=3D3446693%40forms-bridge&sfp_email= =3D&sfph_mail=3D#file1
=C2=A0 codepeople--Appointment Hour Booking Booking Calendar The Appointmen=
t Hour Booking - Booking Calendar plugin for WordPress is vulnerable to Sto= red Cross-Site Scripting via form field configuration parameters in all ver= sions up to, and including, 1.5.60 due to insufficient input sanitization a=
nd output escaping on the 'Min length/characters' and 'Max length/character=
s' field configuration values. This makes it possible for authenticated att= ackers, with administrator-level access and above, to inject arbitrary web = scripts in pages that will execute whenever a user accesses the form builde=
r interface. This only affects multi-site installations and installations w= here unfiltered_html has been disabled. 2026-01-28 4.4 CVE-2026-1083 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-1083 ] https://www.wordfence.com/th= reat-intel/vulnerabilities/id/a5cb1fea-134f-4c81-8f2f-76ee42df7f77?source= =3Dcve https://plugins.trac.wordpress.org/browser/appointment-hour-booking/trunk/j= s/fields-admin/01_fbuilder.ftext.js#L64 https://plugins.trac.wordpress.org/browser/appointment-hour-booking/tags/1.= 5.57/js/fields-admin/01_fbuilder.ftext.js#L64 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3442650%40appointment-hour-booking&new=3D3442650%40appointmen= t-hour-booking&sfp_email=3D&sfph_mail=3D
=C2=A0 CriticalGears--PayPal PRO Payment Terminal Multiple payment terminal=
versions contain non-persistent cross-site scripting vulnerabilities in bi= lling and payment information input fields. Attackers can inject malicious = script code through vulnerable parameters to manipulate client-side request=
s and potentially execute session hijacking or phishing attacks. 2026-02-01=
6.4 CVE-2021-47885 [ https://www.cve.org/CVERecord?id=3DCVE-2021-47885 ] V= ulnerability Lab Advisory [ https://www.vulnerability-lab.com/get_content.p= hp?id=3D2280 ]
Product Homepage [ https://www.criticalgears.com/product/authorize-net-paym= ent-terminal/ ]
Product Homepage [ https://www.criticalgears.com/product/paypal-pro-payment= -terminal/ ]
Product Homepage [ https://www.criticalgears.com/product/stripe-payment-ter= minal/ ]
VulnCheck Advisory: Payment Terminal Multiple Versions Non-Persistent Cross= -Site Scripting [ https://www.vulncheck.com/advisories/payment-terminal-mul= tiple-versions-non-persistent-cross-site-scripting ]
=C2=A0 crmperks--Database for Contact Form 7, WPforms, Elementor forms The = Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress =
is vulnerable to authorization bypass due to missing capability checks on t=
he CSV export functionality in all versions up to, and including, 1.4.5. Th=
is makes it possible for unauthenticated attackers to download sensitive fo=
rm submission data containing personally identifiable information (PII) by = accessing the CSV export endpoint with an export key that is exposed in pub= licly accessible page source code. The vulnerability is created because whi=
le the shortcode properly filters displayed entries by user, the CSV export=
handler completely bypasses this filtering and exports all entries regardl= ess of user permissions. 2026-01-28 5.3 CVE-2026-0825 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-0825 ] https://www.wordfence.com/threat-intel/vuln= erabilities/id/4048ae11-fece-42aa-baf3-c636c4875635?source=3Dcve https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/conta= ct-form-entries.php#L76 https://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.4.5/= contact-form-entries.php#L76 https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/conta= ct-form-entries.php#L301 https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/templ= ates/leads-table.php#L10 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3442962%40contact-form-entries&new=3D3442962%40contact-form-e= ntries&sfp_email=3D&sfph_mail=3D
=C2=A0 D-Link--DCS700l A weakness has been identified in D-Link DCS700l 1.0= 3.09. Affected is an unknown function of the file /setDayNightMode of the c= omponent Web Form Handler. Executing a manipulation of the argument LightSe= nsorControl can lead to command injection. The attack may be launched remot= ely. The exploit has been made available to the public and could be used fo=
r attacks. 2026-01-26 4.7 CVE-2026-1419 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1419 ] VDB-342815 | D-Link DCS700l Web Form setDayNightMode com= mand injection [ https://vuldb.com/?id.342815 ]
VDB-342815 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342815 ]
Submit #736554 | D-Link DCS700l v1.03.09 Command Injection [ https://vuldb.= com/?submit.736554 ] https://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Command-Injection-Vuln= erability-in-LightSensorControl-Parameter-2e6b5c52018a80ada0f6d7e72efd7a45?= source=3Dcopy_link
https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A security flaw has been discovered in D-Link DIR-8= 23X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mod=
e. Performing a manipulation of the argument lan_gateway results in os comm= and injection. The attack is possible to be carried out remotely. The explo=
it has been released to the public and may be used for attacks. This vulner= ability only affects products that are no longer supported by the maintaine=
r. 2026-01-28 6.3 CVE-2026-1544 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-1544 ] VDB-343228 | D-Link DIR-823X set_mode sub_41E2A0 os command injec= tion [ https://vuldb.com/?id.343228 ]
VDB-343228 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343228 ]
Submit #739155 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.739155 ]
https://github.com/master-abc/cve/issues/16
https://www.dlink.com/
=C2=A0 D-Link--DWR-M961 A flaw has been found in D-Link DWR-M961 1.1.47. Th=
is vulnerability affects the function sub_419920 of the file /boafrm/formLt= efotaUpgradeQuectel. This manipulation of the argument fota_url causes comm= and injection. The attack is possible to be carried out remotely. The explo=
it has been published and may be used. 2026-01-29 6.3 CVE-2026-1596 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-1596 ] VDB-343358 | D-Link DWR-M961 = formLtefotaUpgradeQuectel sub_419920 command injection [ https://vuldb.com/= ?id.343358 ]
VDB-343358 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343358 ]
Submit #740693 | D-Link DWR-M961 V1.1.47 Command Injection [ https://vuldb.= com/?submit.740693 ]
https://github.com/QIU-DIE/CVE/issues/48
https://www.dlink.com/
=C2=A0 D-Link--DWR-M961 A security vulnerability has been detected in D-Lin=
k DWR-M961 1.1.47. The affected element is an unknown function of the file = /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_u=
rl leads to command injection. The attack can be launched remotely. The exp= loit has been disclosed publicly and may be used. 2026-01-29 6.3 CVE-2026-1= 624 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1624 ] VDB-343383 | D-Lin=
k DWR-M961 formLtefotaUpgradeFibocom command injection [ https://vuldb.com/= ?id.343383 ]
VDB-343383 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343383 ]
Submit #740770 | D-Link DWR-M961 V1.1.47 Command Injection [ https://vuldb.= com/?submit.740770 ]
https://github.com/QIU-DIE/CVE/issues/50
https://www.dlink.com/
=C2=A0 D-Link--DWR-M961 A vulnerability was detected in D-Link DWR-M961 1.1= .47. The impacted element is the function sub_4250E0 of the file /boafrm/fo= rmSmsManage of the component SMS Message. Performing a manipulation of the = argument action_value results in command injection. The attack may be initi= ated remotely. The exploit is now public and may be used. 2026-01-29 6.3 CV= E-2026-1625 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1625 ] VDB-343384=
| D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection [=
https://vuldb.com/?id.343384 ]
VDB-343384 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343384 ]
Submit #740792 | D-Link DW V1.1.47 Command Injection [ https://vuldb.com/?s= ubmit.740792 ]
https://github.com/QIU-DIE/CVE/issues/51
https://www.dlink.com/
=C2=A0 dcooney--Ajax Load More Infinite Scroll, Load More, & Lazy Load The = Ajax Load More - Infinite Scroll, Load More, & Lazy Load plugin for WordPre=
ss is vulnerable to unauthorized access of data due to incorrect authorizat= ion on the parse_custom_args() function in all versions up to, and includin=
g, 7.8.1. This makes it possible for unauthenticated attackers to expose th=
e titles and excerpts of private, draft, pending, scheduled, and trashed po= sts. 2026-01-31 5.3 CVE-2025-15525 [ https://www.cve.org/CVERecord?id=3DCVE= -2025-15525 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/d01= f4e67-a463-4973-97b1-41a64398686a?source=3Dcve https://plugins.trac.wordpress.org/browser/ajax-load-more/tags/7.8.1/core/c= lasses/class-alm-queryargs.php#L500
=C2=A0 Dell--OpenManage Network Integration Dell OpenManage Network Integra= tion, versions prior to 3.9, contains an Improper Authentication vulnerabil= ity. A low privileged attacker with remote access could potentially exploit=
this vulnerability, leading to Information exposure. 2026-01-29 4.3 CVE-20= 26-22764 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22764 ] https://www.= dell.com/support/kbdoc/en-us/000420893/dsa-2026-045-security-update-for-del= l-openmanage-network-integration-omni-vulnerabilities
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin=
moderators with the `moderators_change_post_ownership` setting enabled can=
change ownership of posts in private messages and restricted categories th=
ey cannot access, then export their data to view the content. This is a bro= ken access control vulnerability affecting sites that grant moderators post=
ownership transfer permissions. This issue is patched in versions 3.5.4, 2= 025.11.2, 2025.12.1, and 2026.1.0. The patch adds visibility checks for bot=
h the topic and posts before allowing ownership transfer. As a workaround, = disable the `moderators_change_post_ownership` site setting to prevent non-= admin moderators from using the post ownership transfer feature. 2026-01-28=
6.9 CVE-2025-68933 [ https://www.cve.org/CVERecord?id=3DCVE-2025-68933 ] h= ttps://github.com/discourse/discourse/security/advisories/GHSA-hpxv-mw7v-fq=
g2
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authentic= ated users can submit crafted payloads to /drafts.json that cause O(n^2) pr= ocessing in Base62.decode, tying up workers for 35-60 seconds per request. = This affects all users as the shared worker pool becomes exhausted. This is= sue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lower= ing the max_draft_length site setting reduces attack surface but does not f= ully mitigate the issue, as payloads under the limit can still trigger the = slow code path. 2026-01-28 6.5 CVE-2025-68934 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-68934 ] https://github.com/discourse/discourse/security/ad= visories/GHSA-vwjh-vrx9-9849
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderator=
s can convert some personal messages to public topics when they shouldn't h= ave access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, = and 2026.1.0. As a workaround, site admin can temporarily revoke the modera= tion role from untrusted moderators or remove the moderator group from the = "personal message enabled groups" site setting until the Discourse instance=
has been upgraded to a version that has been patched. 2026-01-28 6.5 CVE-2= 026-21865 [ https://www.cve.org/CVERecord?id=3DCVE-2026-21865 ] https://git= hub.com/discourse/discourse/security/advisories/GHSA-4777-wrv5-3g39
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin=
moderators can view sensitive information in staff action logs that should=
be restricted to administrators only. The exposed information includes web= hook payload URLs and secrets, API key details, site setting changes, priva=
te message content, restricted category names and structures, and private c= hat channel titles. This allows moderators to bypass intended access contro=
ls and extract confidential data by monitoring the staff action logs. With = leaked webhook secrets, an attacker could potentially spoof webhook events =
to integrated services. This issue is patched in versions 3.5.4, 2025.11.2,=
2025.12.1, and 2026.1.0. As a workaround, site administrators should revie=
w and limit moderator appointments to fully trusted users. There is no conf= iguration-based workaround to prevent this access. 2026-01-28 6.5 CVE-2026-= 24742 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24742 ] https://github.= com/discourse/discourse/security/advisories/GHSA-hwjv-9gqj-m7h6
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1,=
and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be = executed, they will only be run in the context of the S3/CDN domain, with n=
o site credentials. Versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 fix = the issue. As a workaround, disallow html or xml files for uploads in autho= rized_extensions. For existing html xml uploads, site owners can consider d= eleting them. 2026-01-28 4.6 CVE-2025-66488 [ https://www.cve.org/CVERecord= ?id=3DCVE-2025-66488 ] https://github.com/discourse/discourse/security/advi= sories/GHSA-68jp-3934-62rx
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a conten= t-security-policy-mitigated cross-site scriptinv vulnerability on the Disco= urse Math plugin when using its KaTeX variant. This issue is patched in ver= sions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, the Disco= urse Math plugin can be disabled, or the Mathjax provider can be used inste=
ad of KaTeX. 2026-01-28 4.6 CVE-2025-67723 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-67723 ] https://github.com/discourse/discourse/security/advis= ories/GHSA-955h-m28g-5379
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an appli= cation level denial of service vulnerabilityin the username change function= ality at try.discourse.org. The vulnerability allows attackers to cause not= iceable server delays and resource exhaustion by sending large JSON payload=
s to the username preference endpoint PUT /u//preferences/username, resulti=
ng in degraded performance for other users and endpoints. This issue is pat= ched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workar= ounds are available. 2026-01-28 4.3 CVE-2025-68659 [ https://www.cve.org/CV= ERecord?id=3DCVE-2025-68659 ] https://github.com/discourse/discourse/securi= ty/advisories/GHSA-rmp6-c9rq-6q7p
=C2=A0 dnnsoftware--Dnn.Platform DNN (formerly DotNetNuke) is an open-sourc=
e web content management platform (CMS) in the Microsoft ecosystem. Startin=
g in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content edit=
or could inject scripts in module headers/footers that would run for other = users. Versions 9.13.10 and 10.2.0 contain a fix for the issue. 2026-01-27 = 6.8 CVE-2026-24784 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24784 ] ht= tps://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-494= 8-6wxp
=C2=A0 Dokploy--dokploy Dokploy is a free, self-hostable Platform as a Serv= ice (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulne= rable to Clickjacking attacks due to missing frame-busting headers. This al= lows attackers to embed Dokploy pages in malicious iframes and trick authen= ticated users into performing unintended actions. Version 0.26.6 patches th=
e issue. 2026-01-28 4.7 CVE-2026-24839 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24839 ] https://github.com/Dokploy/dokploy/security/advisories/= GHSA-c94j-8wgf-2q9q
https://github.com/Dokploy/dokploy/pull/3500 https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba0= 4699df8
=C2=A0 Dolibarr--Dolibarr Dolibarr 11.0.3 contains a persistent cross-site = scripting vulnerability in LDAP synchronization settings that allows attack= ers to inject malicious scripts through multiple parameters. Attackers can = exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to=
execute arbitrary JavaScript and potentially steal user cookie information=
. 2026-01-30 6.4 CVE-2020-36966 [ https://www.cve.org/CVERecord?id=3DCVE-20= 20-36966 ] ExploitDB-48504 [ https://www.exploit-db.com/exploits/48504 ] Official Dolibarr Product Homepage [ https://www.dolibarr.org/ ]
VulnCheck Advisory: Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Sc= ripting [ https://www.vulncheck.com/advisories/dolibarr-ldapphp-persistent-= cross-site-scripting ]
=C2=A0 Eclipse Foundation--Eclipse ThreadX - USBX The function _ux_host_cla= ss_storage_media_mount()=C2=A0is responsible for mounting partitions on a U=
SB mass storage device. When it encounters an extended partition entry in t=
he partition table, it recursively calls itself to mount the next logical p= artition. This recursion occurs in _ux_host_class_storage_partition_read(),=
which parses up to four partition entries. If an extended partition is fou=
nd (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED=C2=A0or EXTENDED_LBA= _MAPPED), the code invokes: _ux_host_class_storage_media_mount(storage, sec= tor + _ux_utility_long_get(...)); There is no limit on the recursion depth =
or tracking of visited sectors. As a result, a malicious or malformed disk = image can include cyclic or excessively deep chains of extended partitions,=
causing the function to recurse until stack overflow occurs. 2026-01-27 4.=
2 CVE-2025-55095 [ https://www.cve.org/CVERecord?id=3DCVE-2025-55095 ] http= s://github.com/eclipse-threadx/usbx/security/advisories/GHSA-qfmp-wch9-rpv2 =C2=A0 Esri--ArcGIS Pro There is a Cross Site Scripting issue in Esri ArcGI=
S Pro versions 3.6.0 and earlier. A local attacker could supply malicious s= trings into ArcGIS Pro which may execute when a specific dialog is opened. = This issue is fixed in ArcGIS Pro 3.6.1. 2026-01-26 5 CVE-2026-1446 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-1446 ] https://www.esri.com/arcgis-b= log/products/arcgis-pro/administration/arcgis-pro-3-6-1-patch
=C2=A0 EVerest--everest-core EVerest is an EV charging software stack. In v= ersions up to and including 2025.12.1, it is possible to bypass the sequenc=
e state verification including authentication, and send requests that trans= ition to forbidden states relative to the current one, thereby updating the=
current context with illegitimate data.cThanks to the modular design of EV= erest, authorization is handled in a separate module and EVSEManager Charge=
r internal state machine cannot transition out of the `WaitingForAuthentica= tion` state through ISO 15118-2 communication. From this state, it was howe= ver possible through ISO 15118-2 messages which are published to the MQTT s= erver to trick it into preparing to charge, and even to prepare to send cur= rent. The final requirement to actually send current to the EV was the clos= ure of the contactors, which does not appear to be possible without leaving=
the `WaitingForAuthentication` state and leveraging ISO 15118-2 messages. =
As of time of publication, no fixed versions are available. 2026-01-26 4.3 = CVE-2026-24003 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24003 ] https:= //github.com/EVerest/everest-core/security/advisories/GHSA-9vv5-67cv-9crq https://github.com/EVerest/everest-core/blob/main/modules/EVSE/EvseV2G/iso_= server.cpp#L44
=C2=A0 Filigran--OpenCTI OpenCTI 3.3.1 is vulnerable to a reflected cross-s= ite scripting (XSS) attack via the /graphql endpoint. An attacker can injec=
t arbitrary JavaScript code by sending a crafted GET request with a malicio=
us payload in the query string, leading to execution of JavaScript in the v= ictim's browser. For example, a request to /graphql?'"--></style></scRipt><= scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerabil= ity was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Wi= ndows 10. 2026-01-30 5.4 CVE-2020-37044 [ https://www.cve.org/CVERecord?id= =3DCVE-2020-37044 ] ExploitDB-48595 [ https://www.exploit-db.com/exploits/4= 8595 ]
OpenCTI Official Homepage [ https://www.opencti.io/ ]
OpenCTI GitHub Repository [ https://github.com/OpenCTI-Platform/opencti ] VulnCheck Advisory: OpenCTI 3.3.1 - Cross Site Scripting [ https://www.vuln= check.com/advisories/opencti-cross-site-scripting ]
=C2=A0 forma--E-Learning Suite Forma.lms The E-Learning Suite 2.3.0.2 conta= ins a persistent cross-site scripting vulnerability in multiple course and = profile parameters. Attackers can inject malicious scripts in course code, = name, description fields, and email parameter to execute arbitrary JavaScri=
pt without proper input sanitization. 2026-01-30 6.4 CVE-2020-36998 [ https= ://www.cve.org/CVERecord?id=3DCVE-2020-36998 ] ExploitDB-48478 [ https://ww= w.exploit-db.com/exploits/48478 ]
Vendor Homepage [ https://sourceforge.net/projects/forma/ ]
Software Download Link [ https://sourceforge.net/projects/forma/files/lates= t/download ]
VulnCheck Advisory: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cro= ss-Site Scripting [ https://www.vulncheck.com/advisories/formalms-the-e-lea= rning-suite-persistent-cross-site-scripting ]
=C2=A0 Formalms--Forma LMS Forma LMS 2.3 contains a stored cross-site scrip= ting vulnerability that allows attackers to inject malicious scripts into u= ser profile first and last name fields. Attackers can craft scripts like '<= script>alert(document.cookie)</script>' to execute arbitrary JavaScript whe=
n the profile is viewed by other users. 2026-01-26 6.4 CVE-2020-36960 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2020-36960 ] ExploitDB-49197 [ https://= www.exploit-db.com/exploits/49197 ]
Official Product Website [ https://www.formalms.org/ ]
VulnCheck Advisory: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site S= cripting [ https://www.vulncheck.com/advisories/forma-lms-first-last-name-s= tored-cross-site-scripting ]
=C2=A0 Free5GC--SMF A flaw has been found in Free5GC SMF up to 4.1.0. Affec= ted is the function HandlePfcpAssociationReleaseRequest of the file interna= l/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a m= anipulation can lead to null pointer dereference. The attack may be launche=
d remotely. The exploit has been published and may be used. A patch should =
be applied to remediate this issue. 2026-01-30 5.3 CVE-2026-1682 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-1682 ] VDB-343475 | Free5GC SMF PFCP UD=
P Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dere= ference [ https://vuldb.com/?id.343475 ]
VDB-343475 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3434=
75 ]
Submit #739508 | free5gc SMF v4.1.0 Denial of Service [ https://vuldb.com/?= submit.739508 ]
https://github.com/free5gc/free5gc/issues/794 https://github.com/free5gc/free5gc/issues/794#issuecomment-3761063382 https://github.com/free5gc/free5gc/issues/794#issue-3811888505 https://github.com/free5gc/smf/pull/188
=C2=A0 Free5GC--SMF A vulnerability has been found in Free5GC SMF up to 4.1= .0. Affected by this vulnerability is the function HandlePfcpSessionReportR= equest of the file internal/pfcp/handler/handler.go of the component PFCP. = The manipulation leads to denial of service. Remote exploitation of the att= ack is possible. The exploit has been disclosed to the public and may be us= ed. To fix this issue, it is recommended to deploy a patch. 2026-01-30 5.3 = CVE-2026-1683 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1683 ] VDB-3434=
76 | Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of s= ervice [ https://vuldb.com/?id.343476 ]
VDB-343476 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343476 ]
Submit #739653 | free5gc SMF v4.1.0 Denial of Service [ https://vuldb.com/?= submit.739653 ]
Submit #739654 | free5gc SMF v4.1.0 Denial of Service (Duplicate) [ https:/= /vuldb.com/?submit.739654 ]
https://github.com/free5gc/free5gc/issues/804 https://github.com/free5gc/free5gc/issues/804#issue-3816086696 https://github.com/free5gc/smf/pull/188
=C2=A0 Free5GC--SMF A vulnerability was found in Free5GC SMF up to 4.1.0. A= ffected by this issue is the function HandleReports of the file /internal/c= ontext/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation=
results in denial of service. The attack can be executed remotely. It is a= dvisable to implement a patch to correct this issue. 2026-01-30 5.3 CVE-202= 6-1684 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1684 ] VDB-343477 | Fr= ee5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service=
[ https://vuldb.com/?id.343477 ]
VDB-343477 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343477 ]
Submit #739655 | free5gc SMF v4.1.0 Denial of Service [ https://vuldb.com/?= submit.739655 ]
Submit #739656 | free5gc SMF v4.1.0 Denial of Service (Duplicate) [ https:/= /vuldb.com/?submit.739656 ]
https://github.com/free5gc/free5gc/issues/806 https://github.com/free5gc/smf/pull/188
=C2=A0 Froxlor--Froxlor Froxlor Server Management Panel Froxlor Server Mana= gement Panel 0.10.16 contains a persistent cross-site scripting vulnerabili=
ty in customer registration input fields. Attackers can inject malicious sc= ripts through username, name, and firstname parameters to execute code when=
administrators view customer traffic modules. 2026-01-27 6.4 CVE-2020-3697=
8 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36978 ] ExploitDB-49063 [ h= ttps://www.exploit-db.com/exploits/49063 ]
Official Froxlor Homepage [ https://froxlor.org/ ]
Froxlor Download Page [ https://froxlor.org/download/ ]
Vulnerability Lab Advisory [ https://www.vulnerability-lab.com/get_content.= php?id=3D2241 ]
Vulnerability Lab Profile [ https://www.vulnerability-lab.com/show.php?user= =3DVulnerability-Lab ]
Researcher Profile [ https://www.vulnerability-lab.com/show.php?user=3DBenj= amin%20K.M. ]
VulnCheck Advisory: Froxlor Froxlor Server Management Panel 0.10.16 - Persi= stent Cross-Site Scripting [ https://www.vulncheck.com/advisories/froxlor-f= roxlor-server-management-panel-persistent-cross-site-scripting ]
=C2=A0 Getgrav--Grav CMS Admin Plugin Grav CMS 1.6.30 with Admin Plugin 1.9= .18 contains a persistent cross-site scripting vulnerability that allows au= thenticated attackers to inject malicious scripts through the page title fi= eld. Attackers can create a new page with a malicious script in the title, = which will be executed when the page is viewed in the admin panel or on the=
site. 2026-01-26 6.4 CVE-2020-36955 [ https://www.cve.org/CVERecord?id=3DC= VE-2020-36955 ] ExploitDB-49264 [ https://www.exploit-db.com/exploits/49264=
]
Grav CMS Official Homepage [ https://getgrav.org/ ]
VulnCheck Advisory: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Pers= istent Cross-Site Scripting [ https://www.vulncheck.com/advisories/grav-cms= -admin-plugin-page-title-persistent-cross-site-scripting ]
=C2=A0 gi-docgen--gi-docgen A flaw was found in the gi-docgen. This vulnera= bility allows arbitrary JavaScript execution in the context of the page - e= nabling DOM access, session cookie theft and other client-side attacks - vi=
a a crafted URL that supplies a malicious value to the q GET parameter (ref= lected DOM XSS). 2026-01-26 6.1 CVE-2025-11687 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-11687 ] https://access.redhat.com/security/cve/CVE-2025-1= 1687
RHBZ#2403536 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2403536 ] https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228
=C2=A0 GitoxideLabs--gitoxide A flaw was found in gix-date. The `gix_date::= parse::TimeBuf::as_str` function can generate strings containing invalid no= n-UTF8 characters. This issue violates the internal safety invariants of th=
e `TimeBuf` component, leading to undefined behavior when these malformed s= trings are subsequently processed. This could potentially result in applica= tion instability or other unforeseen consequences. 2026-01-26 6.8 CVE-2026-= 0810 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0810 ] https://access.re= dhat.com/security/cve/CVE-2026-0810
RHBZ#2427057 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2427057 ] https://crates.io/crates/gix-date https://github.com/GitoxideLabs/gitoxide/issues/2305 https://rustsec.org/advisories/RUSTSEC-2025-0140.html
=C2=A0 Goautodial--GOautodial GOautodial 4.0 contains a persistent cross-si=
te scripting vulnerability that allows authenticated agents to inject malic= ious scripts through message subjects. Attackers can craft messages with em= bedded JavaScript that will execute when an administrator reads the message=
, potentially stealing session cookies or executing client-side attacks. 20= 26-01-29 6.4 CVE-2020-37018 [ https://www.cve.org/CVERecord?id=3DCVE-2020-3= 7018 ] ExploitDB-48690 [ https://www.exploit-db.com/exploits/48690 ]
Official Vendor Homepage [ https://goautodial.org/ ]
VulnCheck Advisory: GOautodial 4.0 - Persistent Cross-Site Scripting [ http= s://www.vulncheck.com/advisories/goautodial-persistent-cross-site-scripting=
]
=C2=A0 GPAc--GPAC A security vulnerability has been detected in GPAC up to = 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/sc= ene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manip= ulation leads to out-of-bounds write. The attack needs to be performed loca= lly. The exploit has been disclosed publicly and may be used. The name of t=
he patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice t=
o apply a patch to resolve this issue. 2026-01-26 5.3 CVE-2026-1418 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-1418 ] VDB-342807 | GPAC SRT Subtitl=
e Import text_to_bifs.c gf_text_import_srt_bifs out-of-bounds write [ https= ://vuldb.com/?id.342807 ]
VDB-342807 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3428=
07 ]
Submit #736544 | gpac v2.4.0 Out-of-bounds Write [ https://vuldb.com/?submi= t.736544 ]
https://github.com/gpac/gpac/issues/3425 https://github.com/gpac/gpac/issues/3425#issue-3801961068 https://github.com/enocknt/gpac/commit/10c73b82cf0e367383d091db38566a0e4fe7= 1772
=C2=A0 GuidoNeele--PDW File Browser PDW File Browser version 1.3 contains s= tored and reflected cross-site scripting vulnerabilities that allow authent= icated attackers to inject malicious scripts through file rename and path p= arameters. Attackers can craft malicious URLs or rename files with XSS payl= oads to execute arbitrary JavaScript in victims' browsers when they access = the file browser. 2026-01-28 5.4 CVE-2020-36988 [ https://www.cve.org/CVERe= cord?id=3DCVE-2020-36988 ] ExploitDB-48947 [ https://www.exploit-db.com/exp= loits/48947 ]
PDW File Browser GitHub Repository [ https://github.com/GuidoNeele/PDW-File= -Browser ]
VulnCheck Advisory: PDW File Browser <=3D v1.3 - Cross-Site Scripting (XSS)=
[ https://www.vulncheck.com/advisories/pdw-file-browser-cross-site-scripti= ng-xss ]
=C2=A0 halfdata--Stripe Green Downloads Stripe Green Downloads Wordpress Pl= ugin 2.03 contains a persistent cross-site scripting vulnerability allowing=
remote attackers to inject malicious scripts in button label fields. Attac= kers can exploit input parameters to execute arbitrary scripts, potentially=
leading to session hijacking and application module manipulation. 2026-02-=
01 6.4 CVE-2022-50797 [ https://www.cve.org/CVERecord?id=3DCVE-2022-50797 ]=
Vulnerability Lab Advisory [ https://www.vulnerability-lab.com/get_content= .php?id=3D2287 ]
Product Homepage [ https://halfdata.com/green-downloads/stripe/ ]
VulnCheck Advisory: Stripe Green Downloads Wordpress Plugin 2.03 Persistent=
XSS via Settings [ https://www.vulncheck.com/advisories/stripe-green-downl= oads-wordpress-plugin-persistent-xss-via-settings ]
=C2=A0 HappyHackingSpace--gakido Gakido is a Python HTTP client focused on = browser impersonation and anti-bot evasion. A vulnerability was discovered =
in Gakido prior to version 0.1.1 that allowed HTTP header injection through=
CRLF (Carriage Return Line Feed) sequences in user-supplied header values = and names. When making HTTP requests with user-controlled header values con= taining `\r\n` (CRLF), `\n` (LF), or `\x00` (null byte) characters, an atta= cker could inject arbitrary HTTP headers into the request. The fix in versi=
on 0.1.1 adds a `_sanitize_header()` function that strips `\r`, `\n`, and `= \x00` characters from both header names and values before they are included=
in HTTP requests. 2026-01-27 5.3 CVE-2026-24489 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-24489 ] https://github.com/HappyHackingSpace/gakido/sec= urity/advisories/GHSA-gcgx-chcp-hxp9 https://github.com/HappyHackingSpace/gakido/commit/369c67e67c63da510c8a9ab0= 21e54a92ccf1f788 https://github.com/HappyHackingSpace/gakido/releases/tag/v0.1.1-1bc6019
=C2=A0 HCLSoftware--BigFix Compliance A sensitive information disclosure in=
HCL BigFix Compliance allows a remote attacker to access files under the W= EB-INF directory, which may contain Java class files and configuration info= rmation, leading to unauthorized access to application internals. 2026-01-2=
8 5.3 CVE-2023-37525 [ https://www.cve.org/CVERecord?id=3DCVE-2023-37525 ] = https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_article=3DKB01= 28385
=C2=A0 HIKSEMI--HS-AFS-S1H1 Due to inadequate access control, authenticated=
users of certain HIKSEMI NAS products can manipulate other users' file res= ources without proper authorization. 2026-01-30 4.3 CVE-2026-22624 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-22624 ] https://www.hiksemitech.com/e= n/hiksemi/support/security-advisory.html
=C2=A0 HIKSEMI--HS-AFS-S1H1 Improper handling of filenames in certain HIKSE=
MI NAS products may lead to the exposure of sensitive system files. 2026-01= -30 4.6 CVE-2026-22625 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22625 =
] https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html
=C2=A0 HIKSEMI--HS-AFS-S1H1 Due to insufficient input parameter validation =
on the interface, authenticated users of certain HIKSEMI NAS products can c= ause abnormal device behavior by crafting specific messages. 2026-01-30 4.9=
CVE-2026-22626 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22626 ] https= ://www.hiksemitech.com/en/hiksemi/support/security-advisory.html
=C2=A0 honojs--hono Hono is a Web application framework that provides suppo=
rt for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware co= ntains an information disclosure vulnerability caused by improper handling =
of HTTP cache control directives. The middleware does not respect standard = cache control headers such as `Cache-Control: private` or `Cache-Control: n= o-store`, which may result in private or authenticated responses being cach=
ed and subsequently exposed to unauthorized users. Version 4.11.7 has a pat=
ch for the issue. 2026-01-27 5.3 CVE-2026-24472 [ https://www.cve.org/CVERe= cord?id=3DCVE-2026-24472 ] https://github.com/honojs/hono/security/advisori= es/GHSA-6wqw-2p9w-4vw4 https://github.com/honojs/hono/commit/12c511745b3f1e7a3f863a23ce5f921c7fa80= 5d1
https://github.com/honojs/hono/releases/tag/v4.11.7
=C2=A0 honojs--hono Hono is a Web application framework that provides suppo=
rt for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Midd= leware in Hono is vulnerable to an IP address validation bypass. The `IPV4_= REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts` =
do not properly validate that IPv4 octet values are within the valid range =
of 0-255, allowing attackers to craft malformed IP addresses that bypass IP= -based access controls. Version 4.11.7 contains a patch for the issue. 2026= -01-27 4.8 CVE-2026-24398 [ https://www.cve.org/CVERecord?id=3DCVE-2026-243=
98 ] https://github.com/honojs/hono/security/advisories/GHSA-r354-f388-2fhh https://github.com/honojs/hono/commit/edbf6eea8e6c26a3937518d4ed91d8666edee= c37
https://github.com/honojs/hono/releases/tag/v4.11.7
=C2=A0 honojs--hono Hono is a Web application framework that provides suppo=
rt for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Script= ing (XSS) vulnerability exists in the `ErrorBoundary` component of the hono= /jsx library. Under certain usage patterns, untrusted user-controlled strin=
gs may be rendered as raw HTML, allowing arbitrary script execution in the = victim's browser. Version 4.11.7 patches the issue. 2026-01-27 4.7 CVE-2026= -24771 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24771 ] https://github= .com/honojs/hono/security/advisories/GHSA-9r54-q6cx-xmh5 https://github.com/honojs/hono/commit/2cf60046d730df9fd0aba85178f3ecfe8212d= 990
=C2=A0 hu_chao--imwptip The imwptip plugin for WordPress is vulnerable to C= ross-Site Request Forgery in all versions up to, and including, 1.1. This i=
s due to missing nonce validation on the settings update functionality. Thi=
s makes it possible for unauthenticated attackers to update the plugin's se= ttings via a forged request granted they can trick a site administrator int=
o performing an action such as clicking on a link. 2026-01-28 4.3 CVE-2026-= 1377 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1377 ] https://www.wordf= ence.com/threat-intel/vulnerabilities/id/0fe987f0-6887-4ad1-a748-eb987bb574= fa?source=3Dcve https://plugins.trac.wordpress.org/browser/imwptip/trunk/classes/imwptipadm= in.php#L11 https://plugins.trac.wordpress.org/browser/imwptip/tags/1.1/classes/imwptip= admin.php#L11
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server)=C2=A011.5.0 - 11.5.9 is vulnerable to a = denial of service as the server may crash when an authenticated user create=
s a specially crafted query. 2026-01-30 6.5 CVE-2025-2668 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-2668 ] https://www.ibm.com/support/pages/node/= 7257518
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 coul=
d allow an authenticated user to cause a denial of service using a speciall=
y crafted SQL statement including XML that performs uncontrolled recursion.=
2026-01-30 6.5 CVE-2025-36001 [ https://www.cve.org/CVERecord?id=3DCVE-202= 5-36001 ] https://www.ibm.com/support/pages/node/7257616
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 coul=
d allow an unauthenticated user to cause a denial of service due to excessi=
ve use of a global variable. 2026-01-30 6.5 CVE-2025-36009 [ https://www.cv= e.org/CVERecord?id=3DCVE-2025-36009 ] https://www.ibm.com/support/pages/nod= e/7257623
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server)=C2=A011.5.0 - 11.5.9 and 12.1.0 - 12.1.3=
is vulnerable to a denial of service as a trap may occur when selecting fr=
om certain types of tables. 2026-01-30 6.5 CVE-2025-36070 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-36070 ] https://www.ibm.com/support/pages/node= /7257624
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 coul=
d allow an authenticated user to cause a denial of service due to improper = allocation of resources. 2026-01-30 6.5 CVE-2025-36098 [ https://www.cve.or= g/CVERecord?id=3DCVE-2025-36098 ] https://www.ibm.com/support/pages/node/72= 57629
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3=C2= =A0could allow a local user to cause a denial of service when copying large=
table containing XML data due to improper allocation of system resources. = 2026-01-30 6.2 CVE-2025-36123 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -36123 ] https://www.ibm.com/support/pages/node/7257627
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 coul=
d allow a local user to cause a denial of service due to improper neutraliz= ation of special elements in data query logic. 2026-01-30 6.2 CVE-2025-3635=
3 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36353 ] https://www.ibm.com= /support/pages/node/7257632
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 unde=
r specific configuration of cataloged remote storage aliases could allow an=
authenticated user to execute unauthorized commands due to an authorizatio=
n bypass vulnerability using a user-controlled key. 2026-01-30 6.8 CVE-2025= -36365 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36365 ] https://www.ib= m.com/support/pages/node/7257665
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 coul=
d allow a local user to cause a denial of service due to improper neutraliz= ation of special elements in data query logic. 2026-01-30 6.5 CVE-2025-3636=
6 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36366 ] https://www.ibm.com= /support/pages/node/7257681
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authentic= ated user to cause a denial of service when given specially crafted query. = 2026-01-30 6.5 CVE-2025-36387 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -36387 ] https://www.ibm.com/support/pages/node/7257690
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server)=C2=A011.5.0 - 11.5.9 and 12.1.0 - 12.1.3=
could allow a local user to cause a denial of service due to improper neut= ralization of special elements in data query logic. 2026-01-30 6.5 CVE-2025= -36407 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36407 ] https://www.ib= m.com/support/pages/node/7257692
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user=
to cause a denial of service due to improper neutralization of special ele= ments in data query logic. 2026-01-30 6.5 CVE-2025-36423 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-36423 ] https://www.ibm.com/support/pages/node/= 7257694
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 coul=
d allow a local user to cause a denial of service due to improper neutraliz= ation of special elements in data query logic. 2026-01-30 6.5 CVE-2025-3642=
4 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36424 ] https://www.ibm.com= /support/pages/node/7257695
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 coul=
d allow a local user to cause a denial of service due to improper neutraliz= ation of special elements in data query logic. 2026-01-30 6.5 CVE-2025-3642=
7 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36427 ] https://www.ibm.com= /support/pages/node/7257696
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is v= ulnerable to a denial of service as the server may crash under certain cond= itions with a specially crafted query with XML columns. 2026-01-30 6.5 CVE-= 2025-36442 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36442 ] https://ww= w.ibm.com/support/pages/node/7257698
=C2=A0 IBM--Db2 for Linux, UNIX and Windows IBM Db2 for Linux, UNIX and Win= dows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 coul=
d allow an authenticated user to cause a denial of service due to improper = neutralization of special elements in data query logic when the RPSCAN feat= ure is enabled. 2026-01-30 5.3 CVE-2025-36428 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-36428 ] https://www.ibm.com/support/pages/node/7257697
=C2=A0 igniterealtime--Openfire Openfire 4.6.0 contains a stored cross-site=
scripting vulnerability in the nodejs plugin that allows attackers to inje=
ct malicious scripts through the 'path' parameter. Attackers can craft a pa= yload with script tags to execute arbitrary JavaScript in the context of ad= ministrative users viewing the nodejs configuration page. 2026-01-26 6.4 CV= E-2020-36956 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36956 ] ExploitD= B-49229 [ https://www.exploit-db.com/exploits/49229 ]
Openfire GitHub Repository [ https://github.com/igniterealtime/Openfire ] Openfire Software Downloads [ https://www.igniterealtime.org/downloads/ ] VulnCheck Advisory: Openfire 4.6.0 - 'path' Stored XSS [ https://www.vulnch= eck.com/advisories/openfire-path-stored-xss ]
=C2=A0 iJason-Liu--Books_Manager A vulnerability was found in iJason-Liu Bo= oks_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerabil= ity affects unknown code of the file controllers/books_center/upload_bookCo= ver.php. Performing a manipulation of the argument book_cover results in un= restricted upload. The attack may be initiated remotely. The exploit has be=
en made public and could be used. This product uses a rolling release model=
to deliver continuous updates. As a result, specific version information f=
or affected or updated releases is not available. 2026-01-26 4.7 CVE-2026-1= 445 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1445 ] VDB-342874 | iJaso= n-Liu Books_Manager upload_bookCover.php unrestricted upload [ https://vuld= b.com/?id.342874 ]
VDB-342874 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342874 ]
Submit #736971 | https://github.com/iJason-Liu/Books_Manager Books_Manager = 1.0 File Upload [ https://vuldb.com/?submit.736971 ] https://blog.y1fan.work/2026/01/13/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%= B8%8A%E4%BC%A0getshell/
=C2=A0 ilias.de--ILIAS Learning Management System ILIAS Learning Management=
System 4.3 contains a server-side request forgery vulnerability that allow=
s attackers to read local files through portfolio PDF export functionality.=
Attackers can inject a script that uses XMLHttpRequest to retrieve local f= ile contents when the portfolio is exported to PDF. 2026-01-28 4 CVE-2020-3= 6944 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36944 ] ExploitDB-49148 =
[ https://www.exploit-db.com/exploits/49148 ]
ILIAS Official Vendor Homepage [ https://www.ilias.de/ ]
ILIAS GitHub Repository [ https://github.com/ILIAS-eLearning/ILIAS ]
VulnCheck Advisory: ILIAS Learning Management System 4.3 - SSRF [ https://w= ww.vulncheck.com/advisories/ilias-learning-management-system-ssrf ]
=C2=A0 Inciga--Inciga Web Inciga Web 2.8.2 contains a client-side cross-sit=
e scripting vulnerability that allows remote attackers to inject malicious = script codes through the icinga.min.js file. Attackers can exploit the Even= tListener.handleEvent method to execute arbitrary scripts, potentially lead= ing to session hijacking and non-persistent phishing attacks. 2026-02-01 5.=
4 CVE-2022-50942 [ https://www.cve.org/CVERecord?id=3DCVE-2022-50942 ] Vuln= erability Lab Advisory [ https://www.vulnerability-lab.com/get_content.php?= id=3D2273 ]
Product Homepage [ https://icinga.com/ ]
Product Homepage [ https://github.com/Icinga/icingaweb2 ]
VulnCheck Advisory: Inciga Web 2.8.2 Client-Side Cross-Site Scripting via E= ventListener [ https://www.vulncheck.com/advisories/inciga-web-client-side-= cross-site-scripting-via-eventlistener ]
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer = over-read when the strlen() function attempts to read a non-null-terminated=
buffer potentially leaking heap memory contents and causing application te= rmination. This vulnerability affects users of the iccDEV library who proce=
ss ICC color profiles. ICC Profile Injection vulnerabilities arise when use= r-controllable input is incorporated into ICC profile data or other structu= red binary blobs in an unsafe manner. Version 2.3.1.2 contains a fix for th=
e issue. No known workarounds are available. 2026-01-28 6.1 CVE-2026-24852 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-24852 ] https://github.com/In= ternationalColorConsortium/iccDEV/security/advisories/GHSA-q8g2-mp32-3j7f https://github.com/InternationalColorConsortium/iccDEV/pull/540 https://github.com/InternationalColorConsortium/iccDEV/commit/3092499cd4d07= 75f4a716b999899f9c26f9bc614
=C2=A0 Is-Daouda--is-Engine Out-of-bounds Write, Heap-based Buffer Overflow=
vulnerability in Is-Daouda is-Engine. This issue affects is-Engine: before=
3.3.4. 2026-01-27 6.5 CVE-2026-24829 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-24829 ] https://github.com/Is-Daouda/is-Engine/pull/7
=C2=A0 itsourcecode--School Management System A weakness has been identifie=
d in itsourcecode School Management System 1.0. This affects an unknown par=
t of the file /ramonsys/course/controller.php. Executing a manipulation of = the argument ID can lead to sql injection. The attack can be executed remot= ely. The exploit has been made available to the public and could be used fo=
r attacks. 2026-01-28 6.3 CVE-2026-1551 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1551 ] VDB-343247 | itsourcecode School Management System contr= oller.php sql injection [ https://vuldb.com/?id.343247 ]
VDB-343247 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343247 ]
Submit #740644 | itsourcecode School Management System V1.0 SQL Injection [=
https://vuldb.com/?submit.740644 ]
Submit #740680 | itsourcecode School Management System v1.0 SQL Injection (= Duplicate) [ https://vuldb.com/?submit.740680 ] https://mega.nz/file/6cVwiA5A#BVwaxWlfeQCkkpHnuxPiMDZVb5qcYrsI6ftqdm_8mGk https://itsourcecode.com/
=C2=A0 iulia-cazan--Easy Replace Image The Easy Replace Image plugin for Wo= rdPress is vulnerable to Missing Authorization in all versions up to, and i= ncluding, 3.5.2. This is due to missing capability checks on the `image_rep= lacement_from_url` function that is hooked to the `eri_from_url` AJAX actio=
n. This makes it possible for authenticated attackers, with Contributor-lev=
el access and above, to replace arbitrary image attachments on the site wit=
h images from external URLs, potentially enabling site defacement, phishing=
attacks, or content manipulation. 2026-01-28 5.3 CVE-2026-1298 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-1298 ] https://www.wordfence.com/threat-= intel/vulnerabilities/id/27332c13-c25f-47ec-980d-035fc35ce553?source=3Dcve https://plugins.trac.wordpress.org/browser/easy-replace-image/trunk/easy-re= place-image.php#L961 https://plugins.trac.wordpress.org/browser/easy-replace-image/tags/3.5.2/ea= sy-replace-image.php#L961 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3447984%40easy-replace-image&new=3D3447984%40easy-replace-ima= ge&sfp_email=3D&sfph_mail=3D
=C2=A0 jdwebdesigner--Affiliate Pro Affiliate Pro 1.7 contains multiple ref= lected cross-site scripting vulnerabilities in the index module's input fie= lds. Attackers can inject malicious scripts through fullname, username, and=
email parameters to execute client-side attacks and manipulate browser req= uests. 2026-02-01 5.4 CVE-2021-47911 [ https://www.cve.org/CVERecord?id=3DC= VE-2021-47911 ] Vulnerability Lab Advisory [ https://www.vulnerability-lab.= com/get_content.php?id=3D2281 ]
Product Homepage [ https://jdwebdesigner.com/ ]
Product Homepage [ https://codecanyon.net/item/affiliate-pro-affiliate-mana= gement-system/12908496 ]
VulnCheck Advisory: Affiliate Pro 1.7 Reflected Cross-Site Scripting via In= dex Module [ https://www.vulncheck.com/advisories/affiliate-pro-reflected-c= ross-site-scripting-via-index-module ]
=C2=A0 Jirafeau project--Jirafeau Jirafeau normally prevents browser previe=
w for text files due to the possibility that for example SVG and HTML docum= ents could be exploited for cross site scripting. This was done by storing = the MIME type of a file and allowing only browser preview for MIME types be= ginning with image (except for image/svg+xml, see CVE-2022-30110, CVE-2024-= 12326 and CVE-2025-7066), video and audio. However, it was possible to bypa=
ss this check by sending a manipulated HTTP request with an invalid MIME ty=
pe like image. When doing the preview, the browser tries to automatically d= etect the MIME type resulting in detecting SVG and possibly executing JavaS= cript code. To prevent this, MIME sniffing is disabled by sending the HTTP = header X-Content-Type-Options: nosniff. 2026-01-28 6.1 CVE-2026-1466 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-1466 ] https://gitlab.com/jirafeau/= Jirafeau/-/commit/747afb20bfcff14bb67e40e7035d47a6311ba3e1 https://www.cve.org/CVERecord?id=3DCVE-2022-30110 https://www.cve.org/CVERecord?id=3DCVE-2024-12326 https://www.cve.org/CVERecord?id=3DCVE-2025-7066
=C2=A0 jishenghua--jshERP A security vulnerability has been detected in jis= henghua jshERP up to 3.6. The impacted element is the function getBillItemB= yParam of the file /jshERP-boot/depotItem/importItemExcel of the component = com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the a= rgument barCodes leads to sql injection. It is possible to initiate the att= ack remotely. The exploit has been disclosed publicly and may be used. The = project was informed of the problem early through an issue report but has n=
ot responded yet. 2026-01-28 6.3 CVE-2026-1546 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-1546 ] VDB-343230 | jishenghua jshERP com.jsh.erp.datasou= rce.mappers.DepotItemMapperEx importItemExcel getBillItemByParam sql inject= ion [ https://vuldb.com/?id.343230 ]
VDB-343230 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343230 ]
Submit #739688 | https://github.com/jishenghua/jshERP jshERP v3.6 SQL Injec= tion [ https://vuldb.com/?submit.739688 ] https://github.com/jishenghua/jshERP/issues/145 https://github.com/jishenghua/jshERP/issues/145#issue-3816930151 https://github.com/jishenghua/jshERP/
=C2=A0 jishenghua--jshERP A vulnerability was identified in jishenghua jshE=
RP up to 3.6. Affected by this vulnerability is an unknown functionality of=
the file /jshERP-boot/plugin/uploadPluginConfigFile of the component Plugi= nController. Such manipulation of the argument configFile leads to path tra= versal. The attack may be launched remotely. The exploit is publicly availa= ble and might be used. The project was informed of the problem early throug=
h an issue report but has not responded yet. 2026-01-28 4.3 CVE-2026-1549 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-1549 ] VDB-343245 | jishenghua=
jshERP PluginController uploadPluginConfigFile path traversal [ https://vu= ldb.com/?id.343245 ]
VDB-343245 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343245 ]
Submit #739805 | https://github.com/jishenghua/jshERP jshERP v3.6 Path Trav= ersal [ https://vuldb.com/?submit.739805 ] https://github.com/jishenghua/jshERP/issues/146 https://github.com/jishenghua/jshERP/issues/146#issue-3817997461 https://github.com/jishenghua/jshERP/
=C2=A0 Laravel Holdings Inc.--Laravel Nova Laravel Nova 3.7.0 contains a de= nial of service vulnerability that allows authenticated users to crash the = application by manipulating the 'range' parameter. Attackers can send simul= taneous requests with an extremely high range value to overwhelm and crash = the server. 2026-01-27 6.5 CVE-2020-36950 [ https://www.cve.org/CVERecord?i= d=3DCVE-2020-36950 ] ExploitDB-49198 [ https://www.exploit-db.com/exploits/= 49198 ]
Laravel Nova Official Homepage [ https://nova.laravel.com/ ]
Laravel Nova Releases Page [ https://nova.laravel.com/releases ]
VulnCheck Advisory: Laravel Nova 3.7.0 - 'range' DoS [ https://www.vulnchec= k.com/advisories/laravel-nova-range-dos ]
=C2=A0 libexpat project--libexpat In libexpat before 2.7.4, the doContent f= unction does not properly determine the buffer size bufSize because there i=
s no integer overflow check for tag buffer reallocation. 2026-01-30 6.9 CVE= -2026-25210 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25210 ] https://g= ithub.com/libexpat/libexpat/pull/1075 https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e445= 27eeaa8b39f16fe859c7
=C2=A0 Limesurvey--LimeSurvey LimeSurvey 4.3.10 contains a stored cross-sit=
e scripting vulnerability in the Survey Menu functionality of the administr= ation panel. Attackers can inject malicious SVG scripts through the Surveym= enu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaSc= ript in administrative contexts. 2026-01-28 6.4 CVE-2020-36993 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2020-36993 ] ExploitDB-48762 [ https://www.exp= loit-db.com/exploits/48762 ]
LimeSurvey Official Website [ https://www.limesurvey.org ]
LimeSurvey Patch Commit [ https://github.com/LimeSurvey/LimeSurvey/commit/3= 712854a8fd8d875c67640969a1d54c4d93d3676 ]
VulnCheck Advisory: LimeSurvey <=3D 4.3.10 - 'Survey Menu' Persistent Cross= -Site Scripting [ https://www.vulncheck.com/advisories/limesurvey-survey-me= nu-persistent-cross-site-scripting ]
=C2=A0 linknacional--Link Invoice Payment for WooCommerce The Link Invoice = Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized = modification of data due to a missing capability check on the createPartial= Payment and cancelPartialPayment functions in all versions up to, and inclu= ding, 2.8.0. This makes it possible for unauthenticated attackers to create=
partial payments on any order or cancel any existing partial payment via I=
D enumeration. 2026-01-27 5.3 CVE-2025-14971 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-14971 ] https://www.wordfence.com/threat-intel/vulnerabilit= ies/id/96a8fc8b-6f0a-486c-89d1-7211b4ca31bd?source=3Dcve https://plugins.trac.wordpress.org/browser/invoice-payment-for-woocommerce/= tags/2.8.0/Includes/WcPaymentInvoiceEndpoint.php#L19 https://plugins.trac.wordpress.org/browser/invoice-payment-for-woocommerce/= tags/2.8.0/Includes/WcPaymentInvoiceEndpoint.php#L179
=C2=A0 litonice13--WP Adminify White Label WordPress, Admin Menu Editor, Lo= gin Customizer The WP Adminify plugin for WordPress is vulnerable to Sensit= ive Information Exposure in all versions up to, and including, 4.0.7.7 via = the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is=
registered with permission_callback set to __return_true, allowing unauthe= nticated attackers to retrieve the complete list of available addons, their=
installation status, version numbers, and download URLs. 2026-01-28 5.3 CV= E-2026-1060 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1060 ] https://ww= w.wordfence.com/threat-intel/vulnerabilities/id/7ecb4f95-346e-49b3-859f-44f= 28a72f065?source=3Dcve https://plugins.trac.wordpress.org/browser/adminify/tags/4.0.6.1/Libs/Addon= s.php#L54
https://plugins.trac.wordpress.org/changeset/3442928/
=C2=A0 localsend--localsend LocalSend is a free, open-source app that allow=
s users to share files and messages with nearby devices over their local ne= twork without needing an internet connection. In versions up to and includi=
ng 1.17.0, when a user initiates a "Share via Link" session, the LocalSend = application starts a local HTTP server to host the selected files. The clie= nt-side logic for this web interface is contained in `app/assets/web/main.j= s`. Note that at [0], the `handleFilesDisplay` function constructs the HTML=
for the file list by iterating over the files received from the server. Co= mmit 8f3cec85aa29b2b13fed9b2f8e499e1ac9b0504c contains a patch. 2026-01-30 = 6.1 CVE-2026-25154 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25154 ] ht= tps://github.com/localsend/localsend/security/advisories/GHSA-34v6-52hh-x4r4 https://github.com/localsend/localsend/commit/8f3cec85aa29b2b13fed9b2f8e499= e1ac9b0504c
=C2=A0 lxicon--Bitcoin Donate Button The Bitcoin Donate Button plugin for W= ordPress is vulnerable to Cross-Site Request Forgery in all versions up to,=
and including, 1.0. This is due to missing or incorrect nonce validation o=
n the settings page. This makes it possible for unauthenticated attackers t=
o modify the plugin's settings, including donation addresses and display co= nfigurations, via a forged request granted they can trick a site administra= tor into performing an action such as clicking on a link. 2026-01-28 4.3 CV= E-2026-1380 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1380 ] https://ww= w.wordfence.com/threat-intel/vulnerabilities/id/3c973dd9-cfa3-4f06-a25a-c27= 86e3dca4d?source=3Dcve https://plugins.trac.wordpress.org/browser/bitcoin-donate-button/trunk/btcb= utton.php#L1 https://plugins.trac.wordpress.org/browser/bitcoin-donate-button/tags/1.0/b= tcbutton.php#L1
=C2=A0 mamunreza--Vzaar Media Management The Vzaar Media Management plugin = for WordPress is vulnerable to Reflected Cross-Site Scripting in all versio=
ns up to, and including, 1.2 due to insufficient input sanitization and out= put escaping on the $_SERVER['PHP_SELF'] variable. This makes it possible f=
or unauthenticated attackers to inject arbitrary web scripts in pages that = execute if they can successfully trick a user into performing an action suc=
h as clicking on a link. 2026-01-28 5.3 CVE-2026-1391 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-1391 ] https://www.wordfence.com/threat-intel/vuln= erabilities/id/398a75b1-6470-44b3-aaea-d5e8b10db115?source=3Dcve https://plugins.trac.wordpress.org/browser/vzaar-media-management/trunk/adm= in/vzaar-media-upload.php#L103 https://plugins.trac.wordpress.org/browser/vzaar-media-management/tags/1.2/= admin/vzaar-media-upload.php#L103
=C2=A0 mapstructure--mapstructure A flaw was found in github.com/go-viper/m= apstructure/v2, in the field processing component using mapstructure.WeakDe= code. This vulnerability allows information disclosure through detailed err=
or messages that may leak sensitive input values via malformed user-supplie=
d data processed in security-critical contexts. 2026-01-26 5.3 CVE-2025-110=
65 [ https://www.cve.org/CVERecord?id=3DCVE-2025-11065 ] https://access.red= hat.com/security/cve/CVE-2025-11065
RHBZ#2391829 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2391829 ] https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa6427248= 7fc5075d2c39c https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c= -4cjm
=C2=A0 metagauss--RegistrationMagic Custom Registration Forms, User Registr= ation, Payment, and User Login The RegistrationMagic plugin for WordPress i=
s vulnerable to Missing Authorization in versions up to, and including, 6.0= .7.4. This is due to missing nonce verification and capability checks on th=
e rm_set_otp AJAX action handler. This makes it possible for unauthenticate=
d attackers to modify arbitrary plugin settings, including reCAPTCHA keys, = security settings, and frontend menu titles. 2026-01-28 5.3 CVE-2026-1054 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-1054 ] https://www.wordfence.c= om/threat-intel/vulnerabilities/id/daf4d246-85f3-48b3-985f-982fea4772f1?sou= rce=3Dcve https://plugins.trac.wordpress.org/browser/custom-registration-form-builder= -with-submission-manager/tags/6.0.6.9/admin/controllers/class_rm_options_co= ntroller.php#L209
https://plugins.trac.wordpress.org/changeset/3444777/
=C2=A0 michalc--PDW File Browser PDW File Browser 1.3 contains a remote cod=
e execution vulnerability that allows authenticated users to upload and ren= ame webshell files to arbitrary web server locations. Attackers can upload =
a .txt webshell, rename it to .php, and move it to accessible directories u= sing double-encoded path traversal techniques. 2026-01-28 6.5 CVE-2020-3697=
3 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36973 ] ExploitDB-48987 [ h= ttps://www.exploit-db.com/exploits/48987 ]
PDW File Browser GitHub Repository [ https://github.com/michalc/PDW-File-Br= owser ]
VulnCheck Advisory: PDW File Browser 1.3 - Remote Code Execution [ https://= www.vulncheck.com/advisories/pdw-file-browser-remote-code-execution ]
=C2=A0 microsoft--maker.js Maker.js is a 2D vector line drawing and shape m= odeling for CNC and laser cutters. In versions up to and including 0.19.1, = the `makerjs.extendObject` function copies properties from source objects w= ithout proper validation, potentially exposing applications to security ris= ks. The function lacks `hasOwnProperty()` checks and does not filter danger= ous keys, allowing inherited properties and potentially malicious propertie=
s to be copied to target objects. A patch is available in commit 85e0f12bd8= 68974b891601a141974f929dec36b8, which is expected to be part of version 0.1= 9.2. 2026-01-28 6.5 CVE-2026-24888 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-24888 ] https://github.com/microsoft/maker.js/security/advisories/GHS= A-2cp6-34r9-54xx https://github.com/microsoft/maker.js/commit/85e0f12bd868974b891601a141974f= 929dec36b8 https://github.com/microsoft/maker.js/blob/98cffa82a372ff942194c925a12a3112= 53587167/packages/maker.js/src/core/maker.ts#L232-L241
=C2=A0 midgetspy--Sickbeard Sickbeard alpha contains a cross-site request f= orgery vulnerability that allows attackers to disable authentication by sub= mitting crafted configuration parameters. Attackers can trick users into su= bmitting a malicious form that clears web username and password, effectivel=
y removing authentication protection. 2026-01-30 5.3 CVE-2020-37026 [ https= ://www.cve.org/CVERecord?id=3DCVE-2020-37026 ] ExploitDB-48712 [ https://ww= w.exploit-db.com/exploits/48712 ]
Archived Sickbeard Official Homepage [ https://web.archive.org/web/20190722= 085652/https://sickbeard.com/ ]
Sickbeard GitHub Repository [ https://github.com/midgetspy/Sick-Beard ] VulnCheck Advisory: Sickbeard 0.1 - Cross-Site Request Forgery [ https://ww= w.vulncheck.com/advisories/sickbeard-cross-site-request-forgery ]
=C2=A0 migaweb--Simple calendar for Elementor The Simple calendar for Eleme= ntor plugin for WordPress is vulnerable to Missing Authorization in all ver= sions up to, and including, 1.6.6. This is due to missing capability checks=
on the `miga_ajax_editor_cal_delete` function that is hooked to the `miga_= editor_cal_delete` AJAX action with both authenticated and unauthenticated = access enabled. This makes it possible for unauthenticated attackers to del= ete arbitrary calendar entries by sending a request with a valid nonce and = the calendar entry ID. 2026-01-28 5.3 CVE-2026-1310 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-1310 ] https://www.wordfence.com/threat-intel/vulner= abilities/id/e537c56d-7c5e-4f21-b266-ef3d1a87caf2?source=3Dcve https://plugins.trac.wordpress.org/browser/simple-calendar-for-elementor/tr= unk/widget/includes/backend_functions.php#L3 https://plugins.trac.wordpress.org/browser/simple-calendar-for-elementor/ta= gs/1.6.6/widget/includes/backend_functions.php#L3 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3444617%40simple-calendar-for-elementor&new=3D3444617%40simpl= e-calendar-for-elementor&sfp_email=3D&sfph_mail=3D
=C2=A0 miles99--WP Google Ad Manager Plugin The WP Google Ad Manager Plugin=
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi=
n settings in all versions up to, and including, 1.1.0 due to insufficient = input sanitization and output escaping. This makes it possible for authenti= cated attackers, with administrator-level permissions and above, to inject = arbitrary web scripts in pages that will execute whenever a user accesses a=
n injected page. This only affects multi-site installations and installatio=
ns where unfiltered_html has been disabled. 2026-01-28 4.4 CVE-2026-1399 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-1399 ] https://www.wordfence.co= m/threat-intel/vulnerabilities/id/f3185d82-a785-4165-8469-abc0be38f852?sour= ce=3Dcve https://plugins.trac.wordpress.org/browser/wp-google-ad-manager-plugin/trun= k/WP-Google-Ad-Manager.php#L194 https://plugins.trac.wordpress.org/browser/wp-google-ad-manager-plugin/tags= /1.1.0/WP-Google-Ad-Manager.php#L194
=C2=A0 MongoDB--Mongo-c-driver User-controlled chunkSize metadata from Mong= oDB lacks appropriate validation allowing malformed GridFS metadata to over= flow the bounding container. 2026-01-27 6.5 CVE-2025-14911 [ https://www.cv= e.org/CVERecord?id=3DCVE-2025-14911 ] https://jira.mongodb.org/browse/CDRIV= ER-6125
=C2=A0 MrPlugins--BootCommerce BootCommerce 3.2.1 contains persistent input=
validation vulnerabilities that allow remote attackers to inject malicious=
script code through guest order checkout input fields. Attackers can explo=
it unvalidated input parameters to execute arbitrary scripts, potentially l= eading to session hijacking, phishing attacks, and application module manip= ulation. 2026-02-01 6.4 CVE-2022-50941 [ https://www.cve.org/CVERecord?id= =3DCVE-2022-50941 ] Vulnerability Lab Advisory [ https://www.vulnerability-= lab.com/get_content.php?id=3D2279 ]
Product Homepage [ https://codecanyon.net/item/bootcommerce-ecommerce-twitt= er-bootstrap-based/5702921 ]
VulnCheck Advisory: BootCommerce 3.2.1 Persistent Cross-Site Scripting via = Order Checkout [ https://www.vulncheck.com/advisories/bootcommerce-persiste= nt-cross-site-scripting-via-order-checkout ]
=C2=A0 Naviwebs S.C.--Navigate CMS Navigate CMS 2.8.7 contains a cross-site=
request forgery vulnerability that allows attackers to upload malicious ex= tensions through a crafted HTML page. Attackers can trick authenticated adm= inistrators into executing arbitrary file uploads by leveraging the extensi=
on upload functionality without additional validation. 2026-01-30 4.3 CVE-2= 020-37054 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37054 ] ExploitDB-4= 8548 [ https://www.exploit-db.com/exploits/48548 ]
Navigate CMS Official Homepage [ https://www.navigatecms.com/en/home ]
Navigate CMS SourceForge Page [ https://sourceforge.net/projects/navigatecm=
s ]
VulnCheck Advisory: Navigate CMS 2.8.7 - Cross-Site Request Forgery [ https= ://www.vulncheck.com/advisories/navigate-cms-cross-site-request-forgery ] =C2=A0 nebojsadabic--Target Video Easy Publish The Target Video Easy Publis=
h plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the=
'placeholder_img' parameter in all versions up to, and including, 3.8.8 du=
e to insufficient input sanitization and output escaping. This makes it pos= sible for authenticated attackers, with Contributor-level access and above,=
to inject arbitrary web scripts in pages that will execute whenever a user=
accesses an injected page. 2026-01-28 6.4 CVE-2025-8072 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-8072 ] https://www.wordfence.com/threat-intel/v= ulnerabilities/id/26e16dd3-66bc-4174-acc1-ee22713ae979?source=3Dcve https://plugins.trac.wordpress.org/browser/brid-video-easy-publish/tags/3.8= .6/lib/BridShortcode.php#L204 https://wordpress.org/plugins/brid-video-easy-publish/#developers https://plugins.trac.wordpress.org/changeset/3437514/brid-video-easy-publis= h/trunk/lib/BridShortcode.php
=C2=A0 NetArt Media--Easy Cart Shopping Cart Easy Cart Shopping Cart 2021 c= ontains a non-persistent cross-site scripting vulnerability in the search m= odule's keyword parameter. Remote attackers can inject malicious script cod=
e through the search input to compromise user sessions and manipulate appli= cation content. 2026-02-01 6.4 CVE-2021-47856 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2021-47856 ] Vulnerability Lab Advisory [ https://www.vulnerabi= lity-lab.com/get_content.php?id=3D2298 ]
Product Homepage [ https://www.netartmedia.net/easy-cart ]
VulnCheck Advisory: Easy Cart Shopping Cart 2021 Cross-Site Scripting via S= earch Parameter [ https://www.vulncheck.com/advisories/easy-cart-shopping-c= art-cross-site-scripting-via-search-parameter ]
=C2=A0 nocodb--nocodb NocoDB is software for building databases as spreadsh= eets. Prior to version 0.301.0, an authenticated user with org-level-creato=
r permissions can exploit prototype pollution in the `/api/v2/meta/connecti= on/test` endpoint, causing all database write operations to fail applicatio= n-wide until server restart. While the pollution technically bypasses SUPER= _ADMIN authorization checks, no practical privileged actions can be perform=
ed because database operations fail immediately after pollution. Version 0.= 301.0 patches the issue. 2026-01-28 4.9 CVE-2026-24766 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-24766 ] https://github.com/nocodb/nocodb/security= /advisories/GHSA-95ff-46g6-6gw9
=C2=A0 nocodb--nocodb NocoDB is software for building databases as spreadsh= eets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) = vulnerability exists in the `uploadViaURL` functionality due to an unprotec= ted `HEAD` request. While the subsequent file retrieval logic correctly enf= orces SSRF protections, the initial metadata request executes without valid= ation. This allows limited outbound requests to arbitrary URLs before SSRF = controls are applied. Version 0.301.0 contains a patch for the issue. 2026-= 01-28 4.9 CVE-2026-24767 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2476=
7 ] https://github.com/nocodb/nocodb/security/advisories/GHSA-xr7v-j379-34v9 =C2=A0 NVIDIA--GeForce NVIDIA HD Audio Driver for Windows contains a vulner= ability where an attacker could exploit a NULL pointer dereference issue. A=
successful exploit of this vulnerability might lead to a denial of service=
. 2026-01-28 5.5 CVE-2025-33237 [ https://www.cve.org/CVERecord?id=3DCVE-20= 25-33237 ] https://nvd.nist.gov/vuln/detail/CVE-2025-33237 https://www.cve.org/CVERecord?id=3DCVE-2025-33237 https://nvidia.custhelp.com/app/answers/detail/a_id/5747
=C2=A0 OISF--suricata Suricata is a network IDS, IPS and NSM engine. While = saving a dataset a stack buffer is used to prepare the data. Prior to versi= ons 8.0.3 and 7.0.14, if the data in the dataset is too large, this can res= ult in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a wo= rkaround, do not use rules with datasets `save` nor `state` options. 2026-0= 1-27 5.9 CVE-2026-22262 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22262=
] https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86 https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e184= 14dbf https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d= 011f1 https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7= 637eb https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f= 64521 https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca7= 43658 https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e4694332= 6ac90
https://redmine.openinfosecfoundation.org/issues/8110
=C2=A0 OISF--suricata Suricata is a network IDS, IPS and NSM engine. Starti=
ng in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 heade=
rs parsing can lead to slowdown over multiple packets. Version 8.0.3 patche=
s the issue. No known workarounds are available. 2026-01-27 5.3 CVE-2026-22= 263 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22263 ] https://github.co= m/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7 https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad90430609= 23428
https://redmine.openinfosecfoundation.org/issues/8201
=C2=A0 Open5GS--Open5GS A security flaw has been discovered in Open5GS up t=
o 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_= indication of the file src/sgwc/s5c-handler.c of the component SGWC. Perfor= ming a manipulation results in denial of service. The attack can be initiat=
ed remotely. The exploit has been released to the public and may be used fo=
r attacks. The patch is named 69b53add90a9479d7960b822fc60601d659c328b. It =
is recommended to apply a patch to fix this issue. 2026-01-28 5.3 CVE-2026-= 1521 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1521 ] VDB-343192 | Open= 5GS SGWC s5c-handler.c denial of service [ https://vuldb.com/?id.343192 ] VDB-343192 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343192 ]
Submit #738370 | Open5GS SGWC v2.7.6 Denial of Service [ https://vuldb.com/= ?submit.738370 ]
https://github.com/open5gs/open5gs/issues/4268 https://github.com/open5gs/open5gs/issues/4268#event-21989483261 https://github.com/open5gs/open5gs/issues/4268#issue-3795012861 https://github.com/open5gs/open5gs/commit/69b53add90a9479d7960b822fc60601d6= 59c328b
=C2=A0 Open5GS--Open5GS A weakness has been identified in Open5GS up to 2.7= .6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_r= esponse of the file src/sgwc/s5c-handler.c of the component SGWC. Executing=
a manipulation can lead to denial of service. The attack can be launched r= emotely. The exploit has been made available to the public and could be use=
d for attacks. This patch is called b19cf6a. Applying a patch is advised to=
resolve this issue. The issue report is flagged as already-fixed. 2026-01-=
28 5.3 CVE-2026-1522 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1522 ] V= DB-343193 | Open5GS SGWC s5c-handler.c sgwc_s5c_handle_modify_bearer_respon=
se denial of service [ https://vuldb.com/?id.343193 ]
VDB-343193 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343193 ]
Submit #738371 | Open5GS SGWC v2.7.6 Denial of Service [ https://vuldb.com/= ?submit.738371 ]
https://github.com/open5gs/open5gs/issues/4266 https://github.com/open5gs/open5gs/issues/4266#event-21968568116 https://github.com/open5gs/open5gs/issues/4266#issue-3794991595 https://github.com/open5gs/open5gs/commit/b19cf6a
=C2=A0 Open5GS--Open5GS A flaw has been found in Open5GS up to 2.7.5. Impac= ted is the function ogs_gtp2_f_teid_to_ip of the file /sgwc/s11-handler.c o=
f the component SGWC. Executing a manipulation can lead to denial of servic=
e. The attack may be performed from remote. The exploit has been published = and may be used. It is advisable to implement a patch to correct this issue=
. The issue report is flagged as already-fixed. 2026-01-29 5.3 CVE-2026-158=
6 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1586 ] VDB-343349 | Open5GS=
SGWC s11-handler.c ogs_gtp2_f_teid_to_ip denial of service [ https://vuldb= .com/?id.343349 ]
VDB-343349 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343349 ]
Submit #738375 | Open5GS SGWC v2.7.6 Denial of Service [ https://vuldb.com/= ?submit.738375 ]
https://github.com/open5gs/open5gs/issues/4273 https://github.com/open5gs/open5gs/issues/4273#event-21968643659 https://github.com/open5gs/open5gs/issues/4273#issue-3796030721
=C2=A0 Open5GS--Open5GS A vulnerability has been found in Open5GS up to 2.7= .6. The affected element is the function sgwc_s11_handle_modify_bearer_requ= est of the file /sgwc/s11-handler.c of the component SGWC. The manipulation=
leads to denial of service. It is possible to initiate the attack remotely=
. The exploit has been disclosed to the public and may be used. Applying a = patch is the recommended action to fix this issue. The issue report is flag= ged as already-fixed. 2026-01-29 5.3 CVE-2026-1587 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-1587 ] VDB-343350 | Open5GS SGWC s11-handler.c sgwc_s= 11_handle_modify_bearer_request denial of service [ https://vuldb.com/?id.3= 43350 ]
VDB-343350 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343350 ]
Submit #738376 | Open5GS SGWC v2.7.6 Denial of Service [ https://vuldb.com/= ?submit.738376 ]
https://github.com/open5gs/open5gs/issues/4272 https://github.com/open5gs/open5gs/issues/4272#event-21968635948 https://github.com/open5gs/open5gs/issues/4272#issue-3795156752
=C2=A0 OpenZ--OpenZ ERP OpenZ ERP 3.6.60 contains a persistent cross-site s= cripting vulnerability in the Employee module's name and description parame= ters. Attackers can inject malicious scripts through POST requests to , ena= bling session hijacking and manipulation of application modules. 2026-01-30=
6.4 CVE-2020-37022 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37022 ] E= xploitDB-48450 [ https://www.exploit-db.com/exploits/48450 ]
OpenZ Official Website [ https://www.openz.de/ ]
OpenZ Download Page [ https://www.openz.de/download.html ]
Vulnerability Lab Advisory [ https://www.vulnerability-lab.com/get_content.= php?id=3D2234 ]
VulnCheck Advisory: OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting [ ht= tps://www.vulncheck.com/advisories/openz-erp-persistent-cross-site-scriptin=
g ]
=C2=A0 opf--openproject OpenProject is an open-source, web-based project ma= nagement software. In the new editor for collaborative documents based on B= lockNote, OpenProject maintainers added a custom extension in OpenProject v= ersion 17.0.0 that allows to mention OpenProject work packages in the docum= ent. To show work package details, the editor loads details about the work = package via the OpenProject API. For this API call, the extension to the Bl= ockNote editor did not properly validate the given work package ID to be on=
ly a number. This allowed an attacker to generate a document with relative = links that upon opening could make arbitrary `GET` requests to any URL with=
in the OpenProject instance. This issue was patched in version version 0.0.=
22 of op-blocknote-extensions, which was shipped with OpenProject 17.0.2. I=
f users cannot update immediately to version 17.0.2 of OpenProject, adminis= trators can disable collaborative document editing in Settings -> Documents=

Real time collaboration -> Disable. 2026-01-28 6.3 CVE-2026-24775 [ htt=

ps://www.cve.org/CVERecord?id=3DCVE-2026-24775 ] https://github.com/opf/ope= nproject/security/advisories/GHSA-35c6-x276-2pvc https://github.com/opf/op-blocknote-extensions/releases/tag/v0.0.22
=C2=A0 Orchardcore--Orchard Core Orchard Core RC1 contains a persistent cro= ss-site scripting vulnerability that allows remote attackers to inject mali= cious scripts through blog post creation. Attackers can create blog posts w= ith embedded JavaScript in the MarkdownBodyPart.Source parameter to execute=
arbitrary scripts in victim browsers. 2026-01-30 6.4 CVE-2020-37019 [ http= s://www.cve.org/CVERecord?id=3DCVE-2020-37019 ] ExploitDB-48456 [ https://w= ww.exploit-db.com/exploits/48456 ]
Orchard Core Official Website [ http://www.orchardcore.net/ ]
Orchard Core GitHub Repository [ https://github.com/OrchardCMS/OrchardCore ] GitHub Issue #5802 [ https://github.com/OrchardCMS/OrchardCore/issues/5802 ] VulnCheck Advisory: Orchard Core RC1 - Persistent Cross-Site Scripting [ ht= tps://www.vulncheck.com/advisories/orchard-core-rc-persistent-cross-site-sc= ripting ]
=C2=A0 Php-Fusion--PHPFusion PHPFusion 9.03.50 contains a persistent cross-= site scripting vulnerability in the print.php page that fails to properly s= anitize user-submitted message content. Attackers can inject malicious Java= Script through forum messages that will execute when the print page is gene= rated, allowing script execution in victim browsers. 2026-01-30 6.4 CVE-202= 0-36996 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36996 ] ExploitDB-484=
97 [ https://www.exploit-db.com/exploits/48497 ]
PHPFusion Official Homepage [ https://www.php-fusion.co.uk/home.php ]
PHPFusion Download Page [ https://www.php-fusion.co.uk/php_fusion_9_downloa= ds.php ]
VulnCheck Advisory: PHPFusion 9.03.50 - Persistent Cross-Site Scripting [ h= ttps://www.vulncheck.com/advisories/phpfusion-persistent-cross-site-scripti=
ng ]
=C2=A0 PHPGurukul--Hospital Management System A security flaw has been disc= overed in PHPGurukul Hospital Management System 1.0. Affected by this issue=
is some unknown functionality of the file /hms/hospital/docappsystem/admin= views.py of the component Admin Dashboard Page. Performing a manipulation r= esults in improper authorization. Remote exploitation of the attack is poss= ible. The exploit has been released to the public and may be used for attac= ks. 2026-01-28 6.3 CVE-2026-1550 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-1550 ] VDB-343246 | PHPGurukul Hospital Management System Admin Dashboa=
rd adminviews.py improper authorization [ https://vuldb.com/?id.343246 ] VDB-343246 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343246 ]
Submit #739837 | PHPGurukul Hospital Management System v1.0 Missing Authori= zation [ https://vuldb.com/?submit.739837 ] https://github.com/rsecroot/Hospital-Management-System/blob/main/Broken%20A= ccess%20Control.md
https://phpgurukul.com/
=C2=A0 PHPGurukul--News Portal A vulnerability was identified in PHPGurukul=
News Portal 1.0. This affects an unknown part of the component Profile Pic=
Handler. The manipulation leads to unrestricted upload. It is possible to = initiate the attack remotely. The exploit is publicly available and might b=
e used. 2026-01-26 4.7 CVE-2026-1424 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-1424 ] VDB-342840 | PHPGurukul News Portal Profile Pic unrestricted=
upload [ https://vuldb.com/?id.342840 ]
VDB-342840 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3428=
40 ]
Submit #736637 | PHPGurukul News Portal v1.0 Cross Site Scripting [ https:/= /vuldb.com/?submit.736637 ] https://github.com/rsecroot/News-Portal/blob/main/Cross%20Site%20Scripting.=
md
https://phpgurukul.com/
=C2=A0 PHPSUGAR--PHP Melody PHP Melody version 3.0 contains multiple non-pe= rsistent cross-site scripting vulnerabilities in categories, import, and us=
er import files. Attackers can inject malicious scripts through unvalidated=
parameters to execute client-side attacks and potentially hijack user sess= ions. 2026-02-01 6.4 CVE-2021-47912 [ https://www.cve.org/CVERecord?id=3DCV= E-2021-47912 ] Vulnerability Lab Advisory [ https://www.vulnerability-lab.c= om/get_content.php?id=3D2290 ]
Vulnerability Lab Advisory [ https://www.phpsugar.com/blog/2021/09/php-melo= dy-3-0-vulnerability-report-fix/ ]
Product Homepage [ https://www.phpsugar.com/phpmelody.html ]
VulnCheck Advisory: PHP Melody 3.0 Non-Persistent Cross-Site Scripting via = Multiple Parameters [ https://www.vulncheck.com/advisories/php-melody-non-p= ersistent-cross-site-scripting-via-multiple-parameters ]
=C2=A0 PHPSUGAR--PHP Melody PHP Melody 3.0 contains a persistent cross-site=
scripting vulnerability in the video editor that allows privileged users t=
o inject malicious scripts. Attackers can exploit the WYSIWYG editor to exe= cute persistent scripts, potentially leading to session hijacking and appli= cation manipulation. 2026-02-01 6.4 CVE-2021-47913 [ https://www.cve.org/CV= ERecord?id=3DCVE-2021-47913 ] Vulnerability Lab Advisory [ https://www.vuln= erability-lab.com/get_content.php?id=3D2291 ]
Vulnerability Lab Advisory [ https://www.phpsugar.com/blog/2021/09/php-melo= dy-3-0-vulnerability-report-fix/ ]
Product Homepage [ https://www.phpsugar.com/phpmelody.html ]
VulnCheck Advisory: PHP Melody 3.0 Persistent Cross-Site Scripting via Vide=
o Editor [ https://www.vulncheck.com/advisories/php-melody-persistent-cross= -site-scripting-via-video-editor ]
=C2=A0 PHPSUGAR--PHP Melody PHP Melody version 3.0 contains a persistent cr= oss-site scripting vulnerability in the edit-video.php submitted parameter = that allows remote attackers to inject malicious script code. Attackers can=
exploit this vulnerability to execute arbitrary JavaScript, potentially le= ading to session hijacking, persistent phishing, and manipulation of applic= ation modules. 2026-02-01 6.4 CVE-2021-47914 [ https://www.cve.org/CVERecor= d?id=3DCVE-2021-47914 ] Vulnerability Lab Advisory [ https://www.vulnerabil= ity-lab.com/get_content.php?id=3D2292 ]
Vulnerability Lab Advisory [ https://www.phpsugar.com/blog/2021/09/php-melo= dy-3-0-vulnerability-report-fix/ ]
Product Homepage [ https://www.phpsugar.com/phpmelody.html ]
VulnCheck Advisory: PHP Melody 3.0 Persistent XSS Vulnerability via Edit Vi= deo Parameter [ https://www.vulncheck.com/advisories/php-melody-persistent-= xss-vulnerability-via-edit-video-parameter ]
=C2=A0 pnpm--pnpm pnpm is a package manager. Prior to version 10.28.1, a pa=
th traversal vulnerability in pnpm's binary fetcher allows malicious packag=
es to write files outside the intended extraction directory. The vulnerabil= ity has two attack vectors: (1) Malicious ZIP entries containing `../` or a= bsolute paths that escape the extraction root via AdmZip's `extractAllTo`, = and (2) The `BinaryResolution.prefix` field is concatenated into the extrac= tion path without validation, allowing a crafted prefix like `../../evil` t=
o redirect extracted files outside `targetDir`. The issue impacts all pnpm = users who install packages with binary assets, users who configure custom N= ode.js binary locations and CI/CD pipelines that auto-install binary depend= encies. It can lead to overwriting config files, scripts, or other sensitiv=
e files leading to RCE. Version 10.28.1 contains a patch. 2026-01-26 6.5 CV= E-2026-23888 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23888 ] https://= github.com/pnpm/pnpm/security/advisories/GHSA-6pfh-p556-v868 https://github.com/pnpm/pnpm/commit/5c382f0ca3b7cc49963b94677426e66539dcb3f5 https://github.com/pnpm/pnpm/releases/tag/v10.28.1
=C2=A0 pnpm--pnpm pnpm is a package manager. Prior to version 10.28.1, a pa=
th traversal vulnerability in pnpm's tarball extraction allows malicious pa= ckages to write files outside the package directory on Windows. The path no= rmalization only checks for `./` but not `.=20

You are subscribed to Vulnerability Bulletins for Cybersecurity and Infrast= ructure Security Agency. This information has recently been updated and is = now available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities t= hat have been recorded in the past week. In some cases, the vulnerabilities=
in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the=C2=A0Common Vulnerabilities and Exposures =
[ https://www.cve.org/ ]=C2=A0(CVE) vulnerability naming standard and are o= rganized according to severity, determined by the=C2=A0Common Vulnerability=
Scoring System [ https://www.cve.org/about/relatedefforts ]=C2=A0(CVSS) st= andard. The division of high, medium, and low severities correspond to the = following scores:

* *High*: vulnerabilities with a CVSS base score of 7.0=E2=80=9310.0=20
* *Medium*: vulnerabilities with a CVSS base score of 4.0=E2=80=936.9=20
* *Low*: vulnerabilities with a CVSS base score of 0.0=E2=80=933.9=20

Entries may include additional information provided by organizations and ef= forts sponsored by CISA. This information may include identifying informati= on, values, definitions, and related links. Patch information is provided w= hen available. Please note that some of the information in the bulletin is = compiled from external, open-source reports and is not a direct result of C= ISA analysis.

. On Windows, backslashes are directory separators, enabling path traversal=
. This vulnerability is Windows-only. This issue impacts Windows pnpm users=
and Windows CI/CD pipelines (GitHub Actions Windows runners, Azure DevOps)=
. It can lead to overwriting `.npmrc`, build configs, or other files. Versi=
on 10.28.1 contains a patch.

2026-01-26 6.5 CVE-2026-23889 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-23889 ] https://github.com/pnpm/pnpm/security/advisories/GHSA-6x96-7vc8-c= m3p https://github.com/pnpm/pnpm/commit/6ca07ffbe6fc0e8b8cdc968f228903ba0886f7c0 https://github.com/pnpm/pnpm/releases/tag/v10.28.1
=C2=A0 pnpm--pnpm pnpm is a package manager. Prior to version 10.28.1, a pa=
th traversal vulnerability in pnpm's bin linking allows malicious npm packa= ges to create executable shims or symlinks outside of `node_modules/.bin`. = Bin names starting with `@` bypass validation, and after scope normalizatio=
n, path traversal sequences like `../../` remain intact. This issue affects=
all pnpm users who install npm packages and CI/CD pipelines using pnpm. It=
can lead to overwriting config files, scripts, or other sensitive files. V= ersion 10.28.1 contains a patch. 2026-01-26 6.5 CVE-2026-23890 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-23890 ] https://github.com/pnpm/pnpm/secu= rity/advisories/GHSA-xpqm-wm3m-f34h https://github.com/pnpm/pnpm/commit/8afbb1598445d37985d91fda18abb4795ae5062d https://github.com/pnpm/pnpm/releases/tag/v10.28.1
=C2=A0 presstigers--Simple Folio The Simple Folio plugin for WordPress is v= ulnerable to Stored Cross-Site Scripting via the '_simple_folio_item_client= _name' and '_simple_folio_item_link' meta fields in all versions up to, and=
including, 1.1.1 due to insufficient input sanitization and output escapin=
g. This makes it possible for authenticated attackers, with Contributor-lev=
el access and above, to inject arbitrary web scripts in pages that will exe= cute whenever a user accesses an injected page. 2026-01-28 6.4 CVE-2025-140=
39 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14039 ] https://www.wordfe= nce.com/threat-intel/vulnerabilities/id/c32a71d6-d61c-4f6f-9d35-70140235af7= c?source=3Dcve https://plugins.trac.wordpress.org/browser/simple-folio/trunk/templates/sin= gle-simple-folio.php#L70 https://plugins.trac.wordpress.org/browser/simple-folio/tags/1.1.1/template= s/single-simple-folio.php#L70 https://plugins.trac.wordpress.org/browser/simple-folio/trunk/templates/sin= gle-simple-folio.php#L76 https://plugins.trac.wordpress.org/browser/simple-folio/tags/1.1.1/template= s/single-simple-folio.php#L76 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3442515%40simple-folio&new=3D3442515%40simple-folio&sfp_email= =3D&sfph_mail=3D
=C2=A0 Product Owner: Webile--Webile Webile 1.0.1 contains a directory trav= ersal vulnerability that allows remote attackers to manipulate file system = paths without authentication. Attackers can exploit path manipulation to ac= cess sensitive system directories and potentially compromise the mobile dev= ice's local file system. 2026-02-01 6.5 CVE-2022-50950 [ https://www.cve.or= g/CVERecord?id=3DCVE-2022-50950 ] Vulnerability Lab Advisory [ https://www.= vulnerability-lab.com/get_content.php?id=3D2320 ]
Product Homepage [ https://play.google.com/store/apps/details?id=3Dcom.tech= prd.filetransfer&hl=3Den_US ]
VulnCheck Advisory: Webile 1.0.1 Directory Traversal Vulnerability via Web = Application [ https://www.vulncheck.com/advisories/webile-directory-travers= al-vulnerability-via-web-application ]
=C2=A0 psmplugins--SupportCandy Helpdesk & Customer Support Ticket System T=
he SupportCandy - Helpdesk & Customer Support Ticket System plugin for Word= Press is vulnerable to SQL Injection via the Number-type custom field filte=
r in all versions up to, and including, 3.4.4. This is due to insufficient = escaping on the user-supplied operand value when using the equals operator = and lack of sufficient preparation on the existing SQL query. This makes it=
possible for authenticated attackers, with Subscriber-level access and abo=
ve (customers), to append additional SQL queries into already existing quer= ies that can be used to extract sensitive information from the database. 20= 26-01-31 6.5 CVE-2026-0683 [ https://www.cve.org/CVERecord?id=3DCVE-2026-06=
83 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/a7856d0f-bc7= d-436c-968c-631fd6a686ab?source=3Dcve https://plugins.trac.wordpress.org/browser/supportcandy/tags/3.4.4/includes= /admin/tickets/class-wpsc-ticket-list.php#L1265 https://plugins.trac.wordpress.org/browser/supportcandy/tags/3.4.4/includes= /admin/tickets/class-wpsc-ticket-list.php#L1288 https://plugins.trac.wordpress.org/browser/supportcandy/tags/3.4.4/includes= /custom-field-types/class-wpsc-cf-number.php#L371 https://plugins.trac.wordpress.org/changeset/3448376/
=C2=A0 psmplugins--SupportCandy Helpdesk & Customer Support Ticket System T=
he SupportCandy - Helpdesk & Customer Support Ticket System plugin for Word= Press is vulnerable to Insecure Direct Object Reference in all versions up = to, and including, 3.4.4 via the 'add_reply' function due to missing valida= tion on a user controlled key. This makes it possible for authenticated att= ackers, with subscriber-level access and above, to steal file attachments u= ploaded by other users by specifying arbitrary attachment IDs in the 'descr= iption_attachments' parameter, re-associating those files to their own tick= ets and removing access from the original owners. 2026-01-31 5.4 CVE-2026-1= 251 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1251 ] https://www.wordfe= nce.com/threat-intel/vulnerabilities/id/89df3005-0967-474f-8a4e-3b23273dd1a= 2?source=3Dcve https://plugins.trac.wordpress.org/browser/supportcandy/trunk/includes/admi= n/tickets/class-wpsc-individual-ticket.php#L1603 https://plugins.trac.wordpress.org/changeset/3448376/
=C2=A0 pymumu--SmartDNS A security flaw has been discovered in pymumu Smart= DNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head= /_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record = Parser. The manipulation results in stack-based buffer overflow. It is poss= ible to launch the attack remotely. A high complexity level is associated w= ith this attack. It is stated that the exploitability is difficult. The pat=
ch is identified as 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a pa= tch is advised to resolve this issue. 2026-01-26 5.6 CVE-2026-1425 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-1425 ] VDB-342841 | pymumu SmartDNS S= VBC Record dns.c _dns_decode_SVCB_HTTPS stack-based overflow [ https://vuld= b.com/?id.342841 ]
VDB-342841 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3428=
41 ]
Submit #736827 | pymumu smartdns 47.1 Stack-based Buffer Overflow [ https:/= /vuldb.com/?submit.736827 ] https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084= 727e1c8
=C2=A0 QlikTech International AB--QlikView QlikView 12.50.20000.0 contains =
a denial of service vulnerability in the FTP server address input field tha=
t allows local attackers to crash the application. Attackers can paste a 30= 0-character buffer into the FTP server address field to trigger an applicat= ion crash and prevent normal functionality. 2026-01-29 6.2 CVE-2020-36994 [=
https://www.cve.org/CVERecord?id=3DCVE-2020-36994 ] ExploitDB-48732 [ http= s://www.exploit-db.com/exploits/48732 ]
Vendor Homepage [ https://www.qlik.com ]
VulnCheck Advisory: QlikView 12.50.20000.0 - 'FTP Server Address' Denial of=
Service [ https://www.vulncheck.com/advisories/qlikview-ftp-server-address= -denial-of-service ]
=C2=A0 QR Menu Pro Smart Menu Systems--Menu Panel Authorization Bypass Thro= ugh User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Men=
u Panel allows Exploitation of Trusted Identifiers. This issue affects Menu=
Panel: through 29012026.=C2=A0 NOTE: The vendor was contacted early about = this disclosure but did not respond in any way. 2026-01-29 5.7 CVE-2025-701=
3 [ https://www.cve.org/CVERecord?id=3DCVE-2025-7013 ] https://www.usom.gov= .tr/bildirim/tr-26-0007
=C2=A0 QR Menu Pro Smart Menu Systems--Menu Panel Session Fixation vulnerab= ility in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking=
. This issue affects Menu Panel: through 29012026.=C2=A0 NOTE: The vendor w=
as contacted early about this disclosure but did not respond in any way. 20= 26-01-29 5.7 CVE-2025-7014 [ https://www.cve.org/CVERecord?id=3DCVE-2025-70=
14 ] https://www.usom.gov.tr/bildirim/tr-26-0007
=C2=A0 QWE Labs--QWE DL QWE DL 2.0.1 mobile web application contains a pers= istent input validation vulnerability allowing remote attackers to inject m= alicious script code through path parameter manipulation. Attackers can exp= loit the vulnerability to execute persistent cross-site scripting attacks, = potentially leading to session hijacking and application module manipulatio=
n. 2026-02-01 6.4 CVE-2023-54343 [ https://www.cve.org/CVERecord?id=3DCVE-2= 023-54343 ] Vulnerability Lab Advisory [ https://www.vulnerability-lab.com/= get_content.php?id=3D2326 ]
Product Homepage [ https://apps.apple.com/us/app/qwe/id935520103 ]
VulnCheck Advisory: QWE DL 2.0.1 Persistent XSS Vulnerability via Path Para= meter [ https://www.vulncheck.com/advisories/qwe-dl-persistent-xss-vulnerab= ility-via-path-parameter ]
=C2=A0 recooty--Recooty Job Widget (Old Dashboard) The Recooty - Job Widget=
(Old Dashboard) plugin for WordPress is vulnerable to Cross-Site Request F= orgery in all versions up to, and including, 1.0.6. This is due to missing = nonce validation on the recooty_save_maybe() function. This makes it possib=
le for unauthenticated attackers to update the recooty_key option and injec=
t malicious content into iframe src attributes via a forged request granted=
they can trick a site administrator into performing an action such as clic= king on a link. 2026-01-28 4.3 CVE-2025-14616 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-14616 ] https://www.wordfence.com/threat-intel/vulnerabili= ties/id/eb14f084-6f36-4702-8a28-b62811739407?source=3Dcve https://plugins.trac.wordpress.org/browser/recooty/trunk/admin/init.php#L72 https://plugins.trac.wordpress.org/browser/recooty/tags/1.0.4/admin/init.ph= p#L72
https://plugins.trac.wordpress.org/browser/recooty/trunk/init.php#L41 https://plugins.trac.wordpress.org/browser/recooty/tags/1.0.4/init.php#L41 =C2=A0 Red Hat--Red Hat build of Quarkus A flaw was found in Hibernate Reac= tive. When an HTTP endpoint is exposed to perform database operations, a re= mote client can prematurely close the HTTP connection. This action may lead=
to leaking connections from the database connection pool, potentially caus= ing a Denial of Service (DoS) by exhausting available database connections.=
2026-01-26 4.3 CVE-2025-14969 [ https://www.cve.org/CVERecord?id=3DCVE-202= 5-14969 ] https://access.redhat.com/security/cve/CVE-2025-14969
RHBZ#2423822 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423822 ]
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in libsoup, an=
HTTP client library. This vulnerability, known as CRLF (Carriage Return Li=
ne Feed) Injection, occurs when an HTTP proxy is configured and the library=
improperly handles URL-decoded input used to create the Host header. A rem= ote attacker can exploit this by providing a specially crafted URL containi=
ng CRLF sequences, allowing them to inject additional HTTP headers or compl= ete HTTP request bodies. This can lead to unintended or unauthorized HTTP r= equests being forwarded by the proxy, potentially impacting downstream serv= ices. 2026-01-27 5.8 CVE-2026-1467 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-1467 ] https://access.redhat.com/security/cve/CVE-2026-1467
RHBZ#2433174 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2433174 ]
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in GLib. An in= teger overflow vulnerability in its Unicode case conversion implementation = can lead to memory corruption. By processing specially crafted and extremel=
y large Unicode strings, an attacker could trigger an undersized memory all= ocation, resulting in out-of-bounds writes. This could cause applications u= tilizing GLib for string conversion to crash or become unstable. 2026-01-27=
5.4 CVE-2026-1489 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1489 ] htt= ps://access.redhat.com/security/cve/CVE-2026-1489
RHBZ#2433348 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2433348 ]
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in libsoup. An=
attacker who can control the input for the Content-Disposition header can = inject CRLF (Carriage Return Line Feed) sequences into the header value. Th= ese sequences are then interpreted verbatim when the HTTP request or respon=
se is constructed, allowing arbitrary HTTP headers to be injected. This vul= nerability can lead to HTTP header injection or HTTP response splitting wit= hout requiring authentication or user interaction. 2026-01-28 5.8 CVE-2026-= 1536 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1536 ] https://access.re= dhat.com/security/cve/CVE-2026-1536
RHBZ#2433834 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2433834 ]
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in the libsoup=
HTTP library that can cause proxy authentication credentials to be sent to=
unintended destinations. When handling HTTP redirects, libsoup removes the=
Authorization header but does not remove the Proxy-Authorization header if=
the request is redirected to a different host. As a result, sensitive prox=
y credentials may be leaked to third-party servers. Applications using libs= oup for HTTP communication may unintentionally expose proxy authentication = data. 2026-01-28 5.8 CVE-2026-1539 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-1539 ] https://access.redhat.com/security/cve/CVE-2026-1539
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in the GnuTLS = library, specifically in the gnutls_pkcs11_token_init() function that handl=
es PKCS#11 token initialization. When a token label longer than expected is=
processed, the function writes past the end of a fixed-size stack buffer. = This programming error can cause the application using GnuTLS to crash or, =
in certain conditions, be exploited for code execution. As a result, system=
s or applications relying on GnuTLS may be vulnerable to a denial of servic=
e or local privilege escalation attacks. 2026-01-26 4 CVE-2025-9820 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-9820 ] https://access.redhat.com/sec= urity/cve/CVE-2025-9820
RHBZ#2392528 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2392528 ] https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75d= ff0faf5
https://gitlab.com/gnutls/gnutls/-/issues/1732 https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in the GLib Ba= se64 encoding routine when processing very large input data. Due to incorre=
ct use of integer types during length calculation, the library may miscalcu= late buffer boundaries. This can cause memory writes outside the allocated = buffer. Applications that process untrusted or extremely large Base64 input=
using GLib may crash or behave unpredictably. 2026-01-27 4.2 CVE-2026-1484=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-1484 ] https://access.redhat= .com/security/cve/CVE-2026-1484
RHBZ#2433259 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2433259 ]
=C2=A0 Red Hat--Red Hat OpenShift Virtualization 4 A flaw was found in kube= virt. A user within a virtual machine (VM), if the guest agent is active, c=
an exploit this by causing the agent to report an excessive number of netwo=
rk interfaces. This action can overwhelm the system's ability to store VM c= onfiguration updates, effectively blocking changes to the Virtual Machine I= nstance (VMI). This allows the VM user to restrict the VM administrator's a= bility to manage the VM, leading to a denial of service for administrative = operations. 2026-01-26 6.4 CVE-2025-14525 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-14525 ] https://access.redhat.com/security/cve/CVE-2025-14525 RHBZ#2421360 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2421360 ]
=C2=A0 rupantorpay--Rupantorpay The Rupantorpay plugin for WordPress is vul= nerable to unauthorized modification of data due to a missing capability ch= eck on the handle_webhook() function in all versions up to, and including, = 2.0.0. This makes it possible for unauthenticated attackers to modify WooCo= mmerce order statuses by sending crafted requests to the WooCommerce API en= dpoint. 2026-01-28 5.3 CVE-2025-15511 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-15511 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/= 1b21bdfd-42ec-43fe-b581-04276b86c50b?source=3Dcve https://plugins.trac.wordpress.org/browser/rupantorpay/tags/2.0.0/includes/= class-wc-rupantorpay-gateway.php#L172
=C2=A0 RustCrypto--signatures The ML-DSA crate is a Rust implementation of = the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in v= ersion 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verifica= tion implementation in the RustCrypto `ml-dsa` crate incorrectly accepts si= gnatures with repeated (duplicate) hint indices. According to the ML-DSA sp= ecification (FIPS 204 / RFC 9881), hint indices within each polynomial must=
be **strictly increasing**. The current implementation uses a non-strict m= onotonic check (`<=3D` instead of `<`), allowing duplicate indices. This is=
a regression bug. The original implementation was correct, but a commit in=
version 0.0.4 inadvertently changed the strict `<` comparison to `<=3D`, i= ntroducing the vulnerability. Version 0.1.0-rc.4 fixes the issue. 2026-01-2=
8 5.3 CVE-2026-24850 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24850 ] = https://github.com/RustCrypto/signatures/security/advisories/GHSA-5x2r-hc65= -25f9
https://github.com/RustCrypto/signatures/issues/894 https://github.com/RustCrypto/signatures/pull/895 https://github.com/RustCrypto/signatures/commit/400961412be2e2ab787942cf30e= 0a9b66b37a54a https://github.com/RustCrypto/signatures/commit/b01c3b73dd08d0094e089aa234f= 78b6089ec1f38
https://csrc.nist.gov/pubs/fips/204/final https://datatracker.ietf.org/doc/html/rfc9881 https://github.com/C2SP/wycheproof https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_44_veri= fy_test.json https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_65_veri= fy_test.json https://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_87_veri= fy_test.json
=C2=A0 salihciftci--Liman Liman 0.7 contains a cross-site request forgery v= ulnerability that allows attackers to manipulate user account settings with= out proper request validation. Attackers can craft malicious HTML forms to = change user passwords or modify account information by tricking logged-in u= sers into submitting unauthorized requests. 2026-01-29 5.3 CVE-2020-37007 [=
https://www.cve.org/CVERecord?id=3DCVE-2020-37007 ] ExploitDB-48869 [ http= s://www.exploit-db.com/exploits/48869 ]
Archived Liman GitHub Repository [ https://web.archive.org/web/202011090426= 53/https://github.com/salihciftci/liman ]
VulnCheck Advisory: Liman 0.7 - Cross-Site Request Forgery (Change Password=
) [ https://www.vulncheck.com/advisories/liman-cross-site-request-forgery-c= hange-password ]
=C2=A0 Salt Project--Salt Salt contains an authentication protocol version = downgrade weakness that can allow a malicious minion to bypass newer authen= tication/security features by using an older request payload format, enabli=
ng minion impersonation and circumventing protections introduced in respons=
e to prior issues. 2026-01-30 6.2 CVE-2025-62349 [ https://www.cve.org/CVER= ecord?id=3DCVE-2025-62349 ] Salt 3006.17 release notes (fix and minimum_aut= h_version) [ https://docs.saltproject.io/en/latest/topics/releases/3006.17.= html ]
Salt 3007.9 release notes (fix and minimum_auth_version) [ https://docs.sal= tproject.io/en/latest/topics/releases/3007.9.html ]
=C2=A0 Sangfor--Operation and Maintenance Security Management System A vuln= erability was found in Sangfor Operation and Maintenance Security Managemen=
t System up to 3.0.12. This affects the function portValidate of the file /= fort/ip_and_port/port_validate of the component HTTP POST Request Handler. = Performing a manipulation of the argument port results in command injection=
. The attack can be initiated remotely. The exploit has been made public an=
d could be used. 2026-01-26 6.3 CVE-2026-1413 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-1413 ] VDB-342802 | Sangfor Operation and Maintenance Secu= rity Management System HTTP POST Request port_validate portValidate command=
injection [ https://vuldb.com/?id.342802 ]
VDB-342802 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342802 ]
Submit #736522 | Sangfor Operation and Maintenance Security Management Syst=
em (OSM / =C3=A8=C2=BF=C2=90=C3=A7=C2=BB=C2=B4=C3=A5=C2=AE=E2=80=B0=C3=A5= =E2=80=A6=C2=A8=C3=A7=C2=AE=C2=A1=C3=A7=C2=90=E2=80=A0=C3=A7=C2=B3=C2=BB=C3= =A7=C2=BB=C5=B8) v3.0.12 Command Injection [ https://vuldb.com/?submit.7365=
22 ]
https://github.com/LX-LX88/cve/issues/23
=C2=A0 Sangfor--Operation and Maintenance Security Management System A vuln= erability was determined in Sangfor Operation and Maintenance Security Mana= gement System up to 3.0.12. This impacts the function getInformation of the=
file /equipment/get_Information of the component HTTP POST Request Handler=
. Executing a manipulation of the argument fortEquipmentIp can lead to comm= and injection. The attack can be launched remotely. The exploit has been pu= blicly disclosed and may be utilized. 2026-01-26 6.3 CVE-2026-1414 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-1414 ] VDB-342803 | Sangfor Operation=
and Maintenance Security Management System HTTP POST Request get_Informati=
on getInformation command injection [ https://vuldb.com/?id.342803 ]
VDB-342803 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342803 ]
Submit #736524 | Sangfor Operation and Maintenance Security Management Syst=
em (OSM / =C3=A8=C2=BF=C2=90=C3=A7=C2=BB=C2=B4=C3=A5=C2=AE=E2=80=B0=C3=A5= =E2=80=A6=C2=A8=C3=A7=C2=AE=C2=A1=C3=A7=C2=90=E2=80=A0=C3=A7=C2=B3=C2=BB=C3= =A7=C2=BB=C5=B8) v3.0.12 Command Injection [ https://vuldb.com/?submit.7365=
24 ]
https://github.com/LX-LX88/cve/issues/24
=C2=A0 SAP_SE--SAP Fiori App (Intercompany Balance Reconciliation) SAP Fior=
i App Intercompany Balance Reconciliation does not perform necessary author= ization checks for an authenticated user, resulting in escalation of privil= eges. This has low impact on confidentiality, integrity and availability ar=
e not impacted. 2026-01-27 4.3 CVE-2026-23683 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-23683 ] https://me.sap.com/notes/3122486 https://url.sap/sapsecuritypatchday
=C2=A0 Sellacious--Sellacious eCommerce Sellacious eCommerce 4.6 contains a=
persistent cross-site scripting vulnerability in the Manage Your Addresses=
module that allows attackers to inject malicious scripts. Attackers can ex= ploit multiple address input fields like full name, company, and address to=
execute persistent script code that can hijack user sessions and manipulat=
e application modules. 2026-01-30 6.4 CVE-2020-37003 [ https://www.cve.org/= CVERecord?id=3DCVE-2020-37003 ] ExploitDB-48467 [ https://www.exploit-db.co= m/exploits/48467 ]
Official Sellacious eCommerce Homepage [ https://www.sellacious.com ] Sellacious Product Details [ https://www.sellacious.com/free-open-source-ec= ommerce-software ]
Vulnerability Lab Advisory [ https://www.vulnerability-lab.com/get_content.= php?id=3D2226 ]
VulnCheck Advisory: Sellacious eCommerce 4.6 - Persistent Cross-Site Script= ing [ https://www.vulncheck.com/advisories/sellacious-ecommerce-persistent-= cross-site-scripting ]
=C2=A0 SEMCMS--SEMCMS A security vulnerability has been detected in SEMCMS = 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. = The manipulation of the argument searchml leads to sql injection. The attac=
k is possible to be carried out remotely. The exploit has been disclosed pu= blicly and may be used. The vendor was contacted early about this disclosur=
e but did not respond in any way. 2026-01-29 6.3 CVE-2026-1552 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-1552 ] VDB-343248 | SEMCMS SEMCMS_Info.ph=
p sql injection [ https://vuldb.com/?id.343248 ]
VDB-343248 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343248 ]
Submit #740549 | SEMCMS SEMCMS =C3=A5=C2=A4=E2=80=93=C3=A8=C2=B4=C2=B8=C3= =A7=C2=BD=E2=80=98=C3=A7=C2=AB=E2=84=A2php=C3=A5=C2=A4=C5=A1=C3=A8=C2=AF=C2= =AD=C3=A8=C2=A8=E2=82=AC=C3=A7=E2=80=B0=CB=86 V5.0 SQL Injection [ https://= vuldb.com/?submit.740549 ]
https://github.com/Sqli22/Sqli/issues/4
=C2=A0 seomantis--SEO Links Interlinking The SEO Links Interlinking plugin = for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'goog= le_error' parameter in all versions up to, and including, 1.7.5 due to insu= fficient input sanitization and output escaping. This makes it possible for=
unauthenticated attackers to inject arbitrary web scripts in pages that ex= ecute if they can successfully trick a user into performing an action such =
as clicking on a link. 2026-01-28 6.1 CVE-2025-14063 [ https://www.cve.org/= CVERecord?id=3DCVE-2025-14063 ] https://www.wordfence.com/threat-intel/vuln= erabilities/id/d71143d6-d477-4a63-8f99-f4cc8a590536?source=3Dcve https://wordpress.org/plugins/seo-links-interlinking/ https://plugins.trac.wordpress.org/browser/seo-links-interlinking/trunk/scd= ata.php#L504 https://plugins.trac.wordpress.org/browser/seo-links-interlinking/tags/1.7.= 5/scdata.php#L504 https://plugins.trac.wordpress.org/browser/seo-links-interlinking/trunk/scd= ata.php#L512 https://plugins.trac.wordpress.org/browser/seo-links-interlinking/tags/1.7.= 5/scdata.php#L512
=C2=A0 Simplephpscripts--Simple CMS Simple CMS 2.1 contains a persistent cr= oss-site scripting vulnerability in user input parameters that allows remot=
e attackers to inject malicious script code. Attackers can exploit the newU= ser and editUser modules to inject persistent scripts that execute on user = list preview, potentially leading to session hijacking and application mani= pulation. 2026-02-01 6.4 CVE-2021-47917 [ https://www.cve.org/CVERecord?id= =3DCVE-2021-47917 ] Vulnerability Lab Advisory [ https://www.vulnerability-= lab.com/get_content.php?id=3D2302 ]
Product Homepage [ https://simplephpscripts.com/simple-cms-php ]
VulnCheck Advisory: Simple CMS 2.1 Persistent Cross-Site Scripting via User=
Input Parameters [ https://www.vulncheck.com/advisories/simple-cms-persist= ent-cross-site-scripting-via-user-input-parameters ]
=C2=A0 Simplephpscripts--Simple CMS Simple CMS 2.1 contains a non-persisten=
t cross-site scripting vulnerability in the preview.php file's id parameter=
. Attackers can inject malicious script code through a GET request to execu=
te arbitrary scripts and potentially hijack user sessions or perform phishi=
ng attacks. 2026-02-01 6.4 CVE-2021-47919 [ https://www.cve.org/CVERecord?i= d=3DCVE-2021-47919 ] Vulnerability Lab Advisory [ https://www.vulnerability= -lab.com/get_content.php?id=3D2301 ]
Product Homepage [ https://simplephpscripts.com/simple-cms-php ]
VulnCheck Advisory: Simple CMS 2.1 Non-Persistent Cross-Site Scripting via = Preview Parameter [ https://www.vulncheck.com/advisories/simple-cms-non-per= sistent-cross-site-scripting-via-preview-parameter ]
=C2=A0 smarterDroid--WiFi File Transfer WiFi File Transfer 1.0.8 contains a=
persistent cross-site scripting vulnerability that allows remote attackers=
to inject malicious script codes through file and folder names. Attackers = can exploit the web server's input validation weakness to execute arbitrary=
JavaScript when users preview infected file paths, potentially compromisin=
g user browser sessions. 2026-02-01 6.4 CVE-2022-50951 [ https://www.cve.or= g/CVERecord?id=3DCVE-2022-50951 ] Vulnerability Lab Advisory [ https://www.= vulnerability-lab.com/get_content.php?id=3D2322 ]
Product Homepage [ https://play.google.com/store/apps/details?id=3Dcom.doob= lou.WiFiFileExplorerPRO&hl=3Den_US ]
VulnCheck Advisory: WiFi File Transfer 1.0.8 Persistent XSS via Web Server = Input Validation [ https://www.vulncheck.com/advisories/wifi-file-transfer-= persistent-xss-via-web-server-input-validation ]
=C2=A0 SourceCodester--Pet Grooming Management Software A vulnerability was=
detected in SourceCodester Pet Grooming Management Software 1.0. Impacted =
is an unknown function of the file /admin/operation/user.php of the compone=
nt User Management. Performing a manipulation of the argument group_id resu= lts in improper authorization. The attack can be initiated remotely. The ex= ploit is now public and may be used. 2026-01-30 6.3 CVE-2026-1702 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-1702 ] VDB-343492 | SourceCodester Pet=
Grooming Management Software User Management user.php improper authorizati=
on [ https://vuldb.com/?id.343492 ]
VDB-343492 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343492 ]
Submit #742226 | SourceCodester Pet grooming management software 1.0 Improp=
er Access Controls [ https://vuldb.com/?submit.742226 ] https://github.com/Asim-QAZi/Improper-Access-Control---in-Pet-Grooming-Mana= gement-Software
https://www.sourcecodester.com/
=C2=A0 stellar--rs-soroban-sdk soroban-sdk is a Rust SDK for Soroban contra= cts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slic= e`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versi= ons up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pa=
ss user-controlled or computed range bounds to `Bytes::slice`, `Vec::slice`=
, or `Prng::gen_range` may silently operate on incorrect data ranges or gen= erate random numbers from an unintended range, potentially resulting in cor= rupted contract state. Note that the best practice when using the `soroban-= sdk` and building Soroban contracts is to always enable `overflow-checks =
=3D true`. The `stellar contract init` tool that prepares the boiler plate = for a Soroban contract, as well as all examples and docs, encourage the use=
of configuring `overflow-checks =3D true` on `release` profiles so that th= ese arithmetic operations fail rather than silently wrap. Contracts are onl=
y impacted if they use `overflow-checks =3D false` either explicitly or imp= licitly. It is anticipated the majority of contracts could not be impacted = because the best practice encouraged by tooling is to enable `overflow-chec= ks`. The fix available in `25.0.1`, `23.5.1`, and `25.0.2` replaces bare ar= ithmetic with `checked_add` / `checked_sub`, ensuring overflow traps regard= less of the `overflow-checks` profile setting. As a workaround, contract wo= rkspaces can be configured with a profile available in the GitHub Securtity=
Advisory to enable overflow checks on the arithmetic operations. This is t=
he best practice when developing Soroban contracts, and the default if usin=
g the contract boilerplate generated using `stellar contract init`. Alterna= tively, contracts can validate range bounds before passing them to `slice` =
or `gen_range` to ensure the conversions cannot overflow. 2026-01-28 5.3 CV= E-2026-24889 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24889 ] https://= github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f https://github.com/stellar/rs-soroban-sdk/pull/1703 https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a= 283a1e836cfa38 https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb35= 7137a5c166c02e https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ff= e282e59f0f8462
https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9 https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1 https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2
=C2=A0 supercleanse--Stripe Payments by Buy Now Plus Best WordPress Stripe = Credit Card Payments Plugin The Buy Now Plus - Buy Now buttons for Stripe p= lugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'b= uynowplus' shortcode in all versions up to, and including, 1.0.2 due to ins= ufficient input sanitization and output escaping on shortcode attributes. T= his makes it possible for authenticated attackers, with Contributor-level a= ccess and above, to inject arbitrary web scripts in pages that will execute=
whenever a user accesses an injected page. 2026-01-28 6.4 CVE-2026-1295 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-1295 ] https://www.wordfence.co= m/threat-intel/vulnerabilities/id/87d228bb-eb5b-44ca-91f7-ada730635a3f?sour= ce=3Dcve https://plugins.trac.wordpress.org/browser/buy-now-plus/tags/1.0.2/class-bn= p-buttons.php#L17 https://plugins.trac.wordpress.org/browser/buy-now-plus/tags/1.0.2/class-bn= p-buttons.php#L36 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3444416%40buy-now-plus&new=3D3444416%40buy-now-plus&sfp_email= =3D&sfph_mail=3D
=C2=A0 symfony--symfony Symfony is a PHP framework for web and console appl= ications and a set of reusable PHP components. Prior to versions 5.4.51, 6.= 4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not corre= ctly treat some characters (notably `=3D`) as "special" when escaping argum= ents on Windows. When PHP is executed from an MSYS2-based environment (e.g.=
Git Bash) and Symfony Process spawns native Windows executables, MSYS2's a= rgument/path conversion can mis-handle unquoted arguments containing these = characters. This can cause the spawned process to receive corrupted/truncat=
ed arguments compared to what Symfony intended. If an application (or tooli=
ng such as Composer scripts) uses Symfony Process to invoke file-management=
commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=3D`=
, the MSYS2 conversion layer may alter the argument at runtime. In affected=
setups this can result in operations being performed on an unintended path=
, up to and including deletion of the contents of a broader directory or dr= ive. The issue is particularly relevant when untrusted input can influence = process arguments (directly or indirectly, e.g. via repository paths, extra= cted archive paths, temporary directories, or user-controlled configuration=
). Versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for t=
he issue. Some workarounds are available. Avoid running PHP/one's own tooli=
ng from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for wor= kflows that spawn native executables. Avoid passing paths containing `=3D` = (and similar MSYS2-sensitive characters) to Symfony Process when operating = under Git Bash/MSYS2. Where applicable, configure MSYS2 to disable or restr= ict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding thi=
s may affect other tooling behavior. 2026-01-28 6.3 CVE-2026-24739 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-24739 ] https://github.com/symfony/sy= mfony/security/advisories/GHSA-r39x-jcww-82v6 https://github.com/symfony/symfony/issues/62921 https://github.com/symfony/symfony/pull/63164 https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab= 5d379b3 https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857= e9d179b
=C2=A0 Tanium--Asset Tanium addressed a SQL injection vulnerability in Asse=
t. 2026-01-28 6.3 CVE-2025-15344 [ https://www.cve.org/CVERecord?id=3DCVE-2= 025-15344 ] TAN-2025-035 [ https://security.tanium.com/TAN-2025-035 ]
=C2=A0 Tanium--Discover Tanium addressed an uncontrolled resource consumpti=
on vulnerability in Discover. 2026-01-26 4.9 CVE-2026-1224 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-1224 ] TAN-2026-001 [ https://security.tanium= .com/TAN-2026-001 ]
=C2=A0 Tanium--Tanium Server Tanium addressed an improper access controls v= ulnerability in Tanium Server. 2026-01-30 4.3 CVE-2025-15322 [ https://www.= cve.org/CVERecord?id=3DCVE-2025-15322 ] TAN-2025-028 [ https://security.tan= ium.com/TAN-2025-028 ]
=C2=A0 TeamViewer--DEX A vulnerability in TeamViewer DEX Client (former 1E = Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1=
for Windows allows an attacker on the adjacent network to cause normally e= ncrypted UDP traffic to be sent in cleartext. This can result in disclosure=
of sensitive information. 2026-01-29 6.5 CVE-2026-23564 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-23564 ] https://www.teamviewer.com/en/resources= /trust-center/security-bulletins/tv-2026-1001/
=C2=A0 TeamViewer--DEX A vulnerability in TeamViewer DEX Client (former 1E = Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1=
for Windows allows an attacker on the adjacent network to cause the NomadB= ranch.exe process to terminate via crafted requests. This can result in a d= enial-of-service condition of the Content Distribution Service. 2026-01-29 = 6.5 CVE-2026-23565 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23565 ] ht= tps://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-20= 26-1001/
=C2=A0 TeamViewer--DEX A vulnerability in TeamViewer DEX Client (former 1E = Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1=
for Windows allows an attacker on the adjacent network to inject, tamper w= ith, or forge log entries in \Nomad Branch.log via crafted data sent to the=
UDP network handler. This can impact log integrity and nonrepudiation. 202= 6-01-29 6.5 CVE-2026-23566 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23= 566 ] https://www.teamviewer.com/en/resources/trust-center/security-bulleti= ns/tv-2026-1001/
=C2=A0 TeamViewer--DEX An integer underflow in the UDP command handler of t=
he TeamViewer DEX Client (former 1E Client) - Content Distribution Service = (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network=
attacker to trigger a heap-based buffer overflow and cause a denial-of-ser= vice (service crash) via specially crafted UDP packets. 2026-01-29 6.5 CVE-= 2026-23567 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23567 ] https://ww= w.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/ =C2=A0 TeamViewer--DEX An out-of-bounds read vulnerability in the TeamViewe=
r DEX Client (former 1E Client) - Content Distribution Service (NomadBranch= .exe) prior version 26.1 for Windows allows a remote attacker to leak stack=
memory and cause a denial of service via a crafted request. The leaked sta=
ck memory could be used to bypass ASLR remotely and facilitate exploitation=
of other vulnerabilities on the affected system. 2026-01-29 6.5 CVE-2026-2= 3569 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23569 ] https://www.team= viewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/
=C2=A0 TeamViewer--DEX A missing validation of a user-controlled value in t=
he TeamViewer DEX Client (former 1E Client) - Content Distribution Service = (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network=
attacker to tamper with log timestamps via crafted UDP Sync command. This = could result in forged or nonsensical datetime prefixes and compromising lo=
g integrity and forensic correlation. 2026-01-29 6.5 CVE-2026-23570 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-23570 ] https://www.teamviewer.com/e= n/resources/trust-center/security-bulletins/tv-2026-1001/
=C2=A0 TeamViewer--DEX A command injection vulnerability was discovered in = TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStat= usRequest instruction. Improper input validation allows authenticated attac= kers with actioner privilege to run elevated arbitrary commands on connecte=
d hosts via malicious commands injected into the instruction's input field.= =C2=A0Users of 1E Client version 24.5 or higher are not affected. 2026-01-2=
9 6.8 CVE-2026-23571 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23571 ] = https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-= 2026-1002/
=C2=A0 TeamViewer--DEX Improper Link Resolution Before File Access (invoked=
by 1E Explorer TachyonCore DeleteFileByPath instruction) in TeamViewer DEX=
- 1E Client before version 26.1 on Windows allows a low privileged local a= ttacker to delete protected system files via a crafted RPC control junction=
or symlink that is followed when the delete instruction executes. 2026-01-=
29 5.7 CVE-2026-23563 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23563 ]=
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv= -2026-1002/
=C2=A0 TeamViewer--DEX An out-of-bounds read vulnerability in the TeamViewe=
r DEX Client (former 1E Client) - Content Distribution Service (NomadBranch= .exe) prior version 26.1 for Windows allows an attacker on the adjacent net= work to cause information disclosure or denial-of-service via a special cra= fted packet. The leaked memory could be used to bypass ASLR and facilitate = further exploitation. 2026-01-29 5.4 CVE-2026-23568 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-23568 ] https://www.teamviewer.com/en/resources/trus= t-center/security-bulletins/tv-2026-1001/
=C2=A0 Tenda--AC21 A security flaw has been discovered in Tenda AC21 1.1.1.= 1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of t=
he file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results =
in command injection. The attack can be executed remotely. The exploit has = been released to the public and may be used for attacks. 2026-01-29 6.3 CVE= -2026-1638 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1638 ] VDB-343417 =
| Tenda AC21 mDMZSetCfg command injection [ https://vuldb.com/?id.343417 ] VDB-343417 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343417 ]
Submit #740871 | Tenda AC21 V16.03.08.16 Command Injection [ https://vuldb.= com/?submit.740871 ]
https://github.com/LX-LX88/cve/issues/26
https://www.tenda.com.cn/
=C2=A0 Tenda--HG10 A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_30= 0001138_en_xpon. This affects the function system of the file /boaform/form= SysCmd. This manipulation of the argument sysCmd causes command injection. = The attack may be initiated remotely. The exploit has been published and ma=
y be used. 2026-01-30 4.7 CVE-2026-1690 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1690 ] VDB-343484 | Tenda HG10 formSysCmd system command inject= ion [ https://vuldb.com/?id.343484 ]
VDB-343484 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343484 ]
Submit #741425 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Command Inj= ection [ https://vuldb.com/?submit.741425 ] https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/= HG10/formSysCmd-sysCmd-command.md https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/= HG10/formSysCmd-sysCmd-command.md#poc
https://www.tenda.com.cn/
=C2=A0 theupdateframework--go-tuf go-tuf is a Go implementation of The Upda=
te Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repos= itory name string (`repoName`) as a filesystem path component when selectin=
g the local metadata cache directory. Starting in version 2.0.0 and prior t=
o version 2.4.1, if an application accepts a map file from an untrusted sou= rce, an attacker can supply a `repoName` containing traversal (e.g., `../es= caped-repo`) and cause go-tuf to create directories and write the root meta= data file outside the intended `LocalMetadataDir` cache base, within the ru= nning process's filesystem permissions. Version 2.4.1 contains a patch. 202= 6-01-27 4.7 CVE-2026-24686 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24= 686 ] https://github.com/theupdateframework/go-tuf/security/advisories/GHSA= -jqc5-w2xx-5vq4 https://github.com/theupdateframework/go-tuf/commit/d361e2ea24e427581343dee= 5c7a32b485d79fcc0
=C2=A0 thewebfosters-thewebfosters Ultimate POS 4.4 contains a persistent c= ross-site scripting vulnerability in the product name parameter that allows=
remote attackers to inject malicious scripts. Attackers can exploit the vu= lnerability through product add or edit functions to execute arbitrary Java= Script and potentially hijack user sessions. 2026-02-01 6.4 CVE-2021-47908 =
[ https://www.cve.org/CVERecord?id=3DCVE-2021-47908 ] Vulnerability Lab Adv= isory [ https://www.vulnerability-lab.com/get_content.php?id=3D2296 ]
Product Homepage [ https://ultimatefosters.com/docs/ultimatepos/ ]
VulnCheck Advisory: Ultimate POS 4.4 Persistent Cross-Site Scripting via Pr= oduct Name [ https://www.vulncheck.com/advisories/ultimate-pos-persistent-c= ross-site-scripting-via-product-name ]
=C2=A0 tigroumeow--AI Engine The Chatbot and AI Framework for WordPress The=
AI Engine plugin for WordPress is vulnerable to Server-Side Request Forger=
y in all versions up to, and including, 3.3.2 via the 'get_audio' function.=
This makes it possible for authenticated attackers, with Subscriber-level = access and above, to make web requests to arbitrary locations originating f= rom the web application and can be used to query and modify information fro=
m internal services, if "Public API" is enabled in the plugin settings, and=
'allow_url_fopen' is set to 'On' on the server. 2026-01-27 6.4 CVE-2026-07=
46 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0746 ] https://www.wordfen= ce.com/threat-intel/vulnerabilities/id/cbba866d-93dd-4ef5-9670-ab958f61f06e= ?source=3Dcve https://plugins.trac.wordpress.org/browser/ai-engine/tags/3.3.1/classes/eng= ines/chatml.php#L946 https://plugins.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classe= s/engines/chatml.php
=C2=A0 Tildeslash Ltd.--M/Monit M/Monit 3.7.4 contains an authentication vu= lnerability that allows authenticated attackers to retrieve user password h= ashes through an administrative API endpoint. Attackers can send requests t=
o the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extra=
ct MD5 password hashes for all users. 2026-01-28 6.5 CVE-2020-36968 [ https= ://www.cve.org/CVERecord?id=3DCVE-2020-36968 ] ExploitDB-49081 [ https://ww= w.exploit-db.com/exploits/49081 ]
M/Monit Official Vendor Homepage [ https://mmonit.com/ ]
VulnCheck Advisory: M/Monit 3.7.4 - Password Disclosure [ https://www.vulnc= heck.com/advisories/mmonit-password-disclosure ]
=C2=A0 Totolink--A7000R A vulnerability was detected in Totolink A7000R 4.1= cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/c= stecgi.cgi. The manipulation of the argument plugin_name results in command=
injection. It is possible to launch the attack remotely. The exploit is no=
w public and may be used. 2026-01-28 6.3 CVE-2026-1547 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-1547 ] VDB-343231 | Totolink A7000R cstecgi.cgi s= etUnloadUserData command injection [ https://vuldb.com/?id.343231 ]
VDB-343231 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343231 ]
Submit #739713 | TOTOLINK A7000R V4.1cu.4154 Command Injection [ https://vu= ldb.com/?submit.739713 ] https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/01_RCE_setUnloa= dUserData_RCE.md https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/01_RCE_setUnloa= dUserData_RCE.md#poc
https://www.totolink.net/
=C2=A0 Totolink--A7000R A flaw has been found in Totolink A7000R 4.1cu.4154=
. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bi= n/cstecgi.cgi. This manipulation of the argument url causes command injecti= on. The attack can be initiated remotely. The exploit has been published an=
d may be used. 2026-01-28 6.3 CVE-2026-1548 [ https://www.cve.org/CVERecord= ?id=3DCVE-2026-1548 ] VDB-343232 | Totolink A7000R cstecgi.cgi CloudACMunua= lUpdateUserdata command injection [ https://vuldb.com/?id.343232 ]
VDB-343232 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343232 ]
Submit #739715 | TOTOLINK A7000R V4.1cu.4154 Command Injection [ https://vu= ldb.com/?submit.739715 ] https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACM= unualUpdateUserdata_RCE.md https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACM= unualUpdateUserdata_RCE.md#poc
https://www.totolink.net/
=C2=A0 Totolink--A7000R A weakness has been identified in Totolink A7000R 4= .1cu.4154. The impacted element is the function setUploadUserData of the fi=
le /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName = can lead to command injection. The attack can be launched remotely. The exp= loit has been made available to the public and could be used for attacks. 2= 026-01-29 6.3 CVE-2026-1601 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1= 601 ] VDB-343373 | Totolink A7000R cstecgi.cgi setUploadUserData command in= jection [ https://vuldb.com/?id.343373 ]
VDB-343373 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343373 ]
Submit #740760 | TOTOLINK A7000R V4.1cu.4154 Command Injection [ https://vu= ldb.com/?submit.740760 ] https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/03_RCE_setUploa= dUserData_RCE.md https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/03_RCE_setUploa= dUserData_RCE.md#poc
https://www.totolink.net/
=C2=A0 Totolink--A7000R A weakness has been identified in Totolink A7000R 4= .1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstec= gi.cgi. This manipulation of the argument FileName causes command injection=
. The attack can be initiated remotely. The exploit has been made available=
to the public and could be used for attacks. 2026-01-29 6.3 CVE-2026-1623 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-1623 ] VDB-343382 | Totolink = A7000R cstecgi.cgi setUpgradeFW command injection [ https://vuldb.com/?id.3= 43382 ]
VDB-343382 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343382 ]
Submit #740767 | TOTOLINK A7000R V4.1cu.4154 Command Injection [ https://vu= ldb.com/?submit.740767 ] https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/04_RCE_setUpgra= deFW_RCE.md https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/04_RCE_setUpgra= deFW_RCE.md#poc
https://www.totolink.net/
=C2=A0 TrustTunnel--TrustTunnel TrustTunnel is an open-source VPN protocol = with a rule bypass issue in versions prior to 0.9.115. In `tls_listener.rs`=
, `TlsListener::listen()` peeks 1024 bytes and calls `extract_client_random= (...)`. If `parse_tls_plaintext` fails (for example, a fragmented/partial C= lientHello split across TCP writes), `extract_client_random` returns `None`=
. In `rules.rs`, `RulesEngine::evaluate` only evaluates `client_random_pref= ix` when `client_random` is `Some(...)`. As a result, when extraction fails=
(`client_random =3D=3D None`), any rule that relies on `client_random_pref= ix` matching is skipped and evaluation falls through to later rules. As an = important semantics note: `client_random_prefix` is a match condition only.=
It does not mean "block non-matching prefixes" by itself. A rule with `cli= ent_random_prefix =3D ...` triggers its `action` only when the prefix match=
es (and the field is available to evaluate). Non-matches (or `None`) simply=
do not match that rule and continue to fall through. The vulnerability is = fixed in version 0.9.115. 2026-01-29 5.3 CVE-2026-24904 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-24904 ] https://github.com/TrustTunnel/TrustTunn= el/security/advisories/GHSA-fqh7-r5gf-3r87 https://github.com/TrustTunnel/TrustTunnel/commit/aa5060145506952b9431b0ed3= edb52bb6c08d9a6
=C2=A0 Tryton--Tryton Tryton 5.4 contains a persistent cross-site scripting=
vulnerability in the user profile name input that allows remote attackers =
to inject malicious scripts. Attackers can exploit the vulnerability by ins= erting script payloads in the name field, which execute in the frontend and=
backend user interfaces. 2026-01-30 6.4 CVE-2020-37014 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2020-37014 ] ExploitDB-48466 [ https://www.exploit-db= .com/exploits/48466 ]
Official Tryton Homepage [ https://www.tryton.org/ ]
Tryton Download Page [ https://www.tryton.org/download ]
Vulnerability Lab Advisory [ https://www.vulnerability-lab.com/get_content.= php?id=3D2233 ]
VulnCheck Advisory: Tryton 5.4 - Persistent Cross-Site Scripting [ https://= www.vulncheck.com/advisories/tryton-persistent-cross-site-scripting ]
=C2=A0 vercel--next A denial of service vulnerability exists in self-hosted=
Next.js applications that have `remotePatterns` configured for the Image O= ptimizer. The image optimization endpoint (`/_next/image`) loads external i= mages entirely into memory without enforcing a maximum size limit, allowing=
an attacker to cause out-of-memory conditions by requesting optimization o=
f arbitrarily large images. This vulnerability requires that `remotePattern=
s` is configured to allow image optimization from external domains and that=
the attacker can serve or control a large image on an allowed domain. Stro= ngly consider upgrading to 15.5.10 or 16.1.5 to reduce risk and prevent ava= ilability issues in Next applications. 2026-01-26 5.9 CVE-2025-59471 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-59471 ] https://github.com/vercel/n= ext.js/security/advisories/GHSA-9g9p-9gw9-jx7f
=C2=A0 vercel--next A denial of service vulnerability exists in Next.js ver= sions with Partial Prerendering (PPR) enabled when running in minimal mode.=
The PPR resume endpoint accepts unauthenticated POST requests with the `Ne= xt-Resume: 1` header and processes attacker-controlled postponed state data=
. Two closely related vulnerabilities allow an attacker to crash the server=
process through memory exhaustion: 1. **Unbounded request body buffering**=
: The server buffers the entire POST request body into memory using `Buffer= .concat()` without enforcing any size limit, allowing arbitrarily large pay= loads to exhaust available memory. 2. **Unbounded decompression (zipbomb)**=
: The resume data cache is decompressed using `inflateSync()` without limit= ing the decompressed output size. A small compressed payload can expand to = hundreds of megabytes or gigabytes, causing memory exhaustion. Both attack = vectors result in a fatal V8 out-of-memory error (`FATAL ERROR: Reached hea=
p limit Allocation failed - JavaScript heap out of memory`) causing the Nod= e.js process to terminate. The zipbomb variant is particularly dangerous as=
it can bypass reverse proxy request size limits while still causing large = memory allocation on the server. To be affected you must have an applicatio=
n running with `experimental.ppr: true` or `cacheComponents: true` configur=
ed along with the NEXT_PRIVATE_MINIMAL_MODE=3D1 environment variable. Stron= gly consider upgrading to 15.6.0-canary.61 or 16.1.5 to reduce risk and pre= vent availability issues in Next applications. 2026-01-26 5.9 CVE-2025-5947=
2 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59472 ] https://github.com/= vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h
=C2=A0 vinod-dalvi--Ivory Search WordPress Search Plugin The Ivory Search -=
WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross= -Site Scripting via admin settings in all versions up to, and including, 5.= 5.13 due to insufficient input sanitization and output escaping. This makes=
it possible for authenticated attackers, with administrator-level permissi= ons and above, to inject arbitrary web scripts in pages that will execute w= henever a user accesses an injected page. This only affects multi-site inst= allations and installations where unfiltered_html has been disabled. 2026-0= 1-28 4.4 CVE-2026-1053 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1053 ]=
https://www.wordfence.com/threat-intel/vulnerabilities/id/cdc5ef6a-32d8-4c= 4b-b459-d9b543b56898?source=3Dcve https://plugins.svn.wordpress.org/add-search-to-menu/tags/5.5.13/public/cla= ss-is-public.php https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.13/p= ublic/class-is-public.php#L204 https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.13/p= ublic/class-is-public.php#L249 https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.13/p= ublic/partials/is-ajax-results.php#L148 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3444659%40add-search-to-menu&new=3D3444659%40add-search-to-me= nu&sfp_email=3D&sfph_mail=3D
=C2=A0 vlt--vlt vlt before 1.0.0-rc.10 mishandles path sanitization for tar=
, leading to path traversal during extraction. 2026-01-27 5.9 CVE-2026-2490=
9 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24909 ] https://www.scworld= .com/news/six-javascript-zero-day-bugs-lead-to-fears-of-supply-chain-attack https://github.com/vltpkg/vltpkg/releases/tag/v1.0.0-rc.10 https://github.com/vltpkg/vltpkg/pull/1334 https://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-= npm-wont-act
=C2=A0 webaways--NEX-Forms Ultimate Forms Plugin for WordPress The NEX-Form=
s - Ultimate Forms Plugin for WordPress is vulnerable to unauthorized acces=
s of data due to a missing capability check on the NF5_Export_Forms class c= onstructor in all versions up to, and including, 9.1.8. This makes it possi= ble for unauthenticated attackers to export form configurations, that may i= nclude sensitive data, such as email addresses, PayPal API credentials, and=
third-party integration keys by enumerating the nex_forms_Id parameter. 20= 26-01-31 5.3 CVE-2025-15510 [ https://www.cve.org/CVERecord?id=3DCVE-2025-1= 5510 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/ddfa5a3d-f= ef2-4049-915c-51c3e28153bf?source=3Dcve https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builde= r/tags/9.1.7/includes/classes/class.export.php#L11
=C2=A0 webguyio--Stop Spammers Classic The Stop Spammers Classic plugin for=
WordPress is vulnerable to Cross-Site Request Forgery in all versions up t=
o, and including, 2026.1. This is due to missing nonce validation in the ss= _addtoallowlist class. This makes it possible for unauthenticated attackers=
to add arbitrary email addresses to the spam allowlist via a forged reques=
t granted they can trick a site administrator into performing an action suc=
h as clicking on a link. The vulnerability was partially patched in version=
2026.1. 2026-01-28 4.3 CVE-2025-14795 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-14795 ] https://www.wordfence.com/threat-intel/vulnerabilities/= id/5d6f38d7-a769-422d-ae3f-565cb1cc8a73?source=3Dcve https://plugins.trac.wordpress.org/browser/stop-spammer-registrations-plugi= n/tags/2025.4/classes/ss_addtoallowlist.php#L21 https://plugins.trac.wordpress.org/changeset/3436357/ https://plugins.trac.wordpress.org/changeset/3440788/
=C2=A0 WebMO, LLC--WebMO Job Manager WebMO Job Manager 20.0 contains a cros= s-site scripting vulnerability in search parameters that allows remote atta= ckers to inject malicious script code. Attackers can exploit the filterSear=
ch and filterSearchType parameters to perform non-persistent attacks includ= ing session hijacking and external redirects. 2026-02-01 5.4 CVE-2021-47920=
[ https://www.cve.org/CVERecord?id=3DCVE-2021-47920 ] Vulnerability Lab Ad= visory [ https://www.vulnerability-lab.com/get_content.php?id=3D2270 ]
Product Homepage [ https://www.webmo.net ]
VulnCheck Advisory: WebMO Job Manager 20.0 Cross-Site Scripting via Search = Parameters [ https://www.vulncheck.com/advisories/webmo-job-manager-cross-s= ite-scripting-via-search-parameters ]
=C2=A0 WellChoose--Single Sign-On Portal System Single Sign-On Portal Syste=
m developed by WellChoose has a Reflected Cross-site Scripting vulnerabilit=
y, allowing authenticated remote attackers to execute arbitrary JavaScript = codes in user's browser through phishing attacks. 2026-01-26 5.4 CVE-2026-1= 429 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1429 ] https://www.twcert= .org.tw/tw/cp-132-10654-23f40-1.html https://www.twcert.org.tw/en/cp-139-10655-59160-2.html
=C2=A0 withstudiocms--studiocms StudioCMS is a server-side-rendered, Astro = native, headless content management system. Versions prior to 0.2.0 contain=
a Broken Object Level Authorization (BOLA) vulnerability in the Content Ma= nagement feature that allows users with the "Visitor" role to access draft = content created by Editor/Admin/Owner users. Version 0.2.0 patches the issu=
e. 2026-01-27 6.5 CVE-2026-24134 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-24134 ] https://github.com/withstudiocms/studiocms/security/advisories/= GHSA-8cw6-53m5-4932 https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd7546362= 2c30dda390c50ad https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0 =C2=A0 wpbits--WPBITS Addons For Elementor Page Builder The WPBITS Addons F=
or Elementor plugin for WordPress is vulnerable to Stored Cross-Site Script= ing via multiple widget parameters in versions up to, and including, 1.8 du=
e to insufficient input sanitization and output escaping when dynamic conte=
nt is enabled. This makes it possible for authenticated attackers with cont= ributor-level permissions and above to inject arbitrary web scripts in page=
s that will execute whenever a user accesses an injected page. 2026-01-28 6=
.4 CVE-2025-9082 [ https://www.cve.org/CVERecord?id=3DCVE-2025-9082 ] https= ://www.wordfence.com/threat-intel/vulnerabilities/id/99b47856-502e-4e9d-b0e= a-62c57509b46a?source=3Dcve https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trun= k/includes/widgets/image_compare.php#L607 https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trun= k/includes/widgets/tooltip.php#L860 https://plugins.trac.wordpress.org/browser/wpbits-addons-for-elementor/trun= k/includes/widgets/text_rotator.php#L369 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3442812%40wpbits-addons-for-elementor&new=3D3442812%40wpbits-= addons-for-elementor&sfp_email=3D&sfph_mail=3D
=C2=A0 wpblockart--BlockArt Blocks Gutenberg Blocks, Page Builder Blocks ,W= ordPress Block Plugin, Sections & Template Library The BlockArt Blocks - Gu= tenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Tem= plate Library plugin for WordPress is vulnerable to Stored Cross-Site Scrip= ting via the BlockArt Counter in all versions up to, and including, 2.2.14 = due to insufficient input sanitization and output escaping on user supplied=
attributes. This makes it possible for authenticated attackers, with contr= ibutor-level access and above, to inject arbitrary web scripts in pages tha=
t will execute whenever a user accesses an injected page. 2026-01-28 6.4 CV= E-2025-14283 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14283 ] https://= www.wordfence.com/threat-intel/vulnerabilities/id/d9526a8b-fefe-4ca6-871f-1= ead3f498679?source=3Dcve https://plugins.trac.wordpress.org/browser/blockart-blocks/trunk/dist/count= er.js
=C2=A0 wpchill--Passster Password Protect Pages and Content The Passster - = Password Protect Pages and Content plugin for WordPress is vulnerable to St= ored Cross-Site Scripting via the plugin's 'content_protector' shortcode in=
all versions up to, and including, 4.2.24. This makes it possible for auth= enticated attackers, with Contributor-level access and above, to inject arb= itrary web scripts in pages that will execute whenever a user accesses an i= njected page. The vulnerability was partially patched in version 4.2.21. 20= 26-01-28 6.4 CVE-2025-14865 [ https://www.cve.org/CVERecord?id=3DCVE-2025-1= 4865 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea939f5-8= b56-44be-bd20-b69e9ded5970?source=3Dcve https://plugins.trac.wordpress.org/browser/content-protector/tags/4.2.20/in= c/class-ps-public.php#L136 https://plugins.trac.wordpress.org/changeset/3422595/ https://plugins.trac.wordpress.org/changeset/3439532/
=C2=A0 wpcodefactory--Order Minimum/Maximum Amount Limits for WooCommerce T=
he Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress=
is vulnerable to Stored Cross-Site Scripting via settings in all versions =
up to, and including, 4.6.8 due to insufficient input sanitization and outp=
ut escaping. This makes it possible for authenticated attackers, with Shop = Manager-level permissions and above, to inject arbitrary web scripts in pag=
es that will execute whenever a user accesses an injected page. This only a= ffects multi-site installations and installations where unfiltered_html has=
been disabled. 2026-01-28 4.4 CVE-2026-1381 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-1381 ] https://www.wordfence.com/threat-intel/vulnerabiliti= es/id/3f54f117-0dde-49f9-8014-7650bc1a00ac?source=3Dcve https://plugins.trac.wordpress.org/browser/order-minimum-amount-for-woocomm= erce/trunk/includes/settings/class-alg-wc-oma-settings-general.php https://plugins.trac.wordpress.org/browser/order-minimum-amount-for-woocomm= erce/trunk/includes/class-alg-wc-oma-core.php#L86 https://plugins.trac.wordpress.org/browser/order-minimum-amount-for-woocomm= erce/tags/4.6.8/includes/class-alg-wc-oma-core.php#L86 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3447432%40order-minimum-amount-for-woocommerce&new=3D3447432%= 40order-minimum-amount-for-woocommerce&sfp_email=3D&sfph_mail=3D
=C2=A0 wpdevelop--Booking Calendar The Booking Calendar plugin for WordPres=
s is vulnerable to unauthorized access of data due to a missing capability = check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up = to, and including, 10.14.13. This makes it possible for unauthenticated att= ackers to retrieve booking information including customer names, phones and=
emails. 2026-01-31 5.3 CVE-2026-1431 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-1431 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/0= bd92f91-d9b1-4f6f-ac1a-477950ea2e80?source=3Dcve https://plugins.trac.wordpress.org/browser/booking/tags/10.14.13/core/lib/w= pbc-ajax.php#L25
=C2=A0 Xeroneit--Xeroneit Library Management System Xeroneit Library Manage= ment System 3.1 contains a stored cross-site scripting vulnerability in the=
Book Category feature that allows administrators to inject malicious scrip= ts. Attackers can insert a payload in the Category Name field to execute ar= bitrary JavaScript code when the page is loaded. 2026-01-26 6.4 CVE-2020-36= 954 [ https://www.cve.org/CVERecord?id=3DCVE-2020-36954 ] ExploitDB-49292 [=
https://www.exploit-db.com/exploits/49292 ]
Vendor Homepage [ https://xeroneit.net/ ]
Software Product Page [ https://xeroneit.net/portfolio/library-management-s= ystem-lms ]
VulnCheck Advisory: Xeroneit Library Management System 3.1 - "Add Book Cate= gory " Stored XSS [ https://www.vulncheck.com/advisories/xeroneit-library-m= anagement-system-add-book-category-stored-xss ]
=C2=A0 zephyrproject-rtos--Zephyr A flaw in Zephyr's network stack allows a=
n IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Ech=
o Request. This results in an out-of-bounds memory read and creates a poten= tial information-leak vulnerability in the networking subsystem. 2026-01-30=
6.5 CVE-2025-12899 [ https://www.cve.org/CVERecord?id=3DCVE-2025-12899 ] h= ttps://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c2vg-h= j83-c2vg
=C2=A0 Zhong Bang--CRMEB A security flaw has been discovered in Zhong Bang = CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crme= b/app/api/controller/v1/CrontabController.php of the component crontab Endp= oint. The manipulation results in missing authorization. The attack can be = launched remotely. The exploit has been released to the public and may be u= sed for attacks. The vendor was contacted early about this disclosure but d=
id not respond in any way. 2026-02-01 5.3 CVE-2026-1734 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-1734 ] VDB-343633 | Zhong Bang CRMEB crontab End= point CrontabController.php authorization [ https://vuldb.com/?id.343633 ] VDB-343633 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3436=
33 ]
Submit #736619 | Zhongbang CRMEB v5.6.3 Missing Authorization [ https://vul= db.com/?submit.736619 ] https://github.com/foeCat/CVE/blob/main/CRMEB/crontab_unauthorized_access.md https://github.com/foeCat/CVE/blob/main/CRMEB/crontab_unauthorized_access.m= d#proof-of-concept
=C2=A0 Zhong Bang--CRMEB A vulnerability was identified in Zhong Bang CRMEB=
up to 5.6.3. This affects the function detail/tidyOrder of the file /api/s= tore_integral/order/detail/:uni. The manipulation of the argument order_id = leads to improper authorization. The attack can be initiated remotely. The = exploit is publicly available and might be used. The vendor was contacted e= arly about this disclosure but did not respond in any way. 2026-02-01 4.3 C= VE-2026-1733 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1733 ] VDB-34363=
2 | Zhong Bang CRMEB :uni tidyOrder improper authorization [ https://vuldb.= com/?id.343632 ]
VDB-343632 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343632 ]
Submit #736558 | Zhongbang CRMEB v5.6.3 Improper Access Controls [ https://= vuldb.com/?submit.736558 ] https://github.com/foeCat/CVE/blob/main/CRMEB/integral_order_detail_idor.md https://github.com/foeCat/CVE/blob/main/CRMEB/integral_order_detail_idor.md= #%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0
=C2=A0 Zohocorp--ManageEngine OpManager Zohocorp ManageEngine OpManager, Ne= tFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stor=
ed cross-site scripting vulnerability in the Subnet Details. 2026-01-30 4.6=
CVE-2025-9226 [ https://www.cve.org/CVERecord?id=3DCVE-2025-9226 ] https:/= /www.manageengine.com/itom/advisory/cve-2025-9226.html
=C2=A0=20

Back to top [ #top ]

Low Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info B= dtask--Bhojon All-In-One Restaurant Management System A vulnerability was f= ound in Bdtask Bhojon All-In-One Restaurant Management System up to 2026011=
6. Impacted is an unknown function of the file /dashboard/home/profile of t=
he component User Information Module. Performing a manipulation of the argu= ment fullname results in cross site scripting. It is possible to initiate t=
he attack remotely. The exploit has been made public and could be used. The=
vendor was contacted early about this disclosure but did not respond in an=
y way. 2026-01-29 3.5 CVE-2026-1598 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-1598 ] VDB-343360 | Bdtask Bhojon All-In-One Restaurant Management S= ystem User Information profile cross site scripting [ https://vuldb.com/?id= .343360 ]
VDB-343360 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343360 ]
Submit #740738 | Bdtask Bhojon All-In-One Restaurant Management System Late=
st Stored Cross-Site Scripting [ https://vuldb.com/?submit.740738 ] https://github.com/4m3rr0r/PoCVulDb/issues/12
=C2=A0 Brother Industries, Ltd.--Multiple MFPs Multiple MFPs provided by Br= other Industries, Ltd. does not properly validate server certificates, whic=
h may allow a man-in-the-middle attacker to replace the set of root certifi= cates used by the product with a set of arbitrary certificates. 2026-01-29 = 3.7 CVE-2025-53869 [ https://www.cve.org/CVERecord?id=3DCVE-2025-53869 ] ht= tps://faq.brother.co.jp/app/answers/detail/a_id/13716 https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.= pdf https://www.ricoh.com/products/security/vulnerabilities/vul?id=3Dricoh-2026= -000001
https://jvn.jp/en/vu/JVNVU92878805/
=C2=A0 code-projects--Online Examination System A vulnerability has been fo= und in code-projects Online Examination System 1.0. Affected is an unknown = function of the component Add Pages. Such manipulation leads to cross site = scripting. The attack can be executed remotely. The exploit has been disclo= sed to the public and may be used. 2026-01-26 3.5 CVE-2026-1421 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-1421 ] VDB-342837 | code-projects Online=
Examination System Add Pages cross site scripting [ https://vuldb.com/?id.= 342837 ]
VDB-342837 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3428=
37 ]
Submit #736605 | code-projects Online Examination System 1 Cross Site Scrip= ting [ https://vuldb.com/?submit.736605 ] https://github.com/geo-chen/code-projects/blob/main/Online%20Examination%20= System%20In%20PHP%20With%20Source%20Code.md#finding-1-stored-xss-in-all-add= -pages
https://code-projects.org/
=C2=A0 D-Link--DCS-700L A vulnerability was identified in D-Link DCS-700L 1= .03.09. The affected element is the function uploadmusic of the file /setUp= loadMusic of the component Music File Upload Service. The manipulation of t=
he argument UploadMusic leads to path traversal. The attack can only be ini= tiated within the local network. The exploit is publicly available and migh=
t be used. This vulnerability only affects products that are no longer supp= orted by the maintainer. 2026-01-28 2.4 CVE-2026-1532 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-1532 ] VDB-343218 | D-Link DCS-700L Music File Upl= oad Service setUploadMusic uploadmusic path traversal [ https://vuldb.com/?= id.343218 ]
VDB-343218 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343218 ]
Submit #738693 | D-Link DCS700l v1.03.09 Absolute Path Traversal [ https://= vuldb.com/?submit.738693 ] https://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Path-Traversal-Vulnera= bility-in-Music-File-Upload-2e8b5c52018a80369553f07ab91aabe2?source=3Dcopy_= link
https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A vulnerability was identified in D-Link DIR-823X 2= 50416. This vulnerability affects the function sub_40AC74 of the component = Login. Such manipulation leads to improper restriction of excessive authent= ication attempts. The attack may be performed from remote. This attack is c= haracterized by high complexity. It is stated that the exploitability is di= fficult. The exploit is publicly available and might be used. 2026-01-30 3.=
7 CVE-2026-1685 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1685 ] VDB-34= 3479 | D-Link DIR-823X Login sub_40AC74 excessive authentication [ https://= vuldb.com/?id.343479 ]
VDB-343479 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343479 ]
Submit #740886 | D-Link dir-823X 250416 A logical flaw in the authenticatio=
n mechanism exists [ https://vuldb.com/?submit.740886 ] https://github.com/master-abc/cve/issues/17
https://www.dlink.com/
=C2=A0 D-Link--DSL-6641K A vulnerability was detected in D-Link DSL-6641K N= 8.TR069.20131126. Affected by this issue is the function ad_virtual_server_= vdsl of the component Web Interface. Performing a manipulation of the argum= ent Name results in cross site scripting. It is possible to initiate the at= tack remotely. The exploit is now public and may be used. 2026-01-30 2.4 CV= E-2026-1705 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1705 ] VDB-343510=
| D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting [ https= ://vuldb.com/?id.343510 ]
VDB-343510 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343510 ]
Submit #742421 | D-Link DSL6641K version N8.TR069.20131126 Cross Site Scrip= ting [ https://vuldb.com/?submit.742421 ] https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-= via-ad_virtual_server_vdsl-Configuration-2eeb5c52018a805d97adfb23dfec39c9?s= ource=3Dcopy_link
https://www.dlink.com/
=C2=A0 GnuPG--GnuPG In GnuPG before 2.5.17, a long signature packet length = causes parse_signature to return success with sig->data[] set to a NULL val= ue, leading to a denial of service (application crash). 2026-01-27 3.7 CVE-= 2026-24883 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24883 ] https://ww= w.openwall.com/lists/oss-security/2026/01/27/8
https://dev.gnupg.org/T8049
=C2=A0 GPAC--GPAC A vulnerability was identified in GPAC up to 2.4.0. Affec= ted is the function gf_media_export_webvtt_metadata of the file src/media_t= ools/media_export.c. The manipulation of the argument Name leads to null po= inter dereference. The attack must be carried out locally. The exploit is p= ublicly available and might be used. The identifier of the patch is af951b8= 92dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to = deploy a patch. 2026-01-26 3.3 CVE-2026-1415 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-1415 ] VDB-342804 | GPAC media_export.c gf_media_export_web= vtt_metadata null pointer dereference [ https://vuldb.com/?id.342804 ] VDB-342804 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3428=
04 ]
Submit #736541 | gpac v2.4.0 NULL Pointer Dereference [ https://vuldb.com/?= submit.736541 ]
https://github.com/gpac/gpac/issues/3428 https://github.com/gpac/gpac/issues/3428#issue-3802223345 https://github.com/enocknt/gpac/commit/af951b892dfbaaa38336ba2eba6d6a42c258= 10fd
=C2=A0 GPAC--GPAC A security flaw has been discovered in GPAC up to 2.4.0. = Affected by this vulnerability is the function DumpMovieInfo of the file ap= plications/mp4box/filedump.c. The manipulation results in null pointer dere= ference. The attack must be initiated from a local position. The exploit ha=
s been released to the public and may be used for attacks. The patch is ide= ntified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to imp= lement a patch to correct this issue. 2026-01-26 3.3 CVE-2026-1416 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-1416 ] VDB-342805 | GPAC filedump.c D= umpMovieInfo null pointer dereference [ https://vuldb.com/?id.342805 ] VDB-342805 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3428=
05 ]
Submit #736542 | gpac v2.4.0 NULL Pointer Dereference [ https://vuldb.com/?= submit.736542 ]
https://github.com/gpac/gpac/issues/3427 https://github.com/gpac/gpac/issues/3427#issue-3802197432 https://github.com/enocknt/gpac/commit/d45c264c20addf0c1cc05124ede33f8ffa80= 0e68
=C2=A0 GPAC--GPAC A weakness has been identified in GPAC up to 2.4.0. Affec= ted by this issue is the function dump_isom_rtp of the file applications/mp= 4box/filedump.c. This manipulation causes null pointer dereference. The att= ack needs to be launched locally. The exploit has been made available to th=
e public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be= 28cd3e8fe296993de. Applying a patch is the recommended action to fix this i= ssue. 2026-01-26 3.3 CVE-2026-1417 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-1417 ] VDB-342806 | GPAC filedump.c dump_isom_rtp null pointer derefe= rence [ https://vuldb.com/?id.342806 ]
VDB-342806 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3428=
06 ]
Submit #736543 | gpac v2.4.0 NULL Pointer Dereference [ https://vuldb.com/?= submit.736543 ]
https://github.com/gpac/gpac/issues/3426 https://github.com/gpac/gpac/issues/3426#issue-3802172856 https://github.com/enocknt/gpac/commit/f96bd57c3ccdcde4335a0be28cd3e8fe2969= 93de
=C2=A0 iJason-Liu--Books_Manager A vulnerability has been found in iJason-L=
iu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affec=
ts an unknown part of the file controllers/books_center/add_book_check.php.=
Such manipulation of the argument mark leads to cross site scripting. The = attack can be launched remotely. The exploit has been disclosed to the publ=
ic and may be used. This product does not use versioning. This is why infor= mation about affected and unaffected releases are unavailable. 2026-01-26 2=
.4 CVE-2026-1444 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1444 ] VDB-3= 42873 | iJason-Liu Books_Manager add_book_check.php cross site scripting [ = https://vuldb.com/?id.342873 ]
VDB-342873 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .342873 ]
Submit #736968 | https://github.com/iJason-Liu/Books_Manager Books_Manager = 1.0 Stored XSS [ https://vuldb.com/?submit.736968 ] https://blog.y1fan.work/2026/01/13/%E5%AD%98%E5%82%A8%E5%9E%8Bxss/
=C2=A0 ixray-team--ixray-1.6-stcop Exposure of Sensitive Information to an = Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop. This issue = affects ixray-1.6-stcop: before 1.3. 2026-01-27 3.7 CVE-2026-24870 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-24870 ] https://github.com/ixray-team= /ixray-1.6-stcop/pull/258
=C2=A0 jishenghua--jshERP A vulnerability was found in jishenghua jshERP up=
to 3.6. The impacted element is the function install of the file /jshERP-b= oot/plugin/installByPath of the component com.gitee.starblues.integration.o= perator.DefaultPluginOperator. The manipulation of the argument path result=
s in path traversal. It is possible to launch the attack remotely. The expl= oit has been made public and could be used. The project was informed of the=
problem early through an issue report but has not responded yet. 2026-01-2=
9 2.7 CVE-2026-1588 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1588 ] VD= B-343351 | jishenghua jshERP installByPath install path traversal [ https:/= /vuldb.com/?id.343351 ]
VDB-343351 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343351 ]
Submit #740649 | https://github.com/jishenghua/jshERP jshERP v3.6 Path Trav= ersal [ https://vuldb.com/?submit.740649 ] https://github.com/jishenghua/jshERP/issues/147 https://github.com/jishenghua/jshERP/
=C2=A0 llamastack--Llama Stack Llama Stack (aka llama-stack) before 0.4.0rc=
3 does not censor the pgvector password in the initialization log. 2026-01-=
30 3.2 CVE-2026-25211 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25211 ]=
https://github.com/llamastack/llama-stack/pull/4439 https://github.com/llamastack/llama-stack/compare/v0.4.0rc2...v0.4.0rc3
=C2=A0 MoonshotAI--kimi-agent-sdk Kimi Agent SDK is a set of libraries that=
expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-pu= blish.js and ovsx-publish.js scripts pass filenames to execSync() as shell = command strings. Prior to version 0.1.6, filenames containing shell metacha= racters like $(cmd) could execute arbitrary commands. Note: This vulnerabil= ity exists only in the repository's development scripts. The published VSCo=
de extension does not include these files and end users are not affected. T= his is fixed in version 0.1.6 by replacing execSync with execFileSync using=
array arguments. As a workaround, ensure .vsix files in the project direct= ory have safe filenames before running publish scripts. 2026-01-29 2.9 CVE-= 2026-25046 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25046 ] https://gi= thub.com/MoonshotAI/kimi-agent-sdk/security/advisories/GHSA-mv58-gxx5-8hj3 =C2=A0 OISF--suricata Suricata is a network IDS, IPS and NSM engine. Prior =
to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, espec= ially for alerts not triggered in a tx, can lead to severe slowdowns. Versi= ons 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support =
in the eve configuration. The setting is disabled by default. 2026-01-27 3.=
7 CVE-2026-22261 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22261 ] http= s://github.com/OISF/suricata/security/advisories/GHSA-5jvg-5j3p-34cf https://github.com/OISF/suricata/commit/3f0725b34c7871c2de4346c8af872f10f45= 01e44 https://github.com/OISF/suricata/commit/af246ae7ab1b70c09f83c0619b253095ccc= 18667
https://redmine.openinfosecfoundation.org/issues/8156
=C2=A0 projectworlds--House Rental and Property Listing A weakness has been=
identified in projectworlds House Rental and Property Listing 1.0. This vu= lnerability affects unknown code of the file /app/sms.php. This manipulatio=
n of the argument Message causes cross site scripting. It is possible to in= itiate the attack remotely. The exploit has been made available to the publ=
ic and could be used for attacks. 2026-01-30 3.5 CVE-2026-1700 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-1700 ] VDB-343490 | projectworlds House R= ental and Property Listing sms.php cross site scripting [ https://vuldb.com= /?id.343490 ]
VDB-343490 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343490 ]
Submit #741977 | projectworlds.com House rental And Property Listing Projec=
t V1.0 cross site scripting [ https://vuldb.com/?submit.741977 ] https://github.com/jiahao412/CVE/issues/3
=C2=A0 Red Hat--Red Hat Build of Keycloak A flaw was found in Keycloak's SA=
ML brokering functionality. When Keycloak is configured as a client in a Se= curity Assertion Markup Language (SAML) setup, it fails to validate the `No= tOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an = attacker to delay the expiration of SAML responses, potentially extending t=
he time a response is considered valid and leading to unexpected session du= rations or resource consumption. 2026-01-26 3.1 CVE-2026-1190 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-1190 ] https://access.redhat.com/security/= cve/CVE-2026-1190
RHBZ#2430835 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2430835 ]
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in Glib's cont= ent type parsing logic. This buffer underflow vulnerability occurs because = the length of a header line is stored in a signed integer, which can lead t=
o integer wraparound for very large inputs. This results in pointer underfl=
ow and out-of-bounds memory access. Exploitation requires a local user to i= nstall or process a specially crafted treemagic file, which can lead to loc=
al denial of service or application instability. 2026-01-27 2.8 CVE-2026-14=
85 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1485 ] https://access.redh= at.com/security/cve/CVE-2026-1485
RHBZ#2433325 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2433325 ]
=C2=A0 rethinkdb--rethinkdb A vulnerability was identified in rethinkdb up =
to 2.4.3. Affected by this issue is some unknown functionality of the compo= nent Secondary Index Handler. Such manipulation leads to cross site scripti= ng. It is possible to launch the attack remotely. The exploit is publicly a= vailable and might be used. The vendor was contacted early about this discl= osure but did not respond in any way. 2026-01-28 2.4 CVE-2026-1520 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-1520 ] VDB-343191 | rethinkdb Seconda=
ry Index cross site scripting [ https://vuldb.com/?id.343191 ]
VDB-343191 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3431=
91 ]
Submit #738312 | rethinkdb V2.4.3(latest) cross-site scripting(XSS) [ https= ://vuldb.com/?submit.738312 ] https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scrip= ting(XSS)%20vulnerability%20in%20the%20rethinkdb%20database.md https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scrip= ting(XSS)%20vulnerability%20in%20the%20rethinkdb%20database.md#poc
=C2=A0 Tanium--Discover Tanium addressed an improper input validation vulne= rability in Discover. 2026-01-26 2.7 CVE-2026-0925 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-0925 ] TAN-2026-002 [ https://security.tanium.com/TAN= -2026-002 ]
=C2=A0 Tanium--Interact Tanium addressed an improper access controls vulner= ability in Interact. 2026-01-29 3.1 CVE-2025-15288 [ https://www.cve.org/CV= ERecord?id=3DCVE-2025-15288 ] TAN-2025-034 [ https://security.tanium.com/TA= N-2025-034 ]
=C2=A0=20

Back to top [ #top ]

Severity Not Yet Assigned

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info a= angine--aangine An issue in continuous.software aangine v.2025.2 allows a r= emote attacker to obtain sensitive information via the excel-integration-se= rvice template download module, integration-persistence-service job listing=
module, portfolio-item-service data retrieval module endpoints 2026-01-26 = not yet calculated CVE-2025-67274 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-67274 ] https://aangine.com
https://continuous.software/products https://gist.github.com/c4m0uflag3/26fec868b764c4e7314ad246bab01c88
=C2=A0 abcz316--SKRoot-linuxKernelRoot NULL Pointer Dereference vulnerabili=
ty in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vul= nerability is associated with program files cJSON.Cpp. This issue affects S= KRoot-linuxKernelRoot. 2026-01-27 not yet calculated CVE-2026-24813 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-24813 ] https://github.com/abcz316/S= KRoot-linuxKernelRoot/pull/116
=C2=A0 Acronis--Acronis Cloud Manager Local privilege escalation due to ins= ecure folder permissions. The following products are affected: Acronis Clou=
d Manager (Windows) before build 6.4.25342.354. 2026-01-27 not yet calculat=
ed CVE-2026-0705 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0705 ] SEC-7= 316 [ https://security-advisory.acronis.com/advisories/SEC-7316 ]
=C2=A0 AhaChat--AhaChat Messenger Marketing The AhaChat Messenger Marketing=
WordPress plugin through 1.1 does not sanitise and escape a parameter befo=
re outputting it back in the page, leading to a Reflected Cross-Site Script= ing which could be used against high privilege users such as admin 2026-01-=
26 not yet calculated CVE-2025-14316 [ https://www.cve.org/CVERecord?id=3DC= VE-2025-14316 ] https://wpscan.com/vulnerability/7d69ebec-f940-4491-a51e-70= a9e1bf8a4c/
=C2=A0 akuity--kargo Kargo manages and automates the promotion of software = artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with = authentication checks on the `GetConfig()` API endpoint. This allowed unaut= henticated users to access this endpoint by specifying an `Authorization` h= eader with any non-empty `Bearer` token value, regardless of validity. This=
vulnerability did allow for exfiltration of configuration data such as end= points for connected Argo CD clusters. This data could allow an attacker to=
enumerate cluster URLs and namespaces for use in subsequent attacks. Addit= ionally, the same bug affected the `RefreshResource` endpoint. This endpoin=
t does not lead to any information disclosure, but could be used by an unau= thenticated attacker to perform a denial-of-service style attack against th=
e Kargo API. `RefreshResource` sets an annotation on specific Kubernetes re= sources to trigger reconciliations. If run on a constant loop, this could a= lso slow down legitimate requests to the Kubernetes API server. This proble=
m has been patched in Kargo versiosn 1.8.7, 1.7.7, and 1.6.3. There are no = workarounds for this issue. 2026-01-27 not yet calculated CVE-2026-24748 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-24748 ] https://github.com/akui= ty/kargo/security/advisories/GHSA-w5wv-wvrp-v5m5 https://github.com/akuity/kargo/commit/23646eaefb449a6cc2e76a8033e8a57f7136= 9772 https://github.com/akuity/kargo/commit/aa28f81ac15ad871c6eba329fc2f0417a08c= 39d7 https://github.com/akuity/kargo/commit/b3297ace0d3b9e7f7128858c5c4288d77f07= 2b8c
=C2=A0 ALSA Project--alsa-lib alsa-lib versions 1.2.2 up to and including 1= .2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in t=
he topology mixer control decoder. The tplg_decode_control_mixer1() functio=
n reads the num_channels field from untrusted .tplg data and uses it as a l= oop bound without validating it against the fixed-size channel array (SND_T= PLG_MAX_CHAN). A crafted topology file with an excessive num_channels value=
can cause out-of-bounds heap writes, leading to a crash. 2026-01-29 not ye=
t calculated CVE-2026-25068 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2= 5068 ] https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f7= 2e381ec2cccc0d5d3d40 https://www.vulncheck.com/advisories/alsa-lib-topology-decoder-heap-based-b= uffer-overflow
=C2=A0 Altitude--Altitude Communication Server Illegal HTTP request traffic=
vulnerability (CL.0) in Altitude Communication Server, caused by inconsist= ent analysis of multiple HTTP requests over a single Keep-Alive connection = using Content-Length headers. This can cause a desynchronization of request=
s between frontend and backend servers, which could allow request hiding, c= ache poisoning or security bypass. 2026-01-26 not yet calculated CVE-2025-4= 1082 [ https://www.cve.org/CVERecord?id=3DCVE-2025-41082 ] https://www.inci= be.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-altitude-commun= ication-server
=C2=A0 Altitude--Altitude Communication Server Vulnerability in Altitude Au= thentication Service and Altitude Communication Server v8.5.3290.0 by Altit= ude, where manipulation of Host header in HTTP requests allows redirection =
to an arbitrary URL or modification of the base URL to trick the victim int=
o sending login credentials to a malicious website. This behavior can be us=
ed to redirect clients to endpoints controlled by the attacker. 2026-01-26 = not yet calculated CVE-2025-41083 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-41083 ] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vu= lnerabilities-altitude-communication-server
=C2=A0 AltumCode--AltumCode A directory traversal (Zip Slip) vulnerability = exists in the "Static Sites" feature of 66biolinks v44.0.0 by AltumCode. Up= loaded ZIP archives are automatically extracted without validating or sanit= izing file paths. An attacker can include traversal sequences (e.g., ../) i=
n ZIP entries to write files outside the intended extraction directory. Thi=
s allows static files (html, js, css, images) file write to unintended loca= tions, or overwriting existing HTML files, potentially leading to content d= efacement and, in certain deployments, further impact if sensitive files ar=
e overwritten. 2026-01-28 not yet calculated CVE-2025-69601 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-69601 ] https://gist.github.com/Waqar-Arain/= 9cd59aa74de540eeb3b09d15bac35e36
=C2=A0 AltumCode--AltumCode A session fixation vulnerability exists in 66bi= olinks v62.0.0 by AltumCode, where the application does not regenerate the = session identifier after successful authentication. As a result, the same s= ession cookie value is reused for users logging in from the same browser, a= llowing an attacker who can set or predict a session ID to potentially hija=
ck an authenticated session. 2026-01-28 not yet calculated CVE-2025-69602 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-69602 ] https://gist.github.co= m/Waqar-Arain/c8117308325a91b8f3b7829646915275
=C2=A0 Amidaware--Amidaware A Server-Side Template Injection (SSTI) vulnera= bility in the /reporting/templates/preview/ endpoint of Amidaware Tactical = RMM, affecting versions equal to or earlier than v1.3.1, allows low-privile= ged users with Report Viewer or Report Manager permissions to achieve remot=
e command execution on the server. This occurs due to improper sanitization=
of the template_md parameter, enabling direct injection of Jinja2 template=
s. This occurs due to misuse of the generate_html() function, the user-cont= rolled value is inserted into `env.from_string`, a function that processes = Jinja2 templates arbitrarily, making an SSTI possible. 2026-01-29 not yet c= alculated CVE-2025-69516 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6951=
6 ] https://github.com/amidaware/tacticalrmm
https://www.amidaware.com/ https://gist.github.com/NtGabrielGomes/7c424367cc316fd7527f668ff076fece
=C2=A0 Amidaware--Amidaware An HTML injection vulnerability in Amidaware In=
c Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbi= trary HTML content during the creation of a new agent via the POST /api/v3/= newagent/ endpoint. The agent_id parameter accepts up to 255 characters and=
is improperly sanitized using DOMPurify.sanitize() with the html: true opt= ion enabled, which fails to adequately filter HTML input. The injected HTML=
is rendered in the Tactical RMM management panel when an administrator att= empts to remove or shut down the affected agent, potentially leading to cli= ent-side attacks such as UI manipulation or phishing. NOTE: the Supplier's = position is that this has incorrect information. 2026-01-28 not yet calcula= ted CVE-2025-69517 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69517 ] ht= tps://github.com/amidaware/tacticalrmm
https://www.amidaware.com/ https://gist.github.com/NtGabrielGomes/fdabcd9e85d841c5490739686e0f8b72
=C2=A0 amir20--dozzle Dozzle is a realtime log viewer for docker containers=
. Prior to version 9.0.3, a flaw in Dozzle's agent-backed shell endpoints a= llows a user restricted by label filters (for example, `label=3Denv=3Ddev`)=
to obtain an interactive root shell in out of scope containers (for exampl=
e, `env=3Dprod`) on the same agent host by directly targeting their contain=
er IDs. Version 9.0.3 contains a patch for the issue. 2026-01-27 not yet ca= lculated CVE-2026-24740 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24740=
] https://github.com/amir20/dozzle/security/advisories/GHSA-m855-r557-5rc5 https://github.com/amir20/dozzle/commit/620e59aa246347ba8a27e68c532853b8a51= 37bc1
https://github.com/amir20/dozzle/releases/tag/v9.0.3
=C2=A0 anyrtcIO-Community--anyRTC-RTMP-OpenSource Improper Restriction of O= perations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Co= mmunity anyRTC-RTMP-OpenSource (third_party/faad2-2.7/libfaad modules). Thi=
s vulnerability is associated with program files bits.C, syntax.C. This iss=
ue affects anyRTC-RTMP-OpenSource: before 1.0. 2026-01-27 not yet calculate=
d CVE-2026-1465 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1465 ] https:= //github.com/anyrtcIO-Community/anyRTC-RTMP-OpenSource/pull/166
=C2=A0 Apache Software Foundation--Apache Karaf Deserialization of Untruste=
d Data vulnerability in Apache Karaf Decanter. The Decanter log socket coll= ector exposes the port 4560, without authentication. If the collector expos=
es allowed classes property, this configuration can be bypassed. It means t= hat the log socket collector is vulnerable to deserialization of untrusted = data, eventually causing DoS. NB: Decanter log socket collector is not inst= alled by default. Users who have not installed Decanter log socket are not = impacted by this issue. This issue affects Apache Karaf Decanter before 2.1= 2.0. Users are recommended to upgrade to version 2.12.0, which fixes the is= sue. 2026-01-26 not yet calculated CVE-2026-24656 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-24656 ] https://lists.apache.org/thread/dc5wmdn6hyc992= olntkl75kk04ndzx34
=C2=A0 Apache Software Foundation--HDFS native client Out-of-bounds Write v= ulnerability in Apache Hadoop HDFS native client. This issue affects Apache=
Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to versi=
on 3.4.2, which fixes the issue. 2026-01-26 not yet calculated CVE-2025-278=
21 [ https://www.cve.org/CVERecord?id=3DCVE-2025-27821 ] https://lists.apac= he.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh
=C2=A0 Apple--iOS and iPadOS The issue was addressed with improved bounds c= hecks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPad=
OS 26. Processing a maliciously crafted Keynote file may disclose memory co= ntents. 2026-01-28 not yet calculated CVE-2025-46306 [ https://www.cve.org/= CVERecord?id=3DCVE-2025-46306 ] https://support.apple.com/en-us/125108 https://support.apple.com/en-us/126254
https://support.apple.com/en-us/125110
=C2=A0 Apple--macOS An out-of-bounds read was addressed with improved input=
validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, Pages 15.1, m= acOS Tahoe 26.1. Processing a maliciously crafted Pages document may result=
in unexpected termination or disclosure of process memory. 2026-01-28 not = yet calculated CVE-2025-46316 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -46316 ] https://support.apple.com/en-us/125634 https://support.apple.com/en-us/126255
https://support.apple.com/en-us/125632
=C2=A0 askbot--askbot All versions of askbot before and including 0.12.2 al= low an attacker authenticated with normal user permissions to modify the pr= ofile picture of other application users. This issue affects askbot: 0.12.2=
. 2026-01-27 not yet calculated CVE-2026-1213 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-1213 ] https://fluidattacks.com/advisories/ghost https://askbot.com/ https://github.com/ASKBOT/askbot-devel/commit/3da3d75f35204aa71633c7a315327= ba39cb6295d
=C2=A0 assertj--assertj AssertJ provides Fluent testing assertions for Java=
and the Java Virtual Machine (JVM). Starting in version 1.4.0 and prior to=
version 3.27.7, an XML External Entity (XXE) vulnerability exists in `org.= assertj.core.util.xml.XmlStringPrettyFormatter`: the `toXmlDocument(String)=
` method initializes `DocumentBuilderFactory` with default settings, withou=
t disabling DTDs or external entities. This formatter is used by the `isXml= EqualTo(CharSequence)` assertion for `CharSequence` values. An application =
is vulnerable only when it uses untrusted XML input with either `isXmlEqual= To(CharSequence)` from `org.assertj.core.api.AbstractCharSequenceAssert` or=
`xmlPrettyFormat(String)` from `org.assertj.core.util.xml.XmlStringPrettyF= ormatter`. If untrusted XML input is processed by tone of these methods, an=
attacker couldnread arbitrary local files via `file://` URIs (e.g., `/etc/= passwd`, application configuration files); perform Server-Side Request Forg= ery (SSRF) via HTTP/HTTPS URIs, and/or cause Denial of Service via "Billion=
Laughs" entity expansion attacks. `isXmlEqualTo(CharSequence)` has been de= precated in favor of XMLUnit in version 3.18.0 and will be removed in versi=
on 4.0. Users of affected versions should, in order of preference: replace = `isXmlEqualTo(CharSequence)` with XMLUnit, upgrade to version 3.27.7, or av= oid using `isXmlEqualTo(CharSequence)` or `XmlStringPrettyFormatter` with u= ntrusted input. `XmlStringPrettyFormatter` has historically been considered=
a utility for `isXmlEqualTo(CharSequence)` rather than a feature for Asser=
tJ users, so it is deprecated in version 3.27.7 and removed in version 4.0,=
with no replacement. 2026-01-26 not yet calculated CVE-2026-24400 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-24400 ] https://github.com/assertj/as= sertj/security/advisories/GHSA-rqfh-9r24-8c9r https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523= b1ba79a https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Preventi= on_Cheat_Sheet.html https://github.com/assertj/assertj/releases/tag/assertj-build-3.27.7
=C2=A0 Atlassian--Crowd Data Center This High severity XXE (XML External En= tity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data=
Center and Server. This XXE (XML External Entity Injection) vulnerability,=
with a CVSS Score of 7.9, allows an authenticated attacker to access local=
and remote content which has high impact to confidentiality, low impact to=
integrity, high impact to availability, and requires no user interaction. = Atlassian recommends that Crowd Data Center and Server customers upgrade to=
latest version, if you are unable to do so, upgrade your instance to one o=
f the specified supported fixed versions: * Crowd Data Center and Server 7.=
1: Upgrade to a release greater than or equal to 7.1.3 See the release note=
s (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html).=
You can download the latest version of Crowd Data Center and Server from t=
he download center (https://www.atlassian.com/software/crowd/download-archi= ve). This vulnerability was reported via our Atlassian (Internal) program. = 2026-01-28 not yet calculated CVE-2026-21569 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-21569 ] https://confluence.atlassian.com/pages/viewpage.act= ion?pageId=3D1712324819
https://jira.atlassian.com/browse/CWD-6453
=C2=A0 azerothcore--azerothcore-wotlk Out-of-bounds Write, Buffer Copy with= out Checking Size of Input ('Classic Buffer Overflow') vulnerability in aze= rothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is assoc= iated with program files inflate.C. This issue affects azerothcore-wotlk: t= hrough v4.0.0. 2026-01-27 not yet calculated CVE-2026-24793 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-24793 ] https://github.com/azerothcore/azero= thcore-wotlk/pull/21599
=C2=A0 briandilley--jsonrpc4j Loop with Unreachable Exit Condition ('Infini=
te Loop') vulnerability in briandilley jsonrpc4j (src/main/java/com/googlec= ode/jsonrpc4j modules). This vulnerability is associated with program files=
NoCloseOutputStream.Java. This issue affects jsonrpc4j: through 1.6.0. 202= 6-01-27 not yet calculated CVE-2026-24802 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-24802 ] https://github.com/briandilley/jsonrpc4j/pull/333
=C2=A0 Budibase--budibase Budibase is a low code platform for creating inte= rnal tools, workflows, and admin panels. In versions up to and including 3.= 26.3, a Creator-level user, who normally has no UI permission to invite use= rs, can manipulate API requests to invite new users with any role, includin=
g Admin, Creator, or App Viewer, and assign them to any group in the organi= zation. This allows full privilege escalation, bypassing UI restrictions, a=
nd can lead to complete takeover of the workspace or organization. As of ti=
me of publication, no known fixed versions are available. 2026-01-29 not ye=
t calculated CVE-2026-25040 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2= 5040 ] https://github.com/Budibase/budibase/security/advisories/GHSA-4wfw-r= 86x-qxrm https://drive.google.com/file/d/1Dtn1WLJILRYUeoMjEbUfCbqQ3g2AW2Qz/view?usp= =3Dsharing https://github.com/user-attachments/files/22066135/budibase-privileged-esc-= poc.txt
=C2=A0 bytecodealliance--wasmtime Wasmtime is a runtime for WebAssembly. St= arting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, o=
n x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` W= ebAssembly instruction with Cranelift may load 8 more bytes than is necessa= ry. When signals-based-traps are disabled this can result in a uncaught seg= fault due to loading from unmapped guard pages. With guard pages disabled i= t's possible for out-of-sandbox data to be loaded, but unless there is anot= her bug in Cranelift this data is not visible to WebAssembly guests. Wasmti=
me 36.0.5, 40.0.3, and 41.0.1 have been released to fix this issue. Users a=
re recommended to upgrade to the patched versions of Wasmtime. Other affect=
ed versions are not patched and users should updated to supported major ver= sion instead. This bug can be worked around by enabling signals-based-traps=
. While disabling guard pages can be a quick fix in some situations, it's n=
ot recommended to disabled guard pages as it is a key defense-in-depth meas= ure of Wasmtime. 2026-01-27 not yet calculated CVE-2026-24116 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-24116 ] https://github.com/bytecodeallianc= e/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 https://github.com/bytecodealliance/wasmtime/commit/728fa07184f8da2a046f48e= f9b61f869dce133a6 https://github.com/bytecodealliance/wasmtime/commit/799585fc362fcb991de147d= d1a9f2ba0861ed440 https://github.com/bytecodealliance/wasmtime/commit/ac92d9bb729ad3a6d93f072= 4c4c33a0c4a9c0227 https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.memory_g= uard_size https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_= based_traps
https://docs.wasmtime.dev/stability-release.html https://rustsec.org/advisories/RUSTSEC-2026-0006.html
=C2=A0 Cacti--Cacti A HTML injection vulnerability exists in the file uploa=
d functionality of Cacti <=3D 1.2.29. When a file with an invalid format is=
uploaded, the application reflects the submitted filename back into an err=
or popup without proper sanitization. As a result, attackers can inject arb= itrary HTML elements (e.g., <h1>, , <svg>) into the rendered page. 2026-= 01-29 not yet calculated CVE-2025-45160 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-45160 ] https://github.com/Cacti/cacti https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32
=C2=A0 cadaver--turso3d Out-of-bounds Write, Divide By Zero, NULL Pointer D= ereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable As= sertion vulnerability in cadaver turso3d. This issue affects . 2026-01-27 n=
ot yet calculated CVE-2026-24826 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-24826 ] https://github.com/cadaver/turso3d/pull/11
=C2=A0 Canonical--juju Vulnerable cross-model authorization in juju. If a c= harm's cross-model permissions are revoked or expire, a malicious user who =
is able to update database records can mint an invalid macaroon that is inc= orrectly validated by the juju controller, enabling a charm to maintain oth= erwise revoked or expired permissions. This allows a charm to continue rela= ting to another charm in a cross-model relation, and use their workload wit= hout their permission. No fix is available as of the time of writing. 2026-= 01-28 not yet calculated CVE-2026-1237 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1237 ] https://github.com/juju/juju/security/advisories/GHSA-j4= 77-6vpg-6c8x
=C2=A0 CardboardPowered--cardboard Improper Restriction of Operations withi=
n the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard=
(src/main/java/org/cardboardpowered/impl/world modules). This vulnerabilit=
y is associated with program files WorldImpl.Java. This issue affects cardb= oard: before 1.21.4. 2026-01-27 not yet calculated CVE-2026-24794 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-24794 ] https://github.com/CardboardPo= wered/cardboard/pull/506
=C2=A0 ChurchCRM--CRM ChurchCRM is an open-source church management system.=
Versions prior to 6.7.2 have a Stored Cross-Site Scripting (XSS) vulnerabi= lity occurs in Create Events in Church Calendar. Users with low privileges = can create XSS payloads in the Description field. This payload is stored in=
the database, and when other users view that event (including the admin), = the payload is triggered, leading to account takeover. Version 6.7.2 fixes = the vulnerability. 2026-01-30 not yet calculated CVE-2026-24855 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-24855 ] https://github.com/ChurchCRM/CRM= /security/advisories/GHSA-49qp-cfqx-c767 https://github.com/ChurchCRM/CRM/commit/0cd0d211459b8c19509d36b3c1dfcd7f8c1= 0d914 https://github.com/ChurchCRM/CRM/commit/ec4b16e9a3ca09c8a01a712bcb90579c42f= 2ba28
=C2=A0 CloverHackyColor--CloverBootloader Out-of-bounds Write vulnerability=
in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpres= sionDxe/Oniguruma modules). This vulnerability is associated with program f= iles regcomp.C. This issue affects CloverBootloader: before 5162. 2026-01-2=
7 not yet calculated CVE-2026-24795 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-24795 ] https://github.com/CloverHackyColor/CloverBootloader/pull/733 =C2=A0 CloverHackyColor--CloverBootloader Out-of-bounds Read vulnerability =
in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpress= ionDxe/Oniguruma modules). This vulnerability is associated with program fi= les regparse.C. This issue affects CloverBootloader: before 5162. 2026-01-2=
7 not yet calculated CVE-2026-24796 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-24796 ] https://github.com/CloverHackyColor/CloverBootloader/pull/732 =C2=A0 code-projects--code-projects code-projects Computer Book Store 1.0 i=
s vulnerable to File Upload in admin_add.php. 2026-01-27 not yet calculated=
CVE-2025-69559 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69559 ] https= ://gitee.com/Z_180yc/zyy/issues/IDBY27 https://gist.github.com/lih28984-commits/cd3a275dfd9c92a79b6a4a0e8801f4fa =C2=A0 code-projects--code-projects code-projects Mobile Shop Management Sy= stem 1.0 is vulnerable to SQL Injection in /insertmessage.php via the useri=
d parameter. 2026-01-27 not yet calculated CVE-2025-69562 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-69562 ] https://gitee.com/Z_180yc/zyy/issues/I= DC5FU
https://gist.github.com/lih28984-commits/a847a034c3bb626904dcc6ab7576257f =C2=A0 code-projects--code-projects code-projects Mobile Shop Management Sy= stem 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password pa= rameter. 2026-01-27 not yet calculated CVE-2025-69563 [ https://www.cve.org= /CVERecord?id=3DCVE-2025-69563 ] https://gitee.com/Z_180yc/zyy/issues/IDC3IB https://gist.github.com/lih28984-commits/544eaaca3ea58563a807c43b521d76e6 =C2=A0 code-projects--code-projects code-projects Mobile Shop Management Sy= stem 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, = Address, email, UserName, Password, confirm_password, Role, Branch, and Act= ivate parameters. 2026-01-27 not yet calculated CVE-2025-69564 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-69564 ] https://gitee.com/Z_180yc/zyy/iss= ues/IDCEJP https://gist.github.com/lih28984-commits/87eacfc32186020a04e03a2af448723f =C2=A0 code-projects--code-projects code-projects Mobile Shop Management Sy= stem 1.0 is vulnerable to File Upload in /ExAddProduct.php. 2026-01-27 not = yet calculated CVE-2025-69565 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -69565 ] https://gitee.com/Z_180yc/zyy/issues/IDCFAQ https://gist.github.com/lih28984-commits/81d523afde3b122c652f652bab808e33 =C2=A0 coolsnowwolf--lede Loop with Unreachable Exit Condition ('Infinite L= oop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/s= rc/mt_wifi/embedded/security modules). This vulnerability is associated wit=
h program files bn_lib.C. This issue affects lede: through r25.10.1. 2026-0= 1-27 not yet calculated CVE-2026-24803 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24803 ] https://github.com/coolsnowwolf/lede/pull/13346
=C2=A0 coolsnowwolf--lede Loop with Unreachable Exit Condition ('Infinite L= oop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7603e/s= rc/mt7603_wifi/common modules). This vulnerability is associated with progr=
am files bn_lib.C. This issue affects lede: through r25.10.1. 2026-01-27 no=
t yet calculated CVE-2026-24804 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-24804 ] https://github.com/coolsnowwolf/lede/pull/13368
=C2=A0 CPU-Z--CPU-Z The kernel driver of CPUID CPU-Z v2.17 and earlier does=
not validate user-supplied values passed via its IOCTL interface, allowing=
an attacker to access sensitive information via a crafted request. 2026-01= -27 not yet calculated CVE-2025-65264 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-65264 ] https://www.cpuid.com/softwares/cpu-z.html https://github.com/cwjchoi01/CVE-2025-65264
=C2=A0 datavane--tis Unrestricted Upload of File with Dangerous Type, Deser= ialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/= main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is = associated with program files XmlFile.Java. This issue affects tis: before = v4.3.0. 2026-01-27 not yet calculated CVE-2026-24815 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-24815 ] https://github.com/datavane/tis/pull/443
=C2=A0 datavane--tis Loop with Unreachable Exit Condition ('Infinite Loop')=
vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis= /runtime/module/action modules). This vulnerability is associated with prog= ram files ChangeDomainAction.Java. This issue affects tis: before v4.3.0. 2= 026-01-27 not yet calculated CVE-2026-24816 [ https://www.cve.org/CVERecord= ?id=3DCVE-2026-24816 ] https://github.com/datavane/tis/pull/444
=C2=A0 davisking--dlib Out-of-bounds Write, Buffer Copy without Checking Si=
ze of Input ('Classic Buffer Overflow') vulnerability in davisking dlib (dl= ib/external/zlib modules). This vulnerability is associated with program fi= les inflate.C. This issue affects dlib: before v19.24.9. 2026-01-27 not yet=
calculated CVE-2026-24799 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24= 799 ] https://github.com/davisking/dlib/pull/3063
=C2=A0 Delinea Inc.--Secret Server On-Prem Improper Authentication vulnerab= ility in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules)=
. This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secr=
et with "change password on check in" enabled automatically checks in even = when the password change fails after reaching its retry limit. This leaves = the secret in an inconsistent state with the wrong password. Remediation: U= pgrade to 11.9.47 or later. The secret will remain checked out when the pas= sword change fails. 2026-01-27 not yet calculated CVE-2025-12810 [ https://= www.cve.org/CVERecord?id=3DCVE-2025-12810 ] https://docs.delinea.com/online= -help/secret-server/release-notes/ss-rn-11-9-000047.htm https://trust.delinea.com/?tcuUid=3D48260de9-954d-45c2-9c66-2c9510798a0b
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoi=
nt lets any authenticated user bypass the ai_discover_persona access contro=
ls and gain ongoing DM access to personas that may be wired to staff-only c= ategories, RAG document sets, or automated tooling, enabling unauthorized d= ata disclosure. Because the controller also accepts arbitrary user_id, an a= ttacker can impersonate other accounts to trigger unwanted AI conversations=
on their behalf, generating confusing or abusive PM traffic. This issue is=
patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known wo= rkarounds are available. 2026-01-28 not yet calculated CVE-2025-68660 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-68660 ] https://github.com/discour= se/discourse/security/advisories/GHSA-mrvm-rprq-jqqh
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users arc= hives are viewable by users with moderation privileges even though moderato=
rs should not have access to the archives. Private topic/post content made =
by the users are leaked through the archives leading to a breach of confide= ntiality. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, an=
d 2026.1.0. To work around this problem, a site admin can temporarily revok=
e the moderation role from all moderators until the Discourse instance has = been upgraded to a version that has been patched. 2026-01-28 not yet calcul= ated CVE-2025-68666 [ https://www.cve.org/CVERecord?id=3DCVE-2025-68666 ] h= ttps://github.com/discourse/discourse/security/advisories/GHSA-xmvw-jjqq-25=
mv
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderator=
s can access the `top_uploads` admin report which should be restricted to a= dmins only. This report displays direct URLs to all uploaded files on the s= ite, including sensitive content such as user data exports, admin backups, = and other private attachments that moderators should not have access to. Th=
is issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. = There is no workaround. Limit moderator privileges to trusted users until t=
he patch is applied. 2026-01-28 not yet calculated CVE-2025-69218 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-69218 ] https://github.com/discourse/d= iscourse/security/advisories/GHSA-79f9-j8h4-3w6w
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.=
2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-cha= nge restrictions, allowing a takeover of non-staff accounts. This issue is = patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaro= und, ensure moderators are trusted or enable the "require_change_email_conf= irmation" setting. 2026-01-28 not yet calculated CVE-2025-69289 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-69289 ] https://github.com/discourse/dis= course/security/advisories/GHSA-p39j-x54c-rwqq
=C2=A0 discourse--discourse Discourse is an open source discussion platform=
. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalink=
s pointing to access-restricted resources (private topics, categories, post=
s, or hidden tags) were redirecting users to URLs containing the resource s= lug, even when the user didn't have access to view the resource. This leake=
d potentially sensitive information (e.g., private topic titles) via the re= direct Location header and the 404 page's search box. This issue is patched=
in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workaround=
s are available. 2026-01-28 not yet calculated CVE-2026-23743 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-23743 ] https://github.com/discourse/disco= urse/security/advisories/GHSA-v5jw-rxc6-4cvv
=C2=A0 DokuWiki--DokuWiki aelsantex runcommand 2014-04-01, a plugin for Dok= uWiki, allows unauthenticated attackers to execute arbitrary system command=
s via lib/plugins/runcommand/postaction.php. 2026-01-30 not yet calculated = CVE-2025-51958 [ https://www.cve.org/CVERecord?id=3DCVE-2025-51958 ] https:= //www.dokuwiki.org/plugin:runcommand
https://github.com/aelsantex/runcommand https://gist.github.com/NtustLin/f64528002e4f61874045799127dc49a4
=C2=A0 dormakaba--Access Manager 92xx-k5 The exos 9300 application can be u= sed to configure Access Managers (e.g. 92xx, 9230 and 9290). The configurat= ion is done in a graphical user interface on the dormakaba exos server. As = soon as the save button is clicked in exos 9300, the whole configuration is=
sent to the selected Access Manager via SOAP. The SOAP request is sent wit= hout any prior authentication or authorization by default. Though authentic= ation and authorization can be configured using IPsec for 92xx-K5 devices a=
nd mTLS for 92xx-K7 devices, it is not enabled by default and must therefor=
e be activated with additional steps. This insecure default allows an attac= ker with network level access to completely control the whole environment. =
An attacker is for example easily able to conduct the following tasks witho=
ut prior authentication: - Re-configure Access Managers (e.g. remove alarmi=
ng system requirements) - Freely re-configure the inputs and outputs - Open=
all connected doors permanently - Open all doors for a defined time interv=
al - Change the admin password - and many more Network level access can be = gained due to an insufficient network segmentation as well as missing LAN f= irewalls. Devices with an insecure configuration have been identified to be=
directly exposed to the internet. 2026-01-26 not yet calculated CVE-2025-5= 9097 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59097 ] https://r.sec-co= nsult.com/dormakaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 The Access Manager is offering a t= race functionality to debug errors and issues with the device. The trace fu= nctionality is implemented as a simple TCP socket. A tool called TraceClien= t.exe, provided by dormakaba via the Access Manager web interface, is used =
to connect to the socket and receive debug information. The data is permane= ntly broadcasted on the TCP socket. The socket can be accessed without any = authentication or encryption. The transmitted data is based on the set verb= osity level. The verbosity level can be set using the http(s) endpoint with=
the service interface password or with the guessable identifier of the dev= ice via the SOAP interface. The transmitted data contains sensitive data li=
ke the Card ID as well as all button presses on Registration units. This al= lows an attacker with network level access to retrieve all entered PINs on =
a registration unit. 2026-01-26 not yet calculated CVE-2025-59098 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-59098 ] https://r.sec-consult.com/dorm= akaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 The Access Manager is using the op=
en source web server CompactWebServer written in C#. This web server is aff= ected by a path traversal vulnerability, which allows an attacker to direct=
ly access files via simple GET requests without prior authentication. Hence=
, it is possible to retrieve all files stored on the file system, including=
the SQLite database Database.sq3, containing badge information and the cor= responding PIN codes. Additionally, when trying to access certain files, th=
e web server crashes and becomes unreachable for about 60 seconds. This can=
be abused to continuously send the request and cause denial of service. 20= 26-01-26 not yet calculated CVE-2025-59099 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-59099 ] https://r.sec-consult.com/dormakaba https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 The web interface offers a functio= nality to export the internal SQLite database. After executing the database=
export, an automatic download is started and the device reboots. After reb= ooting, the exported database is deleted and cannot be accessed anymore. Ho= wever, it was noticed that sometimes the device does not reboot and therefo=
re the exported database is not deleted, or the device reboots and the expo=
rt is not deleted for unknown reasons. The path where the database export i=
s located can be accessed without prior authentication. This leads to the f= act that an attacker might be able to get access to the exported database w= ithout prior authentication. The database includes sensitive data like pass= words, card pins, encrypted Mifare sitekeys and much more. 2026-01-26 not y=
et calculated CVE-2025-59100 [ https://www.cve.org/CVERecord?id=3DCVE-2025-= 59100 ] https://r.sec-consult.com/dormakaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 Instead of typical session tokens =
or cookies, it is verified on a per-request basis if the originating IP add= ress has once successfully logged in. As soon as an authentication request = from a certain source IP is successful, the IP address is handled as authen= ticated. No other session information is stored. Therefore, it is possible =
to spoof the IP address of a logged-in user to gain access to the Access Ma= nager web interface. 2026-01-26 not yet calculated CVE-2025-59101 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-59101 ] https://r.sec-consult.com/dorm= akaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 The web server of the Access Manag=
er offers a functionality to download a backup of the local database stored=
on the device. This database contains the whole configuration. This includ=
es encrypted MIFARE keys, card data, user PINs and much more. The PINs are = even stored unencrypted. Combined with the fact that an attacker can easily=
get access to the backup functionality by abusing the session management i= ssue (CVE-2025-59101), or by exploiting the weak default password (CVE-2025= -59108), or by simply setting a new password without prior authentication v=
ia the SOAP API (CVE-2025-59097), it is easily possible to access the sensi= tive data on the device. 2026-01-26 not yet calculated CVE-2025-59102 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-59102 ] https://r.sec-consult.com/= dormakaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 The Access Manager 92xx in hardwar=
e revision K7 is based on Linux instead of Windows CE embedded in older har= dware revisions. In this new hardware revision it was noticed that an SSH s= ervice is exposed on port 22. By analyzing the firmware of the devices, it = was noticed that there are two users with hardcoded and weak passwords that=
can be used to access the devices via SSH. The passwords can be also guess=
ed very easily. The password of at least one user is set to a random value = after the first deployment, with the restriction that the password is only = randomized if the configured date is prior to 2022. Therefore, under certai=
n circumstances, the passwords are not randomized. For example, if the cloc=
k is never set on the device, the battery of the clock module has been chan= ged, the Access Manager has been factory reset and has not received a time = yet. 2026-01-26 not yet calculated CVE-2025-59103 [ https://www.cve.org/CVE= Record?id=3DCVE-2025-59103 ] https://r.sec-consult.com/dormakaba https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 With physical access to the device=
and enough time an attacker can desolder the flash memory, modify it and t= hen reinstall it because of missing encryption. Thus, essential files, such=
as "/etc/passwd", as well as stored certificates, cryptographic keys, stor=
ed PINs and so on can be modified and read, in order to gain SSH root acces=
s on the Linux-based K7 model. On the Windows CE based K5 model, the passwo=
rd for the Access Manager can additionally be read in plain text from the s= tored SQLite database. 2026-01-26 not yet calculated CVE-2025-59105 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-59105 ] https://r.sec-consult.com/do= rmakaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 Dormakaba provides the software FW= ServiceTool to update the firmware version of the Access Managers via the n= etwork. The firmware in some instances is provided in an encrypted ZIP file=
. Within this tool, the password used to decrypt the ZIP and extract the fi= rmware is set statically and can be extracted. This password was valid for = multiple observed firmware versions. 2026-01-26 not yet calculated CVE-2025= -59107 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59107 ] https://r.sec-= consult.com/dormakaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k5 By default, the password for the A= ccess Manager's web interface, is set to 'admin'. In the tested version cha= nging the password was not enforced. 2026-01-26 not yet calculated CVE-2025= -59108 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59108 ] https://r.sec-= consult.com/dormakaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k7 With physical access to the device=
and enough time an attacker is able to solder test leads to the debug foot= print (or use the 6-Pin tag-connect cable). Thus, the attacker gains access=
to the bootloader, where the kernel command line can be changed. An attack=
er is able to gain a root shell through this vulnerability. 2026-01-26 not = yet calculated CVE-2025-59104 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -59104 ] https://r.sec-consult.com/dormakaba
https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Access Manager 92xx-k7 The binary serving the web server = and executing basically all actions launched from the Web UI is running wit=
h root privileges. This is against the least privilege principle. If an att= acker is able to execute code on the system via other vulnerabilities it is=
possible to directly execute commands with highest privileges. 2026-01-26 = not yet calculated CVE-2025-59106 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-59106 ] https://r.sec-consult.com/dormakaba https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--dormakaba registration unit 9002 The dormakaba registrati=
on units 9002 (PIN Pad Units) have an exposed UART header on the backside. = The PIN pad is sending every button press to the UART interface. An attacke=
r can use the interface to exfiltrate PINs. As the devices are explicitly b= uilt as Plug-and-Play to be easily replaced, an attacker is easily able to = remove the device, install a hardware implant which connects to the UART an=
d exfiltrates the data exposed via UART to another system (e.g. via WiFi). = 2026-01-26 not yet calculated CVE-2025-59109 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-59109 ] https://r.sec-consult.com/dormakaba https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Kaba exos 9300 On the exos 9300 server, a SOAP API is rea= chable on port 8002. This API does not require any authentication prior to = sending requests. Therefore, network access to the exos server allows e.g. = the creation of arbitrary access log events as well as querying the 2FA PIN=
s associated with the enrolled chip cards. 2026-01-26 not yet calculated CV= E-2025-59090 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59090 ] https://= r.sec-consult.com/dormakaba
https://r.sec-consult.com/dkexos https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Kaba exos 9300 Multiple hardcoded credentials have been i= dentified, which are allowed to sign-in to the exos 9300 datapoint server r= unning on port 1004 and 1005. This server is used for relaying status infor= mation from and to the Access Managers. This information, among other thing=
s, is used to graphically visualize open doors and alerts. However, control= ling the Access Managers via this interface is also possible. To send and r= eceive status information, authentication is necessary. The Kaba exos 9300 = application contains hard-coded credentials for four different users, which=
are allowed to login to the datapoint server and receive as well as send i= nformation, including commands to open arbitrary doors. 2026-01-26 not yet = calculated CVE-2025-59091 [ https://www.cve.org/CVERecord?id=3DCVE-2025-590=
91 ] https://r.sec-consult.com/dormakaba
https://r.sec-consult.com/dkexos https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Kaba exos 9300 An RPC service, which is part of exos 9300=
, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe.=
This service is used for interprocess communication between services and t=
he Kaba exos 9300 GUI, containing status information about the Access Manag= ers. Interacting with the service does not require any authentication. Ther= efore, it is possible to send arbitrary status information about door conta= cts etc. without prior authentication. 2026-01-26 not yet calculated CVE-20= 25-59092 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59092 ] https://r.se= c-consult.com/dormakaba
https://r.sec-consult.com/dkexos https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Kaba exos 9300 Exos 9300 instances are using a randomly g= enerated database password to connect to the configured MSSQL server. The p= assword is derived from static random values, which are concatenated to the=
hostname and a random string that can be read by every user from the regis= try. This allows an attacker to derive the database password and get authen= ticated access to the central exos 9300 database as the user Exos9300Common=
. The user has the roles ExosDialog and ExosDialogDotNet assigned, which ar=
e able to read most tables of the database as well as update and insert int=
o many tables. 2026-01-26 not yet calculated CVE-2025-59093 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-59093 ] https://r.sec-consult.com/dormakaba https://r.sec-consult.com/dkexos https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Kaba exos 9300 A local privilege escalation vulnerability=
has been identified in the Kaba exos 9300 System management application (d= 9sysdef.exe). Within this application it is possible to specify an arbitrar=
y executable as well as the weekday and start time, when the specified exec= utable should be run with SYSTEM privileges. 2026-01-26 not yet calculated = CVE-2025-59094 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59094 ] https:= //r.sec-consult.com/dormakaba
https://r.sec-consult.com/dkexos https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Kaba exos 9300 The program libraries (DLL) and binaries u= sed by exos 9300 contain multiple hard-coded secrets. One notable example i=
s the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. Thi=
s algorithm uses a simple XOR encryption technique combined with a cryptogr= aphic key (cryptoKey) to transform each character of the input string. Howe= ver, it's important to note that this implementation does not provide stron=
g encryption and should not be considered secure for sensitive data. It's m= ore of a custom encryption approach rather than a common algorithm used in = cryptographic applications. The key itself is static and based on the found= er's name of the company. The functionality is for example used to encrypt = the user PINs before storing them in the MSSQL database. 2026-01-26 not yet=
calculated CVE-2025-59095 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59= 095 ] https://r.sec-consult.com/dormakaba
https://r.sec-consult.com/dkexos https://www.dormakabagroup.com/en/security-advisories
=C2=A0 dormakaba--Kaba exos 9300 The default password for the extended admi=
n user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration")=
is hard-coded in multiple locations as well as documented in the locally s= tored user documentation. 2026-01-26 not yet calculated CVE-2025-59096 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-59096 ] https://r.sec-consult.com= /dormakaba
https://r.sec-consult.com/dkexos https://www.dormakabagroup.com/en/security-advisories
=C2=A0 Drupal--Acquia Content Hub Cross-Site Request Forgery (CSRF) vulnera= bility in Drupal Acquia Content Hub allows Cross Site Request Forgery. This=
issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 befo=
re 3.7.3. 2026-01-28 not yet calculated CVE-2025-14472 [ https://www.cve.or= g/CVERecord?id=3DCVE-2025-14472 ] https://www.drupal.org/sa-contrib-2025-125 =C2=A0 Drupal--AI (Artificial Intelligence) Improper Neutralization of Inpu=
t During Web Page Generation ("Cross-site Scripting") vulnerability in Drup=
al AI (Artificial Intelligence) allows Cross-Site Scripting (XSS). This iss=
ue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.=
0 before 1.1.7, from 1.2.0 before 1.2.4. 2026-01-28 not yet calculated CVE-= 2025-13981 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13981 ] https://ww= w.drupal.org/sa-contrib-2025-119
=C2=A0 Drupal--CKEditor 5 Premium Features Authentication Bypass Using an A= lternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Feature=
s allows Functionality Bypass. This issue affects CKEditor 5 Premium Featur= es: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.= 4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4. 2026-01-28 not yet c= alculated CVE-2025-13980 [ https://www.cve.org/CVERecord?id=3DCVE-2025-1398=
0 ] https://www.drupal.org/sa-contrib-2025-118
=C2=A0 Drupal--Disable Login Page Authentication Bypass Using an Alternate = Path or Channel vulnerability in Drupal Disable Login Page allows Functiona= lity Bypass. This issue affects Disable Login Page: from 0.0.0 before 1.1.3=
. 2026-01-28 not yet calculated CVE-2025-13986 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-13986 ] https://www.drupal.org/sa-contrib-2025-124
=C2=A0 Drupal--Drupal Improper Neutralization of Input During Web Page Gene= ration ('Cross-site Scripting') vulnerability in Drupal Form Builder allows=
Cross-Site Scripting (XSS). This issue affects Drupal: from 7.X-1.0 throug=
h 7.X-1.22. 2026-01-28 not yet calculated CVE-2026-0749 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-0749 ] https://www.herodevs.com/vulnerability-di= rectory/cve-2026-0749 https://d7es.tag1.com/security-advisories/form-builder-less-critical-cross-= site-scripting
=C2=A0 Drupal--Drupal Commerce Paybox Improper Verification of Cryptographi=
c Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox =
on Drupal 7.X allows Authentication Bypass. This issue affects Drupal Comme= rce Paybox: from 7-x-1.0 through 7.X-1.5. 2026-01-28 not yet calculated CVE= -2026-0750 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0750 ] https://www= .herodevs.com/vulnerability-directory/cve-2026-0750 https://d7es.tag1.com/security-advisories/commerce-paybox-moderately-critic= al-payment-bypass-vulnerability
=C2=A0 Drupal--Entity Share Incorrect Authorization vulnerability in Drupal=
Entity Share allows Forceful Browsing. This issue affects Entity Share: fr=
om 0.0.0 before 3.13.0. 2026-01-28 not yet calculated CVE-2025-13985 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-13985 ] https://www.drupal.org/sa-c= ontrib-2025-123
=C2=A0 Drupal--HTTP Client Manager Improper Check for Unusual or Exceptiona=
l Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Br= owsing. This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, f= rom 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1. 2026-01-28 not yet cal= culated CVE-2025-14840 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14840 =
] https://www.drupal.org/sa-contrib-2025-126
=C2=A0 Drupal--Login Time Restriction Cross-Site Request Forgery (CSRF) vul= nerability in Drupal Login Time Restriction allows Cross Site Request Forge= ry. This issue affects Login Time Restriction: from 0.0.0 before 1.0.3. 202= 6-01-28 not yet calculated CVE-2025-13982 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-13982 ] https://www.drupal.org/sa-contrib-2025-120
=C2=A0 Drupal--Mini site Privilege Defined With Unsafe Actions vulnerabilit=
y in Drupal Mini site allows Stored XSS. This issue affects Mini site: from=
0.0.0 before 3.0.2. 2026-01-28 not yet calculated CVE-2025-13979 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-13979 ] https://www.drupal.org/sa-cont= rib-2025-117
=C2=A0 Drupal--Next.js Permissive Cross-domain Security Policy with Untrust=
ed Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS=
). This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2= .0.1. 2026-01-28 not yet calculated CVE-2025-13984 [ https://www.cve.org/CV= ERecord?id=3DCVE-2025-13984 ] https://www.drupal.org/sa-contrib-2025-122
=C2=A0 Drupal--Tagify Improper Neutralization of Input During Web Page Gene= ration ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross= -Site Scripting (XSS). This issue affects Tagify: from 0.0.0 before 1.2.44.=
2026-01-28 not yet calculated CVE-2025-13983 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-13983 ] https://www.drupal.org/sa-contrib-2025-121
=C2=A0 Eclipse Foundation--Eclipse OMR In the Eclipse OMR port library comp= onent since release 0.2.0, an API function to return the textual names of a=
ll supported processor features was not accounting for the separator insert=
ed between processor features. If the output buffer supplied to this functi=
on was incorrectly sized, failing to account for the separator when determi= ning when a write to the buffer was safe could lead to a buffer overflow. T= his issue is fixed in Eclipse OMR version 0.8.0. 2026-01-29 not yet calcula= ted CVE-2026-1188 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1188 ] http= s://github.com/eclipse-omr/omr/pull/8082
=C2=A0 Eclipse Foundation--Eclipse ThreadX - NetX Duo A denial-of-service v= ulnerability exists in the NetX IPv6 component functionality of Eclipse Thr= eadX NetX Duo. A specially crafted network packet of "Packet Too Big" with = more than 15 different source address can lead to denial of service. An att= acker can send a malicious packet to trigger this vulnerability. 2026-01-27=
not yet calculated CVE-2025-55102 [ https://www.cve.org/CVERecord?id=3DCVE= -2025-55102 ] https://github.com/eclipse-threadx/netxduo/security/advisorie= s/GHSA-f3rx-xrwm-q2rf
=C2=A0 Edgemo (Danoffice IT)--Local Admin Service Improper access control i=
n the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Servic=
e 1.2.7.23180 on Windows allows a local user to escalate their privileges t=
o local administrator via direct communication with the LocalAdminService.e=
xe named pipe, bypassing client-side group membership restrictions. 2026-01= -30 not yet calculated CVE-2026-1680 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-1680 ] https://retest.dk/local-privilege-escalation-vulnerability-f= ound-in-local-admin-service/ https://www.danofficeit.com/howwedoit/workplace/management/
=C2=A0 EGroupware--egroupware EGroupware is a Web based groupware server wr= itten in PHP. A SQL Injection vulnerability exists in the core components o=
f EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specificall=
y in the `Nextmatch` filter processing. The flaw allows authenticated attac= kers to inject arbitrary SQL commands into the `WHERE` clause of database q= ueries. This is achieved by exploiting a PHP type juggling issue where JSON=
decoding converts numeric strings into integers, bypassing the `is_int()` = security check used by the application. Versions 23.1.20260113 and 26.0.202= 60113 patch the vulnerability. 2026-01-28 not yet calculated CVE-2026-22243=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-22243 ] https://github.com/E= Groupware/egroupware/security/advisories/GHSA-rvxj-7f72-mhrx https://github.com/EGroupware/egroupware/releases/tag/23.1.20260113 https://github.com/EGroupware/egroupware/releases/tag/26.0.20260113
=C2=A0 ESET, spol. s.r.o--ESET Inspect Connector Planting a custom configur= ation file in ESET Inspect Connector=C2=A0allow=C2=A0load a malicious DLL. = 2026-01-30 not yet calculated CVE-2025-13176 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-13176 ] https://support.eset.com/en/ca8910-eset-customer-ad= visory-local-privilege-escalation-vulnerability-fixed-in-eset-inspect-conne= ctor-for-windows
=C2=A0 eslint--eslint Stack overflow vulnerability in eslint before 9.26.0 = when serializing objects with circular references in eslint/lib/shared/seri= alization.js. The exploit is triggered via the RuleTester.run() method, whi=
ch validates test cases and checks for duplicates. During validation, the i= nternal function checkDuplicateTestCase() is called, which in turn uses the=
isSerializable() function for serialization checks. When a circular refere= nce object is passed in, isSerializable() enters infinite recursion, ultima= tely causing a stack overflow. 2026-01-26 not yet calculated CVE-2025-50537=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-50537 ] https://github.com/e= slint/eslint/issues/19646 https://gist.github.com/lyyffee/2ee1815e5c2da82c05e9838b9bfefbbc
=C2=A0 Explorance--Blue Explorance Blue versions prior to 8.14.9 contain a = SQL injection vulnerability caused by insufficient validation of user input=
in a web application endpoint. An attacker can supply crafted input that i=
s executed as part of backend database queries. The issue is exploitable wi= thout authentication, significantly raising the risk. 2026-01-28 not yet ca= lculated CVE-2025-57792 [ https://www.cve.org/CVERecord?id=3DCVE-2025-57792=
] https://www.explorance.com/products/blue https://online-help.explorance.com/blue/articles/security-advisories-(janua= ry-2026) https://online-help.explorance.com/blue/articles/security-advisory:-cve-202= 5-57792 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT= -2026-0001.md
=C2=A0 Explorance--Blue Explorance Blue versions prior to 8.14.9 contain a = SQL injection vulnerability caused by insufficient validation of user-suppl= ied input in a web application component. Crafted input can be executed as = part of backend database queries. The issue is exploitable without authenti= cation, significantly elevating the risk. 2026-01-28 not yet calculated CVE= -2025-57793 [ https://www.cve.org/CVERecord?id=3DCVE-2025-57793 ] https://w= ww.explorance.com/products/blue https://online-help.explorance.com/blue/articles/security-advisories-(janua= ry-2026) https://online-help.explorance.com/blue/articles/security-advisory:-cve-202= 5-57793 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT= -2026-0002.md
=C2=A0 Explorance--Blue Explorance Blue versions prior to 8.14.9 contain an=
authenticated unrestricted file upload vulnerability in the administrative=
interface. The application does not adequately restrict uploaded file type=
s, allowing malicious files to be uploaded and executed by the server. This=
condition enables remote code execution under default configurations. 2026= -01-28 not yet calculated CVE-2025-57794 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-57794 ] https://www.explorance.com/products/blue https://online-help.explorance.com/blue/articles/security-advisories-(janua= ry-2026) https://online-help.explorance.com/blue/articles/security-advisory:-cve-202= 5-57794 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT= -2026-0003.md
=C2=A0 Explorance--Blue Explorance Blue versions prior to 8.14.13 contain a=
n authenticated remote file download vulnerability in a web service compone= nt. In default configurations, this flaw can be leveraged to achieve remote=
code execution. 2026-01-28 not yet calculated CVE-2025-57795 [ https://www= .cve.org/CVERecord?id=3DCVE-2025-57795 ] https://www.explorance.com/product= s/blue https://online-help.explorance.com/blue/articles/security-advisories-(janua= ry-2026) https://online-help.explorance.com/blue/articles/security-advisory:-cve-202= 5-57795 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT= -2026-0004.md
=C2=A0 Explorance--Blue Explorance Blue versions prior to 8.14.12 use rever= sible symmetric encryption with a hardcoded static key to protect sensitive=
data, including user passwords and system configurations. This approach al= lows stored values to be decrypted offline if the encrypted data are obtain= ed. 2026-01-28 not yet calculated CVE-2025-57796 [ https://www.cve.org/CVER= ecord?id=3DCVE-2025-57796 ] https://www.explorance.com/products/blue https://online-help.explorance.com/blue/articles/security-advisories-(janua= ry-2026) https://online-help.explorance.com/blue/articles/security-advisory:-cve-202= 5-57796 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT= -2026-0005.md
=C2=A0 ExpressionEngine--ExpressionEngine SQL Injection vulnerability in th=
e Structure for Admin authenticated user 2026-01-26 not yet calculated CVE-= 2025-59473 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59473 ] https://ha= ckerone.com/reports/3249794
=C2=A0 EZCast--EZCast Pro II Multiple=C2=A0Buffer Overflows in Admin UI of = EZCast Pro II version 1.17478.146 allow attackers to cause a program crash = and potential remote code execution 2026-01-27 not yet calculated CVE-2026-= 24344 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24344 ] https://hub.ntc= .swiss/ntcf-2025-68873
=C2=A0 EZCast--EZCast Pro II Cross-Site Request Forgery in Admin UI of EZCa=
st Pro II version 1.17478.146 allows attackers to bypass authorization chec=
ks and gain full access to the admin UI 2026-01-27 not yet calculated CVE-2= 026-24345 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24345 ] https://hub= .ntc.swiss/ntcf-2025-32832
=C2=A0 EZCast--EZCast Pro II Use of well-known default credentials in Admin=
UI of EZCast Pro II version 1.17478.146 allows attackers to access protect=
ed areas in the web application 2026-01-27 not yet calculated CVE-2026-2434=
6 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24346 ] https://hub.ntc.swi= ss/ntcf-2025-13993
=C2=A0 EZCast--EZCast Pro II Improper input validation in Admin UI of EZCas=
t Pro II version 1.17478.146 allows attackers to manipulate files in the /t=
mp directory 2026-01-27 not yet calculated CVE-2026-24347 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-24347 ] https://hub.ntc.swiss/ntcf-2025-32806 =C2=A0 EZCast--EZCast Pro II Multiple cross-site scripting vulnerabilities =
in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute=
arbitrary JavaScript code in the browser of other Admin UI users. 2026-01-=
27 not yet calculated CVE-2026-24348 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-24348 ] https://hub.ntc.swiss/ntcf-2025-145332
=C2=A0 FASTSHIFT--X-TRACK Out-of-bounds Write, Buffer Copy without Checking=
Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRA=
CK (Software/X-Track/USER/App/Utils/lv_img_png/PNGdec/src modules). This vu= lnerability is associated with program files inflate.C. This issue affects = X-TRACK: through v2.7. 2026-01-27 not yet calculated CVE-2026-24823 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-24823 ] https://github.com/FASTSHIFT= /X-TRACK/pull/120
=C2=A0 Flexense--Sync Breeze Enterprise Server Cross-Site request forgery (= CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Puls=
e Enterprise v10.4.18. An authenticated user could cause another user to pe= rform unwanted actions within the application they are logged into. This vu= lnerability is possible due to the lack of proper CSRF token implementation=
. Among other things, it is possible, using a POST request to=C2=A0change a=
user's password or create users via '/setup_login?sid=3D', affecting the '= username', 'password', and 'cpassword' parameters. 2026-01-28 not yet calcu= lated CVE-2025-59891 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59891 ] = https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities= -flexense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Cross-Site request forgery (= CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Puls=
e Enterprise v10.4.18. An authenticated user could cause another user to pe= rform unwanted actions within the application they are logged into. This vu= lnerability is possible due to the lack of proper CSRF token implementation=
. Among other things, it is possible, using a POST request to=C2=A0delete c= ommands individually via '/delete_command?sid=3D', using the 'cid' paramete=
r. 2026-01-28 not yet calculated CVE-2025-59892 [ https://www.cve.org/CVERe= cord?id=3DCVE-2025-59892 ] https://www.incibe.es/en/incibe-cert/notices/avi= so/multiple-vulnerabilities-flexense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Cross-Site request forgery (= CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Puls=
e Enterprise v10.4.18. An authenticated user could cause another user to pe= rform unwanted actions within the application they are logged into. This vu= lnerability is possible due to the lack of proper CSRF token implementation=
. Among other things, it is possible, using a POST request to=C2=A0rename c= ommands via '/rename_command?sid=3D', affecting the 'command_name' paramete=
r. 2026-01-28 not yet calculated CVE-2025-59893 [ https://www.cve.org/CVERe= cord?id=3DCVE-2025-59893 ] https://www.incibe.es/en/incibe-cert/notices/avi= so/multiple-vulnerabilities-flexense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Cross-Site request forgery (= CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Puls=
e Enterprise v10.4.18. An authenticated user could cause another user to pe= rform unwanted actions within the application they are logged into. This vu= lnerability is possible due to the lack of proper CSRF token implementation=
. Among other things, it is possible, using a POST request to delete all co= mmands via '/delete_all_commands?sid=3D'. 2026-01-28 not yet calculated CVE= -2025-59894 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59894 ] https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products
=C2=A0 Flexense--Sync Breeze Enterprise Server Sync Breeze Enterprise Serve=
r v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-se= rvice (DoS) vulnerability in the configuration restore functionality. The i= ssue is due to insufficient validation of user-supplied data during this pr= ocess. An attacker could send malicious requests to alter the configuration=
file, causing the application to become unresponsive. In a successful scen= ario, the service may not recover on its own and require a complete reinsta= llation, as the configuration becomes corrupted and prevents the service fr=
om restarting, even manually. 2026-01-28 not yet calculated CVE-2025-59895 =
[ https://www.cve.org/CVERecord?id=3DCVE-2025-59895 ] https://www.incibe.es= /en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Sync Breeze Enterprise Serve=
r v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenti= cated Cross-Site Scripting (XSS) vulnerability. An attacker could send mali= cious content to an authenticated user and steal information from their ses= sion due to insufficient validation of user input in=C2=A0'/add_command?sid= =3D', affecting the 'command_name' parameter. 2026-01-28 not yet calculated=
CVE-2025-59896 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59896 ] https= ://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flex= ense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Sync Breeze Enterprise Serve=
r v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenti= cated Cross-Site Scripting (XSS) vulnerability. An attacker could send mali= cious content to an authenticated user and steal information from their ses= sion due to insufficient validation of user input in=C2=A0'/edit_command?si= d=3D', affecting the 'source_dir' and 'dest_dir' parameters. 2026-01-28 not=
yet calculated CVE-2025-59897 [ https://www.cve.org/CVERecord?id=3DCVE-202= 5-59897 ] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulne= rabilities-flexense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Sync Breeze Enterprise Serve=
r v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenti= cated Cross-Site Scripting (XSS) vulnerability. An attacker could send mali= cious content to an authenticated user and steal information from their ses= sion due to insufficient validation of user input in=C2=A0'/add_exclude_dir= ?sid=3D', affecting the 'exclude_dir' parameter. 2026-01-28 not yet calcula= ted CVE-2025-59898 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59898 ] ht= tps://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-f= lexense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Sync Breeze Enterprise Serve=
r v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenti= cated Cross-Site Scripting (XSS) vulnerability. An attacker could send mali= cious content to an authenticated user and steal information from their ses= sion due to insufficient validation of user input in=C2=A0 '/server_options= ?sid=3D', affecting the 'tasks_logs_dir', 'errors_logs_dir', 'error_notific= ations_address', 'status_notifications_address', and 'status_reports_addres=
s' parameters. 2026-01-28 not yet calculated CVE-2025-59899 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-59899 ] https://www.incibe.es/en/incibe-cert= /notices/aviso/multiple-vulnerabilities-flexense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Sync Breeze Enterprise Serve=
r v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenti= cated Cross-Site Scripting (XSS) vulnerability. An attacker could send mali= cious content to an authenticated user and steal information from their ses= sion due to insufficient validation of user input in=C2=A0 '/server_options= ?sid=3D', affecting the 'tasks_logs_dir', 'errors_logs_dir', 'error_notific= ations_address', 'status_notifications_address', and 'status_reports_addres=
s' parameters. 2026-01-28 not yet calculated CVE-2025-59900 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-59900 ] https://www.incibe.es/en/incibe-cert= /notices/aviso/multiple-vulnerabilities-flexense-products
=C2=A0 Flexense--Sync Breeze Enterprise Server Disk Pulse Enterprise v10.4.=
18 has an authenticated reflected XSS vulnerability in the '/monitor_direct= ory?sid=3D' endpoint, caused by insufficient validation of the 'monitor_dir= ectory' parameter sent by POST. An attacker could exploit this weakness to = send malicious content to an authenticated user and steal information from = their session. 2026-01-28 not yet calculated CVE-2025-59901 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-59901 ] https://www.incibe.es/en/incibe-cert= /notices/aviso/multiple-vulnerabilities-flexense-products
=C2=A0 FluentCMS--FluentCMS FluentCMS 2026 contains a stored cross-site scr= ipting vulnerability that allows authenticated administrators to upload SVG=
files with embedded JavaScript via the File Management module. Attackers c=
an upload malicious SVG files that execute JavaScript in the browser of any=
user accessing the uploaded file URL. 2026-01-29 not yet calculated CVE-20= 25-15549 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15549 ] GitHub Issue=
#2404 [ https://github.com/fluentcms/FluentCMS/issues/2404 ]
VulnCheck Advisory: FluentCMS 2026 Stored XSS via SVG Upload in File Manage= ment [ https://www.vulncheck.com/advisories/fluentcms-stored-xss-via-svg-up= load-in-file-management ]
=C2=A0 foxinmy--weixin4j Improperly Controlled Sequential Memory Allocation=
vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy= /weixin4j/util modules). This vulnerability is associated with program file=
s CharArrayBuffer.Java, ClassUtil.Java. This issue affects weixin4j. 2026-0= 1-27 not yet calculated CVE-2026-24819 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24819 ] https://github.com/foxinmy/weixin4j/pull/229
=C2=A0 FUJIFILM Business Innovation Corp.--beat-access for Windows beat-acc= ess for Windows version 3.0.3 and prior contains an issue with the DLL sear=
ch path, which may lead to insecurely loading Dynamic Link Libraries. As a = result, arbitrary code may be executed with SYSTEM privileges. 2026-01-27 n=
ot yet calculated CVE-2026-21408 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-21408 ] https://www.fujifilm.com/fbglobal/eng/company/news/notice/2026/= 0127_announce.html
https://jvn.jp/en/jp/JVN03776126/
=C2=A0 Funambol--Cloud Server Vulnerability that allows a Padding Oracle At= tack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail=
display URL allows an attacker to decrypt and encrypt the parameters used =
by the application to generate 'self-signed' access URLs. 2026-01-28 not ye=
t calculated CVE-2025-41351 [ https://www.cve.org/CVERecord?id=3DCVE-2025-4= 1351 ] https://www.incibe.es/en/incibe-cert/notices/aviso/weak-encryption-f= unambols-cloud-server
=C2=A0 FunJSO--FunJSO FunJSQ, a third-party module integrated on some NETGE=
AR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN inter= face of affected devices. This interface is vulnerable to unauthenticated a= rbitrary command injection through the funjsq_access_token parameter. This = affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.= 134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.7=
2 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2= .26, and RBS50 before 2.7.4.26. 2026-01-28 not yet calculated CVE-2022-4061=
9 [ https://www.cve.org/CVERecord?id=3DCVE-2022-40619 ] https://kb.netgear.= com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Route= rs-and-Orbi-WiFi-Systems-PSV-2022-0117 https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vu= lnerabilities
=C2=A0 FunJSO--FunJSO FunJSQ, a third-party module integrated on some NETGE=
AR routers and Orbi WiFi Systems, does not properly validate TLS certificat=
es when downloading update packages through its auto-update mechanism. An a= ttacker (suitably positioned on the network) could intercept the update req= uest and deliver a malicious update package in order to gain arbitrary code=
execution on affected devices. This affects R6230 before 1.1.0.112, R6260 = before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 befo=
re 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR5=
0 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26. 2026-0= 1-28 not yet calculated CVE-2022-40620 [ https://www.cve.org/CVERecord?id= =3DCVE-2022-40620 ] https://kb.netgear.com/000065132/Security-Advisory-for-= Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-01=
17
https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vu= lnerabilities
=C2=A0 GaijinEntertainment--DagorEngine Improper Restriction of Operations = within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment D= agorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is ass= ociated with program files upnpreplyparse.C. This issue affects DagorEngine=
: through dagor_2025_01_15. 2026-01-27 not yet calculated CVE-2026-24798 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-24798 ] https://github.com/Gaij= inEntertainment/DagorEngine/pull/136
=C2=A0 geopandas--geopandas SQL injection vulnerability in geopandas before=
v.1.1.2 allows an attacker to obtain sensitive information via the to_post= gis()` function being used to write GeoDataFrames to a PostgreSQL database.=
2026-01-30 not yet calculated CVE-2025-69662 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-69662 ] https://aydinnyunus.github.io/2025/12/27/sql-injec= tion-geopandas/
https://github.com/geopandas/geopandas/pull/3681
=C2=A0 gmrtd--gmrtd gmrtd is a Go library for reading Machine Readable Trav=
el Documents (MRTDs). Prior to version 0.17.2, ReadFile accepts TLVs with l= engths that can range up to 4GB, which can cause unconstrained resource con= sumption in both memory and cpu cycles. ReadFile can consume an extended TL=
V with lengths well outside what would be available in ICs. It can accept s= omething all the way up to 4GB which would take too many iterations in 256 = byte chunks, and would also try to allocate memory that might not be availa= ble in constrained environments like phones. Or if an API sends data to Rea= dFile, the same problem applies. The very small chunked read also locks the=
goroutine in accepting data for a very large number of iterations. project=
s using the gmrtd library to read files from NFCs can experience extreme sl= owdowns or memory consumption. A malicious NFC can just behave like the moc=
k transceiver described above and by just sending dummy bytes as each chunk=
to be read, can make the receiving thread unresponsive and fill up memory =
on the host system. Version 0.17.2 patches the issue. 2026-01-27 not yet ca= lculated CVE-2026-24738 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24738=
] https://github.com/gmrtd/gmrtd/security/advisories/GHSA-j49h-6577-5xwq https://github.com/gmrtd/gmrtd/commit/54469a95e5a20a8602ac1457b2110bfeb80c8= 891
https://github.com/gmrtd/gmrtd/releases/tag/v0.17.2
=C2=A0 Go standard library--archive/zip archive/zip uses a super-linear fil=
e name indexing algorithm that is invoked the first time a file in an archi=
ve is opened. This can lead to a denial of service when consuming a malicio= usly constructed ZIP archive. 2026-01-28 not yet calculated CVE-2025-61728 =
[ https://www.cve.org/CVERecord?id=3DCVE-2025-61728 ] https://go.dev/cl/736= 713
https://go.dev/issue/77102 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4342
=C2=A0 Go standard library--crypto/tls During the TLS 1.3 handshake if mult= iple messages are sent in records that span encryption level boundaries (fo=
r instance the Client Hello and Encrypted Extensions messages), the subsequ= ent messages may be processed before the encryption level changes. This can=
cause some minor information disclosure if a network-local attacker can in= ject messages during the handshake. 2026-01-28 not yet calculated CVE-2025-= 61730 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61730 ] https://go.dev/= cl/724120
https://go.dev/issue/76443 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4340
=C2=A0 Go standard library--net/url The net/url package does not set a limi=
t on the number of query parameters in a query. While the maximum size of q= uery parameters in URLs is generally limited by the maximum request header = size, the net/http.Request.ParseForm method can parse large URL-encoded for= ms. Parsing a large form containing many unique query parameters can cause = excessive memory consumption. 2026-01-28 not yet calculated CVE-2025-61726 =
[ https://www.cve.org/CVERecord?id=3DCVE-2025-61726 ] https://go.dev/cl/736= 712
https://go.dev/issue/77101 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4341
=C2=A0 Go toolchain--cmd/go Building a malicious file with cmd/go can cause=
can cause a write to an attacker-controlled file with partial control of t=
he file content. The "#cgo pkg-config:" directive in a Go source file provi= des command-line arguments to provide to the Go pkg-config command. An atta= cker can provide a "--log-file" argument to this directive, causing pkg-con= fig to write to an attacker-controlled location. 2026-01-28 not yet calcula= ted CVE-2025-61731 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61731 ] ht= tps://go.dev/cl/736711
https://go.dev/issue/77100 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4339
=C2=A0 Go toolchain--cmd/go Downloading and building modules with malicious=
version strings can cause local code execution. On systems with Mercurial = (hg) installed, downloading modules from non-standard sources (e.g., custom=
domains) can cause unexpected code execution due to how external VCS comma= nds are constructed. This issue can also be triggered by providing a malici= ous version string to the toolchain. On systems with Git installed, downloa= ding and building modules with malicious version strings can allow an attac= ker to write to arbitrary files on the filesystem. This can only be trigger=
ed by explicitly providing the malicious version strings to the toolchain a=
nd does not affect usage of @latest or bare module paths. 2026-01-28 not ye=
t calculated CVE-2025-68119 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6= 8119 ] https://go.dev/cl/736710
https://go.dev/issue/77099 https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc https://pkg.go.dev/vuln/GO-2026-4338
=C2=A0 Google--Chrome Inappropriate implementation in Background Fetch API =
in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak = cross-origin data via a crafted HTML page. (Chromium security severity: Hig=
h) 2026-01-27 not yet calculated CVE-2026-1504 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-1504 ] https://chromereleases.googleblog.com/2026/01/stab= le-channel-update-for-desktop_27.html https://issues.chromium.org/issues/474435504
=C2=A0 gradle--gradle-completion gradle-completion provides Bash and Zsh co= mpletion support for Gradle. A command injection vulnerability was found in=
gradle-completion up to and including 9.3.0 that allows arbitrary code exe= cution when a user triggers Bash tab completion in a project containing a m= alicious Gradle build file. The `gradle-completion` script for Bash fails t=
o adequately sanitize Gradle task names and task descriptions, allowing com= mand injection via a malicious Gradle build file when the user completes a = command in Bash (without them explicitly running any task in the build). Fo=
r example, given a task description that includes a string between backtick=
s, then that string would be evaluated as a command when presenting the tas=
k description in the completion list. While task execution is the core feat= ure of Gradle, this inherent execution may lead to unexpected outcomes. The=
vulnerability does not affect zsh completion. The first patched version is=
9.3.1. As a workaround, it is possible and effective to temporarily disabl=
e bash completion for Gradle by removing `gradle-completion` from `.bashrc`=
or `.bash_profile`. 2026-01-29 not yet calculated CVE-2026-25063 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-25063 ] https://github.com/gradle/grad= le-completion/security/advisories/GHSA-qggc-44r3-cjgv https://github.com/gradle/gradle-completion/commit/ecacc32bb882210e5d37cd79= a74de1af0d0ccad7
=C2=A0 Hiawatha--Hiawatha Web server Improper header parsing may lead to re= quest smuggling has been identified in Hiawatha webserver version 11.7 whic=
h allows an unauthenticated attacker to access restricted resources managed=
by Hiawatha webserver. 2026-01-26 not yet calculated CVE-2025-57783 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-57783 ] https://gitlab.com/hsleisin= k/hiawatha/-/blame/master/src/http.c?ref_type=3Dheads#L205
=C2=A0 Hiawatha--Hiawatha Web server Tomahawk auth timing attack due to usa=
ge of `strcmp` has been identified in Hiawatha webserver version 11.7 which=
allows a local attacker to access the management client. 2026-01-26 not ye=
t calculated CVE-2025-57784 [ https://www.cve.org/CVERecord?id=3DCVE-2025-5= 7784 ] https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/tomahawk.c?= ref_type=3Dheads#L429
=C2=A0 Hiawatha--Hiawatha Web server A Double Free in XSLT `show_index` has=
been identified in Hiawatha webserver version 11.7 which allows an unauthe= nticated attacker to corrupt data which may lead to arbitrary code executio=
n. 2026-01-26 not yet calculated CVE-2025-57785 [ https://www.cve.org/CVERe= cord?id=3DCVE-2025-57785 ] https://gitlab.com/hsleisink/hiawatha/-/blame/ma= ster/src/xslt.c?ref_type=3Dheads#L675
=C2=A0 Hitachi Energy--SuprOS Default credentials vulnerability exists in S= uprOS product. If exploited, this could allow an authenticated local attack=
er to use an admin account created during product deployment. 2026-01-28 no=
t yet calculated CVE-2025-7740 [ https://www.cve.org/CVERecord?id=3DCVE-202= 5-7740 ] https://publisher.hitachienergy.com/preview?DocumentID=3D8DBD00022= 3&LanguageCode=3Den&DocumentPartId=3D&Action=3Dlaunch
=C2=A0 honojs--hono Hono is a Web application framework that provides suppo=
rt for any JavaScript runtime. Prior to version 4.11.7, Serve static Middle= ware for the Cloudflare Workers adapter contains an information disclosure = vulnerability that may allow attackers to read arbitrary keys from the Work= ers environment. Improper validation of user-controlled paths can result in=
unintended access to internal asset keys. Version 4.11.7 contains a patch = for the issue. 2026-01-27 not yet calculated CVE-2026-24473 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-24473 ] https://github.com/honojs/hono/secur= ity/advisories/GHSA-w332-q679-j88p https://github.com/honojs/hono/commit/cf9a78db4d0a19b117aee399cbe9d3a6d9bfd= 817
https://github.com/honojs/hono/releases/tag/v4.11.7
=C2=A0 iba Systems--ibaPDA A security issue has been identified in ibaPDA t= hat could allow unauthorized actions on the file system under certain condi= tions. This may impact the confidentiality, integrity, or availability of t=
he system. 2026-01-27 not yet calculated CVE-2025-14988 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2025-14988 ] https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-027-01
=C2=A0 Icinga--icinga-powershell-framework The Icinga PowerShell Framework = provides configuration and check possibilities to ensure integration and mo= nitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and = 1.11.2, permissions of the Icinga for Windows `certificate` directory grant=
every user read access, which results in the exposure of private key of th=
e Icinga certificate for the given host. All installations are affected. Ve= rsions 1.13.4, 1.12.4, and 1.11.2 contains a patch. Please note that upgrad= ing to a fixed version of Icinga for Windows will also automatically fix a = similar issue present in Icinga 2, CVE-2026-24413. As a workaround, the per= missions can be restricted manually by updating the ACL for the given folde=
r `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\c= ertificate` (and `C:\ProgramData\icinga2\var` to fix the issue for the Icin=
ga 2 agent as well) including every sub-folder and item to restrict access = for general users, only allowing the Icinga service user and administrators=
access. 2026-01-29 not yet calculated CVE-2026-24414 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-24414 ] https://github.com/Icinga/icinga-powershel= l-framework/security/advisories/GHSA-88h5-rrm6-5973 https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-ici= nga-for-windows-v1-13-4-v1-12-4-v1-11-2
=C2=A0 Icinga--icinga2 Icinga 2 is an open source monitoring system. Starti=
ng in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the = Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\ici= nga2\var` folder on Windows. This resulted in the its contents - including = the private key of the user and synced configuration - being readable by al=
l local users. All installations on Windows are affected. Versions 2.13.14,=
2.14.8, and 2.15.2 contains a fix. There are two possibilities to work aro= und the issue without upgrading Icinga 2. Upgrade Icinga for Windows to at = least version v1.13.4, v1.12.4, or v1.11.2. These version will automaticall=
y fix the ACLs for the Icinga 2 agent as well. Alternatively, manually upda=
te the ACL for the given folder `C:\ProgramData\icinga2\var` (and `C:\Progr=
am Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate`=
to fix the issue for the Icinga for Windows as well) including every sub-f= older and item to restrict access for general users, only allowing the Icin=
ga service user and administrators access. 2026-01-29 not yet calculated CV= E-2026-24413 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24413 ] https://= github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr https://github.com/Icinga/icinga-powershell-framework/security/advisories/G= HSA-88h5-rrm6-5973 https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-and-ici= nga-for-windows-v1-13-4-v1-12-4-v1-11-2
=C2=A0 inspektor-gadget--inspektor-gadget Inspektor Gadget is a set of tool=
s and framework for data collection and system inspection on Kubernetes clu= sters and Linux hosts using eBPF. The `ig` binary provides a subcommand for=
image building, used to generate custom gadget OCI images. A part of this = functionality is implemented in the file `inspektor-gadget/cmd/common/image= /build.go`. The `Makefile.build` file is the Makefile template employed dur= ing the building process. This file includes user-controlled data in an uns= afe fashion, specifically some parameters are embedded without an adequate = escaping in the commands inside the Makefile. Prior to version 0.48.1, this=
implementation is vulnerable to command injection: an attacker able to con= trol values in the `buildOptions` structure would be able to execute arbitr= ary commands during the building process. An attacker able to exploit this = vulnerability would be able to execute arbitrary command on the Linux host = where the `ig` command is launched, if images are built with the `--local` = flag or on the build container invoked by `ig`, if the `--local` flag is no=
t provided. The `buildOptions` structure is extracted from the YAML gadget = manifest passed to the `ig image build` command. Therefore, the attacker wo= uld need a way to control either the full `build.yml` file passed to the `i=
g image build` command, or one of its options. Typically, this could happen=
in a CI/CD scenario that builds untrusted gadgets to verify correctness. V= ersion 0.48.1 fixes the issue. 2026-01-29 not yet calculated CVE-2026-24905=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-24905 ] https://github.com/i= nspektor-gadget/inspektor-gadget/security/advisories/GHSA-79qw-g77v-2vfh https://github.com/inspektor-gadget/inspektor-gadget/commit/7c83ad84ff7a685= 65655253e2cf1c5d2da695c1a
=C2=A0 Internet Information Co., Ltd--DreamMaker A missing authentication f=
or critical function vulnerability in the /servlet/baServer3 endpoint of In= terinfo DreamMaker versions before 2025/10/22 allows remote attackers to ac= cess exposed administrative functionality without prior authentication. 202= 6-01-30 not yet calculated CVE-2026-24728 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-24728 ] https://zuso.ai/advisory/za-2026-01
=C2=A0 Internet Information Co., Ltd--DreamMaker An unrestricted upload of = file with dangerous type vulnerability in the file upload function of Inter= info DreamMaker versions before 2025/10/22 allows remote attackers to execu=
te arbitrary system commands via a malicious class file. 2026-01-30 not yet=
calculated CVE-2026-24729 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24= 729 ] https://zuso.ai/advisory/za-2026-02
=C2=A0 jmlepisto--clatter Clatter is a no_std compatible, pure Rust impleme= ntation of the Noise protocol framework with post-quantum support. Versiosn=
prior to2.2.0 have a protocol compliance vulnerability. The library allowe=
d post-quantum handshake patterns that violated the PSK validity rule (Nois=
e Protocol Framework Section 9.3). This could allow PSK-derived keys to be = used for encryption without proper randomization by self-chosen ephemeral r= andomness, weakening security guarantees and potentially allowing catastrop= hic key reuse. Affected default patterns include `noise_pqkk_psk0`, `noise_= pqkn_psk0`, `noise_pqnk_psk0`, `noise_pqnn_psk0``, and some hybrid variants=
. Users of these patterns may have been using handshakes that do not meet t=
he intended security properties. The issue is fully patched and released in=
Clatter v2.2.0. The fixed version includes runtime checks to detect offend= ing handshake patterns. As a workaround, avoid using offending `*_psk0` var= iants of post-quantum patterns. Review custom handshake patterns carefully.=
2026-01-27 not yet calculated CVE-2026-24785 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-24785 ] https://github.com/jmlepisto/clatter/security/advi= sories/GHSA-253q-9q78-63x4 https://github.com/jmlepisto/clatter/commit/b65ae6e9b8019bed5407771e21f89dd= ff17c5a71
https://noiseprotocol.org/noise.html#validity-rule
=C2=A0 Johnson Controls--iSTAR Configuration Utility (ICU) Johnson Controls=
iSTAR Configuration Utility (ICU) has=C2=A0Stack-based Buffer Overflow vul= nerability. This issue affects iSTAR Configuration Utility (ICU) version 6.= 9.7 and prior. Successful exploitation of this vulnerability could result i=
n failure within the operating system of the machine hosting the ICU tool. = 2026-01-28 not yet calculated CVE-2025-26386 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-26386 ] https://www.johnsoncontrols.com/trust-center/cybers= ecurity/security-advisories https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04
=C2=A0 Johnson Controls--Metasys Johnson Controls Metasys component listed = below have Improper Neutralization of Special Elements used in a Command (C= ommand Injection) Vulnerability . Successful exploitation of this vulnerabi= lity could allow remote SQL execution This issue affects=C2=A0 * Metasys: A= pplication and Data Server (ADS) installed with SQL Express deployed as par=
t of the Metasys 14.1 and prior installation,=C2=A0 * Extended Application = and Data Server (ADX) installed with SQL Express deployed as part of the Me= tasys 14.1 installation,=C2=A0 * LCS8500 or NAE8500 installed with SQL Expr= ess deployed as part of the Metasys installation Releases 12.0 through 14.1= ,=C2=A0 * System Configuration Tool (SCT) installed with SQL Express deploy=
ed as part of the SCT installation 17.1 and prior,=C2=A0 * Controller Confi= guration Tool (CCT) installed with SQL Express deployed as part of the CCT = installation 17.0 and prior. 2026-01-30 not yet calculated CVE-2025-26385 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-26385 ] https://www.cisa.gov/n= ews-events/ics-advisories/icsa-26-027-04 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisor= ies
=C2=A0 json--json The value function in jsonpath 1.1.1 lib/index.js is vuln= erable to Prototype Pollution. 2026-01-28 not yet calculated CVE-2025-61140=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-61140 ] https://github.com/d= chester/jsonpath https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d
=C2=A0 kata-containers--kata-containers Kata Containers is an open source p= roject focusing on a standard implementation of lightweight Virtual Machine=
s (VMs) that perform like containers. In versions prior to 3.26.0, when a c= ontainer image is malformed or contains no layers, containerd falls back to=
bind-mounting an empty snapshotter directory for the container rootfs. Whe=
n the Kata runtime attempts to mount the container rootfs, the bind mount c= auses the rootfs to be detected as a block device, leading to the underlyin=
g device being hotplugged to the guest. This can cause filesystem-level err= ors on the host due to double inode allocation, and may lead to the host's = block device being mounted as read-only. Version 3.26.0 contains a patch fo=
r the issue. 2026-01-29 not yet calculated CVE-2026-24054 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-24054 ] https://github.com/kata-containers/kat= a-containers/security/advisories/GHSA-5fc8-gg7w-3g5c https://github.com/kata-containers/kata-containers/commit/20ca4d2d79aa5bf63= aa1254f08915da84f19e92a https://github.com/containerd/containerd/blob/d939b6af5f8536c2cae85e919e7c4= 0070557df0e/plugins/snapshots/overlay/overlay.go#L564-L581 https://github.com/kata-containers/kata-containers/blob/a164693e1afead84cd0= 1d5bc3575e2cbfe64ce35/src/runtime/virtcontainers/container.go#L1122-L1126 https://github.com/kata-containers/kata-containers/blob/c7d0c270ee7dfaa6d97= 8e6e07b99dabdaf2b9fda/src/runtime/virtcontainers/container.go#L1616-L1623 =C2=A0 libpng--libpng Buffer Overflow vulnerability in libpng 1.6.43-1.6.46=
allows a local attacker to cause a denial of service via the pngimage with=
AddressSanitizer (ASan), the program leaks memory in various locations, ev= entually leading to high memory usage and causing the program to become unr= esponsive 2026-01-27 not yet calculated CVE-2025-28162 [ https://www.cve.or= g/CVERecord?id=3DCVE-2025-28162 ] https://github.com/pnggroup/libpng/issues= /656
https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60
=C2=A0 libpng--libpng Buffer Overflow vulnerability in libpng 1.6.43-1.6.46=
allows a local attacker to cause a denial of service via png_create_read_s= truct() function. 2026-01-27 not yet calculated CVE-2025-28164 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-28164 ] https://github.com/pnggroup/libpn= g/issues/655
https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handle=
r can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_L= OCK_NESTING warns: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ BUG: Invalid wait context ] 6.18.0-rc1+= git... #1 ----------------------------- some-user-space-process/1251 is try= ing to lock: (&counter->events_list_lock){....}-{3:3}, at: counter_push_eve=
nt [counter] other info that might help us debug this: context-{2:2} no loc=
ks held by some-user-space-process/.... stack backtrace: CPU: 0 UID: 0 PID:=
1251 Comm: some-user-space-process 6.18.0-rc1+git... #1 PREEMPT Call trace=
: show_stack (C) dump_stack_lvl dump_stack __lock_acquire lock_acquire _raw= _spin_lock_irqsave counter_push_event [counter] interrupt_cnt_isr [interrup= t_cnt] __handle_irq_event_percpu handle_irq_event handle_simple_irq handle_= irq_desc generic_handle_domain_irq gpio_irq_handler handle_irq_desc generic= _handle_domain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler el= 0_interrupt __el0_irq_handler_common el0t_64_irq_handler el0t_64_irq ... an=
d Sebastian correctly points out. Remove IRQF_NO_THREAD as an alternative t=
o switching to raw_spinlock_t, because the latter would limit all potential=
nested locks to raw_spinlock_t only. 2026-01-31 not yet calculated CVE-202= 5-71180 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71180 ] https://git.k= ernel.org/stable/c/ef668c9a2261ec9287faba6e6ef05a98b391aa2b https://git.kernel.org/stable/c/51d2e5d6491447258cb39ff1deb93df15d3c23cb https://git.kernel.org/stable/c/1c5a3175aecf82cd86dfcbef2a23e8b26d8d8e7c https://git.kernel.org/stable/c/49a66829dd3653695e60d7cae13521d131362fcd https://git.kernel.org/stable/c/425886b1f8304621b3f16632b274357067d5f13f https://git.kernel.org/stable/c/23f9485510c338476b9735d516c1d4aacb810d46
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() Whe=
n forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b= 9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and a= pparently I did not end up running the shrinker callback when I sanity test=
ed the driver before submission. This leads to crashes like the following: = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D WARNING: possible=
recursive locking detected 6.18.0-mainline-maybe-dirty #1 Tainted: G IO --= ------------------------------------------ kswapd0/68 is trying to acquire = lock: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: lock_list_lru_of_memcg+0= x128/0x230 but task is already holding lock: ffff956000fa18b0 (&l->lock){+.= +.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20 other info that might help us=
debug this: Possible unsafe locking scenario: CPU0 ---- lock(&l->lock); lo= ck(&l->lock); *** DEADLOCK *** May be due to missing lock nesting notation =
3 locks held by kswapd0/68: #0: ffffffff90d2e260 (fs_reclaim){+.+.}-{0:0}, = at: kswapd+0x597/0x1160 #1: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: ru= st_helper_spin_lock+0xd/0x20 #2: ffffffff90cf3680 (rcu_read_lock){....}-{1:= 2}, at: lock_list_lru_of_memcg+0x2d/0x230 To fix this, remove the spin_lock=
() call from rust_shrink_free_page(). 2026-01-31 not yet calculated CVE-202= 5-71181 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71181 ] https://git.k= ernel.org/stable/c/30a98c97f7874031f2e1de19c777ce011143cba4 https://git.kernel.org/stable/c/361e0ff456a8daf9753c18030533256e4133ce7a
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: j1939: make j1939_session_activate() fail if device is no=
longer registered syzbot is still reporting unregister_netdevice: waiting = for vcan0 to become free. Usage count =3D 2 even after commit 93a27b5891b8 = ("can: j1939: add missing calls in NETDEV_UNREGISTER notification handler")=
was added. A debug printk() patch found that j1939_session_activate() can = succeed even after j1939_cancel_active_session() from j1939_netdev_notify(N= ETDEV_UNREGISTER) has completed. Since j1939_cancel_active_session() is pro= cessed with the session list lock held, checking ndev->reg_state in j1939_s= ession_activate() with the session list lock held can reliably close the ra=
ce window. 2026-01-31 not yet calculated CVE-2025-71182 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2025-71182 ] https://git.kernel.org/stable/c/ebb0dfd7= 18dd31c8d3600612ca4b7207ec3d923a https://git.kernel.org/stable/c/c3a4316e3c746af415c0fd6c6d489ad13f53714d https://git.kernel.org/stable/c/46ca9dc978923c5e1247a9e9519240ba7ace413c https://git.kernel.org/stable/c/78d87b72cebe2a993fd5b017e9f14fb6278f2eae https://git.kernel.org/stable/c/ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536 https://git.kernel.org/stable/c/79dd3f1d9dd310c2af89b09c71f34d93973b200f https://git.kernel.org/stable/c/5d5602236f5db19e8b337a2cd87a90ace5ea776d
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: btrfs: always detect conflicting inodes when logging inode ref=
s After rename exchanging (either with the rename exchange operation or reg= ular renames in multiple non-atomic steps) two inodes and at least one of t= hem is a directory, we can end up with a log tree that contains only of the=
inodes and after a power failure that can result in an attempt to delete t=
he other inode when it should not because it was not deleted before the pow=
er failure. In some case that delete attempt fails when the target inode is=
a directory that contains a subvolume inside it, since the log replay code=
is not prepared to deal with directory entries that point to root items (o= nly inode items). 1) We have directories "dir1" (inode A) and "dir2" (inode=
B) under the same parent directory; 2) We have a file (inode C) under dire= ctory "dir1" (inode A); 3) We have a subvolume inside directory "dir2" (ino=
de B); 4) All these inodes were persisted in a past transaction and we are = currently at transaction N; 5) We rename the file (inode C), so at btrfs_lo= g_new_name() we update inode C's last_unlink_trans to N; 6) We get a rename=
exchange for "dir1" (inode A) and "dir2" (inode B), so after the exchange = "dir1" is inode B and "dir2" is inode A. During the rename exchange we call=
btrfs_log_new_name() for inodes A and B, but because they are directories,=
we don't update their last_unlink_trans to N; 7) An fsync against the file=
(inode C) is done, and because its inode has a last_unlink_trans with a va= lue of N we log its parent directory (inode A) (through btrfs_log_all_paren= ts(), called from btrfs_log_inode_parent()). 8) So we end up with inode B n=
ot logged, which now has the old name of inode A. At copy_inode_items_to_lo= g(), when logging inode A, we did not check if we had any conflicting inode=
to log because inode A has a generation lower than the current transaction=
(created in a past transaction); 9) After a power failure, when replaying = the log tree, since we find that inode A has a new name that conflicts with=
the name of inode B in the fs tree, we attempt to delete inode B... this i=
s wrong since that directory was never deleted before the power failure, an=
d because there is a subvolume inside that directory, attempting to delete =
it will fail since replay_dir_deletes() and btrfs_unlink_inode() are not pr= epared to deal with dir items that point to roots instead of inodes. When t= hat happens the mount fails and we get a stack trace like the following: [8= 7.2314] BTRFS info (device dm-0): start tree-log replay [87.2318] BTRFS cri= tical (device dm-0): failed to delete reference to subvol, root 5 inode 256=
parent 259 [87.2332] ------------[ cut here ]------------ [87.2338] BTRFS:=
Transaction aborted (error -2) [87.2346] WARNING: CPU: 1 PID: 638968 at fs= /btrfs/inode.c:4345 __btrfs_unlink_inode+0x416/0x440 [btrfs] [87.2368] Modu= les linked in: btrfs loop dm_thin_pool (...) [87.2470] CPU: 1 UID: 0 PID: 6= 38968 Comm: mount Tainted: G W 6.18.0-rc7-btrfs-next-218+ #2 PREEMPT(full) = [87.2489] Tainted: [W]=3DWARN [87.2494] Hardware name: QEMU Standard PC (i4= 40FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01= /2014 [87.2514] RIP: 0010:__btrfs_unlink_inode+0x416/0x440 [btrfs] [87.2538=
] Code: c0 89 04 24 (...) [87.2568] RSP: 0018:ffffc0e741f4b9b8 EFLAGS: 0001= 0286 [87.2574] RAX: 0000000000000000 RBX: ffff9d3ec8a6cf60 RCX: 00000000000= 00000 [87.2582] RDX: 0000000000000002 RSI: ffffffff84ab45a1 RDI: 00000000ff= ffffff [87.2591] RBP: ffff9d3ec8a6ef20 R08: 0000000000000000 R09: ffffc0e74= 1f4b840 [87.2599] R10: ffff9d45dc1fffa8 R11: 0000000000000003 R12: ffff9d3e= e26d77e0 [87.2608] R13: ffffc0e741f4ba98 R14: ffff9d4458040800 R15: ffff9d4= 4b6b7ca10 [87.2618] FS: 00007f7b9603a840(0000) GS:ffff9d4658982000(0000) kn= lGS:0000000000000000 [87. ---truncated--- 2026-01-31 not yet calculated CVE= -2025-71183 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71183 ] https://g= it.kernel.org/stable/c/c7f0207db68d5a1b4af23acbef1a8e8ddc431ebb https://git.kernel.org/stable/c/a63998cd6687c14b160dccb0bbcf281b2eb0dab3 https://git.kernel.org/stable/c/0c2413c69129f6ce60157f7b53d9ba880260400b https://git.kernel.org/stable/c/d52af58dd463821c5c516aebb031a58934f696ea https://git.kernel.org/stable/c/7ba0b6461bc4edb3005ea6e00cdae189bcf908a5
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: btrfs: fix NULL dereference on root when tracing inode evictio=
n When evicting an inode the first thing we do is to setup tracing for it, = which implies fetching the root's id. But in btrfs_evict_inode() the root m= ight be NULL, as implied in the next check that we do in btrfs_evict_inode(=
). Hence, we either should set the ->root_objectid to 0 in case the root is=
NULL, or we move tracing setup after checking that the root is not NULL. S= etting the rootid to 0 at least gives us the possibility to trace this call=
even in the case when the root is NULL, so that's the solution taken here.=
2026-01-31 not yet calculated CVE-2025-71184 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-71184 ] https://git.kernel.org/stable/c/582ba48e4a4c06fef6= bdcf4e57b7b9af660bbd0c https://git.kernel.org/stable/c/99e057f3d3ef24b99a7b1d84e01dd1bd890098da https://git.kernel.org/stable/c/f157dd661339fc6f5f2b574fe2429c43bd309534
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route a= llocation Make sure to drop the reference taken when looking up the crossba=
r platform device during am335x route allocation. 2026-01-31 not yet calcul= ated CVE-2025-71185 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71185 ] h= ttps://git.kernel.org/stable/c/6fdf168f57e331e148a1177a9b590a845c21b315 https://git.kernel.org/stable/c/f810132e825588fbad3cba940458c58bb7ec4d84 https://git.kernel.org/stable/c/30352277d8e09c972436f883a5efd1f1b763ac14 https://git.kernel.org/stable/c/4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: stm32: dmamux: fix device leak on route allocation = Make sure to drop the reference taken when looking up the DMA mux platform = device during route allocation. Note that holding a reference to a device d= oes not prevent its driver data from going away so there is no point in kee= ping the reference. 2026-01-31 not yet calculated CVE-2025-71186 [ https://= www.cve.org/CVERecord?id=3DCVE-2025-71186 ] https://git.kernel.org/stable/c= /1a179ac01ff3993ab97e33cc77c316ed7415cda1 https://git.kernel.org/stable/c/2fb10259d4efb4367787b5ae9c94192e8a91c648 https://git.kernel.org/stable/c/3ef52d31cce8ba816739085a61efe07b63c6cf27 https://git.kernel.org/stable/c/dd6e4943889fb354efa3f700e42739da9bddb6ef
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make = sure to drop the reference taken when looking up the ICU device during prob=
e also on probe failures (e.g. probe deferral). 2026-01-31 not yet calculat=
ed CVE-2025-71187 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71187 ] htt= ps://git.kernel.org/stable/c/926d1666420c227eab50962a8622c1b8444720e8 https://git.kernel.org/stable/c/9fb490323997dcb6f749cd2660a17a39854600cd
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation=
Make sure to drop the reference taken when looking up the DMA mux platform=
device during route allocation. Note that holding a reference to a device = does not prevent its driver data from going away so there is no point in ke= eping the reference. 2026-01-31 not yet calculated CVE-2025-71188 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-71188 ] https://git.kernel.org/stable/= c/9fba97baa520c9446df51a64708daf27c5a7ed32 https://git.kernel.org/stable/c/992eb8055a6e5dbb808672d20d68e60d5a89b12b https://git.kernel.org/stable/c/1e47d80f6720f0224efd19bcf081d39637569c10 https://git.kernel.org/stable/c/d4d63059dee7e7cae0c4d9a532ed558bc90efb55
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation fa= ilure Make sure to drop the reference taken to the DMA master OF node also =
on late route allocation failures. 2026-01-31 not yet calculated CVE-2025-7= 1189 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71189 ] https://git.kern= el.org/stable/c/db7c79c1bbfb1b0184e78a17ac2bd0f2bc3134d1 https://git.kernel.org/stable/c/8f7a391211381ed2f6802032c78c7820d166bc49 https://git.kernel.org/stable/c/eabe40f8a53c29f531e92778ea243e379f4f7978 https://git.kernel.org/stable/c/ec25e60f9f95464aa11411db31d0906b3fb7b9f2
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to=
drop the reference taken when looking up the mailbox device during probe o=
n probe failures and on driver unbind. 2026-01-31 not yet calculated CVE-20= 25-71190 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71190 ] https://git.= kernel.org/stable/c/c80ca7bdff158401440741bdcf9175bd8608580b https://git.kernel.org/stable/c/db6f1d6d31711e73e6a214c73e6a8fb4cda0483d https://git.kernel.org/stable/c/2ed1a9de1f2d727ccae5bc9cc7c63ee3519c0c8b https://git.kernel.org/stable/c/7c3a46ebf15a9796b763a54272407fdbf945bed8
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make su=
re to drop the reference taken when looking up the DMA platform device duri=
ng of_dma_xlate() when releasing channel resources. Note that commit 3832b7= 8b3ec2 ("dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate= ()") fixed the leak in a couple of error paths but the reference is still l= eaking on successful allocation. 2026-01-31 not yet calculated CVE-2025-711=
91 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71191 ] https://git.kernel= .org/stable/c/987c71671367f42460689b78244d7b894c50999a https://git.kernel.org/stable/c/6a86cf2c09e149d5718a5b7090545f7566da9334 https://git.kernel.org/stable/c/f3c23b7e941349505c3d40de2cc0acd93d9ac057 https://git.kernel.org/stable/c/b9074b2d7a230b6e28caa23165e9d8bc0677d333
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: perf: Ensure swevent hrtimer is properly destroyed With the ch= ange to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears=
possible for the hrtimer to still be active by the time the event gets fre= ed. Make sure the event does a full hrtimer_cancel() on the free path by in= stalling a perf_event::destroy handler. 2026-01-28 not yet calculated CVE-2= 026-23014 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23014 ] https://git= .kernel.org/stable/c/deee9dfb111ab00f9dfd46c0c7e36656b80f5235 https://git.kernel.org/stable/c/ff5860f5088e9076ebcccf05a6ca709d5935cfa9
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: gpio: mpsse: fix reference leak in gpio_mpsse_probe() error pa= ths The reference obtained by calling usb_get_dev() is not released in the = gpio_mpsse_probe() error paths. Fix that by using device managed helper fun= ctions. Also remove the usb_put_dev() call in the disconnect function since=
now it will be released automatically. 2026-01-31 not yet calculated CVE-2= 026-23015 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23015 ] https://git= .kernel.org/stable/c/7ea26e6dcabc270433b6ded2a1aee85b215d1b28 https://git.kernel.org/stable/c/1e876e5a0875e71e34148c9feb2eedd3bf6b2b43
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: inet: frags: drop fraglist conntrack references Jakub added a = warning in nf_conntrack_cleanup_net_list() to make debugging leaked skbs/co= nntrack references more obvious. syzbot reports this as triggering, and I c=
an also reproduce this via ip_defrag.sh selftest: conntrack cleanup blocked=
for 60s WARNING: net/netfilter/nf_conntrack_core.c:2512 [..] conntrack cle= nups gets stuck because there are skbs with still hold nf_conn references v=
ia their frag_list. net.core.skb_defer_max=3D0 makes the hang disappear. Er=
ic Dumazet points out that skb_release_head_state() doesn't follow the frag= list. ip_defrag.sh can only reproduce this problem since commit 6471658dc66=
c ("udp: use skb_attempt_defer_free()"), but AFAICS this problem could happ=
en with TCP as well if pmtu discovery is off. The relevant problem path for=
udp is: 1. netns emits fragmented packets 2. nf_defrag_v6_hook reassembles=
them (in output hook) 3. reassembled skb is tracked (skb owns nf_conn refe= rence) 4. ip6_output refragments 5. refragmented packets also own nf_conn r= eference (ip6_fragment calls ip6_copy_metadata()) 6. on input path, nf_defr= ag_v6_hook skips defragmentation: the fragments already have skb->nf_conn a= ttached 7. skbs are reassembled via ipv6_frag_rcv() 8. skb_consume_udp -> s= kb_attempt_defer_free() -> skb ends up in pcpu freelist, but still has nf_c= onn reference. Possible solutions: 1 let defrag engine drop nf_conn entry, =
OR 2 export kick_defer_list_purge() and call it from the conntrack netns ex=
it callback, OR 3 add skb_has_frag_list() check to skb_attempt_defer_free()=
2 & 3 also solve ip_defrag.sh hang but share same drawback: Such reassembl=
ed skbs, queued to socket, can prevent conntrack module removal until users= pace has consumed the packet. While both tcp and udp stack do call nf_reset= _ct() before placing skb on socket queue, that function doesn't iterate fra= g_list skbs. Therefore drop nf_conn entries when they are placed in defrag = queue. Keep the nf_conn entry of the first (offset 0) skb so that reassembl=
ed skb retains nf_conn entry for sake of TX path. Note that fixes tag is in= correct; it points to the commit introducing the 'ip_defrag.sh reproducible=
problem': no need to backport this patch to every stable kernel. 2026-01-3=
1 not yet calculated CVE-2026-23016 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-23016 ] https://git.kernel.org/stable/c/088ca99dbb039c444c3ff987c541= 2a73f4f0cbf8 https://git.kernel.org/stable/c/2ef02ac38d3c17f34a00c4b267d961a8d4b45d1a
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: idpf: fix error handling in the init_task on load If the init_= task fails during a driver load, we end up without vports and netdevs, effe= ctively failing the entire process. In that state a subsequent reset will r= esult in a crash as the service task attempts to access uninitialized resou= rces. Following trace is from an error in the init_task where the CREATE_VP= ORT (op 501) is rejected by the FW: [40922.763136] idpf 0000:83:00.0: Devic=
e HW Reset initiated [40924.449797] idpf 0000:83:00.0: Transaction failed (=
op 501) [40958.148190] idpf 0000:83:00.0: HW reset detected [40958.161202] = BUG: kernel NULL pointer dereference, address: 00000000000000a8 ... [40958.= 168094] Workqueue: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf] [40= 958.168865] RIP: 0010:idpf_vc_event_task+0x9b/0x350 [idpf] ... [40958.17793=
2] Call Trace: [40958.178491] <TASK> [40958.179040] process_one_work+0x226/= 0x6d0 [40958.179609] worker_thread+0x19e/0x340 [40958.180158] ? __pfx_worke= r_thread+0x10/0x10 [40958.180702] kthread+0x10f/0x250 [40958.181238] ? __pf= x_kthread+0x10/0x10 [40958.181774] ret_from_fork+0x251/0x2b0 [40958.182307]=
? __pfx_kthread+0x10/0x10 [40958.182834] ret_from_fork_asm+0x1a/0x30 [4095= 8.183370] </TASK> Fix the error handling in the init_task to make sure the = service and mailbox tasks are disabled if the error happens during load. Th= ese are started in idpf_vc_core_init(), which spawns the init_task and has =
no way of knowing if it failed. If the error happens on reset, following su= ccessful driver load, the tasks can still run, as that will allow the netde=
vs to attempt recovery through another reset. Stop the PTP callbacks either=
way as those will be restarted by the call to idpf_vc_core_init() during a=
successful reset. 2026-01-31 not yet calculated CVE-2026-23017 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-23017 ] https://git.kernel.org/stable/c/= a514c374edcd33581cdcccf8faa7cc606a600319 https://git.kernel.org/stable/c/4d792219fe6f891b5b557a607ac8a0a14eda6e38
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: btrfs: release path before initializing extent tree in btrfs_r= ead_locked_inode() In btrfs_read_locked_inode() we are calling btrfs_init_f= ile_extent_tree() while holding a path with a read locked leaf from a subvo= lume tree, and btrfs_init_file_extent_tree() may do a GFP_KERNEL allocation=
, which can trigger reclaim. This can create a circular lock dependency whi=
ch lockdep warns about with the following splat: [6.1433] =3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [6= .1574] WARNING: possible circular locking dependency detected [6.1583] 6.18= .0+ #4 Tainted: G U [6.1591] ----------------------------------------------= -------- [6.1599] kswapd0/117 is trying to acquire lock: [6.1606] ffff8d9b6= 333c5b8 (&delayed_node->mutex){+.+.}-{3:3}, at: __btrfs_release_delayed_nod= e.part.0+0x39/0x2f0 [6.1625] but task is already holding lock: [6.1633] fff= fffffa4ab8ce0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x195/0xc60 [6.16= 46] which lock already depends on the new lock. [6.1657] the existing depen= dency chain (in reverse order) is: [6.1667] -> #2 (fs_reclaim){+.+.}-{0:0}:=
[6.1677] fs_reclaim_acquire+0x9d/0xd0 [6.1685] __kmalloc_cache_noprof+0x59= /0x750 [6.1694] btrfs_init_file_extent_tree+0x90/0x100 [6.1702] btrfs_read_= locked_inode+0xc3/0x6b0 [6.1710] btrfs_iget+0xbb/0xf0 [6.1716] btrfs_lookup= _dentry+0x3c5/0x8e0 [6.1724] btrfs_lookup+0x12/0x30 [6.1731] lookup_open.is= ra.0+0x1aa/0x6a0 [6.1739] path_openat+0x5f7/0xc60 [6.1746] do_filp_open+0xd= 6/0x180 [6.1753] do_sys_openat2+0x8b/0xe0 [6.1760] __x64_sys_openat+0x54/0x=
a0 [6.1768] do_syscall_64+0x97/0x3e0 [6.1776] entry_SYSCALL_64_after_hwfram= e+0x76/0x7e [6.1784] -> #1 (btrfs-tree-00){++++}-{3:3}: [6.1794] lock_relea= se+0x127/0x2a0 [6.1801] up_read+0x1b/0x30 [6.1808] btrfs_search_slot+0x8e0/= 0xff0 [6.1817] btrfs_lookup_inode+0x52/0xd0 [6.1825] __btrfs_update_delayed= _inode+0x73/0x520 [6.1833] btrfs_commit_inode_delayed_inode+0x11a/0x120 [6.= 1842] btrfs_log_inode+0x608/0x1aa0 [6.1849] btrfs_log_inode_parent+0x249/0x= f80 [6.1857] btrfs_log_dentry_safe+0x3e/0x60 [6.1865] btrfs_sync_file+0x431= /0x690 [6.1872] do_fsync+0x39/0x80 [6.1879] __x64_sys_fsync+0x13/0x20 [6.18= 87] do_syscall_64+0x97/0x3e0 [6.1894] entry_SYSCALL_64_after_hwframe+0x76/0= x7e [6.1903] -> #0 (&delayed_node->mutex){+.+.}-{3:3}: [6.1913] __lock_acqu= ire+0x15e9/0x2820 [6.1920] lock_acquire+0xc9/0x2d0 [6.1927] __mutex_lock+0x= cc/0x10a0 [6.1934] __btrfs_release_delayed_node.part.0+0x39/0x2f0 [6.1944] = btrfs_evict_inode+0x20b/0x4b0 [6.1952] evict+0x15a/0x2f0 [6.1958] prune_ica= che_sb+0x91/0xd0 [6.1966] super_cache_scan+0x150/0x1d0 [6.1974] do_shrink_s= lab+0x155/0x6f0 [6.1981] shrink_slab+0x48e/0x890 [6.1988] shrink_one+0x11a/= 0x1f0 [6.1995] shrink_node+0xbfd/0x1320 [6.1002] balance_pgdat+0x67f/0xc60 = [6.1321] kswapd+0x1dc/0x3e0 [6.1643] kthread+0xff/0x240 [6.1965] ret_from_f= ork+0x223/0x280 [6.1287] ret_from_fork_asm+0x1a/0x30 [6.1616] other info th=
at might help us debug this: [6.1561] Chain exists of: &delayed_node->mutex=

btrfs-tree-00 --> fs_reclaim [6.1503] Possible unsafe locking scenario=

: [6.1110] CPU0 CPU1 [6.1411] ---- ---- [6.1707] lock(fs_reclaim); [6.1998]=
lock(btrfs-tree-00); [6.1291] lock(fs_reclaim); [6.1581] lock(&del ---trun= cated--- 2026-01-31 not yet calculated CVE-2026-23018 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-23018 ] https://git.kernel.org/stable/c/92a5590851= 144f034adc51fee55e6878ccac716e https://git.kernel.org/stable/c/8731f2c50b0b1d2b58ed5b9671ef2c4bdc2f8347
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net: marvell: prestera: fix NULL dereference on devlink_alloc(=
) failure devlink_alloc() may return NULL on allocation failure, but preste= ra_devlink_alloc() unconditionally calls devlink_priv() on the returned poi= nter. This leads to a NULL pointer dereference if devlink allocation fails.=
Add a check for a NULL devlink pointer and return NULL early to avoid the = crash. 2026-01-31 not yet calculated CVE-2026-23019 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-23019 ] https://git.kernel.org/stable/c/8a4333b2818f= 0d853b43e139936c20659366e4a0 https://git.kernel.org/stable/c/325aea74be7e192b5c947c782da23b0d19a5fda2 https://git.kernel.org/stable/c/94e070cd50790317fba7787ae6006934b7edcb6f https://git.kernel.org/stable/c/3950054c9512add0cc79ab7e72b6d2f9f675e25b https://git.kernel.org/stable/c/326a4b7e61d01db3507f71c8bb5e85362f607064 https://git.kernel.org/stable/c/a428e0da1248c353557970848994f35fd3f005e2
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net: 3com: 3c59x: fix possible null dereference in vortex_prob= e1() pdev can be null and free_ring: can be called in 1297 with a null pdev=
. 2026-01-31 not yet calculated CVE-2026-23020 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-23020 ] https://git.kernel.org/stable/c/053ac9e37eee435e9= 99277c0f1ef890dad6064bf https://git.kernel.org/stable/c/6cff14b831dbdb32675b4c7904dcc3eeeaf47e9d https://git.kernel.org/stable/c/606872c8e8bf96066730f6a2317502c5633c37f1 https://git.kernel.org/stable/c/28b2a805609699be7b90020ae7dccfb234be1ceb https://git.kernel.org/stable/c/2f05f7737e16d9a40038cc1c38a96a3f7964898b https://git.kernel.org/stable/c/d82796a57cc0dac1dbef19d913c8f02a8cc7b1a7 https://git.kernel.org/stable/c/a4e305ed60f7c41bbf9aabc16dd75267194e0de3
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() = When asynchronously writing to the device registers and if usb_submit_urb()=
fail, the code fail to release allocated to this point resources. 2026-01-=
31 not yet calculated CVE-2026-23021 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-23021 ] https://git.kernel.org/stable/c/5397ea6d21c35a17707e201a607= 61bdee00bcc4e https://git.kernel.org/stable/c/a40af9a2904a1ab8ce61866ebe2a894ef30754ba https://git.kernel.org/stable/c/ac5d92d2826dec51e5d4c6854865bc5817277452 https://git.kernel.org/stable/c/93f18eaa190374e0f2d253e3b1a65cee19a7abe6 https://git.kernel.org/stable/c/471dfb97599eec74e0476046b3ef8e7037f27b34 https://git.kernel.org/stable/c/ce6eef731aba23a988decea1df3b08cf978f7b01 https://git.kernel.org/stable/c/afa27621a28af317523e0836dad430bec551eb54
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: idpf: fix memory leak in idpf_vc_core_deinit() Make sure to fr=
ee hw->lan_regs. Reported by kmemleak during reset: unreferenced object 0xf= f1b913d02a936c0 (size 96): comm "kworker/u258:14", pid 2174, jiffies 429495= 8305 hex dump (first 32 bytes): 00 00 00 c0 a8 ba 2d ff 00 00 00 00 00 00 0=
0 00 ......-......... 00 00 40 08 00 00 00 00 00 00 25 b3 a8 ba 2d ff ..@..= .....%...-. backtrace (crc 36063c4f): __kmalloc_noprof+0x48f/0x890 idpf_vc_= core_init+0x6ce/0x9b0 [idpf] idpf_vc_event_task+0x1fb/0x350 [idpf] process_= one_work+0x226/0x6d0 worker_thread+0x19e/0x340 kthread+0x10f/0x250 ret_from= _fork+0x251/0x2b0 ret_from_fork_asm+0x1a/0x30 2026-01-31 not yet calculated=
CVE-2026-23022 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23022 ] https= ://git.kernel.org/stable/c/23391db8a00c23854915b8b72ec1aa10080aa540 https://git.kernel.org/stable/c/e111cbc4adf9f9974eed040aeece7e17460f6bff
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: idpf: fix memory leak in idpf_vport_rel() Free vport->rx_ptype= _lkup in idpf_vport_rel() to avoid leaking memory during a reset. Reported =
by kmemleak: unreferenced object 0xff450acac838a000 (size 4096): comm "kwor= ker/u258:5", pid 7732, jiffies 4296830044 hex dump (first 32 bytes): 00 00 =
00 00 00 10 00 00 00 10 00 00 00 00 00 00 ................ 00 00 00 00 00 0=
0 00 00 00 10 00 00 00 00 00 00 ................ backtrace (crc 3da81902): = __kmalloc_cache_noprof+0x469/0x7a0 idpf_send_get_rx_ptype_msg+0x90/0x570 [i= dpf] idpf_init_task+0x1ec/0x8d0 [idpf] process_one_work+0x226/0x6d0 worker_= thread+0x19e/0x340 kthread+0x10f/0x250 ret_from_fork+0x251/0x2b0 ret_from_f= ork_asm+0x1a/0x30 2026-01-31 not yet calculated CVE-2026-23023 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-23023 ] https://git.kernel.org/stable/c/a= 4212d6732e3f674c6cc7d0b642f276d827e8f94 https://git.kernel.org/stable/c/ec602a2a4071eb956d656ba968c58fee09f0622d https://git.kernel.org/stable/c/f6242b354605faff263ca45882b148200915a3f6
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: idpf: fix memory leak of flow steer list on rmmod The flow ste= ering list maintains entries that are added and removed as ethtool creates = and deletes flow steering rules. Module removal with active entries causes = memory leak as the list is not properly cleaned up. Prevent this by iterati=
ng through the remaining entries in the list and freeing the associated mem= ory during module removal. Add a spinlock (flow_steer_list_lock) to protect=
the list access from multiple threads. 2026-01-31 not yet calculated CVE-2= 026-23024 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23024 ] https://git= .kernel.org/stable/c/1aedff70a5e97628eaaf17b169774cb6a45a1dc5 https://git.kernel.org/stable/c/f9841bd28b600526ca4f6713b0ca49bf7bb98452
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: mm/page_alloc: prevent pcp corruption with SMP=3Dn The kernel = test robot has reported: BUG: spinlock trylock failure on UP on CPU#0, kcom= pactd0/28 lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28=
, .owner_cpu: 0 CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-r= c5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470 = Call Trace: <IRQ> __dump_stack (lib/dump_stack.c:95) dump_stack_lvl (lib/du= mp_stack.c:123) dump_stack (lib/dump_stack.c:130) spin_dump (kernel/locking= /spinlock_debug.c:71) do_raw_spin_trylock (kernel/locking/spinlock_debug.c:=
?) _raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/sp= inlock.c:138) __free_frozen_pages (mm/page_alloc.c:2973) ___free_pages (mm/= page_alloc.c:5295) __free_pages (mm/page_alloc.c:5334) tlb_remove_table_rcu=
(include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:22=
0 mm/mmu_gather.c:227 mm/mmu_gather.c:290) ? __cfi_tlb_remove_table_rcu (mm= /mmu_gather.c:289) ? rcu_core (kernel/rcu/tree.c:?) rcu_core (include/linux= /rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861) rcu_core_si = (kernel/rcu/tree.c:2879) handle_softirqs (arch/x86/include/asm/jump_label.h= :36 include/trace/events/irq.h:142 kernel/softirq.c:623) __irq_exit_rcu (ar= ch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725) irq_exit_rcu (kern= el/softirq.c:741) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:= 1052) </IRQ> <TASK> RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include= /asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinl= ock.c:194) free_pcppages_bulk (mm/page_alloc.c:1494) drain_pages_zone (incl= ude/linux/spinlock.h:391 mm/page_alloc.c:2632) __drain_all_pages (mm/page_a= lloc.c:2731) drain_all_pages (mm/page_alloc.c:2747) kcompactd (mm/compactio= n.c:3115) kthread (kernel/kthread.c:465) ? __cfi_kcompactd (mm/compaction.c= :3166) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork (arch/x86/kerne= l/process.c:164) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork_asm (= arch/x86/entry/entry_64.S:255) </TASK> Matthew has analyzed the report and = identified that in drain_page_zone() we are in a section protected by spin_= lock(&pcp->lock) and then get an interrupt that attempts spin_trylock() on = the same lock. The code is designed to work this way without disabling IRQs=
and occasionally fail the trylock with a fallback. However, the SMP=3Dn sp= inlock implementation assumes spin_trylock() will always succeed, and thus = it's normally a no-op. Here the enabled lock debugging catches the problem,=
but otherwise it could cause a corruption of the pcp structure. The proble=
m has been introduced by commit 574907741599 ("mm/page_alloc: leave IRQs en= abled for per-cpu page allocations"). The pcp locking scheme recognizes the=
need for disabling IRQs to prevent nesting spin_trylock() sections on SMP= =3Dn, but the need to prevent the nesting in spin_lock() has not been recog= nized. Fix it by introducing local wrappers that change the spin_lock() to = spin_lock_iqsave() with SMP=3Dn and use them in all places that do spin_loc= k(&pcp->lock). [vbabka@suse.cz: add pcp_ prefix to the spin_lock_irqsave wr= appers, per Steven] 2026-01-31 not yet calculated CVE-2026-23025 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-23025 ] https://git.kernel.org/stable/c= /4a04ff9cd816e7346fcc8126f00ed80481f6569d https://git.kernel.org/stable/c/df63d31e9ae02e2f6cd96147779e4ed7cd0e75f6 https://git.kernel.org/stable/c/3098f8f7c7b0686c74827aec42a2c45e69801ff8 https://git.kernel.org/stable/c/038a102535eb49e10e93eafac54352fcc5d78847
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config=
() Fix a memory leak in gpi_peripheral_config() where the original memory p= ointed to by gchan->config could be lost if krealloc() fails. The issue occ= urs when: 1. gchan->config points to previously allocated memory 2. kreallo= c() fails and returns NULL 3. The function directly assigns NULL to gchan->= config, losing the reference to the original memory 4. The original memory = becomes unreachable and cannot be freed Fix this by using a temporary varia= ble to hold the krealloc() result and only updating gchan->config when the = allocation succeeds. Found via static analysis and code review. 2026-01-31 = not yet calculated CVE-2026-23026 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-23026 ] https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b369= 8d2e0c89af https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8 https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85 https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy() I=
n kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->d= estroy() seems to be supposed to free its kvm_device struct, but kvm_pch_pi= c_destroy() is not currently doing this, that would lead to a memory leak. = So, fix it. 2026-01-31 not yet calculated CVE-2026-23027 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-23027 ] https://git.kernel.org/stable/c/fc53a66= 227af08d868face4b33fa8b2e1ba187ed https://git.kernel.org/stable/c/1cf342a7c3adc5877837b53bbceb5cc9eff60bbf
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kv= m_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destr= oy() seems to be supposed to free its kvm_device struct, but kvm_ipi_destro= y() is not currently doing this, that would lead to a memory leak. So, fix = it. 2026-01-31 not yet calculated CVE-2026-23028 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-23028 ] https://git.kernel.org/stable/c/5defcc2f9c22e6e= 09b5be68234ad10f4ba0292b7 https://git.kernel.org/stable/c/0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() I=
n kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->d= estroy() seems to be supposed to free its kvm_device struct, but kvm_eioint= c_destroy() is not currently doing this, that would lead to a memory leak. = So, fix it. 2026-01-31 not yet calculated CVE-2026-23029 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-23029 ] https://git.kernel.org/stable/c/e94ec96= 61c5820d157d2cc4b6cf4a6ab656a7b4d https://git.kernel.org/stable/c/7d8553fc75aefa7ec936af0cf8443ff90b51732e
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_us= b2phy_probe() The for_each_available_child_of_node() calls of_node_put() to=
release child_np in each success loop. After breaking from the loop with t=
he child_np has been released, the code will jump to the put_child label an=
d will call the of_node_put() again if the devm_request_threaded_irq() fail=
s. These cause a double free bug. Fix by returning directly to avoid the du= plicate of_node_put(). 2026-01-31 not yet calculated CVE-2026-23030 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-23030 ] https://git.kernel.org/stabl= e/c/ebae26dd15140b840cf65be5e1c0daee949ba70b https://git.kernel.org/stable/c/027d42b97e6eb827c3438ebc09bab7efaee9270d https://git.kernel.org/stable/c/efe92ee7a111fe0f4d75f3ed6b7e3f86322279d5 https://git.kernel.org/stable/c/e07dea3de508cd6950c937cec42de7603190e1ca
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory le=
ak In gs_can_open(), the URBs for USB-in transfers are allocated, added to = the parent->rx_submitted anchor and submitted. In the complete callback gs_= usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_ca= n_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_s= ubmitted). However, this does not take into account that the USB framework = unanchors the URB before the complete function is called. This means that o= nce an in-URB has been completed, it is no longer anchored and is ultimatel=
y not released in gs_can_close(). Fix the memory leak by anchoring the URB =
in the gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor. 2= 026-01-31 not yet calculated CVE-2026-23031 [ https://www.cve.org/CVERecord= ?id=3DCVE-2026-23031 ] https://git.kernel.org/stable/c/f905bcfa971edb89e398= c98957838d8c6381c0c7 https://git.kernel.org/stable/c/08624b7206ddb9148eeffc2384ebda2c47b6d1e9 https://git.kernel.org/stable/c/9f669a38ca70839229b7ba0f851820850a2fe1f7 https://git.kernel.org/stable/c/7352e1d5932a0e777e39fa4b619801191f57e603
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: null_blk: fix kmemleak by releasing references to fault config=
fs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-= blk driver sets up fault injection support by creating the timeout_inject, = requeue_inject, and init_hctx_fault_inject configfs items as children of th=
e top-level nullbX configfs group. However, when the nullbX device is remov= ed, the references taken to these fault-config configfs items are not relea= sed. As a result, kmemleak reports a memory leak, for example: unreferenced=
object 0xc00000021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322= 121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c=
74 5f init_hctx_fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inj= ect.......... backtrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+= 0x494/0xbd8 kvasprintf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_gro= up_init_type_name+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 = configfs_mkdir+0x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys= _mkdir+0xa0/0xd8 system_call_exception+0x1b0/0x4f0 system_call_vectored_com= mon+0x15c/0x2ec Fix this by explicitly releasing the references to the faul= t-config configfs items when dropping the reference to the top-level nullbX=
configfs group. 2026-01-31 not yet calculated CVE-2026-23032 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-23032 ] https://git.kernel.org/stable/c/1a= 3286edf4d48ce37f8982ff3c3b65159a5ecbb2 https://git.kernel.org/stable/c/d59ba448ccd595d5d65e197216cf781a87db2b28 https://git.kernel.org/stable/c/f1718da051282698aa8fa150bebb9724f6389fda https://git.kernel.org/stable/c/40b94ec7edbbb867c4e26a1a43d2b898f04b93c5
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths=
The dma_pool created by dma_pool_create() is not destroyed when dma_async_= device_register() or of_dma_controller_register() fails, causing a resource=
leak in the probe error paths. Add dma_pool_destroy() in both error paths =
to properly release the allocated dma_pool resource. 2026-01-31 not yet cal= culated CVE-2026-23033 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23033 =
] https://git.kernel.org/stable/c/88a9483f093bbb9263dcf21bc7fdb5132e5de88d https://git.kernel.org/stable/c/4b93712e96be17029bd22787f2e39feb0e73272c https://git.kernel.org/stable/c/829b00481734dd54e72f755fd6584bce6fbffbb0 https://git.kernel.org/stable/c/2e1136acf8a8887c29f52e35a77b537309af321f
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v=
2 The user mode queue keeps a pointer to the most recent fence in userq->la= st_fence. This pointer holds an extra dma_fence reference. When the queue i=
s destroyed, we free the fence driver and its xarray, but we forgot to drop=
the last_fence reference. Because of the missing dma_fence_put(), the last=
fence object can stay alive when the driver unloads. This leaves an alloca= ted object in the amdgpu_userq_fence slab cache and triggers This is visibl=
e during driver unload as: BUG amdgpu_userq_fence: Objects remaining on __k= mem_cache_shutdown() kmem_cache_destroy amdgpu_userq_fence: Slab cache stil=
l has objects Call Trace: kmem_cache_destroy amdgpu_userq_fence_slab_fini a= mdgpu_exit __do_sys_delete_module Fix this by putting userq->last_fence and=
clearing the pointer during amdgpu_userq_fence_driver_free(). This makes s= ure the fence reference is released and the slab cache is empty when the mo= dule exits. v2: Update to only release userq->last_fence with dma_fence_put=
() (Christian) (cherry picked from commit 8e051e38a8d45caf6a866d4ff842105b5= 77953bb) 2026-01-31 not yet calculated CVE-2026-23034 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-23034 ] https://git.kernel.org/stable/c/e1a30e1ab3= 3fc522785d04bbf7e1b13a5c5c9175 https://git.kernel.org/stable/c/b2426a211dba6432e32a2e70e9183c6e134475c6
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv=
mlx5e_priv is an unstable structure that can be memset(0) if profile attac= hing fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will work=
on a valid netdev. On mlx5e_remove: Check validity of priv->profile, befor=
e attempting to cleanup any resources that might be not there. This fixes a=
kernel oops in mlx5e_remove when switchdev mode fails due to change profil=
e failure. $ devlink dev eswitch set pci/0000:00:03.0 mode switchdev Error:=
mlx5_core: Failed setting eswitch to offloads. dmesg: workqueue: Failed to=
create a rescuer kthread for wq "mlx5e": -EINTR mlx5_core 0012:03:00.1: ml= x5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=3D-12=
mlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile=
init failed, -12 workqueue: Failed to create a rescuer kthread for wq "mlx= 5e": -EINTR mlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 371= 99): mlx5e_priv_init failed, err=3D-12 mlx5_core 0012:03:00.1 gpu3rdma1: ml= x5e_netdev_change_profile: failed to rollback to orig profile, -12 $ devlin=
k dev reload pci/0000:00:03.0 =3D=3D> oops BUG: kernel NULL pointer derefer= ence, address: 0000000000000370 PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI=
CPU: 15 UID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc5+ #115 PREEMPT= (voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3= -2.fc40 04/01/2014 RIP: 0010:mlx5e_dcbnl_dscp_app+0x23/0x100 RSP: 0018:ffff= c9000083f8b8 EFLAGS: 00010286 RAX: ffff8881126fc380 RBX: ffff8881015ac400 R= CX: ffffffff826ffc45 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8= 881035109c0 RBP: ffff8881035109c0 R08: ffff888101e3e838 R09: ffff888100264e=
10 R10: ffffc9000083f898 R11: ffffc9000083f8a0 R12: ffff888101b921a0 R13: f= fff888101b921a0 R14: ffff8881015ac9a0 R15: ffff8881015ac400 FS: 00007f789a3= c8740(0000) GS:ffff88856aa59000(0000) knlGS:0000000000000000 CS: 0010 DS: 0= 000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000370 CR3: 000000010b6c0= 001 CR4: 0000000000370ef0 Call Trace: <TASK> mlx5e_remove+0x57/0x110 device= _release_driver_internal+0x19c/0x200 bus_remove_device+0xc6/0x130 device_de= l+0x160/0x3d0 ? devl_param_driverinit_value_get+0x2d/0x90 mlx5_detach_devic= e+0x89/0xe0 mlx5_unload_one_devl_locked+0x3a/0x70 mlx5_devlink_reload_down+= 0xc8/0x220 devlink_reload+0x7d/0x260 devlink_nl_reload_doit+0x45b/0x5a0 gen= l_family_rcv_msg_doit+0xe8/0x140 2026-01-31 not yet calculated CVE-2026-230=
35 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23035 ] https://git.kernel= .org/stable/c/a7625bacaa8c8c2bfcde6dd6d1397bd63ad82b02 https://git.kernel.org/stable/c/66a25f6b7c0bfd84e6d27b536f5d24116dbd52da https://git.kernel.org/stable/c/4ef8512e1427111f7ba92b4a847d181ff0aeec42
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: btrfs: release path before iget_failed() in btrfs_read_locked_= inode() In btrfs_read_locked_inode() if we fail to lookup the inode, we jum=
p to the 'out' label with a path that has a read locked leaf and then we ca=
ll iget_failed(). This can result in a ABBA deadlock, since iget_failed() t= riggers inode eviction and that causes the release of the delayed inode, wh= ich must lock the delayed inode's mutex, and a task updating a delayed inod=
e starts by taking the node's mutex and then modifying the inode's subvolum=
e btree. Syzbot reported the following lockdep splat for this: =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
WARNING: possible circular locking dependency detected syzkaller #0 Not ta= inted ------------------------------------------------------ btrfs-cleaner/= 8725 is trying to acquire lock: ffff0000d6826a48 (&delayed_node->mutex){+.+= .}-{4:4}, at: __btrfs_release_delayed_node+0xa0/0x9b0 fs/btrfs/delayed-inod= e.c:290 but task is already holding lock: ffff0000dbeba878 (btrfs-tree-00){= ++++}-{4:4}, at: btrfs_tree_read_lock_nested+0x44/0x2ec fs/btrfs/locking.c:= 145 which lock already depends on the new lock. the existing dependency cha=
in (in reverse order) is: -> #1 (btrfs-tree-00){++++}-{4:4}: __lock_release=
kernel/locking/lockdep.c:5574 [inline] lock_release+0x198/0x39c kernel/loc= king/lockdep.c:5889 up_read+0x24/0x3c kernel/locking/rwsem.c:1632 btrfs_tre= e_read_unlock+0xdc/0x298 fs/btrfs/locking.c:169 btrfs_tree_unlock_rw fs/btr= fs/locking.h:218 [inline] btrfs_search_slot+0xa6c/0x223c fs/btrfs/ctree.c:2= 133 btrfs_lookup_inode+0xd8/0x38c fs/btrfs/inode-item.c:395 __btrfs_update_= delayed_inode+0x124/0xed0 fs/btrfs/delayed-inode.c:1032 btrfs_update_delaye= d_inode fs/btrfs/delayed-inode.c:1118 [inline] __btrfs_commit_inode_delayed= _items+0x15f8/0x1748 fs/btrfs/delayed-inode.c:1141 __btrfs_run_delayed_item= s+0x1ac/0x514 fs/btrfs/delayed-inode.c:1176 btrfs_run_delayed_items_nr+0x28= /0x38 fs/btrfs/delayed-inode.c:1219 flush_space+0x26c/0xb68 fs/btrfs/space-= info.c:828 do_async_reclaim_metadata_space+0x110/0x364 fs/btrfs/space-info.= c:1158 btrfs_async_reclaim_metadata_space+0x90/0xd8 fs/btrfs/space-info.c:1= 226 process_one_work+0x7e8/0x155c kernel/workqueue.c:3263 process_scheduled= _works kernel/workqueue.c:3346 [inline] worker_thread+0x958/0xed8 kernel/wo= rkqueue.c:3427 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/= 0x20 arch/arm64/kernel/entry.S:844 -> #0 (&delayed_node->mutex){+.+.}-{4:4}=
: check_prev_add kernel/locking/lockdep.c:3165 [inline] check_prevs_add ker= nel/locking/lockdep.c:3284 [inline] validate_chain kernel/locking/lockdep.c= :3908 [inline] __lock_acquire+0x1774/0x30a4 kernel/locking/lockdep.c:5237 l= ock_acquire+0x14c/0x2e0 kernel/locking/lockdep.c:5868 __mutex_lock_common+0= x1d0/0x2678 kernel/locking/mutex.c:598 __mutex_lock kernel/locking/mutex.c:= 760 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:812 __btrfs= _release_delayed_node+0xa0/0x9b0 fs/btrfs/delayed-inode.c:290 btrfs_release= _delayed_node fs/btrfs/delayed-inode.c:315 [inline] btrfs_remove_delayed_no= de+0x68/0x84 fs/btrfs/delayed-inode.c:1326 btrfs_evict_inode+0x578/0xe28 fs= /btrfs/inode.c:5587 evict+0x414/0x928 fs/inode.c:810 iput_final fs/inode.c:= 1914 [inline] iput+0x95c/0xad4 fs/inode.c:1966 iget_failed+0xec/0x134 fs/ba= d_inode.c:248 btrfs_read_locked_inode+0xe1c/0x1234 fs/btrfs/inode.c:4101 bt= rfs_iget+0x1b0/0x264 fs/btrfs/inode.c:5837 btrfs_run_defrag_inode fs/btrfs/= defrag.c:237 [inline] btrfs_run_defrag_inodes+0x520/0xdc4 fs/btrf ---trunca= ted--- 2026-01-31 not yet calculated CVE-2026-23036 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-23036 ] https://git.kernel.org/stable/c/65241e3ddda6= 0b53a4ee3ae12721fc9ee21d5827 https://git.kernel.org/stable/c/1e1f2055ad5a7a5d548789b334a4473a7665c418
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: etas_es58x: allow partial RX URB allocation to succeed Wh=
en es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but=
succeeds in allocating some, it returns an error code. This causes es58x_o= pen() to return early, skipping the cleanup label 'free_urbs', which leads =
to the anchored URBs being leaked. As pointed out by maintainer Vincent Mai= lhol, the driver is designed to handle partial URB allocation gracefully. T= herefore, partial allocation should not be treated as a fatal error. Modify=
es58x_alloc_rx_urbs() to return 0 if at least one URB has been allocated, = restoring the intended behavior and preventing the leak in es58x_open(). 20= 26-01-31 not yet calculated CVE-2026-23037 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-23037 ] https://git.kernel.org/stable/c/611e839d2d552416b498e= d5593e10670f61fcd4d https://git.kernel.org/stable/c/ba45e3d6b02c97dbb4578fbae7027fd66f3caa10 https://git.kernel.org/stable/c/6c5124a60989051799037834f0a1a4b428718157 https://git.kernel.org/stable/c/b1979778e98569c1e78c2c7f16bb24d76541ab00
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node=
() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fail=
s, the function jumps to the out_scratch label without freeing the already = allocated dsaddrs list, leading to a memory leak. Fix this by jumping to th=
e out_err_drain_dsaddrs label, which properly frees the dsaddrs list before=
cleaning up other resources. 2026-01-31 not yet calculated CVE-2026-23038 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-23038 ] https://git.kernel.or= g/stable/c/869862056e100973e76ce9f5f1b01837771b7722 https://git.kernel.org/stable/c/86da7efd12295a7e2b4abde5e5984c821edd938f https://git.kernel.org/stable/c/ed5d3f2f6885eb99f729e6ffd946e3aa058bd3eb https://git.kernel.org/stable/c/0c728083654f0066f5e10a1d2b0bd0907af19a58
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect O=
n disconnect drm_atomic_helper_disable_all() is called which sets both the =
fb and crtc for a plane to NULL before invoking a commit. This causes a ker= nel oops on every display disconnect. Add guards for those dereferences. 20= 26-01-31 not yet calculated CVE-2026-23039 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-23039 ] https://git.kernel.org/stable/c/a255ec07f91d4c73a361a= 28b7a3d82f5710245f1 https://git.kernel.org/stable/c/dc2d5ddb193e363187bae2ad358245642d2721fb
=C2=A0 liuyueyi--quick-media Improper Control of Generation of Code ('Code = Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik= -codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules).=
This vulnerability is associated with program files PNGImageEncoder.Java. = This issue affects quick-media: before v1.0. 2026-01-27 not yet calculated = CVE-2026-24806 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24806 ] https:= //github.com/liuyueyi/quick-media/pull/122
=C2=A0 liuyueyi--quick-media Improper Verification of Cryptographic Signatu=
re vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fi= x/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vu= lnerability is associated with program files SeekableOutputStream.Java. Thi=
s issue affects quick-media: before v1.0. 2026-01-27 not yet calculated CVE= -2026-24807 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24807 ] https://g= ithub.com/liuyueyi/quick-media/pull/123
=C2=A0 LiveHelperChat--LiveHelperChat Stored Cross-Site Scripting (XSS) vul= nerability in the PDF file upload functionality of Live Helper Chat, versio=
ns prior to 4.72. An attacker can upload a malicious PDF file containing an=
XSS payload, which will be executed in the user's context when they downlo=
ad and open the file via the link generated by the application. The vulnera= bility allows arbitrary JavaScript code to be executed in the user's local = context. 2026-01-28 not yet calculated CVE-2026-0483 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-0483 ] https://www.incibe.es/en/incibe-cert/notices= /aviso/stored-cross-site-scripting-xss-vulnerability-livehelperchat
=C2=A0 lobehub--lobe-chat LobeHub is an open source human-and-AI-agent netw= ork. Prior to version 1.143.3, the file upload feature in `Knowledge Base >=
File Upload` does not validate the integrity of the upload request, allowi=
ng users to intercept and modify the request parameters. As a result, it is=
possible to create arbitrary files in abnormal or unintended paths. In add= ition, since `lobechat.com` relies on the size parameter from the request t=
o calculate file usage, an attacker can manipulate this value to misreprese=
nt the actual file size, such as uploading a `1 GB` file while reporting it=
as `10 MB`, or falsely declaring a `10 MB` file as a `1 GB` file. By manip= ulating the size value provided in the client upload request, it is possibl=
e to bypass the monthly upload quota enforced by the server and continuousl=
y upload files beyond the intended storage and traffic limits. This abuse c=
an result in a discrepancy between actual resource consumption and billing = calculations, causing direct financial impact to the service operator. Addi= tionally, exhaustion of storage or related resources may lead to degraded s= ervice availability, including failed uploads, delayed content delivery, or=
temporary suspension of upload functionality for legitimate users. A singl=
e malicious user can also negatively affect other users or projects sharing=
the same subscription plan, effectively causing an indirect denial of serv= ice (DoS). Furthermore, excessive and unaccounted-for uploads can distort m= onitoring metrics and overload downstream systems such as backup processes,=
malware scanning, and media processing pipelines, ultimately undermining o= verall operational stability and service reliability. Version 1.143.3 conta= ins a patch for the issue. 2026-01-30 not yet calculated CVE-2026-23835 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-23835 ] https://github.com/lobeh= ub/lobehub/security/advisories/GHSA-wrrr-8jcv-wjf5
=C2=A0 Meta--react-server-dom-webpack Multiple denial of service vulnerabil= ities exist in React Server Components, affecting the following packages: r= eact-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpac=
k. The vulnerabilities are triggered by sending specially crafted HTTP requ= ests to Server Function endpoints, and could lead to server crashes, out-of= -memory exceptions or excessive CPU usage; depending on the vulnerable code=
path being exercised, the application configuration and application code. = Strongly consider upgrading to the latest package versions to reduce risk a=
nd prevent availability issues in applications using React Server Component=
s. 2026-01-26 not yet calculated CVE-2026-23864 [ https://www.cve.org/CVERe= cord?id=3DCVE-2026-23864 ] https://www.facebook.com/security/advisories/cve= -2026-23864
=C2=A0 Micron Technology, Inc.--Crucial Storage Executive Crucial Storage E= xecutive installer versions prior to 11.08.082025.00 contain a DLL preloadi=
ng vulnerability. During installation, the installer runs with elevated pri= vileges and loads Windows DLLs using an uncontrolled search path, which can=
cause a malicious DLL placed alongside the installer to be loaded instead =
of the intended system library. A local attacker who can convince a victim =
to run the installer from a directory containing the attacker-supplied DLL = can achieve arbitrary code execution with administrator privileges. 2026-01= -26 not yet calculated CVE-2025-71178 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-71178 ] https://eu.crucial.com/support/storage-executive https://www.vulncheck.com/advisories/crucial-storage-executive-installer-dl= l-preloading-lpe
=C2=A0 Mintplex-Labs--anything-llm AnythingLLM is an application that turns=
pieces of content into context that any LLM can use as references during c= hatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant=
as the vector database with an API key, this QdrantApiKey could be exposed=
in plain text to unauthenticated users via the `/api/setup-complete` endpo= int. Leakage of QdrantApiKey allows an unauthenticated attacker full read/w= rite access to the Qdrant vector database instance used by AnythingLLM. Sin=
ce Qdrant often stores the core knowledge base for RAG in AnythingLLM, this=
can lead to complete compromise of the semantic search / retrieval functio= nality and indirect leakage of confidential uploaded documents. Version 1.1= 0.0 patches the issue. 2026-01-26 not yet calculated CVE-2026-24477 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-24477 ] https://github.com/Mintplex-= Labs/anything-llm/security/advisories/GHSA-gm94-qc2p-xcwf
=C2=A0 monkey--monkey An out-of-bounds read in the http_parser_transfer_enc= oding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e98=
4 allows attackers to cause a Denial of Service (DoS) via sending a crafted=
POST request to the server. 2026-01-29 not yet calculated CVE-2025-63649 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-63649 ] https://github.com/mon= key/monkey/issues/426 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 monkey--monkey An out-of-bounds read in the mk_ptr_to_buf in mk_core=
function (mk_memory.c) of monkey commit f37e984 allows attackers to cause =
a Denial of Service (DoS) via sending a crafted HTTP request to the server.=
2026-01-29 not yet calculated CVE-2025-63650 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-63650 ] https://github.com/monkey/monkey/issues/426 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 monkey--monkey A use-after-free in the mk_string_char_search functio=
n (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause =
a Denial of Service (DoS) via sending a crafted HTTP request to the server.=
2026-01-29 not yet calculated CVE-2025-63651 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-63651 ] https://github.com/monkey/monkey/issues/426 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 monkey--monkey A use-after-free in the mk_http_request_end function = (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a = Denial of Service (DoS) via sending a crafted HTTP request to the server. 2= 026-01-29 not yet calculated CVE-2025-63652 [ https://www.cve.org/CVERecord= ?id=3DCVE-2025-63652 ] https://github.com/monkey/monkey/issues/426 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 monkey--monkey An out-of-bounds read in the mk_vhost_fdt_close funct= ion (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cau=
se a Denial of Service (DoS) via sending a crafted HTTP request to the serv= er. 2026-01-29 not yet calculated CVE-2025-63653 [ https://www.cve.org/CVER= ecord?id=3DCVE-2025-63653 ] https://github.com/monkey/monkey/issues/426 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 monkey--monkey A NULL pointer dereference in the mk_http_range_parse=
function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers t=
o cause a Denial of Service (DoS) via sending a crafted HTTP request to the=
server. 2026-01-29 not yet calculated CVE-2025-63655 [ https://www.cve.org= /CVERecord?id=3DCVE-2025-63655 ] https://github.com/monkey/monkey/issues/427 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 monkey--monkey An out-of-bounds read in the header_cmp function (mk_= server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause=
a Denial of Service (DoS) via sending a crafted HTTP request to the server=
. 2026-01-29 not yet calculated CVE-2025-63656 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-63656 ] https://github.com/monkey/monkey/issues/426 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 monkey--monkey An out-of-bounds read in the mk_mimetype_find functio=
n (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to ca= use a Denial of Service (DoS) via sending a crafted HTTP request to the ser= ver. 2026-01-29 not yet calculated CVE-2025-63657 [ https://www.cve.org/CVE= Record?id=3DCVE-2025-63657 ] https://github.com/monkey/monkey/issues/426 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 monkey--monkey A stack overflow in the mk_http_index_lookup function=
(mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a=
Denial of Service (DoS) via sending a crafted HTTP request to the server. = 2026-01-29 not yet calculated CVE-2025-63658 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-63658 ] https://github.com/monkey/monkey/issues/427 https://github.com/archersec/security-advisories/blob/master/monkey/monkey-= advisory-2025.md
=C2=A0 Mozilla--Firefox Mitigation bypass in the Privacy: Anti-Tracking com= ponent. This vulnerability affects Firefox < 147.0.2. 2026-01-27 not yet ca= lculated CVE-2026-24868 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24868=
] https://bugzilla.mozilla.org/show_bug.cgi?id=3D2007302 https://www.mozilla.org/security/advisories/mfsa2026-06/
=C2=A0 Mozilla--Firefox Use-after-free in the Layout: Scrolling and Overflo=
w component. This vulnerability affects Firefox < 147.0.2. 2026-01-27 not y=
et calculated CVE-2026-24869 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 24869 ] https://bugzilla.mozilla.org/show_bug.cgi?id=3D2008698 https://www.mozilla.org/security/advisories/mfsa2026-06/
=C2=A0 Mozilla--Thunderbird When a user explicitly requested Thunderbird to=
decrypt an inline OpenPGP message that was embedded in a text section of a=
n email that was formatted and styled with HTML and CSS, then the decrypted=
contents were rendered in a context in which the CSS styles from the outer=
messages were active. If the user had additionally allowed loading of the = remote content referenced by the outer email message, and the email was cra= fted by the sender using a combination of CSS rules and fonts and animation=
s, then it was possible to extract the secret contents of the email. This v= ulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1. 2026-= 01-28 not yet calculated CVE-2026-0818 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-0818 ] https://bugzilla.mozilla.org/show_bug.cgi?id=3D1881530 https://www.mozilla.org/security/advisories/mfsa2026-07/ https://www.mozilla.org/security/advisories/mfsa2026-08/
=C2=A0 MuntashirAkon--AppManager Integer Overflow or Wraparound vulnerabili=
ty in MuntashirAkon AppManager (app/src/main/java/org/apache/commons/compre= ss/archivers/tar modules). This vulnerability is associated with program fi= les TarUtils.Java. This issue affects AppManager: before 4.0.4. 2026-01-27 = not yet calculated CVE-2026-1464 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-1464 ] https://github.com/MuntashirAkon/AppManager/pull/1598
=C2=A0 N3uron--N3uron An issue in N3uron Web User Interface v.1.21.7-240207= .1047 allows a remote attacker to escalate privileges via the password hash= ing on the client side using the MD5 algorithm over a predictable string fo= rmat 2026-01-29 not yet calculated CVE-2025-69929 [ https://www.cve.org/CVE= Record?id=3DCVE-2025-69929 ] http://n3uron.com https://www.linkedin.com/in/joselabreu https://gist.github.com/JoseAbreu28/67f5d8bfc7ba1def526efeda5771a244
=C2=A0 NAVER--billboard.js billboard.js before 3.18.0 allows an attacker to=
execute malicious JavaScript due to improper sanitization during chart opt= ion binding. 2026-01-28 not yet calculated CVE-2026-1513 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-1513 ] https://cve.naver.com/detail/cve-2026-15= 13.html
=C2=A0 neka-nat--cupoch Out-of-bounds Write vulnerability in neka-nat cupoc=
h (third_party/libjpeg-turbo/libjpeg-turbo modules). This vulnerability is = associated with program files tjbench.C. This issue affects cupoch. 2026-01= -27 not yet calculated CVE-2026-24797 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-24797 ] https://github.com/neka-nat/cupoch/pull/138
=C2=A0 NETGEAR--NETGEAR products Some end of service NETGEAR products provi=
de "TelnetEnable" functionality, which allows a magic packet to activate te= lnet service on the box. 2026-01-30 not yet calculated CVE-2026-24714 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-24714 ] https://www.netgear.com/ab= out/eos/
https://jvn.jp/en/jp/JVN46722282/
=C2=A0 nocodb--nocodb NocoDB is software for building databases as spreadsh= eets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vul= nerability exists in NocoDB's login flow due to missing validation of the `= continueAfterSignIn` parameter. During authentication, NocoDB processes a u= ser-controlled redirect value and conditionally performs client-side naviga= tion without enforcing any restrictions on the destination's origin, domain=
or protocol. This allows attackers to redirect authenticated users to arbi= trary external websites after login. This vulnerability enables phishing at= tacks by leveraging user trust in the legitimate NocoDB login flow. While i=
t does not directly expose credentials or bypass authentication, it increas=
es the likelihood of credential theft through social engineering. The issue=
does not allow arbitrary code execution or privilege escalation, but it un= dermines authentication integrity. Version 0.301.0 fixes the issue. 2026-01= -28 not yet calculated CVE-2026-24768 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-24768 ] https://github.com/nocodb/nocodb/security/advisories/GHSA-= 3hmw-8mw3-rmpj
=C2=A0 nocodb--nocodb NocoDB is software for building databases as spreadsh= eets. Prior to version 0.301.0, a stored cross-site scripting (XSS) vulnera= bility exists in NocoDB's attachment handling mechanism. Authenticated user=
s can upload malicious SVG files containing embedded JavaScript, which are = later rendered inline and executed in the browsers of other users who view = the attachment. Because the malicious payload is stored server-side and exe= cuted under the application's origin, successful exploitation can lead to a= ccount compromise, data exfiltration and unauthorized actions performed on = behalf of affected users. Version 0.301.0 patches the issue. 2026-01-28 not=
yet calculated CVE-2026-24769 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-24769 ] https://github.com/nocodb/nocodb/security/advisories/GHSA-q5c6-h2= 2r-qpwr
=C2=A0 Node.js--Node.js The Node.js package browserstack-local 1.5.8 contai=
ns a command injection vulnerability. This occurs because the logfile varia= ble is not properly sanitized in lib/Local.js. 2026-01-28 not yet calculate=
d CVE-2025-57283 [ https://www.cve.org/CVERecord?id=3DCVE-2025-57283 ] http= s://www.npmjs.com https://gist.github.com/Dremig/b639c61541dd1482007dc7a5cd7fefb1
=C2=A0 nvm-sh--nvm A command injection vulnerability exists in nvm (Node Ve= rsion Manager) versions 0.40.3 and below. The nvm_download() function uses = eval to execute wget commands, and the NVM_AUTH_HEADER environment variable=
was not sanitized in the wget code path (though it was sanitized in the cu=
rl code path). An attacker who can set environment variables in a victim's = shell environment (e.g., via malicious CI/CD configurations, compromised do= tfiles, or Docker images) can inject arbitrary shell commands that execute = when the victim runs nvm commands that trigger downloads, such as 'nvm inst= all' or 'nvm ls-remote'. 2026-01-29 not yet calculated CVE-2026-1665 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-1665 ] Fix commit [ https://github.= com/nvm-sh/nvm/commit/44e2590cdf257faf7d885e4470be8dc66cec9506 ]
Release v0.40.4 [ https://github.com/nvm-sh/nvm/releases/tag/v0.40.4 ]
nvm GitHub repository [ https://github.com/nvm-sh/nvm ] https://github.com/nvm-sh/nvm/pull/3380
=C2=A0 OctoPrint--OctoPrint OctoPrint provides a web interface for controll= ing consumer 3D printers. OctoPrint versions up to and including 1.11.5 are=
affected by a (theoretical) timing attack vulnerability that allows API ke=
y extraction over the network. Due to using character based comparison that=
short-circuits on the first mismatched character during API key validation=
, rather than a cryptographical method with static runtime regardless of th=
e point of mismatch, an attacker with network based access to an affected O= ctoPrint could extract API keys valid on the instance by measuring the resp= onse times of the denied access responses and guess an API key character by=
character. The vulnerability is patched in version 1.11.6. The likelihood =
of this attack actually working is highly dependent on the network's latenc=
y, noise and similar parameters. An actual proof of concept was not achieve=
d so far. Still, as always administrators are advised to not expose their O= ctoPrint instance on hostile networks, especially not on the public Interne=
t. 2026-01-27 not yet calculated CVE-2026-23892 [ https://www.cve.org/CVERe= cord?id=3DCVE-2026-23892 ] https://github.com/OctoPrint/OctoPrint/security/= advisories/GHSA-xg4x-w2j3-57h6 https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230= a0fb5d01a8c
https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6
=C2=A0 OneFlow--OneFlow A shape mismatch vulnerability in OneFlow v0.9.0 al= lows attackers to cause a Denial of Service (DoS) via supplying crafted ten= sor shapes. 2026-01-28 not yet calculated CVE-2025-65886 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-65886 ] https://github.com/Daisy2ang http://oneflow.com
https://github.com/Oneflow-Inc/oneflow https://github.com/Oneflow-Inc/oneflow/issues/10666
=C2=A0 OneFlow--OneFlow A division-by-zero vulnerability in the flow.floor_= divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of = Service (DoS) via a crafted input tensor with zero. 2026-01-28 not yet calc= ulated CVE-2025-65887 [ https://www.cve.org/CVERecord?id=3DCVE-2025-65887 ]=
https://github.com/Daisy2ang
http://oneflow.com
https://github.com/Oneflow-Inc/oneflow https://github.com/Oneflow-Inc/oneflow/issues/10665
=C2=A0 OneFlow--OneFlow A dimension validation flaw in the flow.empty() com= ponent of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS)=
via a negative or excessively large dimension value. 2026-01-28 not yet ca= lculated CVE-2025-65888 [ https://www.cve.org/CVERecord?id=3DCVE-2025-65888=
] https://github.com/Daisy2ang
http://oneflow.com
https://github.com/Oneflow-Inc/oneflow https://github.com/Oneflow-Inc/oneflow/issues/10664
=C2=A0 OneFlow--OneFlow A type validation flaw in the flow.dstack() compone=
nt of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) vi=
a a crafted input. 2026-01-28 not yet calculated CVE-2025-65889 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-65889 ] https://github.com/Daisy2ang http://oneflow.com
https://github.com/Oneflow-Inc/oneflow https://github.com/Oneflow-Inc/oneflow/issues/10663
=C2=A0 OneFlow--OneFlow A device-ID validation flaw in OneFlow v0.9.0 allow=
s attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchro= nize() with an invalid or out-of-range GPU device index. 2026-01-28 not yet=
calculated CVE-2025-65890 [ https://www.cve.org/CVERecord?id=3DCVE-2025-65= 890 ] https://github.com/Daisy2ang
http://oneflow.com
https://github.com/Oneflow-Inc/oneflow https://github.com/Oneflow-Inc/oneflow/issues/10662
=C2=A0 OneFlow--OneFlow A GPU device-ID validation flaw in OneFlow v0.9.0 a= llows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.= get_device_properties() with an invalid or negative device index. 2026-01-2=
8 not yet calculated CVE-2025-65891 [ https://www.cve.org/CVERecord?id=3DCV= E-2025-65891 ] https://github.com/Daisy2ang
http://oneflow.com
https://github.com/Oneflow-Inc/oneflow https://github.com/Oneflow-Inc/oneflow/issues/10661
=C2=A0 OneFlow--OneFlow A GPU device-ID validation flaw in the flow.cuda.ge= t_device_capability() component of OneFlow v0.9.0 allows attackers to cause=
a Denial of Service (DoS) via a crafted device ID. 2026-01-28 not yet calc= ulated CVE-2025-70999 [ https://www.cve.org/CVERecord?id=3DCVE-2025-70999 ]=
https://github.com/Daisy2ang
http://oneflow.com
https://github.com/Oneflow-Inc/oneflow/issues/10660
=C2=A0 OneFlow--OneFlow An issue in the flow.cuda.BoolTensor component of O= neFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a cra= fted input. 2026-01-28 not yet calculated CVE-2025-71000 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-71000 ] https://github.com/Daisy2ang http://oneflow.com
https://github.com/Oneflow-Inc/oneflow/issues/10659
=C2=A0 OneFlow--OneFlow A segmentation violation in the flow.column_stack c= omponent of OneFlow v0.9.0 allows attackers to cause a Denial of Service (D= oS) via a crafted input. 2026-01-28 not yet calculated CVE-2025-71001 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-71001 ] https://github.com/Daisy2a=
ng
http://oneflow.com
https://github.com/Oneflow-Inc/oneflow/issues/10658
=C2=A0 OneFlow--OneFlow A floating-point exception (FPE) in the flow.column= _stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Se= rvice (DoS) via a crafted input. 2026-01-28 not yet calculated CVE-2025-710=
02 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71002 ] https://github.com= /Daisy2ang
https://github.com/Oneflow-Inc/oneflow/issues/10657
=C2=A0 OneFlow--OneFlow An input validation vulnerability in the flow.arang= e() component of OneFlow v0.9.0 allows attackers to cause a Denial of Servi=
ce (DoS) via a crafted input. 2026-01-28 not yet calculated CVE-2025-71003 =
[ https://www.cve.org/CVERecord?id=3DCVE-2025-71003 ] https://github.com/Da= isy2ang
https://github.com/Oneflow-Inc/oneflow/issues/10656
=C2=A0 OneFlow--OneFlow A segmentation violation in the oneflow.logical_or = component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (= DoS) via a crafted input. 2026-01-28 not yet calculated CVE-2025-71004 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-71004 ] https://github.com/Daisy2= ang
https://github.com/Oneflow-Inc/oneflow/issues/10655
=C2=A0 OneFlow--OneFlow A floating point exception (FPE) in the oneflow.vie=
w component of OneFlow v0.9.0 allows attackers to cause a Denial of Service=
(DoS) via a crafted input. 2026-01-28 not yet calculated CVE-2025-71005 [ = https://www.cve.org/CVERecord?id=3DCVE-2025-71005 ] https://github.com/Dais= y2ang
https://github.com/Oneflow-Inc/oneflow/issues/10654
=C2=A0 OneFlow--OneFlow A floating point exception (FPE) in the oneflow.res= hape component of OneFlow v0.9.0 allows attackers to cause a Denial of Serv= ice (DoS) via a crafted input. 2026-01-28 not yet calculated CVE-2025-71006=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-71006 ] https://github.com/D= aisy2ang
https://github.com/Oneflow-Inc/oneflow/issues/10653
=C2=A0 OneFlow--OneFlow An input validation vulnerability in the oneflow.in= dex_add component of OneFlow v0.9.0 allows attackers to cause a Denial of S= ervice (DoS) via a crafted input. 2026-01-28 not yet calculated CVE-2025-71= 007 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71007 ] https://github.co= m/Daisy2ang
https://github.com/Oneflow-Inc/oneflow/issues/10652
=C2=A0 OneFlow--OneFlow A segmentation violation in the oneflow._oneflow_in= ternal.autograd.Function.FunctionCtx.mark_non_differentiable component of O= neFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a cra= fted input. 2026-01-29 not yet calculated CVE-2025-71008 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-71008 ] https://github.com/Daisy2ang https://github.com/Oneflow-Inc/oneflow/issues/10651
=C2=A0 OneFlow--OneFlow An input validation vulnerability in the flow.scatt= er/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a=
Denial of Service (DoS) via a crafted indices. 2026-01-29 not yet calculat=
ed CVE-2025-71009 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71009 ] htt= ps://github.com/Daisy2ang
https://github.com/Oneflow-Inc/oneflow/issues/10649
=C2=A0 OneFlow--OneFlow An input validation vulnerability in the flow.Tenso= r.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow=
v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted i= nput. 2026-01-29 not yet calculated CVE-2025-71011 [ https://www.cve.org/CV= ERecord?id=3DCVE-2025-71011 ] https://github.com/Daisy2ang https://github.com/Oneflow-Inc/oneflow/issues/10648
=C2=A0 openemr--openemr OpenEMR is a free and open source electronic health=
records and medical practice management application. Versions prior to 7.0=
.4 have a vulnerability where sensitive data is unintentionally revealed to=
unauthorized parties. Contents of Clinical Notes and Care Plan, where an e= ncounter has Sensitivity=3Dhigh, can be viewed and changed by users who do = not have Sensitivities=3Dhigh privilege. Version 7.0.4 fixes the issue. 202= 6-01-27 not yet calculated CVE-2025-54373 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-54373 ] https://github.com/openemr/openemr/security/advisories= /GHSA-739g-6m63-p7fr https://github.com/openemr/openemr/commit/aef3d1c85d9ff2f28d3d361d2818aee79= b6dcd33
=C2=A0 OpenSSL--OpenSSL Issue summary: PBMAC1 parameters in PKCS#12 files a=
re missing validation which can trigger a stack-based buffer overflow, inva= lid pointer or NULL pointer dereference during MAC verification. Impact sum= mary: The stack buffer overflow or NULL pointer dereference may cause a cra=
sh leading to Denial of Service for an application that parses untrusted PK= CS#12 files. The buffer overflow may also potentially enable code execution=
depending on platform mitigations. When verifying a PKCS#12 file that uses=
PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file=
are used without validation. If the value of keylength exceeds the size of=
the fixed stack buffer used for the derived key (64 bytes), the key deriva= tion will overflow the buffer. The overflow length is attacker-controlled. = Also, if the salt parameter is not an OCTET STRING type this can lead to in= valid or NULL pointer dereference. Exploiting this issue requires a user or=
application to process a maliciously crafted PKCS#12 file. It is uncommon =
to accept untrusted PKCS#12 files in applications as they are usually used =
to store private keys which are trusted by definition. For this reason the = issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3=
.4 are not affected by this issue, as PKCS#12 processing is outside the Ope= nSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this = issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as = they do not support PBMAC1 in PKCS#12. 2026-01-27 not yet calculated CVE-20= 25-11187 [ https://www.cve.org/CVERecord?id=3DCVE-2025-11187 ] OpenSSL Advi= sory [ https://openssl-library.org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/8caf359d6e46fb= 413e8f5f0df765d2e8a51df4e8 ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/e1079bc17ed93f= f16f6b86f33a2fe3336e78817e ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/205e3a55e16e4b= d08c12fdbd3416ab829c0f6206 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: Parsing CMS AuthEnvelopedData messag=
e with maliciously crafted AEAD parameters can trigger a stack buffer overf= low. Impact summary: A stack buffer overflow may lead to a crash, causing D= enial of Service, or potentially remote code execution. When parsing CMS Au= thEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (I= nitialization Vector) encoded in the ASN.1 parameters is copied into a fixe= d-size stack buffer without verifying that its length fits the destination.=
An attacker can supply a crafted CMS message with an oversized IV, causing=
a stack-based out-of-bounds write before any authentication or tag verific= ation occurs. Applications and services that parse untrusted CMS or PKCS#7 = content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) ar=
e vulnerable. Because the overflow occurs prior to authentication, no valid=
key material is required to trigger it. While exploitability to remote cod=
e execution depends on platform and toolchain mitigations, the stack-based = write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4=
, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is = outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.=
0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by=
this issue. 2026-01-27 not yet calculated CVE-2025-15467 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-15467 ] OpenSSL Advisory [ https://openssl-lib= rary.org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee= 5508a0349e4572ddb74db5a703 ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/d0071a0799f20c= c8101730145349ed4487c268dc ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/6ced0fe6b10faa= 560e410e3ee8d6c82f06c65ea3 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/5f26d4202f5b89= 664c5c3f3c62086276026ba9a9 ]
3.0.19 git commit [ https://github.com/openssl/openssl/commit/ce39170276dae= c87f55c39dad1f629b56344429e ]
=C2=A0 OpenSSL--OpenSSL Issue summary: If an application using the SSL_CIPH= ER_find() function in a QUIC protocol client or server receives an unknown = cipher suite from the peer, a NULL dereference occurs. Impact summary: A NU=
LL pointer dereference leads to abnormal termination of the running process=
causing Denial of Service. Some applications call SSL_CIPHER_find() from t=
he client_hello_cb callback on the cipher ID received from the peer. If thi=
s is done with an SSL object implementing the QUIC protocol, NULL pointer d= ereference will happen if the examined cipher ID is unknown or unsupported.=
As it is not very common to call this function in applications using the Q= UIC protocol and the worst outcome is Denial of Service, the issue was asse= ssed as Low severity. The vulnerable code was introduced in the 3.2 version=
with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3= .5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation =
is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 = are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected=
by this issue. 2026-01-27 not yet calculated CVE-2025-15468 [ https://www.= cve.org/CVERecord?id=3DCVE-2025-15468 ] OpenSSL Advisory [ https://openssl-= library.org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/b2539639400288= a4580fe2d76247541b976bade4 ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/1f08e54bad3284= 3044fe8a675948d65e3b4ece65 ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/7c88376731c589= ee5b36116c5a6e32d5ae5f7ae2 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/d75b309879631d= 45b972396ce4e5102559c64ac7 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: The 'openssl dgst' command-line tool=
silently truncates input data to 16MB when using one-shot signing algorith=
ms and reports success instead of an error. Impact summary: A user signing =
or verifying files larger than 16MB with one-shot algorithms (such as Ed255= 19, Ed448, or ML-DSA) may believe the entire file is authenticated while tr= ailing data beyond 16MB remains unauthenticated. When the 'openssl dgst' co= mmand is used with algorithms that only support one-shot signing (Ed25519, = Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB = limit. If the input exceeds this limit, the tool silently truncates to the = first 16MB and continues without signaling an error, contrary to what the d= ocumentation states. This creates an integrity gap where trailing bytes can=
be modified without detection if both signing and verification are perform=
ed using the same affected codepath. The issue affects only the command-lin=
e tool behavior. Verifiers that process the full message using library APIs=
will reject the signature, so the risk primarily affects workflows that bo=
th sign and verify with the affected 'openssl dgst' command. Streaming dige=
st algorithms for 'openssl dgst' and library users are unaffected. The FIPS=
modules in 3.5 and 3.6 are not affected by this issue, as the command-line=
tools are outside the OpenSSL FIPS module boundary. OpenSSL 3.5 and 3.6 ar=
e vulnerable to this issue. OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not = affected by this issue. 2026-01-27 not yet calculated CVE-2025-15469 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-15469 ] OpenSSL Advisory [ https://= openssl-library.org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/310f305eb92ea8= 040d6b3cb75a5feeba8e6acf2f ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/a7936fa4bd23c9= 06e1955a16a0a0ab39a4953a61 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: A TLS 1.3 connection using certifica=
te compression can be forced to allocate a large buffer before decompressio=
n without checking against the configured certificate size limit. Impact su= mmary: An attacker can cause per-connection memory allocations of up to app= roximately 22 MiB and extra CPU work, potentially leading to service degrad= ation or resource exhaustion (Denial of Service). In affected configuration=
s, the peer-supplied uncompressed certificate length from a CompressedCerti= ficate message is used to grow a heap buffer prior to decompression. This l= ength is not bounded by the max_cert_list setting, which otherwise constrai=
ns certificate message sizes. An attacker can exploit this to cause large p= er-connection allocations followed by handshake failure. No memory corrupti=
on or information disclosure occurs. This issue only affects builds where T=
LS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_AL=
G) and at least one compression algorithm (brotli, zlib, or zstd) is availa= ble, and where the compression extension is negotiated. Both clients receiv= ing a server CompressedCertificate and servers in mutual TLS scenarios rece= iving a client CompressedCertificate are affected. Servers that do not requ= est client certificates are not vulnerable to client-initiated attacks. Use=
rs can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION =
to disable receiving compressed certificates. The FIPS modules in 3.6, 3.5,=
3.4 and 3.3 are not affected by this issue, as the TLS implementation is o= utside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are = vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by = this issue. 2026-01-27 not yet calculated CVE-2025-66199 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-66199 ] OpenSSL Advisory [ https://openssl-libr= ary.org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/6184a4fb08ee6d= 7bca570d931a4e8bef40b64451 ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/895150b5e021d1= 6b52fb32b97e1dd12f20448be5 ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/966a2478046c31= 1ed7dae50c457d0db4cafbf7e4 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/3ed1f75249932b= 155eef993a8e66a99cb98bfef4 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: Writing large, newline-free data int=
o a BIO chain using the line-buffering filter where the next BIO performs s= hort writes can trigger a heap-based out-of-bounds write. Impact summary: T= his out-of-bounds write can cause memory corruption which typically results=
in a crash, leading to Denial of Service for an application. The line-buff= ering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data = paths. In OpenSSL command-line applications, it is typically only pushed on=
to stdout/stderr on VMS systems. Third-party applications that explicitly u=
se this filter with a BIO chain that can short-write and that write large, = newline-free data influenced by an attacker would be affected. However, the=
circumstances where this could happen are unlikely to be under attacker co= ntrol, and BIO_f_linebuffer is unlikely to be handling non-curated data con= trolled by an attacker. For that reason the issue was assessed as Low sever= ity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by thi=
s issue, as the BIO implementation is outside the OpenSSL FIPS module bound= ary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to thi=
s issue. 2026-01-27 not yet calculated CVE-2025-68160 [ https://www.cve.org= /CVERecord?id=3DCVE-2025-68160 ] OpenSSL Advisory [ https://openssl-library= .org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/4c96fbba618e19= 40f038012506ee9e21d32ee12c ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/6845c3b6460a98= b1ec4e463baa2ea1a63a32d7c0 ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/68a7cd2e2816c3= a02f4d45a2ce43fc04fac97096 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/384011202af926= 05d926fafe4a0bcd6b65d162ad ]
3.0.19 git commit [ https://github.com/openssl/openssl/commit/475c466ef2fbd= 8fc1df6fae1c3eed9c813fc8ff6 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: When using the low-level OCB API dir= ectly with AES-NI or other hardware-accelerated code paths, inputs whose=
length is not a multiple of 16 bytes can leave the final partial block = unencrypted and unauthenticated. Impact summary: The trailing 1-15 b= ytes of a message may be exposed in cleartext on encryption and are not = covered by the authentication tag, allowing an attacker to read or tampe=
r with those bytes without detection. The low-level OCB encrypt and = decrypt routines in the hardware-accelerated stream path process full 16= -byte blocks but do not advance the input/output pointers. The subsequen=
t tail-handling code then operates on the original base pointers, effect= ively reprocessing the beginning of the buffer while leaving the actual = trailing bytes unprocessed. The authentication checksum also excludes th=
e true tail bytes. However, typical OpenSSL consumers using EVP are = not affected because the higher-level EVP and provider OCB implementatio=
ns split inputs so that full blocks and trailing partial blocks are proc= essed in separate calls, avoiding the problematic code path. Additionall=
y, TLS does not use OCB ciphersuites. The vulnerability only affects app= lications that call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb1= 28_decrypt() functions directly with non-block-aligned lengths in a sing=
le call on hardware-accelerated builds. For these reasons the issue was = assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.=
2, 3.1 and 3.0 are not affected by this issue, as OCB mode is not a FIPS= -approved algorithm. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are v= ulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue=
. 2026-01-27 not yet calculated CVE-2025-69418 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-69418 ] OpenSSL Advisory [ https://openssl-library.org/ne= ws/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/ed40856d7d4ba6= cb42779b6770666a65f19cb977 ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/4016975d4469cd= 6b94927c607f7c511385f928d8 ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/372fc5c7752969= 5b05b4f5b5187691a57ef5dffc ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/a7589230356d90= 8c0eca4b969ec4f62106f4f5ae ]
3.0.19 git commit [ https://github.com/openssl/openssl/commit/52d23c86a54ad= ab5ee9f80e48b242b52c4cc2347 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: Calling PKCS12_get_friendlyname() fu= nction on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) fr= iendly name containing non-ASCII BMP code point can trigger a one byte writ=
e before the allocated buffer. Impact summary: The out-of-bounds write can = cause a memory corruption which can have various consequences including a D= enial of Service. The OPENSSL_uni2utf8() function performs a two-pass conve= rsion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when = emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forward=
s the remaining UTF-16 source byte count as the destination buffer capacity=
to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three byt= es, but the forwarded capacity can be just two bytes. UTF8_putc() then retu= rns -1, and this negative value is added to the output length without valid= ation, causing the length to become negative. The subsequent trailing NUL b= yte is then written at a negative offset, causing write outside of heap all= ocated buffer. The vulnerability is reachable via the public PKCS12_get_fri= endlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS1= 2_parse() uses a different code path that avoids this issue, PKCS12_get_fri= endlyname() directly invokes the vulnerable function. Exploitation requires=
an attacker to provide a malicious PKCS#12 file to be parsed by the applic= ation and the attacker can just trigger a one zero byte write before the al= located buffer. For that reason the issue was assessed as Low severity acco= rding to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.=
0 are not affected by this issue, as the PKCS#12 implementation is outside = the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1=
are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.=
2026-01-27 not yet calculated CVE-2025-69419 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-69419 ] OpenSSL Advisory [ https://openssl-library.org/new= s/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/7e9cac9832e470= 5b91987c2474ed06a37a93cecb ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/ff628933755075= 446bca8307e8417c14d164b535 ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/cda12de3bc0e33= 3ea8d2c6fd15001dbdaf280015 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/a26a90d38edec3= 748566129d824e664b54bee2e2 ]
3.0.19 git commit [ https://github.com/openssl/openssl/commit/41be0f216404f= 14457bbf3b9cc488dba60b49296 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: A type confusion vulnerability exist=
s in the TimeStamp Response verification code where an ASN1_TYPE union memb=
er is accessed without first validating the type, causing an invalid or NUL=
L pointer dereference when processing a malformed TimeStamp Response file. = Impact summary: An application calling TS_RESP_verify_response() with a mal= formed TimeStamp Response can be caused to dereference an invalid or NULL p= ointer when reading, resulting in a Denial of Service. The functions ossl_e= ss_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing=
cert attribute value without validating its type. When the type is not V_A= SN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYP=
E union, causing a crash. Exploiting this vulnerability requires an attacke=
r to provide a malformed TimeStamp Response to an application that verifies=
timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used = and the impact of the exploit is just a Denial of Service. For these reason=
s the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3=
and 3.0 are not affected by this issue, as the TimeStamp Response implemen= tation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, = 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affec= ted by this issue. 2026-01-27 not yet calculated CVE-2025-69420 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-69420 ] OpenSSL Advisory [ https://opens= sl-library.org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/a99349ebfc5199= 99edc50620abe24d599b9eb085 ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/564fd9c73787f2= 5693bf9e75faf7bf6bb1305d4e ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/27c7012c91cc98= 6a598d7540f3079dfde2416eb9 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/5eb0770ffcf11b= 785cf374ff3c19196245e54f1b ]
3.0.19 git commit [ https://github.com/openssl/openssl/commit/4e254b48ad93c= c092be3dd62d97015f33f73133a ]
=C2=A0 OpenSSL--OpenSSL Issue summary: Processing a malformed PKCS#12 file = can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() = function. Impact summary: A NULL pointer dereference can trigger a crash wh= ich leads to Denial of Service for an application processing PKCS#12 files.=
The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct p= arameter is NULL before dereferencing it. When called from PKCS12_unpack_p7= encdata() with a malformed PKCS#12 file, this parameter can be NULL, causin=
g a crash. The vulnerability is limited to Denial of Service and cannot be = escalated to achieve code execution or memory disclosure. Exploiting this i= ssue requires an attacker to provide a malformed PKCS#12 file to an applica= tion that processes it. For that reason the issue was assessed as Low sever= ity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.=
3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is = outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, = 1.1.1 and 1.0.2 are vulnerable to this issue. 2026-01-27 not yet calculated=
CVE-2025-69421 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69421 ] OpenS=
SL Advisory [ https://openssl-library.org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/a2dbc539f0f9cc= 63832709fa5aa33ad9495eb19c ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/3524a29271f819= 1b8fd8a5257eb05173982a097b ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/643986985cd1c2= 1221f941129d76fe0c2785aeb3 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/4bbc8d41a72c84= 2ce4077a8a3eccd1109aaf74bd ]
3.0.19 git commit [ https://github.com/openssl/openssl/commit/36ecb4960872a= 4ce04bf6f1e1f4e78d75ec0c0c7 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: An invalid or NULL pointer dereferen=
ce can happen in an application processing a malformed PKCS#12 file. Impact=
summary: An application processing a malformed PKCS#12 file can be caused =
to dereference an invalid or NULL pointer on memory read, resulting in a De= nial of Service. A type confusion vulnerability exists in PKCS#12 parsing c= ode where an ASN1_TYPE union member is accessed without first validating th=
e type, causing an invalid pointer read. The location is constrained to a 1= -byte address space, meaning any attempted pointer manipulation can only ta= rget addresses between 0x00 and 0xFF. This range corresponds to the zero pa= ge, which is unmapped on most modern operating systems and will reliably re= sult in a crash, leading only to a Denial of Service. Exploiting this issue=
also requires a user or application to process a maliciously crafted PKCS#=
12 file. It is uncommon to accept untrusted PKCS#12 files in applications a=
s they are usually used to store private keys which are trusted by definiti= on. For these reasons, the issue was assessed as Low severity. The FIPS mod= ules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12=
implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3= .5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is = not affected by this issue. 2026-01-27 not yet calculated CVE-2026-22795 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-22795 ] OpenSSL Advisory [ http= s://openssl-library.org/news/secadv/20260127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/ef2fb66ec57156= 4d64d1c74a12e388a2a54d05d2 ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/2502e7b7d4c0cf= 4f972a881641fe09edc67aeec4 ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/7bbca05be55b12= 9651d9df4bdb92becc45002c12 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/eeee3cbd4d6820= 95ed431052f00403004596373e ]
3.0.19 git commit [ https://github.com/openssl/openssl/commit/572844beca950= 68394c916626a6d3a490f831a49 ]
=C2=A0 OpenSSL--OpenSSL Issue summary: A type confusion vulnerability exist=
s in the signature verification of signed PKCS#7 data where an ASN1_TYPE un= ion member is accessed without first validating the type, causing an invali=
d or NULL pointer dereference when processing malformed PKCS#7 data. Impact=
summary: An application performing signature verification of PKCS#7 data o=
r calling directly the PKCS7_digest_from_attributes() function can be cause=
d to dereference an invalid or NULL pointer when reading, resulting in a De= nial of Service. The function PKCS7_digest_from_attributes() accesses the m= essage digest attribute value without validating its type. When the type is=
not V_ASN1_OCTET_STRING, this results in accessing invalid memory through = the ASN1_TYPE union, causing a crash. Exploiting this vulnerability require=
s an attacker to provide a malformed signed PKCS#7 to an application that v= erifies it. The impact of the exploit is just a Denial of Service, the PKCS=
7 API is legacy and applications should be using the CMS API instead. For t= hese reasons the issue was assessed as Low severity. The FIPS modules in 3.=
5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing i= mplementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5=
, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. 2026-01-27 n=
ot yet calculated CVE-2026-22796 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-22796 ] OpenSSL Advisory [ https://openssl-library.org/news/secadv/2026= 0127.txt ]
3.6.1 git commit [ https://github.com/openssl/openssl/commit/ef2fb66ec57156= 4d64d1c74a12e388a2a54d05d2 ]
3.5.5 git commit [ https://github.com/openssl/openssl/commit/2502e7b7d4c0cf= 4f972a881641fe09edc67aeec4 ]
3.4.4 git commit [ https://github.com/openssl/openssl/commit/7bbca05be55b12= 9651d9df4bdb92becc45002c12 ]
3.3.6 git commit [ https://github.com/openssl/openssl/commit/eeee3cbd4d6820= 95ed431052f00403004596373e ]
3.0.19 git commit [ https://github.com/openssl/openssl/commit/572844beca950= 68394c916626a6d3a490f831a49 ]
=C2=A0 OpenText--Vertica Cleartext Storage of Sensitive Information vulnera= bility in OpenText=C3=A2=E2=80=9E=C2=A2 Vertica allows Retrieve Embedded Se= nsitive Data.=C2=A0=C2=A0 The vulnerability could read Vertica agent plaint= ext apikey. This issue affects Vertica versions: 23.X, 24.X, 25.X. 2026-01-=
30 not yet calculated CVE-2024-9432 [ https://www.cve.org/CVERecord?id=3DCV= E-2024-9432 ] https://portal.microfocus.com/s/article/KM000044937?language= =3Den_US
=C2=A0 OpenVPN--OpenVPN Insufficient epoch key slot processing in OpenVPN 2= .7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an a= ssert resulting in a denial of service 2026-01-30 not yet calculated CVE-20= 25-15497 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15497 ] https://comm= unity.openvpn.net/Security%20Announcements/CVE-2025-15497 https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg0015= 6.html
=C2=A0 opf--openproject OpenProject is an open-source, web-based project ma= nagement software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary fi=
le write vulnerability in OpenProject's repository diff download endpoint (= `/projects/:project_id/repository/diff.diff`) when rendering a single revis= ion via git show. By supplying a specially crafted rev value (for example, = `rev=3D--output=3D/tmp/poc.txt)`, an attacker can inject git show command-l= ine options. When OpenProject executes the SCM command, Git interprets the = attacker-controlled rev as an option and writes the output to an attacker-c= hosen path. As a result, any user with the `:browse_repository` permission =
on the project can create or overwrite arbitrary files that the OpenProject=
process user is permitted to write. The written contents consist of git sh=
ow output (commit metadata and patch), but overwriting application or confi= guration files still leads to data loss and denial of service, impacting in= tegrity and availability. The issue has been fixed in OpenProject 17.0.2 an=
d 16.6.6. 2026-01-28 not yet calculated CVE-2026-24685 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-24685 ] https://github.com/opf/openproject/securi= ty/advisories/GHSA-74p5-9pr3-r6pw
=C2=A0 orval-labs--orval Orval generates type-safe JS clients (TypeScript) = from any valid OpenAPI v3 or Swagger v2 specification. Versions starting wi=
th 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026= -23947. While the jsStringEscape function properly handles single quotes ('=
), double quotes (") and so on, it is still possible to achieve code inject= ion using only a limited set of characters that are currently not escaped. = The vulnerability lies in the fact that the application can be forced to ex= ecute arbitrary JavaScript using characters such as []()!+. By using a tech= nique known as JSFuck, an attacker can bypass the current sanitization logi=
c and run arbitrary code without needing any alphanumeric characters or quo= tes. Version 7.21.0 and 8.2.0 contain an updated fix. 2026-01-30 not yet ca= lculated CVE-2026-25141 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25141=
] https://github.com/orval-labs/orval/security/advisories/GHSA-gch2-phqh-f= g9q
https://github.com/orval-labs/orval/security/advisories/GHSA-h526-wf6g-67jv https://github.com/orval-labs/orval/blob/02211fc413524be340ba9ace866a2ef688= 45ca7c/packages/core/src/utils/string.ts#L227 https://github.com/orval-labs/orval/releases/tag/v7.21.0 https://github.com/orval-labs/orval/releases/tag/v8.2.0
=C2=A0 Phala-Network--dcap-qvl dcap-qvl implements the quote verification l= ogic for DCAP (Data Center Attestation Primitives). A vulnerability present=
in versions prior to 0.3.9 involves a critical gap in the cryptographic ve= rification process within the dcap-qvl. The library fetches QE Identity col= lateral (including qe_identity, qe_identity_signature, and qe_identity_issu= er_chain) from the PCCS. However, it skips to verify the QE Identity signat= ure against its certificate chain and does not enforce policy constraints o=
n the QE Report. An attacker can forge the QE Identity data to whitelist a = malicious or non-Intel Quoting Enclave. This allows the attacker to forge t=
he QE and sign untrusted quotes that the verifier will accept as valid. Eff= ectively, this bypasses the entire remote attestation security model, as th=
e verifier can no longer trust the entity responsible for signing the quote=
s. All deployments utilizing the dcap-qvl library for SGX or TDX quote veri= fication are affected. The vulnerability has been patched in dcap-qvl versi=
on 0.3.9. The fix implements the missing cryptographic verification for the=
QE Identity signature and enforces the required checks for MRSIGNER, ISVPR= ODID, and ISVSVN against the QE Report. Users of the `@phala/dcap-qvl-node`=
and `@phala/dcap-qvl-web` packages should switch to the pure JavaScript im= plementation, `@phala/dcap-qvl`. There are no known workarounds for this vu= lnerability. Users must upgrade to the patched version to ensure that QE Id= entity collateral is properly verified. 2026-01-26 not yet calculated CVE-2= 026-22696 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22696 ] https://git= hub.com/Phala-Network/dcap-qvl/security/advisories/GHSA-796p-j2gh-9m2q
=C2=A0 pilgrimage233--Minecraft-Rcon-Manage Improper Control of Generation =
of Code ('Code Injection') vulnerability in pilgrimage233 Minecraft-Rcon-Ma= nage. This issue affects Minecraft-Rcon-Manage: before 3.0. 2026-01-27 not = yet calculated CVE-2026-24871 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -24871 ] https://github.com/pilgrimage233/Minecraft-Rcon-Manage/pull/13
=C2=A0 Pix-Link--LV-WR21Q Pix-Link LV-WR21Q does not enforce any form of au= thentication for endpoint=C2=A0/goform/getHomePageInfo. Remote unauthentica= ted attacker is able to use this endpoint to e.g: retrieve cleartext passwo=
rd to the access point. The vendor was notified early about this vulnerabil= ity, but didn't respond with the details of vulnerability or vulnerable ver= sion range. Only version V108_108 was tested and confirmed as vulnerable, o= ther versions were not tested and might also be vulnerable. 2026-01-27 not = yet calculated CVE-2025-12386 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -12386 ] https://cert.pl/en/posts/2026/01/CVE-2025-12386 https://www.pix-link.com/lv-wr21q
https://github.com/wcyb/security_research
=C2=A0 Pix-Link--LV-WR21Q A vulnerability in the Pix-Link LV-WR21Q router's=
language module allows remote attackers to trigger a denial of service (Do=
S) by sending a specially crafted HTTP POST request containing non-existing=
language parameter. This renders the server unable to serve correct lang.j=
s file, which causes administrator panel to not work, resulting in DoS unti=
l the language settings is reverted to a correct value. The Denial of Servi=
ce affects only the administrator panel and does not affect other router fu= nctionalities. The vendor was notified early about this vulnerability, but = didn't respond with the details of vulnerability or vulnerable version rang=
e. Only version V108_108 was tested and confirmed as vulnerable, other vers= ions were not tested and might also be vulnerable. 2026-01-27 not yet calcu= lated CVE-2025-12387 [ https://www.cve.org/CVERecord?id=3DCVE-2025-12387 ] = https://cert.pl/en/posts/2026/01/CVE-2025-12386 https://www.pix-link.com/lv-wr21q
https://github.com/wcyb/security_research
=C2=A0 pnpm--pnpm pnpm is a package manager. Prior to version 10.28.2, when=
pnpm installs a `file:` (directory) or `git:` dependency, it follows symli= nks and reads their target contents without constraining them to the packag=
e root. A malicious package containing a symlink to an absolute path (e.g.,=
`/etc/passwd`, `~/.ssh/id_rsa`) causes pnpm to copy that file's contents i= nto `node_modules`, leaking local data. The vulnerability only affects `fil= e:` and `git:` dependencies. Registry packages (npm) have symlinks stripped=
during publish and are NOT affected. The issue impacts developers installi=
ng local/file dependencies andCI/CD pipelines installing git dependencies. =
It can lead to credential theft via symlinks to `~/.aws/credentials`, `~/.n= pmrc`, `~/.ssh/id_rsa`. Version 10.28.2 contains a patch. 2026-01-26 not ye=
t calculated CVE-2026-24056 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2= 4056 ] https://github.com/pnpm/pnpm/security/advisories/GHSA-m733-5w8f-5ggw https://github.com/pnpm/pnpm/commit/b277b45bc35ae77ca72d7634d144bbd58a48b70f https://github.com/pnpm/pnpm/releases/tag/v10.28.2
=C2=A0 pnpm--pnpm pnpm is a package manager. Prior to version 10.28.2, when=
pnpm processes a package's `directories.bin` field, it uses `path.join()` = without validating the result stays within the package root. A malicious np=
m package can specify `"directories": {"bin": "../../../../tmp"}` to escape=
the package directory, causing pnpm to chmod 755 files at arbitrary locati= ons. This issue only affects Unix/Linux/macOS. Windows is not affected (`fi= xBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`). Version 10.28.2 contains a = patch. 2026-01-26 not yet calculated CVE-2026-24131 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-24131 ] https://github.com/pnpm/pnpm/security/adviso= ries/GHSA-v253-rj99-jwpq https://github.com/pnpm/pnpm/commit/17432ad5bbed5c2e77255ca6d56a1449bbcfd943 https://github.com/pnpm/pnpm/releases/tag/v10.28.2
=C2=A0 PodcastGenerator--PodcastGenerator A Stored cross-site scripting (XS=
S) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows=
remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHOR=
T DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets ex= ecuted on 'View All Live Items' and 'Live Stream' pages. 2026-01-28 not yet=
calculated CVE-2025-70336 [ https://www.cve.org/CVERecord?id=3DCVE-2025-70= 336 ] https://github.com/PodcastGenerator/PodcastGenerator https://github.com/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336 =C2=A0 podman-desktop--podman-desktop Podman Desktop is a graphical tool fo=
r developing on containers and Kubernetes. A critical authentication bypass=
vulnerability in Podman Desktop prior to version 1.25.1 allows any extensi=
on to completely circumvent permission checks and gain unauthorized access =
to all authentication sessions. The `isAccessAllowed()` function unconditio= nally returns `true`, enabling malicious extensions to impersonate any user=
, hijack authentication sessions, and access sensitive resources without au= thorization. This vulnerability affects all versions of Podman Desktop. Ver= sion 1.25.1 contains a patch for the issue. 2026-01-28 not yet calculated C= VE-2026-24835 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24835 ] https:/= /github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg3= 4-6g9m https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp= =3Dsharing
=C2=A0 praydog--REFramework An issue from the component luaG_runerror in de= pendencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 lea=
ds to a heap-buffer overflow when a recursive error occurs. 2026-01-27 not = yet calculated CVE-2026-24809 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -24809 ] https://github.com/praydog/REFramework/pull/1320
=C2=A0 praydog--UEVR Out-of-bounds Write vulnerability in praydog UEVR (dep= endencies/lua/src modules). This vulnerability is associated with program f= iles ldebug.C, lvm.C. This issue affects UEVR: before 1.05. 2026-01-27 not = yet calculated CVE-2026-24817 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -24817 ] https://github.com/praydog/UEVR/pull/336
=C2=A0 praydog--UEVR Out-of-bounds Read vulnerability in praydog UEVR (depe= ndencies/lua/src modules). This vulnerability is associated with program fi= les lparser.C. This issue affects UEVR: before 1.05. 2026-01-27 not yet cal= culated CVE-2026-24818 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24818 =
] https://github.com/praydog/UEVR/pull/337
=C2=A0 Progress Software--Chef Inspec Chef InSpec up to version 5.23 create=
s named pipes with overly permissive default Windows access controls. A loc=
al attacker may interfere with the pipe connection process and exploit the = insufficient access restrictions to assume the InSpec execution context, po= tentially resulting in elevated privileges or operational disruption. This = issue affects Chef Inspec: through 5.23. 2026-01-30 not yet calculated CVE-= 2025-6723 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6723 ] https://docs= .chef.io/inspec/
=C2=A0 pwncollege--dojo pwn.college DOJO is an education platform for learn= ing cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a=
, missing sandboxing on `/workspace/*` routes allows challenge authors to i= nject arbitrary javascript which runs on the same origin as `http[:]//dojo[= .]website`. This is a sandbox escape leading to arbitrary javascript execut= ion as the dojo's origin. A challenge author can craft a page that executes=
any dangerous actions that the user could. Version e33da14449a5abcff507e55= 4f66e2141d6683b0a patches the issue. 2026-01-29 not yet calculated CVE-2026= -25117 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25117 ] https://github= .com/pwncollege/dojo/security/advisories/GHSA-wvcf-9xm8-7mrg https://github.com/pwncollege/dojo/commit/e33da14449a5abcff507e554f66e2141d= 6683b0a
=C2=A0 py-pdf--pypdf pypdf is a free and open-source pure-python PDF librar=
y. An attacker who uses an infinite loop vulnerability that is present in v= ersions prior to 6.6.2 can craft a PDF which leads to an infinite loop. Thi=
s requires accessing the outlines/bookmarks. This has been fixed in pypdf 6= .6.2. If projects cannot upgrade yet, consider applying the changes from PR=
#3610 manually. 2026-01-27 not yet calculated CVE-2026-24688 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-24688 ] https://github.com/py-pdf/pypdf/se= curity/advisories/GHSA-2q4j-m29v-hq73
https://github.com/py-pdf/pypdf/pull/3610 https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1= fec1
https://github.com/py-pdf/pypdf/releases/tag/6.6.2
=C2=A0 qgis--QGIS QGIS is a free, open source, cross platform geographical = information system (GIS) The repository contains a GitHub Actions workflow = called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e= 5e4f90d954e9, was vulnerable to remote code execution and repository compro= mise because it used the `pull_request_target` trigger and then checked out=
and executed untrusted pull request code in a privileged context. Workflow=
s triggered by `pull_request_target` ran with the base repository's credent= ials and access to secrets. If these workflows then checked out and execute=
d code from the head of an external pull request (which could have been att= acker controlled), the attacker could have executed arbitrary commands with=
elevated privileges. This insecure pattern has been documented as a securi=
ty risk by GitHub and security researchers. Commit 76a693cd91650f9b4e83edac= 525e5e4f90d954e9 removed the vulnerable code. 2026-01-27 not yet calculated=
CVE-2026-24480 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24480 ] https= ://github.com/qgis/QGIS/security/advisories/GHSA-7h99-4f97-h6rw https://github.com/qgis/QGIS/commit/76a693cd91650f9b4e83edac525e5e4f90d954e9 =C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'txAny' in '/evalua= cion_competencias_autoeval_list.aspx', could allow an attacker to extract s= ensitive information from the database through external channels, without t=
he affected application returning the data directly, compromising the confi= dentiality of the stored information. 2026-01-27 not yet calculated CVE-202= 6-1472 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1472 ] https://www.inc= ibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-performa= nce-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' in '/e= valuacion_competencias_evalua.aspx', could allow an attacker to extract sen= sitive information from the database through external channels, without the=
affected application returning the data directly, compromising the confide= ntiality of the stored information. 2026-01-27 not yet calculated CVE-2026-= 1473 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1473 ] https://www.incib= e.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-performanc= e-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' and 'I= d_evaluacion' en '/evaluacion_inicio.aspx', could allow an attacker to extr= act sensitive information from the database through external channels, with= out the affected application returning the data directly, compromising the = confidentiality of the stored information. 2026-01-27 not yet calculated CV= E-2026-1474 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1474 ] https://ww= w.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-per= formance-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' in '/e= valuacion_acciones_evalua.aspx', could allow an attacker to extract sensiti=
ve information from the database through external channels, without the aff= ected application returning the data directly, compromising the confidentia= lity of the stored information. 2026-01-27 not yet calculated CVE-2026-1475=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-1475 ] https://www.incibe.es= /en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-performance-ev= aluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' in '/e= valuacion_acciones_ver_auto.aspx', could allow an attacker to extract sensi= tive information from the database through external channels, without the a= ffected application returning the data directly, compromising the confident= iality of the stored information. 2026-01-27 not yet calculated CVE-2026-14=
76 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1476 ] https://www.incibe.= es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-performance-= evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' and 'I= d_evaluacion' in '/evaluacion_competencias_evalua_old.aspx', could allow an=
attacker to extract sensitive information from the database through extern=
al channels, without the affected application returning the data directly, = compromising the confidentiality of the stored information. 2026-01-27 not = yet calculated CVE-2026-1477 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 1477 ] https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-inje= ction-quatuor-performance-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' and 'I= d_evaluacion' in '/evaluacion_hca_evalua.aspx', could allow an attacker to = extract sensitive information from the database through external channels, = without the affected application returning the data directly, compromising = the confidentiality of the stored information. 2026-01-27 not yet calculate=
d CVE-2026-1478 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1478 ] https:= //www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor= -performance-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameters 'Id_usuario' and '= Id_evaluacion' in '/evaluacion_hca_ver_auto.asp', could allow an attacker t=
o extract sensitive information from the database through external channels=
, without the affected application returning the data directly, compromisin=
g the confidentiality of the stored information. 2026-01-27 not yet calcula= ted CVE-2026-1479 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1479 ] http= s://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatu= or-performance-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' in '/e= valuacion_objetivos_anyo_sig_evalua.aspx', could allow an attacker to extra=
ct sensitive information from the database through external channels, witho=
ut the affected application returning the data directly, compromising the c= onfidentiality of the stored information. 2026-01-27 not yet calculated CVE= -2026-1480 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1480 ] https://www= .incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-perf= ormance-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' in '/e= valuacion_objetivos_anyo_sig_ver_auto.aspx', could allow an attacker to ext= ract sensitive information from the database through external channels, wit= hout the affected application returning the data directly, compromising the=
confidentiality of the stored information. 2026-01-27 not yet calculated C= VE-2026-1481 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1481 ] https://w= ww.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-pe= rformance-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_evaluacion' in = '/evaluacion_objetivos_evalua_definido.aspx', could allow an attacker to ex= tract sensitive information from the database through external channels, wi= thout the affected application returning the data directly, compromising th=
e confidentiality of the stored information. 2026-01-27 not yet calculated = CVE-2026-1482 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1482 ] https://= www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-p= erformance-evaluation
=C2=A0 Quatuor--Evaluacin de Desempeo (EDD) An out-of-band SQL injection vu= lnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD=
) application developed by Gabinete T=C3=83=C2=A9cnico de Programaci=C3=83= =C2=B3n. Exploiting this vulnerability in the parameter 'Id_usuario' in '/e= valuacion_objetivos_ver_auto.aspx', could allow an attacker to extract sens= itive information from the database through external channels, without the = affected application returning the data directly, compromising the confiden= tiality of the stored information. 2026-01-27 not yet calculated CVE-2026-1= 483 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1483 ] https://www.incibe= .es/en/incibe-cert/notices/aviso/out-band-sql-injection-quatuor-performance= -evaluation
=C2=A0 Rails--activestorage # Active Storage allowed transformation methods=
potentially unsafe Active Storage attempts to prevent the use of potential=
ly unsafe image transformation methods and parameters by default. The defau=
lt allowed list contains three methods allow for the circumvention of the s= afe defaults which enables potential command injection vulnerabilities in c= ases where arbitrary user supplied input is accepted as valid transformatio=
n methods or parameters. Impact ------ This vulnerability impacts applicati= ons that use Active Storage with the image_processing processing gem in add= ition to mini_magick as the image processor. Vulnerable code will look some= thing similar to this: ``` <%=3D image_tag blob.variant(params[:t] =3D> par= ams[:v]) %> ``` Where the transformation method or its arguments are untrus= ted arbitrary input. All users running an affected release should either up= grade or use one of the workarounds immediately. Workarounds ----------- Co= nsuming user supplied input for image transformation methods or their param= eters is unsupported behavior and should be considered dangerous. Strict va= lidation of user supplied methods and parameters should be performed as wel=
l as having a strong [ImageMagick security policy](https://imagemagick.org/= script/security-policy.php) deployed. Credits ------- Thank you [lio346](ht= tps://hackerone.com/lio346) for reporting this! 2026-01-30 not yet calculat=
ed CVE-2025-24293 [ https://www.cve.org/CVERecord?id=3DCVE-2025-24293 ] htt= ps://github.com/advisories/GHSA-r4mg-4433-c7g3
=C2=A0 Ralim--IronOS Vulnerability in Ralim IronOS (source/Core/BSP/Pinecil= v2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). Th=
is vulnerability is associated with program files ecc_dsa.C. This issue aff= ects IronOS: before v2.23-rc3. 2026-01-27 not yet calculated CVE-2026-24801=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-24801 ] https://github.com/R= alim/IronOS/pull/2087
=C2=A0 RawTherapee--RawTherapee Integer Overflow or Wraparound vulnerabilit=
y in RawTherapee (rtengine modules). This vulnerability is associated with = program files dcraw.Cc. This issue affects RawTherapee: through 5.11. 2026-= 01-27 not yet calculated CVE-2026-24808 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24808 ] https://github.com/RawTherapee/RawTherapee/pull/7359
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in NetworkMana= ger. The NetworkManager package allows access to files that may belong to o= ther users. NetworkManager allows non-root users to configure the system's = network. The daemon runs with root privileges and can access files owned by=
users different from the one who added the connection. 2026-01-26 not yet = calculated CVE-2025-9615 [ https://www.cve.org/CVERecord?id=3DCVE-2025-9615=
] https://access.redhat.com/security/cve/CVE-2025-9615
RHBZ#2391503 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2391503 ] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_reques= ts/2324 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_reques= ts/2327
=C2=A0 rethinkdb--rethinkdb Buffer Copy without Checking Size of Input ('Cl= assic Buffer Overflow') vulnerability in rethinkdb (src/cjson modules). Thi=
s vulnerability is associated with program files cJSON.Cc. This issue affec=
ts rethinkdb: through v2.4.4. 2026-01-27 not yet calculated CVE-2026-24810 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-24810 ] https://github.com/re= thinkdb/rethinkdb/pull/7163
=C2=A0 RLE NOVA--PlanManager Stored Cross-Site Scripting (XSS) in RLE NOVA'=
s PlanManager. This vulnerability allows an attacker to execute JavaScript = code in the victim's browser by injecting malicious payload through the 'co= mment' and 'brand' parameters in '/index.php'. The payload is stored by the=
application and subsequently displayed without proper sanitization when ot= her users access it. This vulnerability can be exploited to steal sensitive=
user data, such as session cookies, or to perform actions on behalf of the=
user. 2026-01-29 not yet calculated CVE-2026-1469 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-1469 ] https://www.incibe.es/en/incibe-cert/notices/a= viso/stored-cross-site-scripting-xss-rle-novas-planmanager
=C2=A0 root-project--root Vulnerability in root-project root (builtins/zlib=
modules). This vulnerability is associated with program files inffast.C. T= his issue affects root. 2026-01-27 not yet calculated CVE-2026-24811 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-24811 ] https://github.com/root-pro= ject/root/pull/18526
=C2=A0 root-project--root Vulnerability in root-project root (builtins/zlib=
modules). This vulnerability is associated with program files inftrees.C. = This issue affects root: through 6.36.00-rc1. 2026-01-27 not yet calculated=
CVE-2026-24812 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24812 ] https= ://github.com/root-project/root/pull/18527
=C2=A0 Schneider Electric--EcoStruxure Process Expert CWE-276: Incorrect De= fault Permissions vulnerability exists that could cause privilege escalatio=
n through the reverse shell when one or more executable service binaries ar=
e modified in the installation folder by a local user with normal privilege=
upon service restart. 2026-01-29 not yet calculated CVE-2025-13905 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-13905 ] https://download.schneider-e= lectric.com/files?p_Doc_Ref=3DSEVD-2026-013-02&p_enDocType=3DSecurity+and+S= afety+Notice&p_File_Name=3DSEVD-2026-013-02.pdf
=C2=A0 shaarli--Shaarli Shaarli is a personal bookmarking service. Prior to=
version 0.16.0, crafting a malicious tag which starting with `"` premature=
ly ends the `<input>` tag on the start page and allows an attacker to add a= rbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the is= sue. 2026-01-26 not yet calculated CVE-2026-24476 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-24476 ] https://github.com/shaarli/Shaarli/security/ad= visories/GHSA-g3xq-mj52-f8pg https://github.com/shaarli/Shaarli/commit/b854c789289c4b0dfbb7c1e5793bae7d8= f94e063
=C2=A0 sharpred--deepHas deepHas provides a test for the existence of a nes= ted object key and optionally returns that key. A prototype pollution vulne= rability exists in version 1.0.7 of the deephas npm package that allows an = attacker to modify global object behavior. This issue was fixed in version = 1.0.8. 2026-01-29 not yet calculated CVE-2026-25047 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-25047 ] https://github.com/sharpred/deepHas/security= /advisories/GHSA-2733-6c58-pf27 https://github.com/sharpred/deepHas/commit/8097fafd3776c613d8066546653e0d2c= 7b5fc465
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) contain an authoriz= ation flaw in the user management API that allows a low-privileged authenti= cated user to change the administrator account password. By sending a craft=
ed request directly to the backend endpoint, an attacker can bypass role-ba= sed restrictions enforced by the web interface and obtain full administrati=
ve privileges. 2026-01-26 not yet calculated CVE-2026-24428 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-24428 ] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-incorrect-authorization-= allows-administrator-password-change
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) ship with a predefi= ned default password for a built-in authentication account that is not requ= ired to be changed during initial configuration. An attacker can leverage t= hese default credentials to gain authenticated access to the management int= erface. 2026-01-26 not yet calculated CVE-2026-24429 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-24429 ] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-hardcoded-default-passwo= rd-for-built-in-account
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) disclose sensitive = account credentials in cleartext within HTTP responses generated by the mai= ntenance interface. Because the management interface is accessible over une= ncrypted HTTP by default, credentials may be exposed to network-based inter= ception. 2026-01-26 not yet calculated CVE-2026-24430 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-24430 ] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-http-responses-expose-pl= aintext-credentials
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) display stored user=
account passwords in plaintext within the administrative web interface. An=
y user with access to the affected management pages can directly view crede= ntials. 2026-01-26 not yet calculated CVE-2026-24431 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-24431 ] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-missing-csrf-protections= -for-administrative-actions
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) lack cross-site req= uest forgery (CSRF) protections on administrative endpoints, including thos=
e used to change administrator account credentials. As a result, an attacke=
r can craft malicious requests that, when triggered by an authenticated use= r's browser, modify administrative passwords and other configuration settin= gs. 2026-01-26 not yet calculated CVE-2026-24432 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-24432 ] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-missing-csrf-protections= -for-administrative-actions
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) contain a stored cr= oss-site scripting vulnerability in the user creation functionality. Insuff= icient input validation allows attacker-controlled script content to be sto= red and later executed when administrative users access the affected manage= ment pages. 2026-01-26 not yet calculated CVE-2026-24433 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-24433 ] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-stored-xss-via-user-name= -field
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) implement an insecu=
re Cross-Origin Resource Sharing (CORS) policy on authenticated administrat= ive endpoints. The device sets Access-Control-Allow-Origin: * in combinatio=
n with Access-Control-Allow-Credentials: true, allowing attacker-controlled=
origins to issue credentialed cross-origin requests. 2026-01-26 not yet ca= lculated CVE-2026-24435 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24435=
] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-permissive-cors-allows-c= ross-origin-data-access
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) do not enforce rate=
limiting or account lockout mechanisms on authentication endpoints. This a= llows attackers to perform unrestricted brute-force attempts against admini= strative credentials. 2026-01-26 not yet calculated CVE-2026-24436 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-24436 ] https://www.tendacn.com/produ= ct/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-lacks-rate-limiting-on-a= uthentication
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) serve sensitive adm= inistrative content without appropriate cache-control directives. As a resu= lt, browsers may store credential-bearing responses locally, exposing them =
to subsequent unauthorized access. 2026-01-26 not yet calculated CVE-2026-2= 4437 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24437 ] https://www.tend= acn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-missing-cache-controls-f= or-credential-bearing-pages
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) fail to include the=
X-Content-Type-Options: nosniff response header on web management interfac= es. As a result, browsers that perform MIME sniffing may incorrectly interp= ret attacker-influenced responses as executable script. 2026-01-26 not yet = calculated CVE-2026-24439 [ https://www.cve.org/CVERecord?id=3DCVE-2026-244=
39 ] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-lacks-x-content-type-opt= ions-header
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--W30E V2 Shenzhen Tenda W30E V2 = firmware versions up to and including V16.01.0.19(5037) allow account passw= ords to be changed through the maintenance interface without requiring veri= fication of the existing password. This enables unauthorized password chang=
es when access to the affected endpoint is obtained. 2026-01-26 not yet cal= culated CVE-2026-24440 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24440 =
] https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-allows-password-change-w= ithout-verifying-current-password
=C2=A0 Significant-Gravitas--AutoGPT AutoGPT is a platform that allows user=
s to create, deploy, and manage continuous artificial intelligence agents t= hat automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, Aut= oGPT Platform's block execution endpoints (both main web API and external A= PI) allow executing blocks by UUID without checking the `disabled` flag. An=
y authenticated user can execute the disabled `BlockInstallationBlock`, whi=
ch writes arbitrary Python code to the server filesystem and executes it vi=
a `__import__()`, achieving Remote Code Execution. In default self-hosted d= eployments where Supabase signup is enabled, an attacker can self-register;=
if signup is disabled (e.g., hosted), the attacker needs an existing accou= nt. autogpt-platform-beta-v0.6.44 contains a fix. 2026-01-29 not yet calcul= ated CVE-2026-24780 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24780 ] h= ttps://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r27= 7-3xc5-c79v https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platfor= m/backend/backend/api/external/v1/routes.py#L79-L93 https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platfor= m/backend/backend/api/features/v1.py#L1408-L1424 https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platfor= m/backend/backend/api/features/v1.py#L355-L395 https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platfor= m/backend/backend/blocks/block.py#L15-L78 https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platfor= m/backend/backend/data/block.py#L459
=C2=A0 sigstore--sigstore-python sigstore-python is a Python tool for gener= ating and verifying Sigstore signatures. Prior to version 4.2.0, the sigsto= re-python OAuth authentication flow is susceptible to Cross-Site Request Fo= rgery. `_OAuthSession` creates a unique "state" and sends it as a parameter=
in the authentication request but the "state" in the server response seems=
not not be cross-checked with this value. Version 4.2.0 contains a patch f=
or the issue. 2026-01-26 not yet calculated CVE-2026-24408 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-24408 ] https://github.com/sigstore/sigstore-= python/security/advisories/GHSA-hm8f-75xx-w2vr https://github.com/sigstore/sigstore-python/commit/5e77497fe8f0b202bdd11894= 9074ec2f20da69aa https://github.com/sigstore/sigstore-python/releases/tag/v4.2.0
=C2=A0 silabs.com--Silicon Labs Zigbee Stack After receiving a malformed 80= 2.15.4 MAC Data Request the Zigbee Coordinator sends a 'network leave' requ= est to Zigbee router resulting in the Zigbee Router getting stuck in a non-= rejoinable state. If a suitable parent is not available, the end devices wi=
ll be unable to rejoin.=C2=A0A manual recommissioning is required to recove=
r the Zigbee Router. 2026-01-30 not yet calculated CVE-2025-7964 [ https://= www.cve.org/CVERecord?id=3DCVE-2025-7964 ] https://community.silabs.com/068= Vm00000dspiL
=C2=A0 simsong--bulk_extractor `bulk_extractor` is a digital forensics expl= oitation tool. Starting in version 1.4, `bulk_extractor`'s embedded unrar c= ode has a heap buffer overflow in the RAR PPM LZ decoding path. A crafted R=
AR inside a disk image causes an out of bounds write in `Unpack::CopyString=
`, leading to a crash under ASAN (and likely a crash or memory corruption i=
n production builds). There's potential for using this for RCE. As of time =
of publication, no known patches are available. 2026-01-28 not yet calculat=
ed CVE-2026-24857 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24857 ] htt= ps://github.com/simsong/bulk_extractor/security/advisories/GHSA-rh8m-9xrx-q= 64q
=C2=A0 simsong--tcpflow tcpflow is a TCP/IP packet demultiplexer. In versio=
ns up to and including 1.61, wifipcap parses 802.11 management frame elemen=
ts and performs a length check on the wrong field when handling the TIM ele= ment. A crafted frame with a large TIM length can cause a 1-byte out-of-bou= nds write past `tim.bitmap[251]`. The overflow is small and DoS is the like=
ly impact; code execution is potential, but still up in the air. The affect=
ed structure is stack-allocated in `handle_beacon()` and related handlers. =
As of time of publication, no known patches are available. 2026-01-29 not y=
et calculated CVE-2026-25061 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 25061 ] https://github.com/simsong/tcpflow/security/advisories/GHSA-q5q6-fr= rv-9rj6
=C2=A0 SmarterTools--SmarterMail SmarterTools SmarterMail versions prior to=
build 9518 contain=C2=A0an unauthenticated path coercion vulnerability in = the background-of-the-day preview endpoint. The application base64-decodes = attacker-supplied input and uses it as a filesystem path without validation=
. On Windows systems, this allows UNC paths to be resolved, causing the Sma= rterMail service to initiate outbound SMB authentication attempts to attack= er-controlled hosts. This can be abused for credential coercion, NTLM relay=
attacks, and unauthorized network authentication. 2026-01-29 not yet calcu= lated CVE-2026-25067 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25067 ] = https://www.smartertools.com/smartermail/release-notes/current https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticat= ed-background-of-the-day-path-coercion
=C2=A0 SpringBlade--SpringBlade Incorrect access control in the importUser = function of SpringBlade v4.5.0 allows attackers with low-level privileges t=
o arbitrarily import sensitive user data. 2026-01-26 not yet calculated CVE= -2025-70982 [ https://www.cve.org/CVERecord?id=3DCVE-2025-70982 ] https://g= ithub.com/chillzhuang/SpringBlade https://github.com/chillzhuang/SpringBlade/issues/34 https://gist.github.com/old6ma/ea60151aa40ddc1cfb51fbaa0c173117
=C2=A0 SunFounder--Pironman Dashboard (pm_dashboard) SunFounder Pironman Da= shboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vu= lnerability in the log file API endpoints. An unauthenticated remote attack=
er can supply traversal sequences via the filename parameter to read and de= lete arbitrary files. Successful exploitation can disclose sensitive inform= ation and delete critical system files, resulting in data loss and potentia=
l system compromise or denial of service. 2026-01-31 not yet calculated CVE= -2026-25069 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25069 ] https://g= ithub.com/sunfounder/pm_dashboard https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashbo= ard.py#L62 https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashbo= ard.py#L440 https://www.vulncheck.com/advisories/sunfounder-pironman-dashboard-path-tra= versal-arbitrary-file-read-deletion https://gist.github.com/chapochapo/5db8702ede862af5c59a28b5d5a0aba3
=C2=A0 SuperDuper!--Super-Duper! An issue in Shirt Pocket's SuperDuper! 3.1=
1 and earlier allow a local attacker to modify the default task template to=
install an arbitrary package that can run shell scripts with root privileg=
es and Full Disk Access, thus bypassing macOS privacy controls. 2026-01-29 = not yet calculated CVE-2025-69604 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-69604 ] http://shirt.com https://shirt-pocket.com/SuperDuper/SuperDuperDescription.html https://www.shirtpocket.com/blog/index.php/shadedgrey/comments/superduper_v= 312_now_available
=C2=A0 swoole--swoole-src Integer Overflow or Wraparound vulnerability in s= woole swoole-src (thirdparty/hiredis modules). This vulnerability is associ= ated with program files sds.C. This issue affects swoole-src: before 6.0.2.=
2026-01-27 not yet calculated CVE-2026-24814 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-24814 ] https://github.com/swoole/swoole-src/pull/5698
=C2=A0 tale--tale Cross Site Scripting vulnerability in tale v.2.0.5 allows=
an attacker to execute arbitrary code. 2026-01-29 not yet calculated CVE-2= 025-69749 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69749 ] https://git= hub.com/otale/tale
https://github.com/milantgh/otalexss
=C2=A0 The Wikimedia Foundation--Mediawiki - DiscussionTools Extension Impr= oper Neutralization of Special Elements used in an Expression Language Stat= ement ('Expression Language Injection') vulnerability in The Wikimedia Foun= dation Mediawiki - DiscussionTools Extension allows Regular Expression Expo= nential Blowup. This issue affects Mediawiki - DiscussionTools Extension: 1= .44, 1.43. 2026-01-30 not yet calculated CVE-2025-11175 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2025-11175 ] https://phabricator.wikimedia.org/T396248 https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7 https://phabricator.wikimedia.org/T364910 https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d =C2=A0 tildearrow--furnace Out-of-bounds Write, Buffer Copy without Checkin=
g Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow fur= nace (extern/zlib modules). This vulnerability is associated with program f= iles inflate.C. 2026-01-27 not yet calculated CVE-2026-24800 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-24800 ] https://github.com/tildearrow/furna= ce/pull/2471
=C2=A0 TOTOLINK--X6000R Improper Neutralization of Special Elements used in=
an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R al= lows OS Command Injection. This issue affects X6000R: through V9.4.0cu.1498= _B20250826. 2026-01-30 not yet calculated CVE-2026-1723 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-1723 ] https://www.totolink.net/home/menu/detail= /menu_listtpl/download/id/247/ids/36.html https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main= /2025/PANW-2026-0001/PANW-2026-0001.md
=C2=A0 TP-Link Systems Inc.--Archer MR600 v5.0 Command injection vulnerabil= ity was found in the admin interface component of TP-Link Archer MR600 v5 f= irmware, allowing authenticated attackers to execute system commands with a=
limited character length via crafted input in the browser developer consol=
e, possibly leading to service disruption or full compromise. 2026-01-26 no=
t yet calculated CVE-2025-14756 [ https://www.cve.org/CVERecord?id=3DCVE-20= 25-14756 ] https://www.tp-link.com/jp/support/download/archer-mr600/#Firmwa=
re
https://www.tp-link.com/en/support/download/archer-mr600/#Firmware https://www.tp-link.com/us/support/faq/4916/ https://jvn.jp/en/vu/JVNVU94651499/
https://jvn.jp/vu/JVNVU94651499/
=C2=A0 TP-Link Systems Inc.--Archer RE605X The backup restore function does=
not properly validate unexpected or unrecognized tags within the backup fi= le. When such a crafted file is restored, the injected tag is interpreted b=
y a shell, allowing execution of arbitrary commands with root privileges. S= uccessful exploitation allows the attacker to gain root-level command execu= tion, compromising confidentiality, integrity and availability. 2026-01-29 = not yet calculated CVE-2025-15545 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-15545 ] https://www.tp-link.com/en/support/download/re605x/v3/#Firmware https://www.tp-link.com/us/support/download/re605x/v3/#Firmware https://www.tp-link.com/us/support/faq/4929/ https://nico-security.com/posts/cve-2025-15545
=C2=A0 TP-Link Systems Inc.--Omada Controller An IDOR vulnerability exists =
in Omada Controllers that allows an attacker with Administrator permissions=
to manipulate requests and potentially hijack the Owner account. 2026-01-2=
6 not yet calculated CVE-2025-9520 [ https://www.cve.org/CVERecord?id=3DCVE= -2025-9520 ] https://support.omadanetworks.com/us/document/115200/ https://support.omadanetworks.com/us/download/software/omada-controller/
=C2=A0 TP-Link Systems Inc.--Omada Controller Password Confirmation Bypass = vulnerability in Omada Controllers, allowing an attacker with a valid sessi=
on token to bypass secondary verification,=C2=A0and change the user's passw= ord without proper confirmation, leading to weakened account security. 2026= -01-26 not yet calculated CVE-2025-9521 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-9521 ] https://support.omadanetworks.com/us/document/115200/ https://support.omadanetworks.com/us/download/software/omada-controller/
=C2=A0 TP-Link Systems Inc.--Omada Controller Blind Server-Side Request For= gery (SSRF) in Omada Controllers through webhook functionality, enabling cr= afted requests to internal services, which may lead to enumeration of infor= mation. 2026-01-26 not yet calculated CVE-2025-9522 [ https://www.cve.org/C= VERecord?id=3DCVE-2025-9522 ] https://support.omadanetworks.com/us/document= /115200/ https://https://support.omadanetworks.com/us/download/software/omada-contro= ller/
=C2=A0 TP-Link Systems Inc.--Tapo C220 v1 The Tapo C220 v1 and C520WS v2 ca= meras' HTTP service does not safely handle POST requests containing an exce= ssively large Content-Length header. The resulting failed memory allocation=
triggers a NULL pointer dereference, causing the main service process to c= rash.=C2=A0An unauthenticated attacker can repeatedly crash the service, ca= using temporary denial of service. The device restarts automatically, and r= epeated requests can keep it unavailable. 2026-01-27 not yet calculated CVE= -2026-0918 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0918 ] https://www= .tp-link.com/us/support/download/tapo-c220/v1.60/ https://www.tp-link.com/en/support/download/tapo-c220/v1/ https://www.tp-link.com/us/support/download/tapo-c520ws/v2/ https://www.tp-link.com/en/support/download/tapo-c520ws/v2/ https://www.tp-link.com/us/support/faq/4923/
=C2=A0 TP-Link Systems Inc.--Tapo C220 v1 The HTTP parser of Tapo C220 v1 a=
nd C520WS v2 cameras improperly handles requests containing an excessively = long URL path. An invalid URL error path continues into cleanup code that a= ssumes allocated buffers exist, leading to a crash and service restart.=C2= =A0An unauthenticated attacker can force repeated service crashes or device=
reboots, causing denial of service. 2026-01-27 not yet calculated CVE-2026= -0919 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0919 ] https://www.tp-l= ink.com/us/support/download/tapo-c220/v1.60/ https://www.tp-link.com/en/support/download/tapo-c220/v1/ https://www.tp-link.com/us/support/download/tapo-c520ws/v2/ https://www.tp-link.com/en/support/download/tapo-c520ws/v2/ https://www.tp-link.com/us/support/faq/4923/
=C2=A0 TP-Link Systems Inc.--Tapo C220 v1 By sending crafted files to the f= irmware update endpoint=C2=A0of Tapo C220 v1 and C520WS v2, the device term= inates core system services before verifying authentication or firmware int= egrity.=C2=A0An unauthenticated attacker can trigger a persistent denial of=
service, requiring a manual reboot or application initiated restart to res= tore normal device operation. 2026-01-27 not yet calculated CVE-2026-1315 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-1315 ] https://www.tp-link.com= /us/support/download/tapo-c220/v1.60/ https://www.tp-link.com/en/support/download/tapo-c220/v1/ https://www.tp-link.com/us/support/download/tapo-c520ws/v2/ https://www.tp-link.com/en/support/download/tapo-c520ws/v2/ https://www.tp-link.com/us/support/faq/4923/
=C2=A0 TP-Link Systems Inc.--VIGI C485 V1 An authenticated buffer handling = flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow = memory corruption leading to remote code execution.=C2=A0Authenticated atta= ckers may trigger buffer overflow and potentially execute arbitrary code wi=
th elevated privileges. 2026-01-29 not yet calculated CVE-2026-1457 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-1457 ] https://www.tp-link.com/en/su= pport/download/vigi-c385/v1/#Firmware https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware https://www.tp-link.com/us/support/faq/4931/
=C2=A0 TP-Link Systems Inc.--VX800v v1.0 A weakness in the web interface's = application layer encryption in VX800v v1.0 allows an adjacent attacker to = brute force the weak AES key and decrypt intercepted traffic. Successful ex= ploitation requires network proximity but no authentication, and may result=
in high impact to confidentiality, integrity, and availability of transmit= ted data. 2026-01-29 not yet calculated CVE-2025-13399 [ https://www.cve.or= g/CVERecord?id=3DCVE-2025-13399 ] https://www.tp-link.com/de/support/downlo= ad/vx800v/#Firmware
https://www.tp-link.com/us/support/faq/4930/
=C2=A0 TP-Link Systems Inc.--VX800v v1.0 Improper link resolution in the VX= 800v v1.0 SFTP service allows authenticated adjacent attackers to use craft=
ed symbolic links to access system files, resulting in high confidentiality=
impact and limited integrity risk. 2026-01-29 not yet calculated CVE-2025-= 15541 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15541 ] https://www.tp-= link.com/de/support/download/vx800v/#Firmware https://www.tp-link.com/us/support/faq/4930/
=C2=A0 TP-Link Systems Inc.--VX800v v1.0 Improper handling of exceptional c= onditions in VX800v v1.0 in SIP processing allows an attacker to flood the = device with crafted INVITE messages, blocking all voice lines and causing a=
denial of service on incoming calls. 2026-01-29 not yet calculated CVE-202= 5-15542 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15542 ] https://www.t= p-link.com/de/support/download/vx800v/#Firmware https://www.tp-link.com/us/support/faq/4930/
=C2=A0 TP-Link Systems Inc.--VX800v v1.0 Improper link resolution in USB HT=
TP access path in VX800v v1.0 allows a crafted USB device to expose root fi= lesystem contents, giving an attacker with physical access read only access=
to system files. 2026-01-29 not yet calculated CVE-2025-15543 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-15543 ] https://www.tp-link.com/de/suppor= t/download/vx800v/#Firmware
https://www.tp-link.com/us/support/faq/4930/
=C2=A0 TP-Link Systems Inc.--VX800v v1.0 Some VX800v v1.0 web interface end= points transmit sensitive information over unencrypted HTTP due to missing = application layer encryption, allowing a network adjacent attacker to inter= cept this traffic and compromise its confidentiality. 2026-01-29 not yet ca= lculated CVE-2025-15548 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15548=
] https://www.tp-link.com/de/support/download/vx800v/#Firmware https://www.tp-link.com/us/support/faq/4930/
=C2=A0 ttttupup--wxhelper Out-of-bounds Write, Heap-based Buffer Overflow v= ulnerability in ttttupup wxhelper (src modules). This vulnerability is asso= ciated with program files mongoose.C. This issue affects wxhelper: through = 3.9.10.19-v1. 2026-01-27 not yet calculated CVE-2026-24822 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-24822 ] https://github.com/ttttupup/wxhelper/= pull/515
=C2=A0 turanszkij--WickedEngine Out-of-bounds Read vulnerability in turansz= kij WickedEngine (WickedEngine/LUA modules). This vulnerability is associat=
ed with program files ldebug.C. This issue affects WickedEngine: before 0.7= 1.705. 2026-01-27 not yet calculated CVE-2026-24820 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-24820 ] https://github.com/turanszkij/WickedEngine/p= ull/1054
=C2=A0 turanszkij--WickedEngine Out-of-bounds Read vulnerability in turansz= kij WickedEngine (WickedEngine/LUA modules). This vulnerability is associat=
ed with program files lparser.C. This issue affects WickedEngine: through 0= .71.727. 2026-01-27 not yet calculated CVE-2026-24821 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-24821 ] https://github.com/turanszkij/WickedEngine= /pull/1095
=C2=A0 umbraco--Umbraco.Forms.Issues Umbraco Forms is a form builder that i= ntegrates with the Umbraco content management system. It's possible for an = authenticated backoffice-user to enumerate and traverse paths/files on the = systems filesystem and read their contents, on Mac/Linux Umbraco installati= ons using Forms. As Umbraco Cloud runs in a Windows environment, Cloud user=
s aren't affected. This issue affects versions 16 and 17 of Umbraco Forms a=
nd is patched in 16.4.1 and 17.1.1. If upgrading is not immediately possibl=
e, users can mitigate this vulnerability by configuring a WAF or reverse pr= oxy to block requests containing path traversal sequences (`../`, `..=20

You are subscribed to Vulnerability Bulletins for Cybersecurity and Infrast= ructure Security Agency. This information has recently been updated and is = now available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities t= hat have been recorded in the past week. In some cases, the vulnerabilities=
in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the=C2=A0Common Vulnerabilities and Exposures =
[ https://www.cve.org/ ]=C2=A0(CVE) vulnerability naming standard and are o= rganized according to severity, determined by the=C2=A0Common Vulnerability=
Scoring System [ https://www.cve.org/about/relatedefforts ]=C2=A0(CVSS) st= andard. The division of high, medium, and low severities correspond to the = following scores:

* *High*: vulnerabilities with a CVSS base score of 7.0=E2=80=9310.0=20
* *Medium*: vulnerabilities with a CVSS base score of 4.0=E2=80=936.9=20
* *Low*: vulnerabilities with a CVSS base score of 0.0=E2=80=933.9=20

Entries may include additional information provided by organizations and ef= forts sponsored by CISA. This information may include identifying informati= on, values, definitions, and related links. Patch information is provided w= hen available. Please note that some of the information in the bulletin is = compiled from external, open-source reports and is not a direct result of C= ISA analysis.

) in the `fileName` parameter of the export endpoint, restricting network a= ccess to the Umbraco backoffice to trusted IP ranges, and/or blocking the `= /umbraco/forms/api/v1/export` endpoint entirely if the export feature is no=
t required. However, upgrading to the patched version is strongly recommend= ed.

2026-01-29 not yet calculated CVE-2026-24687 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-24687 ] https://github.com/umbraco/Umbraco.Forms.Issues/se= curity/advisories/GHSA-hm5p-82g6-m3xh
=C2=A0 vendurehq--vendure Vendure is an open-source headless commerce platf= orm. Prior to version 3.5.3, the `NativeAuthenticationStrategy.authenticate= ()` method is vulnerable to a timing attack that allows attackers to enumer= ate valid usernames (email addresses). In `packages/core/src/config/auth/na= tive-authentication-strategy.ts`, the authenticate method returns immediate=
ly if a user is not found. The significant timing difference (~200-400ms fo=
r bcrypt vs ~1-5ms for DB miss) allows attackers to reliably distinguish be= tween existing and non-existing accounts. Version 3.5.3 fixes the issue. 20= 26-01-30 not yet calculated CVE-2026-25050 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-25050 ] https://github.com/vendurehq/vendure/security/advisor= ies/GHSA-6f65-4fv2-wwch https://github.com/vendurehq/vendure/releases/tag/v3.5.3
=C2=A0 visualfc--liteide NULL Pointer Dereference vulnerability in visualfc=
liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability i=
s associated with program files screen.C, state.C, vterm.C. This issue affe= cts liteide: before x38.4. 2026-01-27 not yet calculated CVE-2026-24805 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-24805 ] https://github.com/visua= lfc/liteide/pull/1326
=C2=A0 WatchGuard--Fireware OS An LDAP Injection vulnerability in WatchGuar=
d Fireware OS may allow a remote unauthenticated attacker to retrieve sensi= tive information from a connected LDAP authentication server through an exp= osed authentication or management web interface. This vulnerability may als=
o allow a remote attacker to authenticate as an LDAP user with a partial id= entifier if they additionally have that user's valid passphrase. This issue=
affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15,=
from 2025.1 through 2026.0. 2026-01-30 not yet calculated CVE-2026-1498 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-1498 ] https://www.watchguard.c= om/wgrd-psirt/advisory/wgsa-2026-00001
=C2=A0 Western Digital--WD Discovery DLL hijacking in the WD Discovery Inst= aller in Western Digital WD Discovery 5.2.730 on Windows allows a local att= acker to execute arbitrary code via placement of a crafted dll in the insta= ller's search path. 2026-01-26 not yet calculated CVE-2025-30248 [ https://= www.cve.org/CVERecord?id=3DCVE-2025-30248 ] https://www.westerndigital.com/= support/product-security/wdc-25008-wd-discovery-desktop-app-version-5-3
=C2=A0 WordPress--Custom Login Page Customizer The Custom Login Page Custom= izer WordPress plugin before 2.5.4 does not have a proper password reset pr= ocess, allowing a few unauthenticated requests to reset the password of any=
user by knowing their username, such as administrator ones, and therefore = gain access to their account 2026-01-29 not yet calculated CVE-2025-14975 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-14975 ] https://wpscan.com/vul= nerability/a1403186-51aa-4eae-a3fe-0c559570eb93/
=C2=A0 WordPress--Recipe Card Blocks Lite The Recipe Card Blocks Lite WordP= ress plugin before 3.4.13 does not sanitize and escape a parameter before u= sing it in a SQL statement, allowing contributors and above to perform SQL = injection attacks. 2026-01-26 not yet calculated CVE-2025-14973 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-14973 ] https://wpscan.com/vulnerability= /76f7d5d4-ba45-4bfd-bda9-ab0769e81107/
=C2=A0 WordPress--User Activity Log The User Activity Log WordPress plugin = through 2.2 does not properly handle failed login attempts in some cases, a= llowing unauthenticated users to set arbitrary options to 1 (for example to=
enable User Registration when it has been turned off) 2026-01-28 not yet c= alculated CVE-2025-13471 [ https://www.cve.org/CVERecord?id=3DCVE-2025-1347=
1 ] https://wpscan.com/vulnerability/cc8743f5-b1b9-4f88-b440-db044034bbfc/ =C2=A0 Worklenz--Worklenz Worklenz version 2.1.5 contains a Stored Cross-Si=
te Scripting (XSS) vulnerability in the Project Updates feature. An attacke=
r can submit a malicious payload in the Updates text field which is then re= ndered in the reporting view without proper sanitization. Malicious JavaScr= ipt may be executed in a victim's browser when they browse to the page cont= aining the vulnerable field. 2026-01-26 not yet calculated CVE-2025-70368 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-70368 ] https://github.com/Wor= klenz/worklenz
https://github.com/Stolichnayer/CVE-2025-70368
=C2=A0 Xen--Xen Shadow mode tracing code uses a set of per-CPU variables to=
avoid cumbersome parameter passing. Some of these variables are written to=
with guest controlled data, of guest controllable size. That size can be l= arger than the variable, and bounding of the writes was missing. 2026-01-28=
not yet calculated CVE-2025-58150 [ https://www.cve.org/CVERecord?id=3DCVE= -2025-58150 ] https://xenbits.xenproject.org/xsa/advisory-477.html
=C2=A0 Xen--Xen In the context switch logic Xen attempts to skip an IBPB in=
the case of a vCPU returning to a CPU on which it was the previous vCPU to=
run. While safe for Xen's isolation between vCPUs, this prevents the guest=
kernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A,=
running task 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skip=
s IBPB. 3) On CPU B, guest kernel switches from task 1 to 2, issuing IBPB. =
4) vCPU moves back to CPU A. Xen skips IBPB again. Now, task 2 is running o=
n CPU A with task 1's training still in the BTB. 2026-01-28 not yet calcula= ted CVE-2026-23553 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23553 ] ht= tps://xenbits.xenproject.org/xsa/advisory-479.html
=C2=A0 yacy--yacy_search_server Improper Neutralization of Input During Web=
Page Generation (XSS or 'Cross-site Scripting') vulnerability in yacy yacy= _search_server (source/net/yacy/http/servlets modules). This vulnerability =
is associated with program files YaCyDefaultServlet.Java. This issue affect=
s yacy_search_server. 2026-01-27 not yet calculated CVE-2026-24824 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-24824 ] https://github.com/yacy/yacy_= search_server/pull/722
=C2=A0 ydb-platform--ydb Missing Release of Memory after Effective Lifetime=
vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulner= ability is associated with program files yail_tree.C. This issue affects yd=
b: through 24.4.4.2. 2026-01-27 not yet calculated CVE-2026-24825 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-24825 ] https://github.com/ydb-platfor= m/ydb/pull/17570
=C2=A0 zhblue--hustoj HUSTOF is an open source online judge based on PHP/C+= +/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, th=
e problem_import_qduoj.php and problem_import_hoj.php modules fail to prope= rly sanitize filenames within uploaded ZIP archives. Attackers can craft a = malicious ZIP file containing files with path traversal sequences (e.g., ..= /../shell.php). When extracted by the server, this allows writing files to = arbitrary locations in the web root, leading to Remote Code Execution (RCE)=
. Version 26.01.24 contains a fix for the issue. 2026-01-27 not yet calcula= ted CVE-2026-24479 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24479 ] ht= tps://github.com/zhblue/hustoj/security/advisories/GHSA-xmgg-2rw4-7fxj https://github.com/zhblue/hustoj/commit/902bd09e6d0011fe89cd84d4236899314b3= 3101f
=C2=A0=20

Back to top [ #top ]

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight=
: normal; font-style: normal; color: #333333; }=20

Having trouble viewing this message?=C2=A0View it as a webpage [ https://co= ntent.govdelivery.com/accounts/USDHSCISA/bulletins/4074aad ].=C2=A0 [ https= ://content.govdelivery.com/accounts/USDHS/bulletins/292141e ]

You are subscribed to updates from the Cybersecurity and Infrastructure Sec= urity Agency [ https://www.cisa.gov ] (CISA)
Manage Subscriptions [ https://public.govdelivery.com/accounts/USDHSCISA/su= bscriber/edit?preferences=3Dtrue#tab1 ]=C2=A0=C2=A0|=C2=A0=C2=A0Privacy Pol= icy [ https://www.cisa.gov/privacy-policy ]=C2=A0=C2=A0|=C2=A0 Help [ https= ://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https:/= /insights.govdelivery.com/Communications/Subscriber_Help_Center ]

Connect with CISA:=20
Facebook [ https://www.facebook.com/CISA ]=C2=A0 |=C2=A0 Twitter [ https://= twitter.com/CISAgov ]=C2=A0 |=C2=A0 Instagram [ https://Instagram.com/cisag=
ov ]=C2=A0 |=C2=A0 LinkedIn [ https://www.linkedin.com/company/cybersecurit= y-and-infrastructure-security-agency ]=C2=A0 |=C2=A0=C2=A0 YouTube [ https:= //www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ]

________________________________________________________________________

This email was sent to cisa@toolazy.synchro.net using GovDelivery Communica= tions Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency=
=C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202 GovDelivery logo [ = https://subscriberhelp.granicus.com/ ]=20
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margi= n-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_displa=
y img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; ma= rgin-right:0px;}

--===============4973927651967773066==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3.org/1999/xhtml" xml:lang=3D"en" lang=3D"en"> <head>
<title> Vulnerability Summary for the Week of January 26, 2026
</title>

</head>
<body style=3D"">

<table width=3D"700" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=
align=3D"center">
<tr>
<td>


<a name=3D"gd_top" id=3D"gd_top"></a>

=20

<img src=3D"https://content.govdelivery.com/attachments/fancy_images/U= SDHSCISA/2020/06/3486054/05152023-gov-delivery-banner-copy_original.png" al= t=3D"Cybersecurity and Infrastructure Security Agency (CISA)" title=3D"" wi= dth=3D"600" height=3D"100">
You are subscribed to Vulnerability Bulletins for Cybersecurity and In= frastructure Security Agency. This information has recently been updated an=
d is now available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilitie=
s that have been recorded in the past week. In some cases, the vulnerabilit= ies in the bulletin may not yet have assigned CVSS scores. Vulnerabilities are based on the=C2=A0<a href=3D"https://www.cve.org/" t= arget=3D"_blank" class=3D"ext" data-extlink=3D"" rel=3D"noopener">Common Vu= lnerabilities and Exposures</a>=C2=A0(CVE) vulnerability naming standard an=
d are organized according to severity, determined by the=C2=A0<a href=3D"ht= tps://www.cve.org/about/relatedefforts" target=3D"_blank" rel=3D"noopener">= Common Vulnerability Scoring System</a>=C2=A0(CVSS) standard. The division =
of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0=E2=80= =9310.0</li>

Medium: vulnerabilities with a CVSS base score of 4.0=E2= =80=936.9</li>

Low: vulnerabilities with a CVSS base score of 0.0=E2=80= =933.9</li>
</ul>
Entries may include additional information provided by organizations and=
efforts sponsored by CISA. This information may include identifying inform= ation, values, definitions, and related links. Patch information is provide=
d when available. Please note that some of the information in the bulletin =
is compiled from external, open-source reports and is not a direct result o=
f CISA analysis.
<div class=3D"rss_item" style=3D"margin-bottom: 2em;">
<div class=3D"rss_title" style=3D"font-weight: bold; font-size: 120%; margi=
n: 0 0 0.3em; padding: 0;"><a href=3D"https://www.cisa.gov/news-events/bull= etins/sb26-033" target=3D"_blank" title=3D"Vulnerability Summary for the We=
ek of January 26, 2026" rel=3D"noopener">Vulnerability Summary for the Week=
of January 26, 2026</a></div>
<div class=3D"rss_pub_date" style=3D"font-size: 90%; font-style: italic; co= lor: #666666; margin: 0 0 0.3em; padding: 0;">02/03/2026 09:00 AM EST</div> <div class=3D"rss_description" style=3D"margin: 0 0 0.3em; padding: 0;">
<div id=3D"high_v">
<h2 id=3D"high_v_title">High Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"High Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
Primary Vendor -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">10-Strike Software--Bandwidth Monitor</td> <td>10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerabilit=
y that allows attackers to bypass SafeSEH, ASLR, and DEP protections throug=
h carefully crafted input. Attackers can exploit the vulnerability by sendi=
ng a malicious payload to the application's registration key input, enablin=
g remote code execution and launching arbitrary system commands.</td> <td>2026-01-30</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37043" target=3D= "_blank" rel=3D"noopener">CVE-2020-37043</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48570" target=3D"_blank" rel= =3D"noopener">ExploitDB-48570</a> <a href=3D"https://www.10-strike.com/b= andwidth-monitor/" target=3D"_blank" rel=3D"noopener">Product Webpage</a><b= r><a href=3D"https://www.vulncheck.com/advisories/strike-bandwidth-monitor-= buffer-overflow" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: 10-= Strike Bandwidth Monitor 3.9 - Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">10-Strike Software--Network Inventory Explorer= </td>
<td>10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vu= lnerability in exception handling that allows remote attackers to execute a= rbitrary code. Attackers can craft a malicious file with 209 bytes of paddi=
ng and a specially constructed Structured Exception Handler to trigger code=
execution.</td>
<td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36961" target=3D= "_blank" rel=3D"noopener">CVE-2020-36961</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49134" target=3D"_blank" rel= =3D"noopener">ExploitDB-49134</a> <a href=3D"https://www.10-strike.com" = target=3D"_blank" rel=3D"noopener">10-Strike Network Inventory Explorer Ven= dor Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/strike-= network-inventory-explorer-buffer-overflow-seh" target=3D"_blank" rel=3D"no= opener">VulnCheck Advisory: 10-Strike Network Inventory Explorer 8.65 - Buf= fer Overflow (SEH)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">10-Strike--Bandwidth Monitor</td>
<td>10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulne= rability in multiple services that allows local attackers to escalate privi= leges. Attackers can place a malicious executable in specific file path loc= ations to achieve privilege escalation to SYSTEM during service startup.</t=

<td>2026-01-29</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37021" target=3D= "_blank" rel=3D"noopener">CVE-2020-37021</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48591" target=3D"_blank" rel= =3D"noopener">ExploitDB-48591</a> <a href=3D"https://www.10-strike.com/"=
target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https= ://www.vulncheck.com/advisories/bandwidth-monitor-svcstrikebandmontitor-unq= uoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: = Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Acer--Global Registration Service</td>
<td>Acer Global Registration Service 1.0.0.3 contains an unquoted service p= ath vulnerability in its service configuration that allows local users to p= otentially execute arbitrary code. Attackers can exploit the unquoted path =
in C:\Program Files (x86)\Acer\Registration\ to inject malicious executable=
s that would run with elevated LocalSystem privileges during service startu= p.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36976" target=3D= "_blank" rel=3D"noopener">CVE-2020-36976</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49142" target=3D"_blank" rel= =3D"noopener">ExploitDB-49142</a> <a href=3D"https://www.acer.com/ac/en/= US/content/home" target=3D"_blank" rel=3D"noopener">Acer Official Homepage<= /a> <a href=3D"https://www.vulncheck.com/advisories/global-registration-= service-gregsvcexe-unquoted-service-path" target=3D"_blank" rel=3D"noopener= ">VulnCheck Advisory: Global Registration Service 1.0.0.3 - 'GREGsvc.exe' U= nquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ajenti Project--Ajenti</td>
<td>Ajenti 2.1.36 contains an authentication bypass vulnerability that allo=
ws remote attackers to execute arbitrary commands after successful login. A= ttackers can leverage the /api/terminal/create endpoint to send a netcat re= verse shell payload targeting a specified IP and port.</td>
<td>2026-01-29</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37002" target=3D= "_blank" rel=3D"noopener">CVE-2020-37002</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48929" target=3D"_blank" rel= =3D"noopener">ExploitDB-48929</a> <a href=3D"https://github.com/ajenti/a= jenti" target=3D"_blank" rel=3D"noopener">Ajenti GitHub Repository</a> <=
a href=3D"https://www.vulncheck.com/advisories/ajenti-remote-code-execution=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Ajenti 2.1.36 - Re= mote Code Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Akn Software Computer Import Export Industry a=
nd Trade Ltd.--QR Menu</td>
<td>Improper Access Control vulnerability in Ak=C3=84=C2=B1n Software Compu= ter Import Export Industry and Trade Ltd. QR Menu allows Authentication Abu= se. This issue affects QR Menu: before s1.05.12.</td>
<td>2026-01-29</td>
<td>8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7016" target=3D"= _blank" rel=3D"noopener">CVE-2025-7016</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0006" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0006</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">aliasrobotics--cai</td>
<td>Cybersecurity AI (CAI) is a framework for AI Security. In versions up t=
o and including 0.5.10, the CAI (Cybersecurity AI) framework contains multi= ple argument injection vulnerabilities in its function tools. User-controll=
ed input is passed directly to shell commands via `subprocess.Popen()` with=
`shell=3DTrue`, allowing attackers to execute arbitrary commands on the ho=
st system. The `find_file()` tool executes without requiring user approval = because find is considered a "safe" pre-approved command. This means an att= acker can achieve Remote Code Execution (RCE) by injecting malicious argume= nts (like -exec) into the args parameter, completely bypassing any human-in= -the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cd=
e contains a fix.</td>
<td>2026-01-30</td>
<td>9.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25130" target=3D= "_blank" rel=3D"noopener">CVE-2026-25130</a></td>

<a href=3D"https://github.com/aliasrobotics/cai/security/advisories/GHSA-jf= pc-wj3m-qw2m" target=3D"_blank" rel=3D"noopener">https://github.com/aliasro= botics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m</a> <a href=3D"https:= //github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01= cde" target=3D"_blank" rel=3D"noopener">https://github.com/aliasrobotics/ca= i/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde</a> <a href=3D"https:/= /github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4= /src/cai/tools/reconnaissance/filesystem.py#L60" target=3D"_blank" rel=3D"n= oopener">https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35= ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">amitkolloldey--e-learning PHP Script</td> <td>e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in t=
he search functionality that allows attackers to manipulate database querie=
s through unvalidated user input. Attackers can inject malicious SQL code i=
n the 'search' parameter to potentially extract, modify, or access sensitiv=
e database information.</td>
<td>2026-01-30</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37035" target=3D= "_blank" rel=3D"noopener">CVE-2020-37035</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48629" target=3D"_blank" rel= =3D"noopener">ExploitDB-48629</a> <a href=3D"https://github.com/amitkoll= oldey/elearning-script" target=3D"_blank" rel=3D"noopener">Vendor Homepage<= /a> <a href=3D"https://www.vulncheck.com/advisories/e-learning-php-scrip= t-search-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Adviso= ry: e-learning Php Script 0.1.0 - 'search' SQL Injection</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">ammarfaizi2--Tea LaTex</td>
<td>Tea LaTex 1.0 contains a remote code execution vulnerability that allow=
s unauthenticated attackers to execute arbitrary shell commands through the=
/api.php endpoint. Attackers can craft a malicious LaTeX payload with shel=
l commands that are executed when processed by the application's tex2png AP=
I action.</td>
<td>2026-01-29</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37012" target=3D= "_blank" rel=3D"noopener">CVE-2020-37012</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48805" target=3D"_blank" rel= =3D"noopener">ExploitDB-48805</a> <a href=3D"https://github.com/ammarfai= zi2/latex.teainside.org" target=3D"_blank" rel=3D"noopener">Vendor Homepage= </a> <a href=3D"https://www.vulncheck.com/advisories/tea-latex-remote-co= de-execution" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Tea La= Tex 1.0 - Remote Code Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Andrea Electronics--Andrea ST Filters Service<=

<td>Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vu= lnerability in its Windows service configuration. Local attackers can explo=
it the unquoted path to inject malicious code that will execute with elevat=
ed LocalSystem privileges during service startup.</td>
<td>2026-01-30</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37058" target=3D= "_blank" rel=3D"noopener">CVE-2020-37058</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48396" target=3D"_blank" rel= =3D"noopener">ExploitDB-48396</a> <a href=3D"https://andreaelectronics.c= om/" target=3D"_blank" rel=3D"noopener">Andrea Electronics Official Homepag= e</a> <a href=3D"https://www.vulncheck.com/advisories/andrea-st-filters-= service-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck=
Advisory: Andrea ST Filters Service 1.0.64.7 - Unquoted service path</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Arcadia Technology, LLC--Crafty Controller</td=

<td>An input neutralization vulnerability in the File Operations API Endpoi=
nt component of Crafty Controller allows a remote, authenticated attacker t=
o perform file tampering and remote code execution via path traversal.</td> <td>2026-01-30</td>
<td>9.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0963" target=3D"= _blank" rel=3D"noopener">CVE-2026-0963</a></td>

<a href=3D"https://gitlab.com/crafty-controller/crafty-4/-/issues/660" targ= et=3D"_blank" rel=3D"noopener">GitLab Issue #660</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Arcadia Technology, LLC--Crafty Controller</td=

<td>An input neutralization vulnerability in the Backup Configuration compo= nent of Crafty Controller allows a remote, authenticated attacker to perfor=
m file tampering and remote code execution via path traversal.</td> <td>2026-01-30</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0805" target=3D"= _blank" rel=3D"noopener">CVE-2026-0805</a></td>

<a href=3D"https://gitlab.com/crafty-controller/crafty-4/-/issues/650" targ= et=3D"_blank" rel=3D"noopener">GitLab Issue #650</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">asc Applied Software Consultants, s.r.o.--asc = Timetables</td>
<td>aSc TimeTables 2021.6.2 contains a denial of service vulnerability that=
allows attackers to crash the application by overwriting subject title fie= lds with excessive data. Attackers can generate a 10,000-character buffer a=
nd paste it into the subject title to trigger application instability and p= otential crash.</td>
<td>2026-01-28</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36943" target=3D= "_blank" rel=3D"noopener">CVE-2020-36943</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49147" target=3D"_blank" rel= =3D"noopener">ExploitDB-49147</a> <a href=3D"https://www.asctimetables.c= om/#!/home" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a hr= ef=3D"https://www.asctimetables.com/#!/home/download" target=3D"_blank" rel= =3D"noopener">Software Download Page</a> <a href=3D"https://www.vulnchec= k.com/advisories/asc-timetables-denial-of-service" target=3D"_blank" rel=3D= "noopener">VulnCheck Advisory: aSc TimeTables 2021.6.2 - Denial of Service<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ashkon Software--Simple Startup Manager</td> <td>Simple Startup Manager 1.17 contains a local buffer overflow vulnerabil= ity that allows attackers to execute arbitrary code by overwriting memory t= hrough the 'File' input parameter. Attackers can craft a malicious payload = with 268 bytes to trigger code execution, bypassing DEP and overwriting mem= ory addresses to launch calc.exe.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37031" target=3D= "_blank" rel=3D"noopener">CVE-2020-37031</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48678" target=3D"_blank" rel= =3D"noopener">ExploitDB-48678</a> <a href=3D"https://www.ashkon.com/star= tup_manager.html" target=3D"_blank" rel=3D"noopener">Product Webpage</a><br= ><a href=3D"https://www.vulncheck.com/advisories/simple-startup-manager-fil= e-local-buffer-overflow" target=3D"_blank" rel=3D"noopener">VulnCheck Advis= ory: Simple Startup Manager 1.17 - 'File' Local Buffer Overflow</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Atheros--Coex Service Application</td>
<td>Atheros Coex Service Application 8.0.0.255 contains an unquoted service=
path vulnerability in its Windows service configuration. Attackers can exp= loit the unquoted path by placing malicious executables in the service path=
to gain elevated system privileges during service startup.</td> <td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36979" target=3D= "_blank" rel=3D"noopener">CVE-2020-36979</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49053" target=3D"_blank" rel= =3D"noopener">ExploitDB-49053</a> <a href=3D"https://www.file.net/proces= s/ath_coexagent.exe.html" target=3D"_blank" rel=3D"noopener">Vendor Homepag= e</a> <a href=3D"https://www.boostbyreason.com/resource-file-9102-ath_co= exagent-exe.aspx" target=3D"_blank" rel=3D"noopener">Software Download Link= </a> <a href=3D"https://www.vulncheck.com/advisories/atheros-coex-servic= e-application-zatheros-btwlan-coex-agent-unquoted-service-path" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: Atheros Coex Service Applicatio=
n 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">avalanche123--Cassandra Web</td>
<td>Cassandra Web 0.5.0 contains a directory traversal vulnerability that a= llows unauthenticated attackers to read arbitrary files by manipulating pat=
h traversal parameters. Attackers can exploit the disabled Rack::Protection=
module to read sensitive system files like /etc/passwd and retrieve Apache=
Cassandra database credentials.</td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36939" target=3D= "_blank" rel=3D"noopener">CVE-2020-36939</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49362" target=3D"_blank" rel= =3D"noopener">ExploitDB-49362</a> <a href=3D"https://github.com/avalanch= e123/cassandra-web" target=3D"_blank" rel=3D"noopener">Cassandra Web GitHub=
Repository</a> <a href=3D"https://rubygems.org/gems/cassandra-web/versi= ons/0.5.0" target=3D"_blank" rel=3D"noopener">Cassandra Web RubyGems Packag= e</a> <a href=3D"https://www.vulncheck.com/advisories/cassandra-web-remo= te-file-read" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Cassan= dra Web 0.5.0 - Remote File Read</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Avast--AVAST SecureLine</td>
<td>Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerabil= ity that allows local users to potentially execute code with elevated syste=
m privileges. Attackers can exploit the unquoted path in the service config= uration to inject malicious code that would execute with LocalSystem accoun=
t permissions during service startup.</td>
<td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37037" target=3D= "_blank" rel=3D"noopener">CVE-2020-37037</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48249" target=3D"_blank" rel= =3D"noopener">ExploitDB-48249</a> <a href=3D"https://www.avast.com/" tar= get=3D"_blank" rel=3D"noopener">Avast Official Homepage</a> <a href=3D"h= ttps://www.vulncheck.com/advisories/avast-secureline-secureline-unquoted-se= rvice-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: AVAST Se= cureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">backstage--backstage</td>
<td>Backstage is an open framework for building developer portals, and @bac= kstage/plugin-techdocs-node provides common node.js functionalities for Tec= hDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and = 1.14.1, when TechDocs is configured with `runIn: local`, a malicious actor = who can submit or modify a repository's `mkdocs.yml` file can execute arbit= rary Python code on the TechDocs build server via MkDocs hooks configuratio=
n. @backstage/plugin-techdocs-node versions 1.13.11 and 1.14.1 contain a fi=
x. The fix introduces an allowlist of supported MkDocs configuration keys. = Unsupported configuration keys (including `hooks`) are now removed from `mk= docs.yml` before running the generator, with a warning logged to indicate w= hich keys were removed. Users of `@techdocs/cli` should also upgrade to the=
latest version, which includes the fixed `@backstage/plugin-techdocs-node`=
dependency. Some workarounds are available. Configure TechDocs with `runIn=
: docker` instead of `runIn: local` to provide container isolation, though =
it does not fully mitigate the risk. Limit who can modify `mkdocs.yml` file=
s in repositories that TechDocs processes; only allow trusted contributors.=
Implement PR review requirements for changes to `mkdocs.yml` files to dete=
ct malicious `hooks` configurations before they are merged. Use MkDocs <=
1.4.0 (e.g., 1.3.1) which does not support hooks. Note: This may limit acc= ess to newer MkDocs features. Building documentation in CI/CD pipelines usi=
ng `@techdocs/cli` does not mitigate this vulnerability, as the CLI uses th=
e same vulnerable `@backstage/plugin-techdocs-node` package.</td> <td>2026-01-30</td>
<td>7.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25153" target=3D= "_blank" rel=3D"noopener">CVE-2026-25153</a></td>

<a href=3D"https://github.com/backstage/backstage/security/advisories/GHSA-= 6jr7-99pf-8vgf" target=3D"_blank" rel=3D"noopener">https://github.com/backs= tage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Barcode-Ocr--BarcodeOCR</td>
<td>BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that = allows local attackers to execute code with elevated privileges during syst=
em startup. Attackers can exploit the unquoted path in the service configur= ation to inject malicious executables that will run with LocalSystem privil= eges.</td>
<td>2026-01-29</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37016" target=3D= "_blank" rel=3D"noopener">CVE-2020-37016</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48740" target=3D"_blank" rel= =3D"noopener">ExploitDB-48740</a> <a href=3D"https://www.barcode-ocr.com=
/" target=3D"_blank" rel=3D"noopener">BarcodeOCR Official Homepage</a> <=
a href=3D"https://www.vulncheck.com/advisories/barcodeocr-barcodeocr-unquot= ed-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Bar= codeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">BearshareOfficial--BearShare Lite</td> <td>BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Ad= vanced Search keywords input that allows attackers to execute arbitrary cod=
e. Attackers can craft a specially designed payload to overwrite the EIP re= gister and execute shellcode by pasting malicious content into the search k= eywords field.</td>
<td>2026-01-29</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37010" target=3D= "_blank" rel=3D"noopener">CVE-2020-37010</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48839" target=3D"_blank" rel= =3D"noopener">ExploitDB-48839</a> <a href=3D"http://www.bearshareofficia= l.com/" target=3D"_blank" rel=3D"noopener">Official BearShare Homepage</a><= br><a href=3D"http://www.oldversion.com.de/windows/bearshare-lite-5-2-5" ta= rget=3D"_blank" rel=3D"noopener">BearShare Lite 5.2.5 Download Page</a> =
<a href=3D"https://www.vulncheck.com/advisories/bearshare-lite-advanced-sea= rchbuffer-overflow-in-poc" target=3D"_blank" rel=3D"noopener">VulnCheck Adv= isory: BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in (PoC)</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Beckhoff Automation--Beckhoff.Device.Manager.X= AR</td>
<td>A low privileged remote attacker can execute arbitrary code by sending = specially crafted calls to the web service of the Device Manager or locally=
via an API and can cause integer overflows which then may lead to arbitrar=
y code execution within privileged processes.</td>
<td>2026-01-27</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41726" target=3D= "_blank" rel=3D"noopener">CVE-2025-41726</a></td>

<a href=3D"https://certvde.com/de/advisories/VDE-2025-092" target=3D"_blank=
" rel=3D"noopener">https://certvde.com/de/advisories/VDE-2025-092</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Beckhoff Automation--Beckhoff.Device.Manager.X= AR</td>
<td>A local low privileged attacker can bypass the authentication of the De= vice Manager user interface, allowing them to perform privileged operations=
and gain administrator access.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41727" target=3D= "_blank" rel=3D"noopener">CVE-2025-41727</a></td>

<a href=3D"https://certvde.com/de/advisories/VDE-2025-092" target=3D"_blank=
" rel=3D"noopener">https://certvde.com/de/advisories/VDE-2025-092</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">bentoml--BentoML</td>
<td>BentoML is a Python library for building online serving systems optimiz=
ed for AI apps and model inference. Prior to version 1.4.34, BentoML's `ben= tofile.yaml` configuration allows path traversal attacks through multiple f= ile path fields (`description`, `docker.setup_script`, `docker.dockerfile_t= emplate`, `conda.environment_yml`). An attacker can craft a malicious bento= file that, when built by a victim, exfiltrates arbitrary files from the fil= esystem into the bento archive. This enables supply chain attacks where sen= sitive files (SSH keys, credentials, environment variables) are silently em= bedded in bentos and exposed when pushed to registries or deployed. Version=
1.4.34 contains a patch for the issue.</td>
<td>2026-01-26</td>
<td>7.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24123" target=3D= "_blank" rel=3D"noopener">CVE-2026-24123</a></td>

<a href=3D"https://github.com/bentoml/BentoML/security/advisories/GHSA-6r62= -w2q3-48hf" target=3D"_blank" rel=3D"noopener">https://github.com/bentoml/B= entoML/security/advisories/GHSA-6r62-w2q3-48hf</a> <a href=3D"https://gi= thub.com/bentoml/BentoML/commit/84d08cfeb40c5f2ce71b3d3444bbaa0fb16b5ca4" t= arget=3D"_blank" rel=3D"noopener">https://github.com/bentoml/BentoML/commit= /84d08cfeb40c5f2ce71b3d3444bbaa0fb16b5ca4</a> <a href=3D"https://github.= com/bentoml/BentoML/releases/tag/v1.4.34" target=3D"_blank" rel=3D"noopener= ">https://github.com/bentoml/BentoML/releases/tag/v1.4.34</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">bloompixel--TableMaster for Elementor Advanced=
Responsive Tables for Elementor</td>
<td>The TableMaster for Elementor plugin for WordPress is vulnerable to Ser= ver-Side Request Forgery in all versions up to, and including, 1.3.6. This =
is due to the plugin not restricting which URLs can be fetched when importi=
ng CSV data from a URL in the Data Table widget. This makes it possible for=
authenticated attackers, with Author-level access and above, to make web r= equests to arbitrary locations, including localhost and internal network se= rvices, and read sensitive files such as wp-config.php via the 'csv_url' pa= rameter.</td>
<td>2026-01-28</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14610" target=3D= "_blank" rel=3D"noopener">CVE-2025-14610</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/ef07d6= b0-ccdb-4b33-817f-6d4b3ad96243?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/ef07d6b0-ccd= b-4b33-817f-6d4b3ad96243?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/tablemaster-for-elementor/trunk/modules/data-table/= widgets/data-table.php#L446" target=3D"_blank" rel=3D"noopener">https://plu= gins.trac.wordpress.org/browser/tablemaster-for-elementor/trunk/modules/dat= a-table/widgets/data-table.php#L446</a> <a href=3D"https://plugins.trac.= wordpress.org/browser/tablemaster-for-elementor/tags/1.3.6/modules/data-tab= le/widgets/data-table.php#L446" target=3D"_blank" rel=3D"noopener">https://= plugins.trac.wordpress.org/browser/tablemaster-for-elementor/tags/1.3.6/mod= ules/data-table/widgets/data-table.php#L446</a> <a href=3D"https://plugi= ns.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old= =3D3442158%40tablemaster-for-elementor&new=3D3442158%40tablemaster-for-elem= entor&sfp_email=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https:/= /plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D= &old=3D3442158%40tablemaster-for-elementor&new=3D3442158%40tablemaster-for-= elementor&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Broadcom--Symantec Web Security Services Agent= </td>
<td>WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privile=
ge vulnerability, which is a type of issue whereby an attacker may attempt =
to compromise the software application to gain elevated access to resources=
that are normally protected from an application or user.</td> <td>2026-01-28</td>
<td>7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13917" target=3D= "_blank" rel=3D"noopener">CVE-2025-13917</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36778" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36778</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">C4illin--ConvertX</td>
<td>ConvertXis a self-hosted online file converter. In versions prior to 0.= 17.0, the `POST /delete` endpoint uses a user-controlled `filename` value t=
o construct a filesystem path and deletes it via `unlink` without sufficien=
t validation. By supplying path traversal sequences (e.g., `../`), an attac= ker can delete arbitrary files outside the intended uploads directory, limi= ted only by the permissions of the server process. Version 0.17.0 fixes the=
issue.</td>
<td>2026-01-27</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24741" target=3D= "_blank" rel=3D"noopener">CVE-2026-24741</a></td>

<a href=3D"https://github.com/C4illin/ConvertX/security/advisories/GHSA-w37= 2-w6cr-45jp" target=3D"_blank" rel=3D"noopener">https://github.com/C4illin/= ConvertX/security/advisories/GHSA-w372-w6cr-45jp</a> <a href=3D"https://= github.com/C4illin/ConvertX/commit/7a936bdc0463936463616381ca257b13babc5e77=
" target=3D"_blank" rel=3D"noopener">https://github.com/C4illin/ConvertX/co= mmit/7a936bdc0463936463616381ca257b13babc5e77</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ChurchCRM--CRM</td>
<td>ChurchCRM is an open-source church management system. A SQL Injection v= ulnerability exists in endpoint `/PaddleNumEditor.php` in ChurchCRM prior t=
o version 6.7.2. Any authenticated user, including one with zero assigned p= ermissions, can exploit SQL injection through the `PerID` parameter. Versio=
n 6.7.2 contains a patch for the issue.</td>
<td>2026-01-30</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24854" target=3D= "_blank" rel=3D"noopener">CVE-2026-24854</a></td>

<a href=3D"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-p3q7-q= 68q-h2gr" target=3D"_blank" rel=3D"noopener">https://github.com/ChurchCRM/C= RM/security/advisories/GHSA-p3q7-q68q-h2gr</a> <a href=3D"http://github.= com/ChurchCRM/CRM/commit/748f5084fc06c5e12463dc7fdd62d1d31fc08d38" target= =3D"_blank" rel=3D"noopener">http://github.com/ChurchCRM/CRM/commit/748f508= 4fc06c5e12463dc7fdd62d1d31fc08d38</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cleanersoft Software--Free MP3 CD Ripper</td> <td>Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability t= hat allows remote attackers to execute arbitrary code by crafting a malicio=
us WAV file with oversized payload. Attackers can leverage a specially craf= ted exploit file with shellcode, SEH bypass, and egghunter technique to ach= ieve remote code execution on vulnerable Windows systems.</td> <td>2026-01-29</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37000" target=3D= "_blank" rel=3D"noopener">CVE-2020-37000</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48696" target=3D"_blank" rel= =3D"noopener">ExploitDB-48696</a> <a href=3D"https://www.cleanersoft.com=
" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"http= s://www.vulncheck.com/advisories/free-mp-cd-ripper-stack-buffer-overflow-se= h-egghunter" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Free MP=
3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">code-projects--Online Examination System</td> <td>A vulnerability was found in code-projects Online Examination System 1.=
0. Affected by this vulnerability is an unknown functionality of the file /= index.php of the component Login Page. Performing a manipulation of the arg= ument User results in sql injection. The attack is possible to be carried o=
ut remotely. The exploit has been made public and could be used.</td> <td>2026-01-26</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1422" target=3D"= _blank" rel=3D"noopener">CVE-2026-1422</a></td>

<a href=3D"https://vuldb.com/?id.342838" target=3D"_blank" rel=3D"noopener"= >VDB-342838 | code-projects Online Examination System Login Page index.php = sql injection</a> <a href=3D"https://vuldb.com/?ctiid.342838" target=3D"= _blank" rel=3D"noopener">VDB-342838 | CTI Indicators (IOB, IOC, TTP, IOA)</= a> <a href=3D"https://vuldb.com/?submit.736606" target=3D"_blank" rel=3D= "noopener">Submit #736606 | code-projects Online Examination System 1 SQL I= njection</a> <a href=3D"https://github.com/geo-chen/code-projects/blob/m= ain/Online%20Examination%20System%20In%20PHP%20With%20Source%20Code.md#find= ing-2-sql-injection-on-login-page" target=3D"_blank" rel=3D"noopener">https= ://github.com/geo-chen/code-projects/blob/main/Online%20Examination%20Syste= m%20In%20PHP%20With%20Source%20Code.md#finding-2-sql-injection-on-login-pag= e</a> <a href=3D"https://code-projects.org/" target=3D"_blank" rel=3D"no= opener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Music Site</td>
<td>A flaw has been found in code-projects Online Music Site 1.0. Affected =
by this issue is some unknown functionality of the file /Administrator/PHP/= AdminDeleteUser.php. This manipulation of the argument ID causes sql inject= ion. The attack can be initiated remotely. The exploit has been published a=
nd may be used.</td>
<td>2026-01-26</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1443" target=3D"= _blank" rel=3D"noopener">CVE-2026-1443</a></td>

<a href=3D"https://vuldb.com/?id.342872" target=3D"_blank" rel=3D"noopener"= >VDB-342872 | code-projects Online Music Site AdminDeleteUser.php sql injec= tion</a> <a href=3D"https://vuldb.com/?ctiid.342872" target=3D"_blank" r= el=3D"noopener">VDB-342872 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a = href=3D"https://vuldb.com/?submit.736967" target=3D"_blank" rel=3D"noopener= ">Submit #736967 | code-projects Online Music Site V1.0 SQL Injection</a><b= r><a href=3D"https://github.com/Volije/cve/issues/1" target=3D"_blank" rel= =3D"noopener">https://github.com/Volije/cve/issues/1</a> <a href=3D"http= s://code-projects.org/" target=3D"_blank" rel=3D"noopener">https://code-pro= jects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Music Site</td>
<td>A weakness has been identified in code-projects Online Music Site 1.0. = This affects an unknown function of the file /Administrator/PHP/AdminEditUs= er.php. This manipulation of the argument ID causes sql injection. It is po= ssible to initiate the attack remotely. The exploit has been made available=
to the public and could be used for attacks.</td>
<td>2026-01-28</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1534" target=3D"= _blank" rel=3D"noopener">CVE-2026-1534</a></td>

<a href=3D"https://vuldb.com/?id.343220" target=3D"_blank" rel=3D"noopener"= >VDB-343220 | code-projects Online Music Site AdminEditUser.php sql injecti= on</a> <a href=3D"https://vuldb.com/?ctiid.343220" target=3D"_blank" rel= =3D"noopener">VDB-343220 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.738705" target=3D"_blank" rel=3D"noopener">= Submit #738705 | Code-Projects ONLINE MUSIC SITE V1.0 SQL injection</a> =
<a href=3D"https://github.com/yuji0903/silver-guide/issues/3" target=3D"_bl= ank" rel=3D"noopener">https://github.com/yuji0903/silver-guide/issues/3</a>= <a href=3D"https://code-projects.org/" target=3D"_blank" rel=3D"noopene= r">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Music Site</td>
<td>A security vulnerability has been detected in code-projects Online Musi=
c Site 1.0. This impacts an unknown function of the file /Administrator/PHP= /AdminReply.php. Such manipulation of the argument ID leads to sql injectio=
n. It is possible to launch the attack remotely. The exploit has been discl= osed publicly and may be used.</td>
<td>2026-01-28</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1535" target=3D"= _blank" rel=3D"noopener">CVE-2026-1535</a></td>

<a href=3D"https://vuldb.com/?id.343221" target=3D"_blank" rel=3D"noopener"= >VDB-343221 | code-projects Online Music Site AdminReply.php sql injection<= /a> <a href=3D"https://vuldb.com/?ctiid.343221" target=3D"_blank" rel=3D= "noopener">VDB-343221 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.738706" target=3D"_blank" rel=3D"noopener">Su= bmit #738706 | Code-Projects ONLINE MUSIC SITE V1.0 SQL injection</a> <a=
href=3D"https://github.com/yuji0903/silver-guide/issues/4" target=3D"_blan=
k" rel=3D"noopener">https://github.com/yuji0903/silver-guide/issues/4</a><b= r><a href=3D"https://code-projects.org/" target=3D"_blank" rel=3D"noopener"= >https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Code::Blocks--Code::Blocks</td>
<td>Code Blocks 17.12 contains a local buffer overflow vulnerability that a= llows attackers to execute arbitrary code by crafting a malicious file name=
with Unicode characters. Attackers can trigger the vulnerability by pastin=
g a specially crafted payload into the file name field during project creat= ion, potentially executing system commands like calc.exe.</td> <td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37040" target=3D= "_blank" rel=3D"noopener">CVE-2020-37040</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48594" target=3D"_blank" rel= =3D"noopener">ExploitDB-48594</a> <a href=3D"http://www.codeblocks.org/"=
target=3D"_blank" rel=3D"noopener">Code Blocks Official Website</a> <a = href=3D"https://sourceforge.net/projects/codeblocks" target=3D"_blank" rel= =3D"noopener">Code Blocks SourceForge Page</a> <a href=3D"https://www.vu= lncheck.com/advisories/code-blocks-file-name-local-buffer-overflow" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: Code Blocks 17.12 - 'File = Name' Local Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Code::Blocks--Code::Blocks</td>
<td>Code Blocks 20.03 contains a denial of service vulnerability that allow=
s attackers to crash the application by manipulating input in the FSymbols = search field. Attackers can paste a large payload of 5000 repeated characte=
rs into the search field to trigger an application crash.</td> <td>2026-01-30</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37038" target=3D= "_blank" rel=3D"noopener">CVE-2020-37038</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48617" target=3D"_blank" rel= =3D"noopener">ExploitDB-48617</a> <a href=3D"http://www.codeblocks.org/"=
target=3D"_blank" rel=3D"noopener">Code Blocks Official Homepage</a> <a=
href=3D"https://sourceforge.net/projects/codeblocks" target=3D"_blank" rel= =3D"noopener">Code Blocks SourceForge Page</a> <a href=3D"https://www.vu= lncheck.com/advisories/code-blocks-denial-of-service" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: Code Blocks 20.03 - Denial Of Service</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">codexcube--Ultimate Project Manager CRM PRO</t=

<td>Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection v= ulnerability that allows attackers to extract usernames and password hashes=
from the tbl_users database table. Attackers can exploit the /frontend/get= _article_suggestion/ endpoint by crafting malicious search parameters to pr= ogressively guess and retrieve user credentials through boolean-based infer= ence techniques.</td>
<td>2026-01-29</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37004" target=3D= "_blank" rel=3D"noopener">CVE-2020-37004</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48912" target=3D"_blank" rel= =3D"noopener">ExploitDB-48912</a> <a href=3D"https://ultimatepro.codexcu= be.com/" target=3D"_blank" rel=3D"noopener">Ultimate Project Manager CRM PR=
O Vendor Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/ul= timate-project-manager-crm-pro-sqli-credentials-leakage" target=3D"_blank" = rel=3D"noopener">VulnCheck Advisory: Ultimate Project Manager CRM PRO 2.0.5=
- SQLi Credentials Leakage</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Codriapp Innovation and Software Technologies = Inc.--HeyGarson</td>
<td>Generation of Error Message Containing Sensitive Information vulnerabil= ity in Codriapp Innovation and Software Technologies Inc. HeyGarson allows = Fuzzing for application mapping. This issue affects HeyGarson: through 3001= 2026. NOTE: The vendor was contacted several times to verifying fixing proc= ess but did not respond in any way.</td>
<td>2026-01-30</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-1395" target=3D"= _blank" rel=3D"noopener">CVE-2025-1395</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0009" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0009</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">crm-now GmbH--berliCRM</td>
<td>berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_reco= rd' parameter that allows remote attackers to manipulate database queries. = Attackers can inject malicious SQL code through a crafted POST request to t=
he index.php endpoint to potentially extract or modify database information= .</td>
<td>2026-01-29</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37006" target=3D= "_blank" rel=3D"noopener">CVE-2020-37006</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48872" target=3D"_blank" rel= =3D"noopener">ExploitDB-48872</a> <a href=3D"https://www.berlicrm.de" ta= rget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://= www.vulncheck.com/advisories/berlicrm-srcrecord-sql-injection" target=3D"_b= lank" rel=3D"noopener">VulnCheck Advisory: berliCRM 1.0.24 - 'src_record' S=
QL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Crystal Shard--http-protection</td>
<td>Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerabili=
ty that allows attackers to bypass protection middleware by manipulating re= quest headers. Attackers can hardcode consistent IP values across X-Forward= ed-For, X-Client-IP, and X-Real-IP headers to circumvent security checks an=
d gain unauthorized access.</td>
<td>2026-01-30</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37056" target=3D= "_blank" rel=3D"noopener">CVE-2020-37056</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48533" target=3D"_blank" rel= =3D"noopener">ExploitDB-48533</a> <a href=3D"https://github.com/rogerioz= ambon/http-protection" target=3D"_blank" rel=3D"noopener">HTTP Protection C= rystal Shard Repository</a> <a href=3D"https://www.vulncheck.com/advisor= ies/crystal-shard-http-protection-ip-spoofing-bypass" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: Crystal Shard http-protection 0.2.0 - IP = Spoofing Bypass</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-615</td>
<td>A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts=
an unknown function of the file /wiz_policy_3_machine.php of the component=
Web Management Interface. Performing a manipulation of the argument ipaddr=
results in os command injection. It is possible to initiate the attack rem= otely. The exploit is now public and may be used. This vulnerability only a= ffects products that are no longer supported by the maintainer.</td> <td>2026-01-26</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1448" target=3D"= _blank" rel=3D"noopener">CVE-2026-1448</a></td>

<a href=3D"https://vuldb.com/?id.342880" target=3D"_blank" rel=3D"noopener"= >VDB-342880 | D-Link DIR-615 Web Management wiz_policy_3_machine.php os com= mand injection</a> <a href=3D"https://vuldb.com/?ctiid.342880" target=3D= "_blank" rel=3D"noopener">VDB-342880 | CTI Indicators (IOB, IOC, TTP, IOA)<= /a> <a href=3D"https://vuldb.com/?submit.737006" target=3D"_blank" rel= =3D"noopener">Submit #737006 | Dlink DIR615 Firmware v4.10 and earlier (DIR= -615 Rev D) OS Command Injection</a> <a href=3D"https://pentagonal-time-= 3a7.notion.site/DIR-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=3D73" ta= rget=3D"_blank" rel=3D"noopener">https://pentagonal-time-3a7.notion.site/DI= R-615-v4-10-2e7e5dd4c5a580a5aac5c8ce35933396?pvs=3D73</a> <a href=3D"htt= ps://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.c= om/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-615</td>
<td>A vulnerability was found in D-Link DIR-615 4.10. This issue affects so=
me unknown processing of the file /set_temp_nodes.php of the component URL = Filter. The manipulation results in os command injection. The attack can be=
executed remotely. The exploit has been made public and could be used. Thi=
s vulnerability only affects products that are no longer supported by the m= aintainer.</td>
<td>2026-01-28</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1505" target=3D"= _blank" rel=3D"noopener">CVE-2026-1505</a></td>

<a href=3D"https://vuldb.com/?id.343117" target=3D"_blank" rel=3D"noopener"= >VDB-343117 | D-Link DIR-615 URL Filter set_temp_nodes.php os command injec= tion</a> <a href=3D"https://vuldb.com/?ctiid.343117" target=3D"_blank" r= el=3D"noopener">VDB-343117 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a = href=3D"https://vuldb.com/?submit.737061" target=3D"_blank" rel=3D"noopener= ">Submit #737061 | Dlink DIR-615 v4.10 OS Command Injection</a> <a href= =3D"https://pentagonal-time-3a7.notion.site/D-Link-DIR-615-2e7e5dd4c5a58010= 9a14fdeb6f105cd6" target=3D"_blank" rel=3D"noopener">https://pentagonal-tim= e-3a7.notion.site/D-Link-DIR-615-2e7e5dd4c5a580109a14fdeb6f105cd6</a> <a=
href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https:/= /www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-615</td>
<td>A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an u= nknown function of the file /adv_mac_filter.php of the component MAC Filter=
Configuration. This manipulation of the argument mac causes os command inj= ection. The attack is possible to be carried out remotely. The exploit has = been publicly disclosed and may be utilized. This vulnerability only affect=
s products that are no longer supported by the maintainer.</td> <td>2026-01-28</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1506" target=3D"= _blank" rel=3D"noopener">CVE-2026-1506</a></td>

<a href=3D"https://vuldb.com/?id.343118" target=3D"_blank" rel=3D"noopener"= >VDB-343118 | D-Link DIR-615 MAC Filter Configuration adv_mac_filter.php os=
command injection</a> <a href=3D"https://vuldb.com/?ctiid.343118" targe= t=3D"_blank" rel=3D"noopener">VDB-343118 | CTI Indicators (IOB, IOC, TTP, I= OA)</a> <a href=3D"https://vuldb.com/?submit.737078" target=3D"_blank" r= el=3D"noopener">Submit #737078 | Dlink DIR-615 v4.10 OS Command Injection</= a> <a href=3D"https://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER= -2e7e5dd4c5a58091b027f50271cc7c6a" target=3D"_blank" rel=3D"noopener">https= ://pentagonal-time-3a7.notion.site/DIR-615-MAC_FILTER-2e7e5dd4c5a58091b027f= 50271cc7c6a</a> <a href=3D"https://www.dlink.com/" target=3D"_blank" rel= =3D"noopener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dassault Systmes--SOLIDWORKS eDrawings</td>
<td>A Heap-based Buffer Overflow vulnerability affecting the EPRT file read= ing procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through = Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary code w= hile opening a specially crafted EPRT file.</td>
<td>2026-01-26</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1283" target=3D"= _blank" rel=3D"noopener">CVE-2026-1283</a></td>

<a href=3D"https://www.3ds.com/trust-center/security/security-advisories/cv= e-2026-1283" target=3D"_blank" rel=3D"noopener">https://www.3ds.com/trust-c= enter/security/security-advisories/cve-2026-1283</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dassault Systmes--SOLIDWORKS eDrawings</td>
<td>An Out-Of-Bounds Write vulnerability affecting the EPRT file reading pr= ocedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Releas=
e SOLIDWORKS 2026 could allow an attacker to execute arbitrary code while o= pening a specially crafted EPRT file.</td>
<td>2026-01-26</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1284" target=3D"= _blank" rel=3D"noopener">CVE-2026-1284</a></td>

<a href=3D"https://www.3ds.com/trust-center/security/security-advisories/cv= e-2026-1284" target=3D"_blank" rel=3D"noopener">https://www.3ds.com/trust-c= enter/security/security-advisories/cve-2026-1284</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Deepinstinct--Deep Instinct Windows Agent</td> <td>Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path = vulnerability in the DeepMgmtService that allows local users to potentially=
execute code with elevated privileges. Attackers can exploit the unquoted = path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malici= ous code that would execute with LocalSystem permissions during service sta= rtup.</td>
<td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37047" target=3D= "_blank" rel=3D"noopener">CVE-2020-37047</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48174" target=3D"_blank" rel= =3D"noopener">ExploitDB-48174</a> <a href=3D"https://www.deepinstinct.co= m/" target=3D"_blank" rel=3D"noopener">Deep Instinct Official Homepage</a><= br><a href=3D"https://www.vulncheck.com/advisories/deep-instinct-windows-ag= ent-deepmgmtservice-unquoted-service-path" target=3D"_blank" rel=3D"noopene= r">VulnCheck Advisory: Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtServ= ice' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dell--CloudBoost Virtual Appliance</td>
<td>Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contain=
s a Plaintext Storage of Password vulnerability. A high privileged attacker=
with remote access could potentially exploit this vulnerability, leading t=
o Elevation of privileges.</td>
<td>2026-01-27</td>
<td>7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21417" target=3D= "_blank" rel=3D"noopener">CVE-2026-21417</a></td>

<a href=3D"https://www.dell.com/support/kbdoc/en-us/000419894/dsa-2026-025-= security-update-for-dell-cloudboost-virtual-appliance-multiple-vulnerabilit= ies" target=3D"_blank" rel=3D"noopener">https://www.dell.com/support/kbdoc/= en-us/000419894/dsa-2026-025-security-update-for-dell-cloudboost-virtual-ap= pliance-multiple-vulnerabilities</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dell--PremierColor</td>
<td>Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains=
an Improper Access Control vulnerability. A low privileged attacker with l= ocal access could potentially exploit this vulnerability, leading to Elevat= ion of Privileges.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-46691" target=3D= "_blank" rel=3D"noopener">CVE-2025-46691</a></td>

<a href=3D"https://www.dell.com/support/kbdoc/en-us/000394670/dsa-2025-444?= lang=3Den" target=3D"_blank" rel=3D"noopener">https://www.dell.com/support/= kbdoc/en-us/000394670/dsa-2025-444?lang=3Den</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dell--Unity</td>
<td>Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutrali= zation of Special Elements used in an OS Command ('OS Command Injection') v= ulnerability. A low privileged attacker with local access could potentially=
exploit this vulnerability, leading to arbitrary command execution with ro=
ot privileges.</td>
<td>2026-01-30</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21418" target=3D= "_blank" rel=3D"noopener">CVE-2026-21418</a></td>

<a href=3D"https://www.dell.com/support/kbdoc/en-us/000421197/dsa-2026-054-= security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-upd= ate-for-multiple-vulnerabilities" target=3D"_blank" rel=3D"noopener">https:= //www.dell.com/support/kbdoc/en-us/000421197/dsa-2026-054-security-update-f= or-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-= vulnerabilities</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dell--UnityVSA</td>
<td>Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutral= ization of Special Elements used in an OS Command ('OS Command Injection') = vulnerability. A low privileged attacker with local access could potentiall=
y exploit this vulnerability, leading to arbitrary command execution with r= oot privileges.</td>
<td>2026-01-30</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22277" target=3D= "_blank" rel=3D"noopener">CVE-2026-22277</a></td>

<a href=3D"https://www.dell.com/support/kbdoc/en-us/000421197/dsa-2026-054-= security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-upd= ate-for-multiple-vulnerabilities" target=3D"_blank" rel=3D"noopener">https:= //www.dell.com/support/kbdoc/en-us/000421197/dsa-2026-054-security-update-f= or-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-= vulnerabilities</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Delta Electronics--ASDA-Soft</td>
<td>ASDA-Soft Stack-based Buffer Overflow Vulnerability</td> <td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1361" target=3D"= _blank" rel=3D"noopener">CVE-2026-1361</a></td>

<a href=3D"https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026= -00003_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2= 026-1361).pdf" target=3D"_blank" rel=3D"noopener">https://filecenter.deltaw= w.com/news/download/doc/Delta-PCSA-2026-00003_ASDA-Soft%20Stack-based%20Buf= fer%20Overflow%20Vulnerability%20(CVE-2026-1361).pdf</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack = proper checking for ownership before making changes. This issue is patched =
in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds=
are available.</td>
<td>2026-01-28</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68479" target=3D= "_blank" rel=3D"noopener">CVE-2025-68479</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= 6gjr-5897-m327" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-6gjr-5897-m327</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in Fi= nalDestination could allow bypassing SSRF protections under certain conditi= ons. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 202= 6.1.0. No known workarounds are available.</td>
<td>2026-01-28</td>
<td>7.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68662" target=3D= "_blank" rel=3D"noopener">CVE-2025-68662</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= gcfp-rjfc-925c" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-gcfp-rjfc-925c</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dnnsoftware--Dnn.Platform</td>
<td>DNN (formerly DotNetNuke) is an open-source web content management plat= form (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0=
, module title supports richtext which could include scripts that would exe= cute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for th=
e issue.</td>
<td>2026-01-27</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24838" target=3D= "_blank" rel=3D"noopener">CVE-2026-24838</a></td>

<a href=3D"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/= GHSA-w9pf-h6m6-v89h" target=3D"_blank" rel=3D"noopener">https://github.com/= dnnsoftware/Dnn.Platform/security/advisories/GHSA-w9pf-h6m6-v89h</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">dnnsoftware--Dnn.Platform</td>
<td>DNN (formerly DotNetNuke) is an open-source web content management plat= form (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0=
, a module could install with richtext in its description field which could=
contain scripts that will run for user in the Persona Bar. Versions 9.13.1=
0 and 10.2.0 contain a fix for the issue.</td>
<td>2026-01-27</td>
<td>7.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24833" target=3D= "_blank" rel=3D"noopener">CVE-2026-24833</a></td>

<a href=3D"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/= GHSA-9r3h-mpf8-25gj" target=3D"_blank" rel=3D"noopener">https://github.com/= dnnsoftware/Dnn.Platform/security/advisories/GHSA-9r3h-mpf8-25gj</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">dnnsoftware--Dnn.Platform</td>
<td>DNN (formerly DotNetNuke) is an open-source web content management plat= form (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior =
to versions 9.13.10 and 10.2.0, extensions could write richtext in log note=
s which can include scripts that would run in the PersonaBar when displayed=
. Versions 9.13.10 and 10.2.0 contain a fix for the issue.</td> <td>2026-01-27</td>
<td>7.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24836" target=3D= "_blank" rel=3D"noopener">CVE-2026-24836</a></td>

<a href=3D"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/= GHSA-2g5g-hcgh-q3rp" target=3D"_blank" rel=3D"noopener">https://github.com/= dnnsoftware/Dnn.Platform/security/advisories/GHSA-2g5g-hcgh-q3rp</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">dnnsoftware--Dnn.Platform</td>
<td>DNN (formerly DotNetNuke) is an open-source web content management plat= form (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior =
to versions 9.13.10 and 10.2.0, a module friendly name could include script=
s that will run during some module operations in the Persona Bar. Versions = 9.13.10 and 10.2.0 contain a fix for the issue.</td>
<td>2026-01-27</td>
<td>7.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24837" target=3D= "_blank" rel=3D"noopener">CVE-2026-24837</a></td>

<a href=3D"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/= GHSA-vm5q-8qww-h238" target=3D"_blank" rel=3D"noopener">https://github.com/= dnnsoftware/Dnn.Platform/security/advisories/GHSA-vm5q-8qww-h238</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Dokploy--dokploy</td>
<td>Dokploy is a free, self-hostable Platform as a Service (PaaS). In versi= ons prior to 0.26.6, a critical command injection vulnerability exists in D= okploy's WebSocket endpoint `/docker-container-terminal`. The `containerId`=
and `activeWay` parameters are directly interpolated into shell commands w= ithout sanitization, allowing authenticated attackers to execute arbitrary = commands on the host server. Version 0.26.6 fixes the issue.</td> <td>2026-01-28</td>
<td>9.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24841" target=3D= "_blank" rel=3D"noopener">CVE-2026-24841</a></td>

<a href=3D"https://github.com/Dokploy/dokploy/security/advisories/GHSA-vx6x= -6559-x35r" target=3D"_blank" rel=3D"noopener">https://github.com/Dokploy/d= okploy/security/advisories/GHSA-vx6x-6559-x35r</a> <a href=3D"https://gi= thub.com/Dokploy/dokploy/commit/74e0bd5fe3ef7199f44fcd19c6f5a2f09b806d6f" t= arget=3D"_blank" rel=3D"noopener">https://github.com/Dokploy/dokploy/commit= /74e0bd5fe3ef7199f44fcd19c6f5a2f09b806d6f</a> <a href=3D"https://github.= com/Dokploy/dokploy/blob/canary/apps/dokploy/server/wss/docker-container-te= rminal.ts" target=3D"_blank" rel=3D"noopener">https://github.com/Dokploy/do= kploy/blob/canary/apps/dokploy/server/wss/docker-container-terminal.ts</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Dokploy--dokploy</td>
<td>Dokploy is a free, self-hostable Platform as a Service (PaaS). In versi= ons prior to 0.26.6, a hardcoded credential in the provided installation sc= ript (located at https://dokploy.com/install.sh, line 154) uses a hardcoded=
password when creating the database container. This means that nearly all = Dokploy installations use the same database credentials and could be compro= mised. Version 0.26.6 contains a patch for the issue.</td>
<td>2026-01-28</td>
<td>8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24840" target=3D= "_blank" rel=3D"noopener">CVE-2026-24840</a></td>

<a href=3D"https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65= -3j3w-gjmc" target=3D"_blank" rel=3D"noopener">https://github.com/Dokploy/d= okploy/security/advisories/GHSA-jr65-3j3w-gjmc</a> <a href=3D"https://gi= thub.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d" t= arget=3D"_blank" rel=3D"noopener">https://github.com/Dokploy/dokploy/commit= /b902c160a256ad345ac687c87eb092f1fab2c64d</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Drive-Software--Atomic Alarm Clock x86</td> <td>Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerabil= ity in its service configuration that allows attackers to execute arbitrary=
code with SYSTEM privileges. Attackers can exploit the unquoted service pa=
th by placing a malicious executable named 'Program.exe' to gain persistent=
system-level access.</td>
<td>2026-01-30</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37060" target=3D= "_blank" rel=3D"noopener">CVE-2020-37060</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48352" target=3D"_blank" rel= =3D"noopener">ExploitDB-48352</a> <a href=3D"http://www.drive-software.c= om" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/atomic-alarm-clock-x-atomicalarmclock-un= quoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory:=
Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Dummysoftware--BacklinkSpeed</td> <td>BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows = attackers to corrupt the Structured Exception Handler (SEH) chain through m= alicious file import. Attackers can craft a specially designed payload file=
to overwrite SEH addresses, potentially executing arbitrary code and gaini=
ng control of the application.</td>
<td>2026-01-29</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36997" target=3D= "_blank" rel=3D"noopener">CVE-2020-36997</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48726" target=3D"_blank" rel= =3D"noopener">ExploitDB-48726</a> <a href=3D"http://www.dummysoftware.co=
m" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"htt= p://www.dummysoftware.com/backlinkspeed.html" target=3D"_blank" rel=3D"noop= ener">Software Download Page</a> <a href=3D"https://www.vulncheck.com/ad= visories/backlinkspeed-buffer-overflow-poc-seh" target=3D"_blank" rel=3D"no= opener">VulnCheck Advisory: BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Eclipse Foundation--Eclipse Theia - Website</t=

<td>In the Eclipse Theia Website repository, the GitHub Actions workflow .g= ithub/workflows/preview.yml used pull_request_target trigger while checking=
out and executing untrusted pull request code. This allowed any GitHub use=
r to execute arbitrary code in the repository's CI environment with access =
to repository secrets and a GITHUB_TOKEN with extensive write permissions (= contents:write, packages:write, pages:write, actions:write). An attacker co= uld exfiltrate secrets, publish malicious packages to the eclipse-theia org= anization, modify the official Theia website, and push malicious code to th=
e repository.</td>
<td>2026-01-30</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1699" target=3D"= _blank" rel=3D"noopener">CVE-2026-1699</a></td>

<a href=3D"https://gitlab.eclipse.org/security/vulnerability-reports/-/issu= es/332" target=3D"_blank" rel=3D"noopener">https://gitlab.eclipse.org/secur= ity/vulnerability-reports/-/issues/332</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Eclipse Foundation--Eclipse ThreadX</td>
<td>The vulnerability stems from an incorrect error-checking logic in the C= reateCounter()=C2=A0function (in threadx/utility/rtos_compatibility_layers/= OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Speci= fically, the current code checks if cntr_id=C2=A0equals 0u=C2=A0to determin=
e failure, but @osek_get_counter()=C2=A0actually returns E_OS_SYS_STACK=C2= =A0(defined as 12U) when it fails. This mismatch causes the error branch to=
never execute even when the counter pool is exhausted. As a result, when t=
he counter pool is depleted, the code proceeds to cast the error code (12U)=
to a pointer (OSEK_COUNTER *), creating a wild pointer. Subsequent writes =
to members of this pointer lead to writes to illegal memory addresses (e.g.=
, 0x0000000C), which can trigger immediate HardFaults or silent memory corr= uption. This vulnerability poses significant risks, including potential den= ial-of-service attacks (via repeated calls to exhaust the counter pool) and=
unauthorized memory access.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0648" target=3D"= _blank" rel=3D"noopener">CVE-2026-0648</a></td>

<a href=3D"https://github.com/eclipse-threadx/threadx/security/advisories/G= HSA-xj75-fc68-h4rw" target=3D"_blank" rel=3D"noopener">https://github.com/e= clipse-threadx/threadx/security/advisories/GHSA-xj75-fc68-h4rw</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Elaniin--Elaniin CMS</td>
<td>Elaniin CMS 1.0 contains an authentication bypass vulnerability that al= lows attackers to access the dashboard by manipulating the login page with = SQL injection. Attackers can bypass authentication by sending crafted email=
and password parameters with '=3D''or' payload to login.php, granting unau= thorized access to the system.</td>
<td>2026-01-29</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36999" target=3D= "_blank" rel=3D"noopener">CVE-2020-36999</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48705" target=3D"_blank" rel= =3D"noopener">ExploitDB-48705</a> <a href=3D"https://elaniin.com/" targe= t=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://git= hub.com/elaniin/CMS" target=3D"_blank" rel=3D"noopener">Elaniin CMS GitHub = Repository</a> <a href=3D"https://www.vulncheck.com/advisories/elaniin-c= ms-authentication-bypass" target=3D"_blank" rel=3D"noopener">VulnCheck Advi= sory: elaniin CMS 1.0 - Authentication Bypass</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Elektraweb--EasyPMS</td>
<td>EasyPMS 1.0.0 contains an authentication bypass vulnerability that allo=
ws unprivileged users to manipulate SQL queries in JSON requests to access = admin user information. Attackers can exploit weak input validation by inje= cting single quotes in ID parameters and modify admin user passwords withou=
t proper token authentication.</td>
<td>2026-01-29</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37008" target=3D= "_blank" rel=3D"noopener">CVE-2020-37008</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48858" target=3D"_blank" rel= =3D"noopener">ExploitDB-48858</a> <a href=3D"https://www.elektraweb.com/= en/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"h= ttps://www.vulncheck.com/advisories/easypms-authentication-bypass" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: EasyPMS 1.0.0 - Authentica= tion Bypass</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Enigmasoftware--SpyHunter</td>
<td>SpyHunter 4 contains an unquoted service path vulnerability that allows=
local users to potentially execute arbitrary code with elevated system pri= vileges. Attackers can exploit the unquoted service path by placing malicio=
us executables in specific file system locations to gain elevated access du= ring service startup.</td>
<td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37055" target=3D= "_blank" rel=3D"noopener">CVE-2020-37055</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48172" target=3D"_blank" rel= =3D"noopener">ExploitDB-48172</a> <a href=3D"https://www.enigmasoftware.= com" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"h= ttps://www.vulncheck.com/advisories/spyhunter-spyhunter-service-unquoted-se= rvice-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: SpyHunte=
r 4 - 'SpyHunter 4 Service' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Epson--EPSON</td>
<td>EPSON 1.124 contains an unquoted service path vulnerability in the SENA=
DB service that allows local attackers to execute code with elevated system=
privileges. Attackers can exploit the unquoted path in C:\Program Files (x= 86)\EPSON_P2B\Printer Software\Status Monitor\ to inject malicious executab= les that will run with LocalSystem permissions.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36984" target=3D= "_blank" rel=3D"noopener">CVE-2020-36984</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48965" target=3D"_blank" rel= =3D"noopener">ExploitDB-48965</a> <a href=3D"https://www.epson.co.uk/sup= port?productID=3D10820&os=3D22#drivers_and_manuals" target=3D"_blank" rel= =3D"noopener">EPSON Official Support Page</a> <a href=3D"https://www.vul= ncheck.com/advisories/epson-seksmdbexe-unquoted-service-path" target=3D"_bl= ank" rel=3D"noopener">VulnCheck Advisory: EPSON 1.124 - 'seksmdb.exe' Unquo= ted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Epson--EPSON EasyMP Network Projection</td> <td>EPSON EasyMP Network Projection 2.81 contains an unquoted service path = vulnerability in the EMP_NSWLSV service that allows local users to potentia= lly execute arbitrary code. Attackers can exploit the unquoted path in C:\P= rogram Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject = malicious code that would execute with LocalSystem privileges.</td> <td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37064" target=3D= "_blank" rel=3D"noopener">CVE-2020-37064</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48069" target=3D"_blank" rel= =3D"noopener">ExploitDB-48069</a> <a href=3D"https://epson.com/support/e= asymp-network-projection-v2-86-for-windows" target=3D"_blank" rel=3D"noopen= er">EPSON EasyMP Network Projection Support Page</a> <a href=3D"https://= www.vulncheck.com/advisories/epson-easymp-network-projection-empnswlsv-unqu= oted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: E= PSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">ErugoOSS--Erugo</td>
<td>Erugo is a self-hosted file-sharing platform. In versions up to and inc= luding 0.2.14, an authenticated low-privileged user can upload arbitrary fi= les to any specified location due to insufficient validation of user suppli=
ed paths when creating shares. By specifying a writable path within the pub= lic web root, an attacker can upload and execute arbitrary code on the serv= er, resulting in remote code execution (RCE). This vulnerability allows a l= ow-privileged user to fully compromise the affected Erugo instance. Version=
0.2.15 fixes the issue.</td>
<td>2026-01-28</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24897" target=3D= "_blank" rel=3D"noopener">CVE-2026-24897</a></td>

<a href=3D"https://github.com/ErugoOSS/Erugo/security/advisories/GHSA-336w-= hgpq-6369" target=3D"_blank" rel=3D"noopener">https://github.com/ErugoOSS/E= rugo/security/advisories/GHSA-336w-hgpq-6369</a> <a href=3D"https://gith= ub.com/ErugoOSS/Erugo/commit/256bc63831a0b5e9a94cb024a0724e0cd5fa5e38" targ= et=3D"_blank" rel=3D"noopener">https://github.com/ErugoOSS/Erugo/commit/256= bc63831a0b5e9a94cb024a0724e0cd5fa5e38</a> <a href=3D"https://github.com/= ErugoOSS/Erugo/releases/tag/v0.2.15" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/ErugoOSS/Erugo/releases/tag/v0.2.15</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Filehorse--Motorola Device Manager</td> <td>Motorola Device Manager 2.4.5 contains an unquoted service path vulnera= bility in the PST Service that allows local users to potentially execute ar= bitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe =
to inject malicious code that will execute with elevated system privileges = during service startup.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36981" target=3D= "_blank" rel=3D"noopener">CVE-2020-36981</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49011" target=3D"_blank" rel= =3D"noopener">ExploitDB-49011</a> <a href=3D"https://www.filehorse.com/e= s/descargar-motorola-device-manager/" target=3D"_blank" rel=3D"noopener">Mo= torola Device Manager Download Page</a> <a href=3D"https://www.exploit-d= b.com/exploits/49013" target=3D"_blank" rel=3D"noopener">ExploitDB-49013</a= > <a href=3D"https://www.vulncheck.com/advisories/motorola-device-manage= r-forwarddaemonexe-unquoted-service-path" target=3D"_blank" rel=3D"noopener= ">VulnCheck Advisory: Motorola Device Manager 2.4.5 - 'ForwardDaemon.exe ' = Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Filigran--OpenCTI</td>
<td>OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the sta= tic/css endpoint. An unauthenticated attacker can read arbitrary files from=
the filesystem by sending crafted GET requests with path traversal sequenc=
es (e.g., '../') in the URL. For example, requesting /static/css//../../../= ../../../../../etc/passwd returns the contents of /etc/passwd. This vulnera= bility was discovered by Raif Berkay Dincel and confirmed on Linux Mint and=
Windows 10.</td>
<td>2026-01-30</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37041" target=3D= "_blank" rel=3D"noopener">CVE-2020-37041</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48595" target=3D"_blank" rel= =3D"noopener">ExploitDB-48595</a> <a href=3D"https://www.opencti.io/" ta= rget=3D"_blank" rel=3D"noopener">OpenCTI Official Homepage</a> <a href= =3D"https://github.com/OpenCTI-Platform/opencti" target=3D"_blank" rel=3D"n= oopener">OpenCTI GitHub Repository</a> <a href=3D"https://www.vulncheck.= com/advisories/opencti-directory-traversal" target=3D"_blank" rel=3D"noopen= er">VulnCheck Advisory: OpenCTI 3.3.1 - Directory Traversal</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Flexense Ltd.--SyncBreeze</td>
<td>SyncBreeze 10.0.28 contains a denial of service vulnerability in the lo= gin endpoint that allows remote attackers to crash the service. Attackers c=
an send an oversized payload in the login request to overwhelm the applicat= ion and potentially disrupt service availability.</td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36946" target=3D= "_blank" rel=3D"noopener">CVE-2020-36946</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49291" target=3D"_blank" rel= =3D"noopener">ExploitDB-49291</a> <a href=3D"http://www.syncbreeze.com" = target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:= //www.vulncheck.com/advisories/syncbreeze-login-denial-of-service" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: SyncBreeze 10.0.28 - 'logi=
n' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Forensit--ForensiTAppxService</td>
<td>ForensiT AppX Management Service 2.2.0.4 contains an unquoted service p= ath vulnerability that allows local users to potentially execute arbitrary = code with elevated system privileges. Attackers can exploit the unquoted pa=
th in the service configuration to inject malicious code that would execute=
with LocalSystem account permissions during service startup.</td> <td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36989" target=3D= "_blank" rel=3D"noopener">CVE-2020-36989</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48821" target=3D"_blank" rel= =3D"noopener">ExploitDB-48821</a> <a href=3D"https://www.forensit.com/do= wnloads.html" target=3D"_blank" rel=3D"noopener">ForensiT Official Download=
s Page</a> <a href=3D"https://www.vulncheck.com/advisories/forensitappxs= ervice-forensitappxserviceexe-unquoted-service-path" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: ForensiTAppxService 2.2.0.4 - 'ForensiTAp= pxService.exe' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Fortinet--FortiProxy</td>
<td>An Authentication Bypass Using an Alternate Path or Channel vulnerabili=
ty [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, F= ortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, Forti= Analyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManag=
er 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0=
.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.1=
0, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7= .6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 throu=
gh 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, F= ortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an att= acker with a FortiCloud account and a registered device to log into other d= evices registered to other accounts, if FortiCloud SSO authentication is en= abled on those devices.</td>
<td>2026-01-27</td>
<td>9.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24858" target=3D= "_blank" rel=3D"noopener">CVE-2026-24858</a></td>

<a href=3D"https://fortiguard.fortinet.com/psirt/FG-IR-26-060" target=3D"_b= lank" rel=3D"noopener">https://fortiguard.fortinet.com/psirt/FG-IR-26-060</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Frigate3--Frigate Professional</td>
<td>Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerab= ility in the Pack File feature that allows attackers to execute arbitrary c= ode by overflowing the 'Archive To' input field. Attackers can craft a mali= cious payload that overwrites the Structured Exception Handler (SEH) and us=
es an egghunter technique to execute a reverse shell payload.</td> <td>2026-01-29</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37001" target=3D= "_blank" rel=3D"noopener">CVE-2020-37001</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48688" target=3D"_blank" rel= =3D"noopener">ExploitDB-48688</a> <a href=3D"https://web.archive.org/web= /20171116000613/http://www.frigate3.com/index.php" target=3D"_blank" rel=3D= "noopener">Archived Vendor Homepage</a> <a href=3D"https://www.vulncheck= .com/advisories/frigate-professional-pack-file-buffer-overflow-seh-egghunte=
r" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Frigate Professio= nal 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">Gearboxcomputers--IP Watcher</td>
<td>IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in = its Windows service configuration that allows local attackers to execute ar= bitrary code. Attackers can exploit the unquoted binary path to inject mali= cious executables that will be launched with elevated LocalSystem privilege=
s during service startup.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36985" target=3D= "_blank" rel=3D"noopener">CVE-2020-36985</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48968" target=3D"_blank" rel= =3D"noopener">ExploitDB-48968</a> <a href=3D"https://www.gearboxcomputer= s.com/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/ip-watcher-pacserviceexe-unquoted-= service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: IP Wat= cher v3.0.0.30 - 'PACService.exe' Unquoted Service Path</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Gearboxcomputers--Program Access Controller</t=

<td>Program Access Controller 1.2.0.0 contains an unquoted service path vul= nerability in PACService.exe that allows local attackers to execute code wi=
th elevated privileges. Attackers can exploit the unquoted path during syst=
em startup or reboot to inject and run malicious executables with LocalSyst=
em permissions.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36987" target=3D= "_blank" rel=3D"noopener">CVE-2020-36987</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48966" target=3D"_blank" rel= =3D"noopener">ExploitDB-48966</a> <a href=3D"https://www.gearboxcomputer= s.com/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/program-access-controller-pacservi= ceexe-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck A= dvisory: Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Ser= vice Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">geraked--phpscript-sgh</td>
<td>Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerabi= lity in the admin interface that allows attackers to manipulate database qu= eries through the 'id' parameter. Attackers can exploit this vulnerability =
by crafting malicious payloads that trigger time delays, enabling them to e= xtract sensitive database information through conditional sleep techniques.= </td>
<td>2026-01-27</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36951" target=3D= "_blank" rel=3D"noopener">CVE-2020-36951</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49192" target=3D"_blank" rel= =3D"noopener">ExploitDB-49192</a> <a href=3D"https://github.com/geraked/= phpscript-sgh" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a=
href=3D"https://www.vulncheck.com/advisories/phpscript-sgh-time-based-blin= d-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Php= script-sgh 0.1.0 - Time Based Blind SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gerstrong--Commander-Genius</td>
<td>Out-of-bounds Write vulnerability in gerstrong Commander-Genius. This i= ssue affects Commander-Genius: before Release refs/pull/358/merge.</td> <td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24827" target=3D= "_blank" rel=3D"noopener">CVE-2026-24827</a></td>

<a href=3D"https://github.com/gerstrong/Commander-Genius/pull/379" target= =3D"_blank" rel=3D"noopener">https://github.com/gerstrong/Commander-Genius/= pull/379</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Getoutline--Outline Service</td>
<td>Outline Service 1.3.3 contains an unquoted service path vulnerability t= hat allows local users to potentially execute arbitrary code with elevated = system privileges. Attackers can exploit the unquoted binary path in C:\Pro= gram Files (x86)\Outline to inject malicious code that would execute with L= ocalSystem permissions during service startup.</td>
<td>2026-01-30</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37030" target=3D= "_blank" rel=3D"noopener">CVE-2020-37030</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48414" target=3D"_blank" rel= =3D"noopener">ExploitDB-48414</a> <a href=3D"https://getoutline.org/vi/h= ome" target=3D"_blank" rel=3D"noopener">Outline Service Official Homepage</= a> <a href=3D"https://www.vulncheck.com/advisories/outline-service-outli= ne-service-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCh= eck Advisory: Outline Service 1.3.3 - 'Outline Service ' Unquoted Service P= ath</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Getpopcorntime--Popcorn Time</td>
<td>Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability t= hat allows local non-privileged users to potentially execute code with elev= ated system privileges. Attackers can insert malicious executables in Progr=
am Files (x86) or system root directories to be executed with SYSTEM-level = permissions during service startup.</td>
<td>2026-01-30</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37059" target=3D= "_blank" rel=3D"noopener">CVE-2020-37059</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48378" target=3D"_blank" rel= =3D"noopener">ExploitDB-48378</a> <a href=3D"https://getpopcorntime.is" = target=3D"_blank" rel=3D"noopener">Popcorn Time Official Homepage</a> <a=
href=3D"https://www.vulncheck.com/advisories/popcorn-time-update-service-u= nquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory=
: Popcorn Time 6.2 - 'Update service' Unquoted Service Path</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Gila CMS--Gila CMS</td>
<td>Gila CMS versions prior to 2.0.0 contain a remote code execution vulner= ability that allows unauthenticated attackers to execute arbitrary system c= ommands through manipulated HTTP headers. Attackers can inject PHP code in = the User-Agent header with shell_exec() to run system commands by sending c= rafted requests to the admin endpoint.</td>
<td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47900" target=3D= "_blank" rel=3D"noopener">CVE-2021-47900</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49412" target=3D"_blank" rel= =3D"noopener">ExploitDB-49412</a> <a href=3D"https://gilacms.com/" targe= t=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a href=3D"ht= tps://github.com/GilaCMS/gila" target=3D"_blank" rel=3D"noopener">Gila CMS = GitHub Repository</a> <a href=3D"https://www.vulncheck.com/advisories/gi= la-cms-remote-code-execution" target=3D"_blank" rel=3D"noopener">VulnCheck = Advisory: Gila CMS < 2.0.0 - Remote Code Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Global Interactive Design Media Software Inc.-= -Content Management System (CMS)</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Global Interactive Design Media Softw= are Inc. Content Management System (CMS) allows XSS Through HTTP Headers. T= his issue affects Content Management System (CMS): through 21072025.</td> <td>2026-01-29</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7713" target=3D"= _blank" rel=3D"noopener">CVE-2025-7713</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0008" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0008</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Global Interactive Design Media Software Inc.-= -Content Management System (CMS)</td>
<td>Improper Neutralization of Special Elements used in an SQL Command ('SQ=
L Injection') vulnerability in Global Interactive Design Media Software Inc=
. Content Management System (CMS) allows Command Line Execution through SQL=
Injection. This issue affects Content Management System (CMS): through 210= 72025.</td>
<td>2026-01-29</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7714" target=3D"= _blank" rel=3D"noopener">CVE-2025-7714</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0008" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0008</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">GNOME--Fonts Viewer</td>
<td>Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that=
allows attackers to trigger an out-of-bounds write by crafting a malicious=
TTF font file. Attackers can generate a specially crafted TTF file with an=
oversized pattern to cause an infinite malloc() loop and potentially crash=
the gnome-font-viewer process.</td>
<td>2026-01-29</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37011" target=3D= "_blank" rel=3D"noopener">CVE-2020-37011</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48803" target=3D"_blank" rel= =3D"noopener">ExploitDB-48803</a> <a href=3D"https://help.gnome.org/" ta= rget=3D"_blank" rel=3D"noopener">Gnome Official Website</a> <a href=3D"h= ttps://apps.gnome.org/FontViewer/" target=3D"_blank" rel=3D"noopener">Gnome=
Font Viewer App Webpage</a> <a href=3D"https://www.vulncheck.com/adviso= ries/gnome-fonts-viewer-heap-corruption" target=3D"_blank" rel=3D"noopener"= >VulnCheck Advisory: Gnome Fonts Viewer 3.34.0 Heap Corruption</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">GnuPG--GnuPG</td>
<td>In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message ca= rrying an oversized wrapped session key can cause a stack-based buffer over= flow in gpg-agent during PKDECRYPT--kem=3DCMS handling. This can easily be = leveraged for denial of service; however, there is also memory corruption t= hat could lead to remote code execution.</td>
<td>2026-01-27</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24881" target=3D= "_blank" rel=3D"noopener">CVE-2026-24881</a></td>

<a href=3D"https://www.openwall.com/lists/oss-security/2026/01/27/8" target= =3D"_blank" rel=3D"noopener">https://www.openwall.com/lists/oss-security/20= 26/01/27/8</a> <a href=3D"https://dev.gnupg.org/T8044" target=3D"_blank"=
rel=3D"noopener">https://dev.gnupg.org/T8044</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">GnuPG--GnuPG</td>
<td>In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2dae= mon during handling of the PKDECRYPT command for TPM-backed RSA and ECC key= s.</td>
<td>2026-01-27</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24882" target=3D= "_blank" rel=3D"noopener">CVE-2026-24882</a></td>

<a href=3D"https://www.openwall.com/lists/oss-security/2026/01/27/8" target= =3D"_blank" rel=3D"noopener">https://www.openwall.com/lists/oss-security/20= 26/01/27/8</a> <a href=3D"https://dev.gnupg.org/T8045" target=3D"_blank"=
rel=3D"noopener">https://dev.gnupg.org/T8045</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Grafana--grafana/grafana</td>
<td>The dashboard permissions API does not verify the target dashboard scop=
e and only checks the dashboards.permissions:* action. As a result, a user = who has permission management rights on one dashboard can read and modify p= ermissions on other dashboards. This is an organization internal privilege = escalation.</td>
<td>2026-01-27</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21721" target=3D= "_blank" rel=3D"noopener">CVE-2026-21721</a></td>

<a href=3D"https://grafana.com/security/security-advisories/CVE-2026-21721"=
target=3D"_blank" rel=3D"noopener">https://grafana.com/security/security-a= dvisories/CVE-2026-21721</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Grafana--grafana/grafana-enterprise</td>
<td>Every uncached /avatar/:hash request spawns a goroutine that refreshes = the Gravatar image. If the refresh sits in the 10-slot worker queue longer = than three seconds, the handler times out and stops listening for the resul=
t, so that goroutine blocks forever trying to send on an unbuffered channel=
. Sustained traffic with random hashes keeps tripping this timeout, so goro= utine count grows linearly, eventually exhausting memory and causing Grafan=
a to crash on some systems.</td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21720" target=3D= "_blank" rel=3D"noopener">CVE-2026-21720</a></td>

<a href=3D"https://grafana.com/security/security-advisories/CVE-2026-21720"=
target=3D"_blank" rel=3D"noopener">https://grafana.com/security/security-a= dvisories/CVE-2026-21720</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">guelfoweb--knock</td>
<td>Knockpy 4.1.1 contains a CSV injection vulnerability that allows attack= ers to inject malicious formulas into CSV reports through unfiltered server=
headers. Attackers can manipulate server response headers to include sprea= dsheet formulas that will execute when the CSV is opened in spreadsheet app= lications.</td>
<td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36941" target=3D= "_blank" rel=3D"noopener">CVE-2020-36941</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49342" target=3D"_blank" rel= =3D"noopener">ExploitDB-49342</a> <a href=3D"https://github.com/guelfowe= b/knock" target=3D"_blank" rel=3D"noopener">Knockpy GitHub Repository</a><b= r><a href=3D"https://www.vulncheck.com/advisories/knockpy-csv-injection" ta= rget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Knockpy 4.1.1 - CSV In= jection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">hayyatapps--Sell BTC Cryptocurrency Selling Ca= lculator</td>
<td>The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress i=
s vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX a= ction in all versions up to, and including, 1.5 due to insufficient input s= anitization and output escaping. This makes it possible for unauthenticated=
attackers to inject arbitrary web scripts in order records that will execu=
te whenever an administrator accesses the Orders page in the admin dashboar=
d. The vulnerability was partially patched in version 1.5.</td> <td>2026-01-31</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14554" target=3D= "_blank" rel=3D"noopener">CVE-2025-14554</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/720be3= 4d-3fe4-4395-a27b-d386f8612ba9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/720be34d-3fe= 4-4395-a27b-d386f8612ba9?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/sell-btc-by-hayyatapps/trunk/functions-admin.php#L3=
9" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/sell-btc-by-hayyatapps/trunk/functions-admin.php#L39</a> <a href= =3D"https://plugins.trac.wordpress.org/browser/sell-btc-by-hayyatapps/trunk= /functions/form_tab.php#L12" target=3D"_blank" rel=3D"noopener">https://plu= gins.trac.wordpress.org/browser/sell-btc-by-hayyatapps/trunk/functions/form= _tab.php#L12</a> <a href=3D"https://plugins.trac.wordpress.org/browser/s= ell-btc-by-hayyatapps/trunk/Pages/orders.php#L30" target=3D"_blank" rel=3D"= noopener">https://plugins.trac.wordpress.org/browser/sell-btc-by-hayyatapps= /trunk/Pages/orders.php#L30</a> <a href=3D"https://plugins.trac.wordpres= s.org/changeset/3433480/" target=3D"_blank" rel=3D"noopener">https://plugin= s.trac.wordpress.org/changeset/3433480/</a> <a href=3D"https://plugins.t= rac.wordpress.org/changeset/3450361/" target=3D"_blank" rel=3D"noopener">ht= tps://plugins.trac.wordpress.org/changeset/3450361/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HELLOWEB--HelloWeb</td>
<td>HelloWeb 2.0 contains an arbitrary file download vulnerability that all= ows remote attackers to download system files by manipulating filepath and = filename parameters. Attackers can send crafted GET requests to download.as=
p with directory traversal to access sensitive configuration and system fil= es.</td>
<td>2026-01-30</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37034" target=3D= "_blank" rel=3D"noopener">CVE-2020-37034</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48659" target=3D"_blank" rel= =3D"noopener">ExploitDB-48659</a> <a href=3D"https://web.archive.org/web= /20190109182037/https://helloweb.co.kr/" target=3D"_blank" rel=3D"noopener"= >Archived HelloWeb Vendor Homepage</a> <a href=3D"https://www.vulncheck.= com/advisories/helloweb-arbitrary-file-download" target=3D"_blank" rel=3D"n= oopener">VulnCheck Advisory: HelloWeb 2.0 - Arbitrary File Download</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Hewlett Packard Enterprise (HPE)--HPE Aruba Ne= tworking Fabric Composer</td>
<td>Insecure file operations in HPE Aruba Networking Fabric Composer=C3=83= =C2=A2=C3=A2=E2=80=9A=C2=AC=C3=A2=E2=80=9E=C2=A2s backup functionality coul=
d allow authenticated attackers to achieve remote code execution. Successfu=
l exploitation could allow an attacker to execute arbitrary commands on the=
underlying operating system.</td>
<td>2026-01-27</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23592" target=3D= "_blank" rel=3D"noopener">CVE-2026-23592</a></td>

<a href=3D"https://support.hpe.com/hpesc/public/docDisplay?docId=3Dhpesbnw0= 4996en_us&docLocale=3Den_US" target=3D"_blank" rel=3D"noopener">https://sup= port.hpe.com/hpesc/public/docDisplay?docId=3Dhpesbnw04996en_us&docLocale=3D= en_US</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Hewlett Packard Enterprise (HPE)--HPE Aruba Ne= tworking Fabric Composer</td>
<td>A vulnerability in the web-based management interface of HPE Aruba Netw= orking Fabric Composer could allow an unauthenticated remote attacker to vi=
ew some system files. Successful exploitation could allow an attacker to re=
ad files within the affected directory.</td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23593" target=3D= "_blank" rel=3D"noopener">CVE-2026-23593</a></td>

<a href=3D"https://support.hpe.com/hpesc/public/docDisplay?docId=3Dhpesbnw0= 4996en_us&docLocale=3Den_US" target=3D"_blank" rel=3D"noopener">https://sup= port.hpe.com/hpesc/public/docDisplay?docId=3Dhpesbnw04996en_us&docLocale=3D= en_US</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HIKSEMI--HS-AFS-S1H1</td>
<td>Due to insufficient input parameter validation on the interface, authen= ticated users of certain HIKSEMI NAS products can execute arbitrary command=
s on the device by crafting specific messages.</td>
<td>2026-01-30</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22623" target=3D= "_blank" rel=3D"noopener">CVE-2026-22623</a></td>

<a href=3D"https://www.hiksemitech.com/en/hiksemi/support/security-advisory= .html" target=3D"_blank" rel=3D"noopener">https://www.hiksemitech.com/en/hi= ksemi/support/security-advisory.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Hikvision--DS-3WAP521-SI</td>
<td>Some Hikvision Wireless Access Points are vulnerable to authenticated c= ommand execution due to insufficient input validation. Attackers with valid=
credentials can exploit this flaw by sending crafted packets containing ma= licious commands to affected devices, leading to arbitrary command executio= n.</td>
<td>2026-01-30</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0709" target=3D"= _blank" rel=3D"noopener">CVE-2026-0709</a></td>

<a href=3D"https://www.hikvision.com/en/support/cybersecurity/security-advi= sory/command-execution-vulnerability-in-some-hikvision-wireless-access-poin= t-products/" target=3D"_blank" rel=3D"noopener">https://www.hikvision.com/e= n/support/cybersecurity/security-advisory/command-execution-vulnerability-i= n-some-hikvision-wireless-access-point-products/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Hisense TransTech--Smart Bus Management System= </td>
<td>A flaw has been found in Hisense TransTech Smart Bus Management System =
up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms= /XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the ar= gument key can lead to sql injection. It is possible to launch the attack r= emotely. The exploit has been published and may be used. The vendor was con= tacted early about this disclosure but did not respond in any way.</td> <td>2026-01-26</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1449" target=3D"= _blank" rel=3D"noopener">CVE-2026-1449</a></td>

<a href=3D"https://vuldb.com/?id.342881" target=3D"_blank" rel=3D"noopener"= >VDB-342881 | Hisense TransTech Smart Bus Management System TireMng.aspx Pa= ge_Load sql injection</a> <a href=3D"https://vuldb.com/?ctiid.342881" ta= rget=3D"_blank" rel=3D"noopener">VDB-342881 | CTI Indicators (IOB, IOC, TTP=
, IOA)</a> <a href=3D"https://vuldb.com/?submit.737032" target=3D"_blank=
" rel=3D"noopener">Submit #737032 | Hisense TransTech Hisense Smart Bus Man= agement System 1.0 SQL Injection</a> <a href=3D"https://github.com/maste= r-abc/cve/issues/15" target=3D"_blank" rel=3D"noopener">https://github.com/= master-abc/cve/issues/15</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Windows=C2=A012.1.0 - 12.1.3 could allow a local user with = filesystem access to escalate their privileges due to the use of an unquote=
d search path element.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36384" target=3D= "_blank" rel=3D"noopener">CVE-2025-36384</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257678" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257678</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)=C2=A0= 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code tha=
t escalate their privileges to root due to execution of unnecessary privile= ges operated at a higher than minimum level.</td>
<td>2026-01-30</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36184" target=3D= "_blank" rel=3D"noopener">CVE-2025-36184</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257519" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257519</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IDT--IDT PC Audio</td>
<td>IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability=
that allows local users to potentially execute arbitrary code with elevate=
d system privileges. Attackers can exploit the unquoted path in the STacSV = service to inject malicious code that would execute with LocalSystem accoun=
t permissions during service startup.</td>
<td>2026-01-26</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36959" target=3D= "_blank" rel=3D"noopener">CVE-2020-36959</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49191" target=3D"_blank" rel= =3D"noopener">ExploitDB-49191</a> <a href=3D"https://www.pconlife.com/do= wnload/otherfile/20566/90674cffc8658c4f2bf58d43bb9b7ccb/" target=3D"_blank"=
rel=3D"noopener">Software Download Link</a> <a href=3D"https://www.vuln= check.com/advisories/idt-pc-audio-stacsv-unquoted-service-path" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: IDT PC Audio 1.0.6499.0 - 'STac= SV' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">iForwarder and upRedSun Technologies, LLC.--Po=
rt Forwarding Wizard</td>
<td>Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability t= hat allows local attackers to execute arbitrary code through a long request=
in the Register feature. Attackers can craft a malicious payload with an e=
gg tag and overwrite SEH handlers to potentially execute shellcode on vulne= rable Windows systems.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37025" target=3D= "_blank" rel=3D"noopener">CVE-2020-37025</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48695" target=3D"_blank" rel= =3D"noopener">ExploitDB-48695</a> <a href=3D"http://www.port-forwarding.= net/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"= https://www.vulncheck.com/advisories/port-forwarding-wizard-buffer-overflow=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Port Forwarding Wi= zard 4.8.0 - Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ik80--YATinyWinFTP</td>
<td>YATinyWinFTP contains a denial of service vulnerability that allows att= ackers to crash the FTP service by sending a 272-byte buffer with a trailin=
g space. Attackers can exploit the service by connecting and sending a malf= ormed command that triggers a buffer overflow and service crash.</td> <td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36964" target=3D= "_blank" rel=3D"noopener">CVE-2020-36964</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49127" target=3D"_blank" rel= =3D"noopener">ExploitDB-49127</a> <a href=3D"https://github.com/ik80/YAT= inyWinFTP" target=3D"_blank" rel=3D"noopener">YATinyWinFTP GitHub Repositor= y</a> <a href=3D"https://www.vulncheck.com/advisories/yatinywinftp-denia= l-of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: YATiny= WinFTP - Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">immich-app--immich</td>
<td>immich is a high performance self-hosted photo and video management sol= ution. Prior to version 2.5.0, API keys can escalate their own permissions =
by calling the update endpoint, allowing a low-privilege API key to grant i= tself full administrative access to the system. Version 2.5.0 fixes the iss= ue.</td>
<td>2026-01-29</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23896" target=3D= "_blank" rel=3D"noopener">CVE-2026-23896</a></td>

<a href=3D"https://github.com/immich-app/immich/security/advisories/GHSA-23= 7r-x578-h5mv" target=3D"_blank" rel=3D"noopener">https://github.com/immich-= app/immich/security/advisories/GHSA-237r-x578-h5mv</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">inc2734--Snow Monkey Forms</td>
<td>The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary f= ile deletion due to insufficient file path validation in the 'generate_user= _dirpath' function in all versions up to, and including, 12.0.3. This makes=
it possible for unauthenticated attackers to delete arbitrary files on the=
server, which can easily lead to remote code execution when the right file=
is deleted (such as wp-config.php).</td>
<td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1056" target=3D"= _blank" rel=3D"noopener">CVE-2026-1056</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/37a864= 2d-07f5-4b1b-8419-e30589089162?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/37a8642d-07f= 5-4b1b-8419-e30589089162?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/snow-monkey-forms/tags/12.0.3/snow-monkey-forms.php= #L186" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.or= g/browser/snow-monkey-forms/tags/12.0.3/snow-monkey-forms.php#L186</a> <=
a href=3D"https://plugins.trac.wordpress.org/browser/snow-monkey-forms/tags= /12.0.3/App/Model/Directory.php#L58" target=3D"_blank" rel=3D"noopener">htt= ps://plugins.trac.wordpress.org/browser/snow-monkey-forms/tags/12.0.3/App/M= odel/Directory.php#L58</a> <a href=3D"https://plugins.trac.wordpress.org= /browser/snow-monkey-forms/tags/12.0.3/App/Rest/Route/View.php#L189" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/sno= w-monkey-forms/tags/12.0.3/App/Rest/Route/View.php#L189</a> <a href=3D"h= ttps://plugins.trac.wordpress.org/changeset/3448278/" target=3D"_blank" rel= =3D"noopener">https://plugins.trac.wordpress.org/changeset/3448278/</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">infiniflow--ragflow</td>
<td>RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. =
In version 0.23.1 and possibly earlier versions, the MinerU parser contains=
a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary fi= les on the server (leading to Remote Code Execution) via a malicious ZIP ar= chive. The MinerUParser class retrieves and extracts ZIP files from an exte= rnal source (mineru_server_url). The extraction logic in `_extract_zip_no_r= oot` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4= a17a4a48953b4c201526431d8338f contains a patch for the issue.</td> <td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24770" target=3D= "_blank" rel=3D"noopener">CVE-2026-24770</a></td>

<a href=3D"https://github.com/infiniflow/ragflow/security/advisories/GHSA-v= 7cf-w7gj-pgf4" target=3D"_blank" rel=3D"noopener">https://github.com/infini= flow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4</a> <a href=3D"http= s://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431= d8338f" target=3D"_blank" rel=3D"noopener">https://github.com/infiniflow/ra= gflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Inputdirector--Input Director</td>
<td>Input Director 1.4.3 contains an unquoted service path vulnerability in=
its Windows service configuration that allows local attackers to execute c= ode with elevated privileges. Attackers can exploit the unquoted path durin=
g system startup or reboot to inject and run malicious executables with Loc= alSystem permissions.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36990" target=3D= "_blank" rel=3D"noopener">CVE-2020-36990</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48795" target=3D"_blank" rel= =3D"noopener">ExploitDB-48795</a> <a href=3D"https://www.inputdirector.c= om/" target=3D"_blank" rel=3D"noopener">Input Director Official Homepage</a= > <a href=3D"https://www.vulncheck.com/advisories/input-director-input-d= irector-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck=
Advisory: Input Director 1.4.3 - 'Input Director' Unquoted Service Path</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Insite Software--Infor Storefront B2B</td> <td>Infor Storefront B2B 1.0 contains a SQL injection vulnerability that al= lows attackers to manipulate database queries through the 'usr_name' parame= ter in login requests. Attackers can exploit the vulnerability by injecting=
malicious SQL code into the 'usr_name' parameter to potentially extract or=
modify database information.</td>
<td>2026-01-30</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37033" target=3D= "_blank" rel=3D"noopener">CVE-2020-37033</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48674" target=3D"_blank" rel= =3D"noopener">ExploitDB-48674</a> <a href=3D"https://web.archive.org/web= /20191223051205/https://www.insitesoft.com/infor-storefront/" target=3D"_bl= ank" rel=3D"noopener">Archived Infor Storefront Homepage</a> <a href=3D"= https://www.vulncheck.com/advisories/infor-storefront-bb-usrname-sql-inject= ion" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Infor Storefron=
t B2B 1.0 - 'usr_name' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Intelbras--Intelbras Router RF 301K</td> <td>Intelbras Router RF 301K firmware version 1.1.2 contains an authenticat= ion bypass vulnerability that allows unauthenticated attackers to download = router configuration files. Attackers can send a specific HTTP GET request =
to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configur= ation without authentication.</td>
<td>2026-01-28</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36963" target=3D= "_blank" rel=3D"noopener">CVE-2020-36963</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49126" target=3D"_blank" rel= =3D"noopener">ExploitDB-49126</a> <a href=3D"https://www.intelbras.com/p= t-br/" target=3D"_blank" rel=3D"noopener">Intelbras Official Homepage</a><b= r><a href=3D"https://www.vulncheck.com/advisories/intelbras-router-rf-k-aut= hentication-bypass" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: = Intelbras Router RF 301K 1.1.2 - Authentication Bypass</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Versi= ons prior to 2.3.1.2 have an undefined behavior issue when floating-point N=
aN values are converted to unsigned short integer types during ICC profile = XML parsing potentially corrupting memory structures and enabling arbitrary=
code execution. This vulnerability affects users of the iccDEV library who=
process ICC color profiles. ICC Profile Injection vulnerabilities arise wh=
en user-controllable input is incorporated into ICC profile data or other s= tructured binary blobs in an unsafe manner. Version 2.3.1.2 contains a fix = for the issue. No known workarounds are available.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24856" target=3D= "_blank" rel=3D"noopener">CVE-2026-24856</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-w585-cv3v-c396" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w58= 5-cv3v-c396</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/issues/532" target=3D"_blank" rel=3D"noopener">https://github.com= /InternationalColorConsortium/iccDEV/issues/532</a> <a href=3D"https://g= ithub.com/InternationalColorConsortium/iccDEV/pull/541" target=3D"_blank" r= el=3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/pull= /541</a> <a href=3D"https://github.com/InternationalColorConsortium/iccD= EV/commit/5e53a5d25923b7794ba44e390e9b35d391f2b9c1" target=3D"_blank" rel= =3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/commit= /5e53a5d25923b7794ba44e390e9b35d391f2b9c1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Iobit--IObit Uninstaller</td>
<td>IObit Uninstaller 10 Pro contains an unquoted service path vulnerabilit=
y that allows local users to potentially execute code with elevated system = privileges. Attackers can exploit the unquoted service path in the IObit Un= installer Service to insert malicious code that would execute with SYSTEM-l= evel permissions during service startup.</td>
<td>2026-01-26</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36952" target=3D= "_blank" rel=3D"noopener">CVE-2020-36952</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49371" target=3D"_blank" rel= =3D"noopener">ExploitDB-49371</a> <a href=3D"https://www.iobit.com" targ= et=3D"_blank" rel=3D"noopener">IObit Official Homepage</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/iobit-uninstaller-pro-unquoted-service-p= ath" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: IObit Uninstall=
er 10 Pro - Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Is-Daouda--is-Engine</td>
<td>Missing Release of Memory after Effective Lifetime vulnerability in Is-= Daouda is-Engine. This issue affects is-Engine: before 3.3.4.</td> <td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24828" target=3D= "_blank" rel=3D"noopener">CVE-2026-24828</a></td>

<a href=3D"https://github.com/Is-Daouda/is-Engine/pull/6" target=3D"_blank"=
rel=3D"noopener">https://github.com/Is-Daouda/is-Engine/pull/6</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">isaacs--node-tar</td>
<td>node-tar,a Tar for Node.js, contains a vulnerability in versions prior =
to 7.5.7 where the security check for hardlink entries uses different path = resolution semantics than the actual hardlink creation logic. This mismatch=
allows an attacker to craft a malicious TAR archive that bypasses path tra= versal protections and creates hardlinks to arbitrary files outside the ext= raction directory. Version 7.5.7 contains a fix for the issue.</td> <td>2026-01-28</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24842" target=3D= "_blank" rel=3D"noopener">CVE-2026-24842</a></td>

<a href=3D"https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7= -hfp2-rc4v" target=3D"_blank" rel=3D"noopener">https://github.com/isaacs/no= de-tar/security/advisories/GHSA-34x7-hfp2-rc4v</a> <a href=3D"https://gi= thub.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46" t= arget=3D"_blank" rel=3D"noopener">https://github.com/isaacs/node-tar/commit= /f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Iskysoft--Iskysoft Application Framework Servi= ce</td>
<td>Iskysoft Application Framework Service 2.4.3.241 contains an unquoted s= ervice path vulnerability that allows local users to potentially execute ar= bitrary code with elevated privileges. Attackers can exploit the unquoted p= ath in the service configuration to inject malicious executables that would=
be run with the service's high-level system permissions.</td> <td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37048" target=3D= "_blank" rel=3D"noopener">CVE-2020-37048</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48171" target=3D"_blank" rel= =3D"noopener">ExploitDB-48171</a> <a href=3D"https://www.iskysoft.us" ta= rget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://= www.vulncheck.com/advisories/iskysoft-application-framework-service-isappse= rvice-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck A= dvisory: Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' = Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Directory Management System</td> <td>A security vulnerability has been detected in itsourcecode Directory Ma= nagement System 1.0. The affected element is an unknown function of the fil=
e /admin/index.php. The manipulation of the argument Username leads to sql = injection. The attack can be initiated remotely. The exploit has been discl= osed publicly and may be used.</td>
<td>2026-01-30</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1688" target=3D"= _blank" rel=3D"noopener">CVE-2026-1688</a></td>

<a href=3D"https://vuldb.com/?id.343482" target=3D"_blank" rel=3D"noopener"= >VDB-343482 | itsourcecode Directory Management System index.php sql inject= ion</a> <a href=3D"https://vuldb.com/?ctiid.343482" target=3D"_blank" re= l=3D"noopener">VDB-343482 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.741283" target=3D"_blank" rel=3D"noopener"= >Submit #741283 | itsourcecode Directory Management System V1.0 SQL Injecti= on</a> <a href=3D"https://github.com/jackhong1236/CVE_1/issues/1" target= =3D"_blank" rel=3D"noopener">https://github.com/jackhong1236/CVE_1/issues/1= </a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noop= ener">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--School Management System</td>
<td>A weakness has been identified in itsourcecode School Management System=
1.0. The affected element is an unknown function of the file /course/index= .php. Executing a manipulation of the argument ID can lead to sql injection=
. The attack may be performed from remote. The exploit has been made availa= ble to the public and could be used for attacks.</td>
<td>2026-01-28</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1545" target=3D"= _blank" rel=3D"noopener">CVE-2026-1545</a></td>

<a href=3D"https://vuldb.com/?id.343229" target=3D"_blank" rel=3D"noopener"= >VDB-343229 | itsourcecode School Management System index.php sql injection= </a> <a href=3D"https://vuldb.com/?ctiid.343229" target=3D"_blank" rel= =3D"noopener">VDB-343229 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.739647" target=3D"_blank" rel=3D"noopener">= Submit #739647 | itsourcecode School Management System V1.0 SQL Injection</= a> <a href=3D"https://github.com/ltranquility/CVE/issues/33" target=3D"_= blank" rel=3D"noopener">https://github.com/ltranquility/CVE/issues/33</a><b= r><a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener">= https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--School Management System</td>
<td>A vulnerability was determined in itsourcecode School Management System=
1.0. This affects an unknown function of the file /ramonsys/inquiry/index.= php. This manipulation of the argument txtsearch causes sql injection. The = attack can be initiated remotely. The exploit has been publicly disclosed a=
nd may be utilized.</td>
<td>2026-01-29</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1589" target=3D"= _blank" rel=3D"noopener">CVE-2026-1589</a></td>

<a href=3D"https://vuldb.com/?id.343352" target=3D"_blank" rel=3D"noopener"= >VDB-343352 | itsourcecode School Management System index.php sql injection= </a> <a href=3D"https://vuldb.com/?ctiid.343352" target=3D"_blank" rel= =3D"noopener">VDB-343352 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.740686" target=3D"_blank" rel=3D"noopener">= Submit #740686 | itsourcecode School Management System v1.0 SQL Injection</= a> <a href=3D"https://mega.nz/file/DQUWSY7Y#CLcuhD1KE2s0VtEvYqH_PDCyhpGS= 0HDo_MKj9sheUPA" target=3D"_blank" rel=3D"noopener">https://mega.nz/file/DQ= UWSY7Y#CLcuhD1KE2s0VtEvYqH_PDCyhpGS0HDo_MKj9sheUPA</a> <a href=3D"https:= //itsourcecode.com/" target=3D"_blank" rel=3D"noopener">https://itsourcecod= e.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--School Management System</td>
<td>A vulnerability was identified in itsourcecode School Management System=
1.0. This impacts an unknown function of the file /ramonsys/faculty/index.= php. Such manipulation of the argument ID leads to sql injection. The attac=
k can be launched remotely. The exploit is publicly available and might be = used.</td>
<td>2026-01-29</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1590" target=3D"= _blank" rel=3D"noopener">CVE-2026-1590</a></td>

<a href=3D"https://vuldb.com/?id.343353" target=3D"_blank" rel=3D"noopener"= >VDB-343353 | itsourcecode School Management System index.php sql injection= </a> <a href=3D"https://vuldb.com/?ctiid.343353" target=3D"_blank" rel= =3D"noopener">VDB-343353 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.740687" target=3D"_blank" rel=3D"noopener">= Submit #740687 | itsourcecode School Management System v1.0 SQL Injection</= a> <a href=3D"https://mega.nz/file/GYsm2Q7K#B7NUGX5Fy9iLYssM474U3zFsmZp_= 14v0n5Sp-5N95yI" target=3D"_blank" rel=3D"noopener">https://mega.nz/file/GY= sm2Q7K#B7NUGX5Fy9iLYssM474U3zFsmZp_14v0n5Sp-5N95yI</a> <a href=3D"https:= //itsourcecode.com/" target=3D"_blank" rel=3D"noopener">https://itsourcecod= e.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Society Management System</td>
<td>A weakness has been identified in itsourcecode Society Management Syste=
m 1.0. Affected by this vulnerability is an unknown functionality of the fi=
le /admin/edit_expenses_query.php. Executing a manipulation of the argument=
detail can lead to sql injection. The attack may be launched remotely. The=
exploit has been made available to the public and could be used for attack= s.</td>
<td>2026-01-29</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1593" target=3D"= _blank" rel=3D"noopener">CVE-2026-1593</a></td>

<a href=3D"https://vuldb.com/?id.343355" target=3D"_blank" rel=3D"noopener"= >VDB-343355 | itsourcecode Society Management System edit_expenses_query.ph=
p sql injection</a> <a href=3D"https://vuldb.com/?ctiid.343355" target= =3D"_blank" rel=3D"noopener">VDB-343355 | CTI Indicators (IOB, IOC, TTP, IO= A)</a> <a href=3D"https://vuldb.com/?submit.740689" target=3D"_blank" re= l=3D"noopener">Submit #740689 | itsourcecode Society Management System V1.0=
SQL injection</a> <a href=3D"https://github.com/yyzq-wsx/for_cve/issues= /3" target=3D"_blank" rel=3D"noopener">https://github.com/yyzq-wsx/for_cve/= issues/3</a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel= =3D"noopener">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Society Management System</td>
<td>A security vulnerability has been detected in itsourcecode Society Mana= gement System 1.0. Affected by this issue is some unknown functionality of = the file /admin/add_expenses.php. The manipulation of the argument detail l= eads to sql injection. Remote exploitation of the attack is possible. The e= xploit has been disclosed publicly and may be used.</td>
<td>2026-01-29</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1594" target=3D"= _blank" rel=3D"noopener">CVE-2026-1594</a></td>

<a href=3D"https://vuldb.com/?id.343356" target=3D"_blank" rel=3D"noopener"= >VDB-343356 | itsourcecode Society Management System add_expenses.php sql i= njection</a> <a href=3D"https://vuldb.com/?ctiid.343356" target=3D"_blan=
k" rel=3D"noopener">VDB-343356 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.740691" target=3D"_blank" rel=3D"noop= ener">Submit #740691 | itsourcecode Society Management System V1.0 SQL Inje= ction</a> <a href=3D"https://github.com/yyzq-wsx/for_cve/issues/2" targe= t=3D"_blank" rel=3D"noopener">https://github.com/yyzq-wsx/for_cve/issues/2<= /a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noope= ner">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Society Management System</td>
<td>A vulnerability was detected in itsourcecode Society Management System = 1.0. This affects an unknown part of the file /admin/edit_student_query.php=
. The manipulation of the argument student_id results in sql injection. The=
attack can be executed remotely. The exploit is now public and may be used= .</td>
<td>2026-01-29</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1595" target=3D"= _blank" rel=3D"noopener">CVE-2026-1595</a></td>

<a href=3D"https://vuldb.com/?id.343357" target=3D"_blank" rel=3D"noopener"= >VDB-343357 | itsourcecode Society Management System edit_student_query.php=
sql injection</a> <a href=3D"https://vuldb.com/?ctiid.343357" target=3D= "_blank" rel=3D"noopener">VDB-343357 | CTI Indicators (IOB, IOC, TTP, IOA)<= /a> <a href=3D"https://vuldb.com/?submit.740692" target=3D"_blank" rel= =3D"noopener">Submit #740692 | itsourcecode Society Management System V1.0 = SQL Injection</a> <a href=3D"https://github.com/yyzq-wsx/for_cve/issues/=
1" target=3D"_blank" rel=3D"noopener">https://github.com/yyzq-wsx/for_cve/i= ssues/1</a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel= =3D"noopener">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Student Management System</td>
<td>A security vulnerability has been detected in itsourcecode Student Mana= gement System 1.0. This issue affects some unknown processing of the file /= enrollment/index.php. Such manipulation of the argument ID leads to sql inj= ection. It is possible to launch the attack remotely. The exploit has been = disclosed publicly and may be used.</td>
<td>2026-01-30</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1701" target=3D"= _blank" rel=3D"noopener">CVE-2026-1701</a></td>

<a href=3D"https://vuldb.com/?id.343491" target=3D"_blank" rel=3D"noopener"= >VDB-343491 | itsourcecode Student Management System index.php sql injectio= n</a> <a href=3D"https://vuldb.com/?ctiid.343491" target=3D"_blank" rel= =3D"noopener">VDB-343491 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.742024" target=3D"_blank" rel=3D"noopener">= Submit #742024 | itsourcecode Student Management System V1.0 SQL Injection<= /a> <a href=3D"https://github.com/ltranquility/CVE/issues/34" target=3D"= _blank" rel=3D"noopener">https://github.com/ltranquility/CVE/issues/34</a><= br><a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener"= >https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ivanti--Endpoint Manager Mobile</td>
<td>A code injection in Ivanti Endpoint Manager Mobile allowing attackers t=
o achieve unauthenticated remote code execution.</td>
<td>2026-01-29</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1281" target=3D"= _blank" rel=3D"noopener">CVE-2026-1281</a></td>

<a href=3D"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-End= point-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340" target=3D"_blank" re= l=3D"noopener">https://forums.ivanti.com/s/article/Security-Advisory-Ivanti= -Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Ivanti--Endpoint Manager Mobile</td>
<td>A code injection in Ivanti Endpoint Manager Mobile allowing attackers t=
o achieve unauthenticated remote code execution.</td>
<td>2026-01-29</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1340" target=3D"= _blank" rel=3D"noopener">CVE-2026-1340</a></td>

<a href=3D"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-End= point-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340" target=3D"_blank" re= l=3D"noopener">https://forums.ivanti.com/s/article/Security-Advisory-Ivanti= -Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">ixray-team--ixray-1.6-stcop</td>
<td>Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop. This i= ssue affects ixray-1.6-stcop: before 1.3.</td>
<td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24832" target=3D= "_blank" rel=3D"noopener">CVE-2026-24832</a></td>

<a href=3D"https://github.com/ixray-team/ixray-1.6-stcop/pull/257" target= =3D"_blank" rel=3D"noopener">https://github.com/ixray-team/ixray-1.6-stcop/= pull/257</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ixray-team--ixray-1.6-stcop</td>
<td>Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in=
ixray-team ixray-1.6-stcop. This issue affects ixray-1.6-stcop: before 1.3= .</td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24831" target=3D= "_blank" rel=3D"noopener">CVE-2026-24831</a></td>

<a href=3D"https://github.com/ixray-team/ixray-1.6-stcop/pull/248" target= =3D"_blank" rel=3D"noopener">https://github.com/ixray-team/ixray-1.6-stcop/= pull/248</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Juniper Networks--Session Smart Router</td>
<td>An Authentication Bypass Using an Alternate Path or Channel vulnerabili=
ty in Juniper Networks Session Smart Router may allows a network-based atta= cker to bypass authentication and take administrative control of the device=
. This issue affects Session Smart Router:=C2=A0 * from 5.6.7 before 5.6.17= ,=C2=A0 * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.= 1.12-lts,=C2=A0 * from 6.2 before 6.2.8-lts,=C2=A0 * from 6.3 before 6.3.3-= r2;=C2=A0 This issue affects Session Smart Conductor:=C2=A0 * from 5.6.7 be= fore 5.6.17,=C2=A0 * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.=
1 before 6.1.12-lts,=C2=A0 * from 6.2 before 6.2.8-lts,=C2=A0 * from 6.3 be= fore 6.3.3-r2;=C2=A0 This issue affects WAN Assurance Managed Routers:=C2=
=A0 * from 5.6.7 before 5.6.17,=C2=A0 * from 6.0 before 6.0.8 (affected fro=
m 6.0.8), * from 6.1 before 6.1.12-lts,=C2=A0 * from 6.2 before 6.2.8-lts,= =C2=A0 * from 6.3 before 6.3.3-r2.</td>
<td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-21589" target=3D= "_blank" rel=3D"noopener">CVE-2025-21589</a></td>

<a href=3D"https://supportportal.juniper.net/" target=3D"_blank" rel=3D"noo= pener">https://supportportal.juniper.net/</a> <a href=3D"https://support= .juniper.net/support/eol/software/ssr/" target=3D"_blank" rel=3D"noopener">= https://support.juniper.net/support/eol/software/ssr/</a> <a href=3D"htt= ps://kb.juniper.net/JSA94663" target=3D"_blank" rel=3D"noopener">https://kb= .juniper.net/JSA94663</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">K.soft--FTPDummy</td>
<td>FTPDummy 4.80 contains a local buffer overflow vulnerability in its pre= ference file handling that allows attackers to execute arbitrary code. Atta= ckers can craft a malicious preference file with carefully constructed shel= lcode to trigger a structured exception handler overwrite and execute syste=
m commands.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37029" target=3D= "_blank" rel=3D"noopener">CVE-2020-37029</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48685" target=3D"_blank" rel= =3D"noopener">ExploitDB-48685</a> <a href=3D"http://www.dummysoftware.co= m/ftpdummy.html" target=3D"_blank" rel=3D"noopener">Official FTPDummy Softw= are Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/ftpdumm= y-local-buffer-overflow" target=3D"_blank" rel=3D"noopener">VulnCheck Advis= ory: FTPDummy 4.80 - Local Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">KiloView--Encoder Series E1 hardware Version 1= .4</td>
<td>A missing authentication for critical function vulnerability in KiloVie=
w Encoder Series could allow an unauthenticated attacker to create or delet=
e administrator accounts. This vulnerability can grant the attacker full ad= ministrative control over the product.</td>
<td>2026-01-29</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1453" target=3D"= _blank" rel=3D"noopener">CVE-2026-1453</a></td>

<a href=3D"https://www.cisa.gov/news-events/ics-advisories/icsa-26-029-01" = target=3D"_blank" rel=3D"noopener">https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-029-01</a> <a href=3D"https://github.com/cisagov/CSAF/bl= ob/develop/csaf_files/OT/white/2026/icsa-26-029-01.json" target=3D"_blank" = rel=3D"noopener">https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT= /white/2026/icsa-26-029-01.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Kite--Kite</td>
<td>Kite 1.2020.1119.0 contains an unquoted service path vulnerability in t=
he KiteService Windows service that allows local attackers to potentially e= xecute arbitrary code. Attackers can exploit the unquoted path in 'C:\Progr=
am Files\Kite\KiteService.exe' to inject malicious executables and escalate=
privileges on the system.</td>
<td>2026-01-26</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36958" target=3D= "_blank" rel=3D"noopener">CVE-2020-36958</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49205" target=3D"_blank" rel= =3D"noopener">ExploitDB-49205</a> <a href=3D"https://www.kite.com/" targ= et=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://ww= w.vulncheck.com/advisories/kite-kiteservice-unquoted-service-path" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: Kite 1.2020.1119.0 - 'Kite= Service' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Kludex--python-multipart</td>
<td>Python-Multipart is a streaming multipart parser for Python. Prior to v= ersion 0.0.22, a Path Traversal vulnerability exists when using non-default=
configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=3DTrue`. An a= ttacker can write uploaded files to arbitrary locations on the filesystem b=
y crafting a malicious filename. Users should upgrade to version 0.0.22 to = receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=3DTr= ue` in project configurations.</td>
<td>2026-01-27</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24486" target=3D= "_blank" rel=3D"noopener">CVE-2026-24486</a></td>

<a href=3D"https://github.com/Kludex/python-multipart/security/advisories/G= HSA-wp53-j4wj-2cfg" target=3D"_blank" rel=3D"noopener">https://github.com/K= ludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg</a> <a hr= ef=3D"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82= bbe380984e32f8cfc89c4" target=3D"_blank" rel=3D"noopener">https://github.co= m/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4</= a> <a href=3D"https://github.com/Kludex/python-multipart/releases/tag/0.= 0.22" target=3D"_blank" rel=3D"noopener">https://github.com/Kludex/python-m= ultipart/releases/tag/0.0.22</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Kodmatic Computer Software Tourism Constructio=
n Industry and Trade Ltd. Co.--Online Exam and Assessment</td>
<td>Improper Neutralization of Special Elements used in an SQL Command ('SQ=
L Injection') vulnerability in Kodmatic Computer Software Tourism Construct= ion Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injec= tion. This issue affects Online Exam and Assessment: through 30012026.=C2=
=A0 NOTE: The vendor was contacted early about this disclosure but did not = respond in any way.</td>
<td>2026-01-30</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-4686" target=3D"= _blank" rel=3D"noopener">CVE-2025-4686</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0010" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0010</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">kohler--hotcrp</td>
<td>HotCRP is conference review software. HotCRP versions from October 2025=
through January 2026 delivered documents of all types with inline Content-= Disposition, causing them to be rendered in the user's browser rather than = downloaded. (The intended behavior was for only `text/plain`, `application/= pdf`, `image/gif`, `image/jpeg`, and `image/png` to be delivered inline, th= ough adding `save=3D0` to the document URL could request inline delivery fo=
r any document.) This made users who clicked a document link vulnerable to = cross-site scripting attacks. An uploaded HTML or SVG document would run in=
the viewer's browser with access to their HotCRP credentials, and Javascri=
pt in that document could eventually make arbitrary calls to HotCRP's API. = Malicious documents could be uploaded to submission fields with "file uploa=
d" or "attachment" type, or as attachments to comments. PDF upload fields w= ere not vulnerable. A search of documents uploaded to hotcrp.com found no e= vidence of exploitation. The vulnerability was introduced in commit aa20ef2= 88828b04550950cf67c831af8a525f508 (11 October 2025), present in development=
versions and v3.2, and fixed in commit 8933e86c9f384b356dc4c6e9e2814dee107= 4b323 and v3.2.1. Additionally, c3d88a7e18d52119c65df31c2cc994edd2beccc5 an=
d v3.2.1 remove support for `save=3D0`.</td>
<td>2026-01-30</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25156" target=3D= "_blank" rel=3D"noopener">CVE-2026-25156</a></td>

<a href=3D"https://github.com/kohler/hotcrp/security/advisories/GHSA-p88p-2= f2p-2476" target=3D"_blank" rel=3D"noopener">https://github.com/kohler/hotc= rp/security/advisories/GHSA-p88p-2f2p-2476</a> <a href=3D"https://github= .com/kohler/hotcrp/commit/8933e86c9f384b356dc4c6e9e2814dee1074b323" target= =3D"_blank" rel=3D"noopener">https://github.com/kohler/hotcrp/commit/8933e8= 6c9f384b356dc4c6e9e2814dee1074b323</a> <a href=3D"https://github.com/koh= ler/hotcrp/commit/aa20ef288828b04550950cf67c831af8a525f508" target=3D"_blan=
k" rel=3D"noopener">https://github.com/kohler/hotcrp/commit/aa20ef288828b04= 550950cf67c831af8a525f508</a> <a href=3D"https://github.com/kohler/hotcr= p/commit/c3d88a7e18d52119c65df31c2cc994edd2beccc5" target=3D"_blank" rel=3D= "noopener">https://github.com/kohler/hotcrp/commit/c3d88a7e18d52119c65df31c= 2cc994edd2beccc5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Koken--Koken CMS</td>
<td>Koken CMS 0.22.24 contains a file upload vulnerability that allows auth= enticated attackers to bypass file extension restrictions by renaming malic= ious PHP files. Attackers can upload PHP files with system command executio=
n capabilities by manipulating the file upload request through a web proxy = and changing the file extension.</td>
<td>2026-01-30</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37023" target=3D= "_blank" rel=3D"noopener">CVE-2020-37023</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48706" target=3D"_blank" rel= =3D"noopener">ExploitDB-48706</a> <a href=3D"http://koken.me/" target=3D= "_blank" rel=3D"noopener">Koken CMS Official Homepage</a> <a href=3D"htt= ps://www.softaculous.com/apps/cms/Koken" target=3D"_blank" rel=3D"noopener"= >Softaculous Koken CMS Software Page</a> <a href=3D"https://github.com/V= 1n1v131r4/Bypass-File-Upload-on-Koken-CMS/blob/master/README.md" target=3D"= _blank" rel=3D"noopener">Researcher PoC</a> <a href=3D"https://www.vulnc= heck.com/advisories/koken-cms-arbitrary-file-upload" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: Koken CMS 0.22.24 - Arbitrary File Upload= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">kyverno--kyverno</td>
<td>Kyverno is a policy engine designed for cloud native platform engineeri=
ng teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization=
boundary bypass in namespaced Kyverno Policy apiCall. The resolved `urlPat=
h` is executed using the Kyverno admission controller ServiceAccount, with =
no enforcement that the request is limited to the policy's namespace. As a = result, any authenticated user with permission to create a namespaced Polic=
y can cause Kyverno to perform Kubernetes API requests using Kyverno's admi= ssion controller identity, targeting any API path allowed by that ServiceAc= count's RBAC. This breaks namespace isolation by enabling cross-namespace r= eads (for example, ConfigMaps and, where permitted, Secrets) and allows clu= ster-scoped or cross-namespace writes (for example, creating ClusterPolicie=
s) by controlling the urlPath through context variable substitution. Versio=
ns 1.16.3 and 1.15.3 contain a patch for the vulnerability.</td> <td>2026-01-27</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22039" target=3D= "_blank" rel=3D"noopener">CVE-2026-22039</a></td>

<a href=3D"https://github.com/kyverno/kyverno/security/advisories/GHSA-8p9x= -46gm-qfx2" target=3D"_blank" rel=3D"noopener">https://github.com/kyverno/k= yverno/security/advisories/GHSA-8p9x-46gm-qfx2</a> <a href=3D"https://gi= thub.com/kyverno/kyverno/commit/e0ba4de4f1e0ca325066d5095db51aec45b1407b" t= arget=3D"_blank" rel=3D"noopener">https://github.com/kyverno/kyverno/commit= /e0ba4de4f1e0ca325066d5095db51aec45b1407b</a> <a href=3D"https://github.= com/kyverno/kyverno/commit/eba60fa856c781bcb9c3be066061a3df03ae4e3e" target= =3D"_blank" rel=3D"noopener">https://github.com/kyverno/kyverno/commit/eba6= 0fa856c781bcb9c3be066061a3df03ae4e3e</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">kyverno--kyverno</td>
<td>Kyverno is a policy engine designed for cloud native platform engineeri=
ng teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consump= tion in Kyverno's policy engine that allows users with policy creation priv= ileges to cause denial of service by crafting policies that exponentially a= mplify string data through context variables. Versions 1.16.3 and 1.15.3 co= ntain a patch for the vulnerability.</td>
<td>2026-01-27</td>
<td>7.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23881" target=3D= "_blank" rel=3D"noopener">CVE-2026-23881</a></td>

<a href=3D"https://github.com/kyverno/kyverno/security/advisories/GHSA-r2rj= -wwm5-x6mq" target=3D"_blank" rel=3D"noopener">https://github.com/kyverno/k= yverno/security/advisories/GHSA-r2rj-wwm5-x6mq</a> <a href=3D"https://gi= thub.com/kyverno/kyverno/commit/7a651be3a8c78dcabfbf4178b8d89026bf3b850f" t= arget=3D"_blank" rel=3D"noopener">https://github.com/kyverno/kyverno/commit= /7a651be3a8c78dcabfbf4178b8d89026bf3b850f</a> <a href=3D"https://github.= com/kyverno/kyverno/commit/f5617f60920568a301740485472bf704892175b7" target= =3D"_blank" rel=3D"noopener">https://github.com/kyverno/kyverno/commit/f561= 7f60920568a301740485472bf704892175b7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">LibreNMS--LibreNMS</td>
<td>LibreNMS 1.46 contains an authenticated SQL injection vulnerability in = the MAC accounting graph endpoint that allows remote attackers to extract d= atabase information. Attackers can exploit the vulnerability by manipulatin=
g the 'sort' parameter with crafted SQL injection techniques to retrieve se= nsitive database contents through time-based blind SQL injection.</td> <td>2026-01-27</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36947" target=3D= "_blank" rel=3D"noopener">CVE-2020-36947</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49246" target=3D"_blank" rel= =3D"noopener">ExploitDB-49246</a> <a href=3D"https://www.librenms.org" t= arget=3D"_blank" rel=3D"noopener">LibreNMS Official Website</a> <a href= =3D"https://github.com/librenms/librenms" target=3D"_blank" rel=3D"noopener= ">LibreNMS GitHub Repository</a> <a href=3D"https://community.librenms.o= rg/" target=3D"_blank" rel=3D"noopener">LibreNMS Community</a> <a href= =3D"https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-auth= enticated-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advis= ory: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">loft-sh--loft</td>
<td>vCluster Platform provides a Kubernetes platform for managing virtual c= lusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4=
, 4.4.2, and 4.3.10, when an access key is created with a limited scope, th=
e scope can be bypassed to access resources outside of it. However, the use=
r still cannot access resources beyond what is accessible to the owner of t=
he access key. Versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10 fix the vulnerabili= ty. Some other mitigations are available. Users can limit exposure by revie= wing access keys which are scoped and ensuring any users with access to the=
m have appropriate permissions set. Creating automation users with very lim= ited permissions and using access keys for these automation users can be us=
ed as a temporary workaround where upgrading is not immediately possible bu=
t scoped access keys are needed.</td>
<td>2026-01-29</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22806" target=3D= "_blank" rel=3D"noopener">CVE-2026-22806</a></td>

<a href=3D"https://github.com/loft-sh/loft/security/advisories/GHSA-c539-w4= ch-7wxq" target=3D"_blank" rel=3D"noopener">https://github.com/loft-sh/loft= /security/advisories/GHSA-c539-w4ch-7wxq</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">M.J.M Soft--Quick Player</td>
<td>Quick Player 1.3 contains a buffer overflow vulnerability that allows a= ttackers to execute arbitrary code by crafting a malicious .m3l file with c= arefully constructed payload. Attackers can trigger the vulnerability by lo= ading a specially crafted file through the application's file loading mecha= nism, potentially enabling remote code execution.</td>
<td>2026-01-30</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37050" target=3D= "_blank" rel=3D"noopener">CVE-2020-37050</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48564" target=3D"_blank" rel= =3D"noopener">ExploitDB-48564</a> <a href=3D"https://download.cnet.com/q= uick-player/3000-2168_4-10871417.html" target=3D"_blank" rel=3D"noopener">S= oftware Download Link</a> <a href=3D"https://web.archive.org/web/2020102= 2211753/https://whitecr0wz.github.io/posts/Exploiting-Quick-Player/" target= =3D"_blank" rel=3D"noopener">Archived Researcher Blog Post</a> <a href= =3D"https://web.archive.org/web/20210105222205/https://whitecr0wz.github.io= /assets/img/Findings6/18.gif" target=3D"_blank" rel=3D"noopener">Archived R= esearcher Video PoC</a> <a href=3D"https://www.vulncheck.com/advisories/= quick-player-ml-buffer-overflow" target=3D"_blank" rel=3D"noopener">VulnChe=
ck Advisory: Quick Player 1.3 - '.m3l' Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">maurosoria--dirsearch</td>
<td>Dirsearch 0.4.1 contains a CSV injection vulnerability when using the -= -csv-report flag that allows attackers to inject formulas through redirecte=
d endpoints. Attackers can craft malicious server redirects with comma-sepa= rated paths containing Excel formulas to manipulate the generated CSV repor= t.</td>
<td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47901" target=3D= "_blank" rel=3D"noopener">CVE-2021-47901</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49370" target=3D"_blank" rel= =3D"noopener">ExploitDB-49370</a> <a href=3D"https://github.com/maurosor= ia/dirsearch" target=3D"_blank" rel=3D"noopener">dirsearch GitHub Repositor= y</a> <a href=3D"https://www.vulncheck.com/advisories/dirsearch-csv-inje= ction" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: dirsearch 0.4=
.1 - CSV Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MedDream--MedDream PACS Server</td>
<td>MedDream PACS Server 6.8.3.751 contains an authenticated remote code ex= ecution vulnerability that allows authorized users to upload malicious PHP = files. Attackers can exploit the uploadImage.php endpoint by authenticating=
and uploading a PHP shell to execute arbitrary system commands with elevat=
ed privileges.</td>
<td>2026-01-29</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37009" target=3D= "_blank" rel=3D"noopener">CVE-2020-37009</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48853" target=3D"_blank" rel= =3D"noopener">ExploitDB-48853</a> <a href=3D"https://meddream.com/produc= ts/meddream-pacs-server/" target=3D"_blank" rel=3D"noopener">MedDream PACS = Server Product Page</a> <a href=3D"https://www.vulncheck.com/advisories/= meddream-pacs-server-remote-code-execution" target=3D"_blank" rel=3D"noopen= er">VulnCheck Advisory: MedDream PACS Server 6.8.3.751 - Remote Code Execut= ion</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">meshtastic--firmware</td>
<td>Meshtastic is an open source mesh networking solution. In the current M= eshtastic architecture, a Node is identified by their NodeID, generated fro=
m the MAC address, rather than their public key. This aspect downgrades the=
security, specifically by abusing the HAM mode which doesn't use encryptio=
n. An attacker can, as such, forge a NodeInfo on behalf of a victim node ad= vertising that the HAM mode is enabled. This, in turn, will allow the other=
nodes on the mesh to accept the new information and overwriting the NodeDB=
. The other nodes will then only be able to send direct messages to the vic= tim by using the shared channel key instead of the PKC. Additionally, becau=
se HAM mode by design doesn't provide any confidentiality or authentication=
of information, the attacker could potentially also be able to change the = Node details, like the full name, short code, etc. To keep the attack persi= stent, it is enough to regularly resend the forged NodeInfo, in particular = right after the victim sends their own. A patch is available in version 2.7= .6.834c3c5.</td>
<td>2026-01-27</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-55292" target=3D= "_blank" rel=3D"noopener">CVE-2025-55292</a></td>

<a href=3D"https://github.com/meshtastic/firmware/security/advisories/GHSA-= 45vg-3f35-7ch2" target=3D"_blank" rel=3D"noopener">https://github.com/mesht= astic/firmware/security/advisories/GHSA-45vg-3f35-7ch2</a> <a href=3D"ht= tps://github.com/meshtastic/firmware/commit/e5e8683cdba133e726033101586c323= 5a8678893" target=3D"_blank" rel=3D"noopener">https://github.com/meshtastic= /firmware/commit/e5e8683cdba133e726033101586c3235a8678893</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Microsoft--Microsoft Office 2019</td>
<td>Reliance on untrusted inputs in a security decision in Microsoft Office=
allows an unauthorized attacker to bypass a security feature locally.</td> <td>2026-01-26</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21509" target=3D= "_blank" rel=3D"noopener">CVE-2026-21509</a></td>

<a href=3D"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2= 1509" target=3D"_blank" rel=3D"noopener">Microsoft Office Security Feature = Bypass Vulnerability</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">midgetspy--Sickbeard</td>
<td>Sickbeard alpha contains a remote command injection vulnerability that = allows unauthenticated attackers to execute arbitrary commands through the = extra scripts configuration. Attackers can set malicious commands in the ex= tra scripts field and trigger processing to execute remote code on the vuln= erable Sickbeard installation.</td>
<td>2026-01-30</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37027" target=3D= "_blank" rel=3D"noopener">CVE-2020-37027</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48646" target=3D"_blank" rel= =3D"noopener">ExploitDB-48646</a> <a href=3D"https://web.archive.org/web= /20190722085652/https://sickbeard.com/" target=3D"_blank" rel=3D"noopener">= Archived Sickbeard Official Homepage</a> <a href=3D"https://github.com/m= idgetspy/Sick-Beard" target=3D"_blank" rel=3D"noopener">Sickbeard GitHub Re= pository</a> <a href=3D"https://www.vulncheck.com/advisories/sickbeard-r= emote-command-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advis= ory: Sickbeard 0.1 - Remote Command Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mini-stream Software--RM Downloader</td>
<td>RM Downloader 2.50.60 contains a local buffer overflow vulnerability in=
the 'Load' parameter that allows attackers to execute arbitrary code by ov= erwriting memory. Attackers can craft a malicious payload with an egg hunte=
r technique to bypass memory protections and execute commands like launchin=
g calc.exe.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37036" target=3D= "_blank" rel=3D"noopener">CVE-2020-37036</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48628" target=3D"_blank" rel= =3D"noopener">ExploitDB-48628</a> <a href=3D"https://github.com/x00x00x0= 0x00/RMDownloader_2.50.60" target=3D"_blank" rel=3D"noopener">Software v2.5= 0.60 Archive</a> <a href=3D"https://rm-downloader.software.informer.com/=
" target=3D"_blank" rel=3D"noopener">Software Informer Product Page</a> =
<a href=3D"https://www.vulncheck.com/advisories/rm-downloader-load-local-bu= ffer-overflow" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: RM Do= wnloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">Minitool--MiniTool ShadowMaker</td>
<td>MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerabilit=
y in the MTAgentService that allows local attackers to potentially execute = arbitrary code. Attackers can exploit the unquoted path in 'C:\Program File= s\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables an=
d escalate privileges.</td>
<td>2026-01-26</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36953" target=3D= "_blank" rel=3D"noopener">CVE-2020-36953</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49336" target=3D"_blank" rel= =3D"noopener">ExploitDB-49336</a> <a href=3D"https://www.minitool.com" t= arget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:/= /www.vulncheck.com/advisories/minitool-shadowmaker-mtagentservice-unquoted-= service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: MiniTo=
ol ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Mintplex-Labs--anything-llm</td>
<td>AnythingLLM is an application that turns pieces of content into context=
that any LLM can use as references during chatting. Prior to version 1.10.=
0, a critical Path Traversal vulnerability in the DrupalWiki integration al= lows a malicious admin (or an attacker who can convince an admin to configu=
re a malicious DrupalWiki URL) to write arbitrary files to the server. This=
can lead to Remote Code Execution (RCE) by overwriting configuration files=
or writing executable scripts. Version 1.10.0 fixes the issue.</td> <td>2026-01-26</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24478" target=3D= "_blank" rel=3D"noopener">CVE-2026-24478</a></td>

<a href=3D"https://github.com/Mintplex-Labs/anything-llm/security/advisorie= s/GHSA-jp2f-99h9-7vjv" target=3D"_blank" rel=3D"noopener">https://github.co= m/Mintplex-Labs/anything-llm/security/advisories/GHSA-jp2f-99h9-7vjv</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">MobSF--Mobile-Security-Framework-MobSF</td> <td>MobSF is a mobile application security testing tool used. Prior to vers= ion 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's And= roid manifest analysis allows an attacker to execute arbitrary JavaScript i=
n the context of a victim's browser session by uploading a malicious APK. T=
he `android:host` attribute from `<data android:scheme=3D"android_secret= _code">` elements is rendered in HTML reports without sanitization, enab= ling session hijacking and account takeover. Version 4.4.5 fixes the issue.= </td>
<td>2026-01-27</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24490" target=3D= "_blank" rel=3D"noopener">CVE-2026-24490</a></td>

<a href=3D"https://github.com/MobSF/Mobile-Security-Framework-MobSF/securit= y/advisories/GHSA-8hf7-h89p-3pqj" target=3D"_blank" rel=3D"noopener">https:= //github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA= -8hf7-h89p-3pqj</a> <a href=3D"https://github.com/MobSF/Mobile-Security-= Framework-MobSF/commit/2b08dd050e7685ee2a14fdbb454affab94129eae" target=3D"= _blank" rel=3D"noopener">https://github.com/MobSF/Mobile-Security-Framework= -MobSF/commit/2b08dd050e7685ee2a14fdbb454affab94129eae</a> <a href=3D"ht= tps://github.com/MobSF/Mobile-Security-Framework-MobSF/releases/tag/v4.4.5"=
target=3D"_blank" rel=3D"noopener">https://github.com/MobSF/Mobile-Securit= y-Framework-MobSF/releases/tag/v4.4.5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Motorola-Device-Manager--Motorola Device Manag= er</td>
<td>Motorola Device Manager 2.5.4 contains an unquoted service path vulnera= bility in the MotoHelperService.exe service that allows local users to pote= ntially inject malicious code. Attackers can exploit the unquoted path in t=
he service configuration to execute arbitrary code with elevated system pri= vileges during service startup.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36982" target=3D= "_blank" rel=3D"noopener">CVE-2020-36982</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49012" target=3D"_blank" rel= =3D"noopener">ExploitDB-49012</a> <a href=3D"https://motorola-device-man= ager.programas-gratis.net/gracias" target=3D"_blank" rel=3D"noopener">Motor= ola Device Manager Vendor Homepage</a> <a href=3D"https://www.vulncheck.= com/advisories/motorola-device-manager-motohelperserviceexe-unquoted-servic= e-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Motorola Dev= ice Manager 2.5.4 - 'MotoHelperService.exe' Unquoted Service Path</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n--n8n</td>
<td>n8n contains a critical Remote Code Execution (RCE) vulnerability in it=
s workflow Expression evaluation system. Expressions supplied by authentica= ted users during workflow configuration may be evaluated in an execution co= ntext that is not sufficiently isolated from the underlying runtime. An aut= henticated attacker could abuse this behavior to execute arbitrary code wit=
h the privileges of the n8n process. Successful exploitation may lead to fu=
ll compromise of the affected instance, including unauthorized access to se= nsitive data, modification of workflows, and execution of system-level oper= ations.</td>
<td>2026-01-27</td>
<td>9.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1470" target=3D"= _blank" rel=3D"noopener">CVE-2026-1470</a></td>

<a href=3D"https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f= 602638f55fa04" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io= /n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04</a> <a href=3D"http= s://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/" target=3D"= _blank" rel=3D"noopener">https://research.jfrog.com/vulnerabilities/n8n-exp= ression-node-rce/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NaturalIntelligence--fast-xml-parser</td> <td>fast-xml-parser allows users to validate XML, parse XML to JS object, o=
r build XML from JS object without C/C++ based libraries and no callback. I=
n versions 4.3.6 through 5.3.3, a RangeError vulnerability exists in the nu= meric entity processing of fast-xml-parser when parsing XML with out-of-ran=
ge entity code points (e.g., `&#9999999;` or `&#xFFFFFF;`). This ca= uses the parser to throw an uncaught exception, crashing any application th=
at processes untrusted XML input. Version 5.3.4 fixes the issue.</td> <td>2026-01-30</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25128" target=3D= "_blank" rel=3D"noopener">CVE-2026-25128</a></td>

<a href=3D"https://github.com/NaturalIntelligence/fast-xml-parser/security/= advisories/GHSA-37qj-frw5-hhjh" target=3D"_blank" rel=3D"noopener">https://= github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-37q= j-frw5-hhjh</a> <a href=3D"https://github.com/NaturalIntelligence/fast-x= ml-parser/commit/4e387f61c4a5cef792f6a2f42467013290bf95dc" target=3D"_blank=
" rel=3D"noopener">https://github.com/NaturalIntelligence/fast-xml-parser/c= ommit/4e387f61c4a5cef792f6a2f42467013290bf95dc</a> <a href=3D"https://gi= thub.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.4" target=3D= "_blank" rel=3D"noopener">https://github.com/NaturalIntelligence/fast-xml-p= arser/releases/tag/v5.3.4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Naviwebs S.C.--Navigate CMS</td>
<td>Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerabilit=
y that allows attackers to leak database information by manipulating the 's= idx' parameter in comments. Attackers can exploit the vulnerability to extr= act user activation keys by using time-based blind SQL injection techniques=
, potentially enabling password reset for administrative accounts.</td> <td>2026-01-30</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37053" target=3D= "_blank" rel=3D"noopener">CVE-2020-37053</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48545" target=3D"_blank" rel= =3D"noopener">ExploitDB-48545</a> <a href=3D"https://www.navigatecms.com= /en/home" target=3D"_blank" rel=3D"noopener">Navigate CMS Official Homepage= </a> <a href=3D"https://sourceforge.net/projects/navigatecms" target=3D"= _blank" rel=3D"noopener">Navigate CMS SourceForge Page</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/navigate-cms-sidx-sql-injection" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: Navigate CMS 2.8.7 - ''sid=
x' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NetPCLinker--NetPCLinker</td>
<td>NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Cli= ents Control Panel DNS/IP field that allows attackers to execute arbitrary = shellcode. Attackers can craft a malicious payload in the DNS/IP input to o= verwrite SEH handlers and execute shellcode when adding a new client.</td> <td>2026-01-30</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25232" target=3D= "_blank" rel=3D"noopener">CVE-2019-25232</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48680" target=3D"_blank" rel= =3D"noopener">ExploitDB-48680</a> <a href=3D"https://sourceforge.net/pro= jects/netpclinker/" target=3D"_blank" rel=3D"noopener">NetPCLinker SourceFo= rge Page</a> <a href=3D"https://www.vulncheck.com/advisories/netpclinker= -buffer-overflow" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Ne= tPCLinker 1.0.0.0 - Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">neutrinolabs--xrdp</td>
<td>xrdp is an open source RDP server. xrdp before v0.10.5 contains an unau= thenticated stack-based buffer overflow vulnerability. The issue stems from=
improper bounds checking when processing user domain information during th=
e connection sequence. If exploited, the vulnerability could allow remote a= ttackers to execute arbitrary code on the target system. The vulnerability = allows an attacker to overwrite the stack buffer and the return address, wh= ich could theoretically be used to redirect the execution flow. The impact =
of this vulnerability is lessened if a compiler flag has been used to build=
the xrdp executable with stack canary protection. If this is the case, a s= econd vulnerability would need to be used to leak the stack canary value. U= pgrade to version 0.10.5 to receive a patch. Additionally, do not rely on s= tack canary protection on production systems.</td>
<td>2026-01-27</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68670" target=3D= "_blank" rel=3D"noopener">CVE-2025-68670</a></td>

<a href=3D"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rw= vg-gp87-gh6f" target=3D"_blank" rel=3D"noopener">https://github.com/neutrin= olabs/xrdp/security/advisories/GHSA-rwvg-gp87-gh6f</a> <a href=3D"https:= //github.com/neutrinolabs/xrdp/commit/488c8c7d4d189514a366cd8301b6e816c5218= ffa" target=3D"_blank" rel=3D"noopener">https://github.com/neutrinolabs/xrd= p/commit/488c8c7d4d189514a366cd8301b6e816c5218ffa</a> <a href=3D"https:/= /github.com/neutrinolabs/xrdp/releases/tag/v0.10.5" target=3D"_blank" rel= =3D"noopener">https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.5</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Nidesoft Studio--Nidesoft DVD Ripper</td> <td>Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerabili=
ty in the License Code registration parameter that allows attackers to exec= ute arbitrary code. Attackers can craft a malicious payload and paste it in=
to the License Code field to trigger a stack-based buffer overflow and exec= ute shellcode.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37024" target=3D= "_blank" rel=3D"noopener">CVE-2020-37024</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48687" target=3D"_blank" rel= =3D"noopener">ExploitDB-48687</a> <a href=3D"https://nidesoft-dvd-ripper= .softonic.com/" target=3D"_blank" rel=3D"noopener">Nidesoft DVD Ripper Soft= ware Download Page</a> <a href=3D"https://www.vulncheck.com/advisories/n= idesoft-dvd-ripper-local-buffer-overflow" target=3D"_blank" rel=3D"noopener= ">VulnCheck Advisory: Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Nidesoft--Nidesoft 3GP Video Converter</td> <td>Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overf= low vulnerability in the license registration parameter. Attackers can craf=
t a malicious payload and paste it into the 'License Code' field to execute=
arbitrary code on the system.</td>
<td>2026-01-28</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36971" target=3D= "_blank" rel=3D"noopener">CVE-2020-36971</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49034" target=3D"_blank" rel= =3D"noopener">ExploitDB-49034</a> <a href=3D"https://nidesoft-3gp-video-= converter.software.informer.com/2.6/" target=3D"_blank" rel=3D"noopener">Ar= chived Software Repository</a> <a href=3D"https://www.vulncheck.com/advi= sories/nidesoft-gp-video-converter-local-stack-buffer-overflow" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: Nidesoft 3GP Video Converter 2.= 6.18 - Local Stack Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nmedia--Frontend File Manager Plugin</td>
<td>The Frontend File Manager Plugin for WordPress is vulnerable to unautho= rized file sharing due to a missing capability check on the 'wpfm_send_file= _in_email' AJAX action in all versions up to, and including, 23.5. This mak=
es it possible for unauthenticated attackers to share arbitrary uploaded fi= les via email by supplying a file ID. Since file IDs are sequential integer=
s, attackers can enumerate all uploaded files on the site and exfiltrate se= nsitive data that was intended to be restricted to administrators only.</td=

<td>2026-01-28</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1280" target=3D"= _blank" rel=3D"noopener">CVE-2026-1280</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/e739e7= d3-756a-4c93-9ca7-f7b9f9657033?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/e739e7d3-756= a-4c93-9ca7-f7b9f9657033?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/nmedia-user-file-uploader/trunk/inc/callback-functi= ons.php#L98" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpr= ess.org/browser/nmedia-user-file-uploader/trunk/inc/callback-functions.php#= L98</a> <a href=3D"https://plugins.trac.wordpress.org/browser/nmedia-use= r-file-uploader/tags/23.5/inc/callback-functions.php#L98" target=3D"_blank"=
rel=3D"noopener">https://plugins.trac.wordpress.org/browser/nmedia-user-fi= le-uploader/tags/23.5/inc/callback-functions.php#L98</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nmedia--Simple User Registration</td>
<td>The Simple User Registration plugin for WordPress is vulnerable to priv= ilege escalation in versions up to, and including, 6.7 due to insufficient = restriction on the 'profile_save_field' function. This makes it possible fo=
r authenticated attackers, with minimal permissions such as a subscriber, t=
o modify their user role by supplying the 'wp_capabilities' parameter durin=
g a profile update.</td>
<td>2026-01-28</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0844" target=3D"= _blank" rel=3D"noopener">CVE-2026-0844</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0e77= e1-7e9f-4f7e-8953-c86ab0e5ae7a?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0e77e1-7e9= f-4f7e-8953-c86ab0e5ae7a?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wp-registration/tags/6.7/inc/classes/class.profile.= php#L401" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress= .org/browser/wp-registration/tags/6.7/inc/classes/class.profile.php#L401</a= > <a href=3D"https://plugins.trac.wordpress.org/browser/wp-registration/= tags/6.7/inc/classes/class.user.php#L305" target=3D"_blank" rel=3D"noopener= ">https://plugins.trac.wordpress.org/browser/wp-registration/tags/6.7/inc/c= lasses/class.user.php#L305</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nordvpn--nordvpn</td>
<td>Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in i=
ts nordvpn-service that allows local attackers to execute code with elevate=
d privileges. Attackers can exploit the unquoted binary path during system = startup or reboot to potentially run malicious code with LocalSystem permis= sions.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36992" target=3D= "_blank" rel=3D"noopener">CVE-2020-36992</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48790" target=3D"_blank" rel= =3D"noopener">ExploitDB-48790</a> <a href=3D"https://nordvpn.com" target= =3D"_blank" rel=3D"noopener">NordVPN Official Homepage</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/nord-vpn-nordvpn-service-unquoted-servic= e-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Nord VPN-6.3= 1.13.0 - 'nordvpn-service' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NVIDIA--GeForce</td>
<td>NVIDIA Display Driver for Windows contains a vulnerability where an att= acker could trigger a use after free. A successful exploit of this vulnerab= ility might lead to code execution, escalation of privileges, data tamperin=
g, denial of service, and information disclosure.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33217" target=3D= "_blank" rel=3D"noopener">CVE-2025-33217</a></td>

<a href=3D"https://nvd.nist.gov/vuln/detail/CVE-2025-33217" target=3D"_blan=
k" rel=3D"noopener">https://nvd.nist.gov/vuln/detail/CVE-2025-33217</a> =
<a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33217" target=3D"_bl= ank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2025-33217</a>= <a href=3D"https://nvidia.custhelp.com/app/answers/detail/a_id/5747" ta= rget=3D"_blank" rel=3D"noopener">https://nvidia.custhelp.com/app/answers/de= tail/a_id/5747</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NVIDIA--GeForce</td>
<td>NVIDIA GPU Display Driver for Windows contains a vulnerability in the k= ernel mode layer (nvlddmkm.sys), where an attacker could cause an integer o= verflow. A successful exploit of this vulnerability might lead to code exec= ution, escalation of privileges, data tampering, denial of service, or info= rmation disclosure.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33218" target=3D= "_blank" rel=3D"noopener">CVE-2025-33218</a></td>

<a href=3D"https://nvd.nist.gov/vuln/detail/CVE-2025-33218" target=3D"_blan=
k" rel=3D"noopener">https://nvd.nist.gov/vuln/detail/CVE-2025-33218</a> =
<a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33218" target=3D"_bl= ank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2025-33218</a>= <a href=3D"https://nvidia.custhelp.com/app/answers/detail/a_id/5747" ta= rget=3D"_blank" rel=3D"noopener">https://nvidia.custhelp.com/app/answers/de= tail/a_id/5747</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NVIDIA--GeForce</td>
<td>NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA = kernel module where an attacker could cause an integer overflow or wraparou= nd. A successful exploit of this vulnerability might lead to code execution=
, escalation of privileges, data tampering, denial of service, or informati=
on disclosure.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33219" target=3D= "_blank" rel=3D"noopener">CVE-2025-33219</a></td>

<a href=3D"https://nvd.nist.gov/vuln/detail/CVE-2025-33219" target=3D"_blan=
k" rel=3D"noopener">https://nvd.nist.gov/vuln/detail/CVE-2025-33219</a> =
<a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33219" target=3D"_bl= ank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2025-33219</a>= <a href=3D"https://nvidia.custhelp.com/app/answers/detail/a_id/5747" ta= rget=3D"_blank" rel=3D"noopener">https://nvidia.custhelp.com/app/answers/de= tail/a_id/5747</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NVIDIA--GeForce</td>
<td>NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manage=
r, where a malicious guest could cause heap memory access after the memory =
is freed. A successful exploit of this vulnerability might lead to code exe= cution, escalation of privileges, data tampering, denial of service, or inf= ormation disclosure.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33220" target=3D= "_blank" rel=3D"noopener">CVE-2025-33220</a></td>

<a href=3D"https://nvd.nist.gov/vuln/detail/CVE-2025-33220" target=3D"_blan=
k" rel=3D"noopener">https://nvd.nist.gov/vuln/detail/CVE-2025-33220</a> =
<a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33220" target=3D"_bl= ank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2025-33220</a>= <a href=3D"https://nvidia.custhelp.com/app/answers/detail/a_id/5747" ta= rget=3D"_blank" rel=3D"noopener">https://nvidia.custhelp.com/app/answers/de= tail/a_id/5747</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NVIDIA--NVIDIA runx</td>
<td>NVIDIA runx contains a vulnerability where an attacker could cause a co=
de injection. A successful exploit of this vulnerability might lead to code=
execution, denial of service, escalation of privileges, information disclo= sure, and data tampering.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33234" target=3D= "_blank" rel=3D"noopener">CVE-2025-33234</a></td>

<a href=3D"https://nvd.nist.gov/vuln/detail/CVE-2025-33234" target=3D"_blan=
k" rel=3D"noopener">https://nvd.nist.gov/vuln/detail/CVE-2025-33234</a> =
<a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33234" target=3D"_bl= ank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2025-33234</a>= <a href=3D"https://nvidia.custhelp.com/app/answers/detail/a_id/5764" ta= rget=3D"_blank" rel=3D"noopener">https://nvidia.custhelp.com/app/answers/de= tail/a_id/5764</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nyariv--SandboxJS</td>
<td>SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 = have a sandbox escape vulnerability due to `AsyncFunction` not being isolat=
ed in `SandboxFunction`. The library attempts to sandbox code execution by = replacing the global `Function` constructor with a safe, sandboxed version = (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to=
`sandboxFunction` within a map used for lookups. However, before version 0= .8.26, the library did not include mappings for `AsyncFunction`, `Generator= Function`, and `AsyncGeneratorFunction`. These constructors are not global = properties but can be accessed via the `.constructor` property of an instan=
ce (e.g., `(async () =3D> {}).constructor`). In `executor.ts`, property = access is handled. When code running inside the sandbox accesses `.construc= tor` on an async function (which the sandbox allows creating), the `executo=
r` retrieves the property value. Since `AsyncFunction` was not in the safe-= replacement map, the `executor` returns the actual native host `AsyncFuncti= on` constructor. Constructors for functions in JavaScript (like `Function`,=
`AsyncFunction`) create functions that execute in the global scope. By obt= aining the host `AsyncFunction` constructor, an attacker can create a new a= sync function that executes entirely outside the sandbox context, bypassing=
all restrictions and gaining full access to the host environment (Remote C= ode Execution). Version 0.8.26 patches this vulnerability.</td> <td>2026-01-27</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23830" target=3D= "_blank" rel=3D"noopener">CVE-2026-23830</a></td>

<a href=3D"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-wxh= w-j4hc-fmq6" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/S= andboxJS/security/advisories/GHSA-wxhw-j4hc-fmq6</a> <a href=3D"https://= github.com/nyariv/SandboxJS/commit/345aee6566e47979dee5c337b925b141e7f78ccd=
" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/SandboxJS/co= mmit/345aee6566e47979dee5c337b925b141e7f78ccd</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OISF--suricata</td>
<td>Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 = and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/=
o limits, leading to memory exhaustion and the process getting killed. Whil=
e reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB=
are also vulnerable. DCERPC/TCP in the default configuration should not be=
vulnerable as the default stream depth is limited to 1MiB. Versions 8.0.3 = and 7.0.14 contain a patch. Some workarounds are available. For DCERPC/UDP,=
disable the parser. For DCERPC/TCP, the `stream.reassembly.depth` setting = will limit the amount of data that can be buffered. For DCERPC/SMB, the `st= ream.reassembly.depth` can be used as well, but is set to unlimited by defa= ult. Imposing a limit here may lead to loss of visibility in SMB.</td> <td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22258" target=3D= "_blank" rel=3D"noopener">CVE-2026-22258</a></td>

<a href=3D"https://github.com/OISF/suricata/security/advisories/GHSA-289c-h= 599-3xcx" target=3D"_blank" rel=3D"noopener">https://github.com/OISF/surica= ta/security/advisories/GHSA-289c-h599-3xcx</a> <a href=3D"https://github= .com/OISF/suricata/commit/39d8c302af3422a096b75474a4f295a754ec6a74" target= =3D"_blank" rel=3D"noopener">https://github.com/OISF/suricata/commit/39d8c3= 02af3422a096b75474a4f295a754ec6a74</a> <a href=3D"https://github.com/OIS= F/suricata/commit/f82a388d0283725cb76782cf64e8341cab370830" target=3D"_blan=
k" rel=3D"noopener">https://github.com/OISF/suricata/commit/f82a388d0283725= cb76782cf64e8341cab370830</a> <a href=3D"https://redmine.openinfosecfoun= dation.org/issues/8182" target=3D"_blank" rel=3D"noopener">https://redmine.= openinfosecfoundation.org/issues/8182</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OISF--suricata</td>
<td>Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 = and 7.0.14, specially crafted traffic can cause Suricata to consume large a= mounts of memory while parsing DNP3 traffic. This can lead to the process s= lowing down and running out of memory, potentially leading to it getting ki= lled by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a work= around, disable the DNP3 parser in the suricata yaml (disabled by default).= </td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22259" target=3D= "_blank" rel=3D"noopener">CVE-2026-22259</a></td>

<a href=3D"https://github.com/OISF/suricata/security/advisories/GHSA-878h-2= x6v-84q9" target=3D"_blank" rel=3D"noopener">https://github.com/OISF/surica= ta/security/advisories/GHSA-878h-2x6v-84q9</a> <a href=3D"https://github= .com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e" target= =3D"_blank" rel=3D"noopener">https://github.com/OISF/suricata/commit/50cac2= e2465ca211eabfa156623e585e9037bb7e</a> <a href=3D"https://github.com/OIS= F/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942" target=3D"_blan=
k" rel=3D"noopener">https://github.com/OISF/suricata/commit/63225d5f8ef64cc= 65164c0bb1800730842d54942</a> <a href=3D"https://redmine.openinfosecfoun= dation.org/issues/8181" target=3D"_blank" rel=3D"noopener">https://redmine.= openinfosecfoundation.org/issues/8181</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OISF--suricata</td>
<td>Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.=
0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Ver= sion 8.0.3 patches the issue. As a workaround, use default values for `requ= est-body-limit` and `response-body-limit`.</td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22260" target=3D= "_blank" rel=3D"noopener">CVE-2026-22260</a></td>

<a href=3D"https://github.com/OISF/suricata/security/advisories/GHSA-3gm8-8= 4cm-5x22" target=3D"_blank" rel=3D"noopener">https://github.com/OISF/surica= ta/security/advisories/GHSA-3gm8-84cm-5x22</a> <a href=3D"https://github= .com/OISF/suricata/commit/0dddac7278c8b9cf3c1e4c1c71e620a78ec1c185" target= =3D"_blank" rel=3D"noopener">https://github.com/OISF/suricata/commit/0dddac= 7278c8b9cf3c1e4c1c71e620a78ec1c185</a> <a href=3D"https://redmine.openin= fosecfoundation.org/issues/8185" target=3D"_blank" rel=3D"noopener">https:/= /redmine.openinfosecfoundation.org/issues/8185</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OISF--suricata</td>
<td>Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 a=
nd 7.0.14, an unsigned integer overflow can lead to a heap use-after-free c= ondition when generating excessive amounts of alerts for a single packet. V= ersions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run untru= sted rulesets or run with less than 65536 signatures that can match on the = same packet.</td>
<td>2026-01-27</td>
<td>7.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22264" target=3D= "_blank" rel=3D"noopener">CVE-2026-22264</a></td>

<a href=3D"https://github.com/OISF/suricata/security/advisories/GHSA-mqr8-m= 3m4-2hw5" target=3D"_blank" rel=3D"noopener">https://github.com/OISF/surica= ta/security/advisories/GHSA-mqr8-m3m4-2hw5</a> <a href=3D"https://github= .com/OISF/suricata/commit/549d7bf60616de8e54686a188196453b5b22f715" target= =3D"_blank" rel=3D"noopener">https://github.com/OISF/suricata/commit/549d7b= f60616de8e54686a188196453b5b22f715</a> <a href=3D"https://github.com/OIS= F/suricata/commit/5789a3d3760dbf33d93fc56c27bd9529e5bdc8f2" target=3D"_blan=
k" rel=3D"noopener">https://github.com/OISF/suricata/commit/5789a3d3760dbf3= 3d93fc56c27bd9529e5bdc8f2</a> <a href=3D"https://github.com/OISF/suricat= a/commit/ac1eb394181530430fb7262969f423a1bf8f209b" target=3D"_blank" rel=3D= "noopener">https://github.com/OISF/suricata/commit/ac1eb394181530430fb72629= 69f423a1bf8f209b</a> <a href=3D"https://redmine.openinfosecfoundation.or= g/issues/8190" target=3D"_blank" rel=3D"noopener">https://redmine.openinfos= ecfoundation.org/issues/8190</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenClaw--OpenClaw</td>
<td>OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUr=
l value from a query string and automatically makes a WebSocket connection = without prompting, sending a token value.</td>
<td>2026-02-01</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25253" target=3D= "_blank" rel=3D"noopener">CVE-2026-25253</a></td>

<a href=3D"https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-da= ta-and-keys" target=3D"_blank" rel=3D"noopener">https://depthfirst.com/post= /1-click-rce-to-steal-your-moltbot-data-and-keys</a> <a href=3D"https://= github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq" targe= t=3D"_blank" rel=3D"noopener">https://github.com/openclaw/openclaw/security= /advisories/GHSA-g8p2-7wf7-98mq</a> <a href=3D"https://openclaw.ai/blog"=
target=3D"_blank" rel=3D"noopener">https://openclaw.ai/blog</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">openemr--openemr</td>
<td>OpenEMR is a free and open source electronic health records and medical=
practice management application. Versions prior to 7.0.4 have a broken acc= ess control in the Profile Edit endpoint. An authenticated normal user can = modify the request parameters (pubpid / pid) to reference another user's re= cord; the server accepts the modified IDs and applies the changes to that o= ther user's profile. This allows one user to alter another user's profile d= ata (name, contact info, etc.), and could enable account takeover. Version = 7.0.4 fixes the issue.</td>
<td>2026-01-27</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67645" target=3D= "_blank" rel=3D"noopener">CVE-2025-67645</a></td>

<a href=3D"https://github.com/openemr/openemr/security/advisories/GHSA-vjmv= -cf46-gffv" target=3D"_blank" rel=3D"noopener">https://github.com/openemr/o= penemr/security/advisories/GHSA-vjmv-cf46-gffv</a> <a href=3D"https://gi= thub.com/openemr/openemr/commit/e2a682ee71aac71a9f04ae566f4ffca10052bc4a" t= arget=3D"_blank" rel=3D"noopener">https://github.com/openemr/openemr/commit= /e2a682ee71aac71a9f04ae566f4ffca10052bc4a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">opf--openproject</td>
<td>OpenProject is an open-source, web-based project management software. T=
o enable the real time collaboration on documents, OpenProject 17.0 introdu= ced a synchronization server. The OpenPrioject backend generates an authent= ication token that is currently valid for 24 hours, encrypts it with a shar=
ed secret only known to the synchronization server. The frontend hands this=
encrypted token and the backend URL over to the synchronization server to = check user's ability to work on the document and perform intermittent saves=
while editing. The synchronization server does not properly validate the b= ackend URL and sends a request with the decrypted authentication token to t=
he endpoint that was given to the server. An attacker could use this vulner= ability to decrypt a token that he intercepted by other means to gain an ac= cess token to interact with OpenProject on the victim's behalf. This vulner= ability was introduced with OpenProject 17.0.0 and was fixed in 17.0.2. As =
a workaround, disable the collaboration feature via Settings -> Document=
s -> Real time collaboration -> Disable. Additionally the `hocuspocus=
` container should also be disabled.</td>
<td>2026-01-28</td>
<td>8.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24772" target=3D= "_blank" rel=3D"noopener">CVE-2026-24772</a></td>

<a href=3D"https://github.com/opf/openproject/security/advisories/GHSA-r854= -p5qj-x974" target=3D"_blank" rel=3D"noopener">https://github.com/opf/openp= roject/security/advisories/GHSA-r854-p5qj-x974</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Pablosoftwaresolutions--Quick 'n Easy FTP Serv= ice</td>
<td>Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnera= bility that allows local attackers to execute arbitrary code during service=
startup. Attackers can exploit the misconfigured service binary path to in= ject malicious executables with elevated LocalSystem privileges during syst=
em boot or service restart.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36983" target=3D= "_blank" rel=3D"noopener">CVE-2020-36983</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48983" target=3D"_blank" rel= =3D"noopener">ExploitDB-48983</a> <a href=3D"https://www.pablosoftwareso= lutions.com/html/quick__n_easy_ftp_service.html" target=3D"_blank" rel=3D"n= oopener">Vendor Homepage</a> <a href=3D"https://www.pablosoftwaresolutio= ns.com/download.php?id=3D10" target=3D"_blank" rel=3D"noopener">Software Do= wnload Page</a> <a href=3D"https://www.vulncheck.com/advisories/quick-n-= easy-ftp-service-unquoted-service-path" target=3D"_blank" rel=3D"noopener">= VulnCheck Advisory: Quick 'n Easy FTP Service 3.2 - Unquoted Service Path</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">patriksimek--vm2</td>
<td>vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3= .10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitiza= tion can be bypassed. This allows attackers to escape the sandbox and run a= rbitrary code. In lib/setup-sandbox.js, the callback function of `localProm= ise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not=
sanitized. The return value of async functions is `globalPromise` object. = Version 3.10.2 fixes the issue.</td>
<td>2026-01-26</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22709" target=3D= "_blank" rel=3D"noopener">CVE-2026-22709</a></td>

<a href=3D"https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7= -6v5w-7xg8" target=3D"_blank" rel=3D"noopener">https://github.com/patriksim= ek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8</a> <a href=3D"https://gi= thub.com/patriksimek/vm2/commit/4b009c2d4b1131c01810c1205e641d614c322a29" t= arget=3D"_blank" rel=3D"noopener">https://github.com/patriksimek/vm2/commit= /4b009c2d4b1131c01810c1205e641d614c322a29</a> <a href=3D"https://github.= com/patriksimek/vm2/releases/tag/v3.10.2" target=3D"_blank" rel=3D"noopener= ">https://github.com/patriksimek/vm2/releases/tag/v3.10.2</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Pdf-Complete--PDF Complete</td>
<td>PDF Complete 3.5.310.2002 contains an unquoted service path vulnerabili=
ty in its pdfsvc.exe service configuration. Attackers can exploit the unquo= ted path to inject and execute malicious code with elevated LocalSystem pri= vileges.</td>
<td>2026-01-26</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36957" target=3D= "_blank" rel=3D"noopener">CVE-2020-36957</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49226" target=3D"_blank" rel= =3D"noopener">ExploitDB-49226</a> <a href=3D"https://pdf-complete.inform= er.com/3.5/" target=3D"_blank" rel=3D"noopener">PDF Complete Vendor Homepag= e</a> <a href=3D"https://www.vulncheck.com/advisories/pdf-complete-pdfsv= cexe-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Ad= visory: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">PHPSUGAR--PHP Melody</td>
<td>PHP Melody version 3.0 contains a remote SQL injection vulnerability in=
the video edit module that allows authenticated attackers to inject malici= ous SQL commands. Attackers can exploit the unvalidated 'vid' parameter to = execute arbitrary database queries and potentially compromise the web appli= cation and database management system.</td>
<td>2026-02-01</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47915" target=3D= "_blank" rel=3D"noopener">CVE-2021-47915</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2295" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-repo= rt-fix/" target=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a><= br><a href=3D"https://www.phpsugar.com/phpmelody.html" target=3D"_blank" re= l=3D"noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com= /advisories/php-melody-sql-injection-vulnerability-via-edit-video-parameter=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: PHP Melody 3.0 SQL=
Injection Vulnerability via Edit Video Parameter</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PMB Services--PMB Services</td>
<td>PMB 5.6 contains a local file disclosure vulnerability in getgif.php th=
at allows attackers to read arbitrary system files by manipulating the 'che= min' parameter. Attackers can exploit the unsanitized file path input to ac= cess sensitive files like /etc/passwd by sending crafted requests to the ge= tgif.php endpoint.</td>
<td>2026-01-28</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36970" target=3D= "_blank" rel=3D"noopener">CVE-2020-36970</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49054" target=3D"_blank" rel= =3D"noopener">ExploitDB-49054</a> <a href=3D"http://www.sigb.net" target= =3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"http://forge= .sigb.net/redmine/projects/pmb/files" target=3D"_blank" rel=3D"noopener">So= ftware Download Repository</a> <a href=3D"https://www.vulncheck.com/advi= sories/pmb-chemin-local-file-disclosure" target=3D"_blank" rel=3D"noopener"= >VulnCheck Advisory: PMB 5.6 - 'chemin' Local File Disclosure</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">polarnl--PolarLearn</td>
<td>PolarLearn is a free and open-source learning program. Prior to version=
0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the=
JSON body's `direction` value without runtime validation. TypeScript types=
are not enforced at runtime, so an attacker can send arbitrary strings (e.= g., `"x"`) as `direction`. Downstream (`VoteServer`) treats any non-`"up"` = and non-`null` value as a downvote and persists the invalid value in `votes= _data`. This can be exploited to bypass intended business logic. Version 0-= PRERELEASE-15 fixes the vulnerability.</td>
<td>2026-01-29</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25126" target=3D= "_blank" rel=3D"noopener">CVE-2026-25126</a></td>

<a href=3D"https://github.com/polarnl/PolarLearn/security/advisories/GHSA-g= hpx-5w2p-p3qp" target=3D"_blank" rel=3D"noopener">https://github.com/polarn= l/PolarLearn/security/advisories/GHSA-ghpx-5w2p-p3qp</a> <a href=3D"http= s://github.com/polarnl/PolarLearn/commit/e6227d94d0e53e854f6a46480db8cd1051= 184d41" target=3D"_blank" rel=3D"noopener">https://github.com/polarnl/Polar= Learn/commit/e6227d94d0e53e854f6a46480db8cd1051184d41</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Preyproject--Prey</td>
<td>Prey 1.9.6 contains an unquoted service path vulnerability that allows = local users to potentially execute code with elevated privileges. Attackers=
can exploit the unquoted path in the CronService to insert malicious code = that would execute during application startup or system reboot.</td> <td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36986" target=3D= "_blank" rel=3D"noopener">CVE-2020-36986</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48967" target=3D"_blank" rel= =3D"noopener">ExploitDB-48967</a> <a href=3D"https://preyproject.com/" t= arget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:/= /www.vulncheck.com/advisories/prey-cronservice-unquoted-service-path" targe= t=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Prey 1.9.6 - "CronService=
" Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ProjectSkyfire--SkyFire_548</td>
<td>improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548=
. This issue affects SkyFire_548: before 5.4.8-stable5.</td> <td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24872" target=3D= "_blank" rel=3D"noopener">CVE-2026-24872</a></td>

<a href=3D"https://github.com/cadaver/turso3d/pull/11" target=3D"_blank" re= l=3D"noopener">https://github.com/cadaver/turso3d/pull/11</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">pytorch--pytorch</td>
<td>PyTorch is a Python package that provides tensor computation. Prior to = version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allow=
s an attacker to craft a malicious checkpoint file (`.pth`) that, when load=
ed with `torch.load(..., weights_only=3DTrue)`, can corrupt memory and pote= ntially lead to arbitrary code execution. Version 2.10.0 fixes the issue.</=

<td>2026-01-27</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24747" target=3D= "_blank" rel=3D"noopener">CVE-2026-24747</a></td>

<a href=3D"https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw= -57p8-fm3p" target=3D"_blank" rel=3D"noopener">https://github.com/pytorch/p= ytorch/security/advisories/GHSA-63cw-57p8-fm3p</a> <a href=3D"https://gi= thub.com/pytorch/pytorch/issues/163105" target=3D"_blank" rel=3D"noopener">= https://github.com/pytorch/pytorch/issues/163105</a> <a href=3D"https://= github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae= 752139" target=3D"_blank" rel=3D"noopener">https://github.com/pytorch/pytor= ch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139</a> <a href=3D= "https://github.com/pytorch/pytorch/releases/tag/v2.10.0" target=3D"_blank"=
rel=3D"noopener">https://github.com/pytorch/pytorch/releases/tag/v2.10.0</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Raimersoft--TapinRadio</td>
<td>TapinRadio 2.13.7 contains a denial of service vulnerability in the app= lication proxy settings that allows attackers to crash the program by overf= lowing input fields. Attackers can paste a large buffer of 20,000 character=
s into the username and address fields to cause the application to become u= nresponsive and require reinstallation.</td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36949" target=3D= "_blank" rel=3D"noopener">CVE-2020-36949</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49206" target=3D"_blank" rel= =3D"noopener">ExploitDB-49206</a> <a href=3D"http://www.raimersoft.com/"=
target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https= ://www.vulncheck.com/advisories/tapinradio-denial-of-service" target=3D"_bl= ank" rel=3D"noopener">VulnCheck Advisory: TapinRadio 2.13.7 - Denial of Ser= vice</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ralim--IronOS</td>
<td>Integer Overflow or Wraparound vulnerability in Ralim IronOS. This issu=
e affects IronOS: before v2.23-rc2.</td>
<td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24830" target=3D= "_blank" rel=3D"noopener">CVE-2026-24830</a></td>

<a href=3D"https://github.com/Ralim/IronOS/pull/2083" target=3D"_blank" rel= =3D"noopener">https://github.com/Ralim/IronOS/pull/2083</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Realtek--Realtek Andrea RT Filters</td> <td>Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vu= lnerability that allows local users to potentially execute arbitrary code w= ith elevated system privileges. Attackers can exploit the unquoted path in = 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would=
execute during service startup or system reboot.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36974" target=3D= "_blank" rel=3D"noopener">CVE-2020-36974</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49158" target=3D"_blank" rel= =3D"noopener">ExploitDB-49158</a> <a href=3D"https://www.realtek.com/en/=
" target=3D"_blank" rel=3D"noopener">Realtek Official Homepage</a> <a hr= ef=3D"https://www.vulncheck.com/advisories/realtek-andrea-rt-filters-aertsr= exe-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Adv= isory: Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service=
Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--OpenShift Serverless</td>
<td>A flaw was found in Undertow. Servlets using a method that calls HttpSe= rvletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the=
client sends a request with large parameter names. This issue can be explo= ited by an unauthorized user to cause a remote denial-of-service (DoS) atta= ck.</td>
<td>2026-01-30</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-4027" target=3D"= _blank" rel=3D"noopener">CVE-2024-4027</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2024-4027" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2024-40= 27</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2276410"=
target=3D"_blank" rel=3D"noopener">RHBZ#2276410</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--osim</td>
<td>The $uri$args concatenation in nginx configuration file present in Open=
Security Issue Management (OSIM) prior v2025.9.0 allows path traversal att= acks via query parameters.</td>
<td>2026-01-29</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1616" target=3D"= _blank" rel=3D"noopener">CVE-2026-1616</a></td>

<a href=3D"https://github.com/RedHatProductSecurity/osim/pull/615" target= =3D"_blank" rel=3D"noopener">https://github.com/RedHatProductSecurity/osim/= pull/615</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--RHEL-9-CNV-4.19</td>
<td>A flaw was found in KubeVirt Containerized Data Importer (CDI). This vu= lnerability allows a user to clone PersistentVolumeClaims (PVCs) from unaut= horized namespaces, resulting in unauthorized access to data via the DataIm= portCron PVC source mechanism.</td>
<td>2026-01-26</td>
<td>8.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14459" target=3D= "_blank" rel=3D"noopener">CVE-2025-14459</a></td>

<a href=3D"https://access.redhat.com/errata/RHSA-2026:0950" target=3D"_blan=
k" rel=3D"noopener">RHSA-2026:0950</a> <a href=3D"https://access.redhat.= com/security/cve/CVE-2025-14459" target=3D"_blank" rel=3D"noopener">https:/= /access.redhat.com/security/cve/CVE-2025-14459</a> <a href=3D"https://bu= gzilla.redhat.com/show_bug.cgi?id=3D2420938" target=3D"_blank" rel=3D"noope= ner">RHBZ#2420938</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Rinnegatamante--lpp-vita</td>
<td>Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita. This issue=
affects lpp-vita: before lpp-vita r6.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24873" target=3D= "_blank" rel=3D"noopener">CVE-2026-24873</a></td>

<a href=3D"https://github.com/Rinnegatamante/lpp-vita/pull/82" target=3D"_b= lank" rel=3D"noopener">https://github.com/Rinnegatamante/lpp-vita/pull/82</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ruijienetworks--Ruijie Networks Switch eWeb S2= 9_RGOS</td>
<td>Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversa=
l vulnerability that allows unauthenticated attackers to access sensitive c= onfiguration files by manipulating file path parameters. Attackers can expl= oit the /download.do endpoint with '../' sequences to retrieve system confi= guration files containing credentials and network settings.</td> <td>2026-01-29</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37015" target=3D= "_blank" rel=3D"noopener">CVE-2020-37015</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48755" target=3D"_blank" rel= =3D"noopener">ExploitDB-48755</a> <a href=3D"https://www.ruijienetworks.= com/" target=3D"_blank" rel=3D"noopener">Ruijie Networks Official Homepage<= /a> <a href=3D"https://faruktuygun.com/directorytraversal.html" target= =3D"_blank" rel=3D"noopener">Directory Traversal Vulnerability Source</a><b= r><a href=3D"https://www.vulncheck.com/advisories/ruijie-networks-switch-ew= eb-srgos-directory-traversal" target=3D"_blank" rel=3D"noopener">VulnCheck = Advisory: Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">runtipi--runtipi</td>
<td>Runtipi is a personal homeserver orchestrator. Starting in version 4.5.=
0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerabili=
ty in the `UserConfigController` allows any remote user to overwrite the sy= stem's `docker-compose.yml` configuration file. By exploiting insecure URN = parsing, an attacker can replace the primary stack configuration with a mal= icious one, resulting in full Remote Code Execution (RCE) and host filesyst=
em compromise the next time the instance is restarted by the operator. Vers= ion 4.7.2 fixes the vulnerability.</td>
<td>2026-01-29</td>
<td>7.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25116" target=3D= "_blank" rel=3D"noopener">CVE-2026-25116</a></td>

<a href=3D"https://github.com/runtipi/runtipi/security/advisories/GHSA-mwg8= -x997-cqw6" target=3D"_blank" rel=3D"noopener">https://github.com/runtipi/r= untipi/security/advisories/GHSA-mwg8-x997-cqw6</a> <a href=3D"https://gi= thub.com/runtipi/runtipi/releases/tag/v4.7.2" target=3D"_blank" rel=3D"noop= ener">https://github.com/runtipi/runtipi/releases/tag/v4.7.2</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">saadiqbal--New User Approve</td>
<td>The New User Approve plugin for WordPress is vulnerable to unauthorized=
access of data and modification of data due to a missing capability check =
on multiple REST API endpoints in all versions up to, and including, 3.2.2.=
This makes it possible for unauthenticated attackers to approve or deny us=
er accounts, retrieve sensitive user information including emails and roles=
, and force logout of privileged users.</td>
<td>2026-01-28</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0832" target=3D"= _blank" rel=3D"noopener">CVE-2026-0832</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/f86a69= ab-2fc5-4c84-872b-929dbec429cd?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/f86a69ab-2fc= 5-4c84-872b-929dbec429cd?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/new-user-approve/trunk/includes/end-points/mobile-a= pi.php#L60" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpre= ss.org/browser/new-user-approve/trunk/includes/end-points/mobile-api.php#L6= 0</a> <a href=3D"https://plugins.trac.wordpress.org/browser/new-user-app= rove/tags/3.2.1/includes/end-points/mobile-api.php#L60" target=3D"_blank" r= el=3D"noopener">https://plugins.trac.wordpress.org/browser/new-user-approve= /tags/3.2.1/includes/end-points/mobile-api.php#L60</a> <a href=3D"https:= //plugins.trac.wordpress.org/browser/new-user-approve/trunk/includes/end-po= ints/mobile-api.php#L24" target=3D"_blank" rel=3D"noopener">https://plugins= .trac.wordpress.org/browser/new-user-approve/trunk/includes/end-points/mobi= le-api.php#L24</a> <a href=3D"https://plugins.trac.wordpress.org/browser= /new-user-approve/tags/3.2.1/includes/end-points/mobile-api.php#L24" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/new= -user-approve/tags/3.2.1/includes/end-points/mobile-api.php#L24</a> <a h= ref=3D"https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail= =3D&reponame=3D&old=3D3425140%40new-user-approve&new=3D3425140%40new-user-a= pprove&sfp_email=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https:= //plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame= =3D&old=3D3425140%40new-user-approve&new=3D3425140%40new-user-approve&sfp_e= mail=3D&sfph_mail</a> <a href=3D"https://plugins.trac.wordpress.org/chan= geset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3442291%40new-user-approv= e&new=3D3442291%40new-user-approve&sfp_email=3D&sfph_mail=3D" target=3D"_bl= ank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset?sfp_emai= l=3D&sfph_mail=3D&reponame=3D&old=3D3442291%40new-user-approve&new=3D344229= 1%40new-user-approve&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Salt Project--Salt</td>
<td>Salt's junos execution module contained an unsafe YAML decode/load usag=
e. A specially crafted YAML payload processed by the junos module could lea=
d to unintended code execution under the context of the Salt process.</td> <td>2026-01-30</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62348" target=3D= "_blank" rel=3D"noopener">CVE-2025-62348</a></td>

<a href=3D"https://docs.saltproject.io/en/latest/topics/releases/3006.17.ht= ml" target=3D"_blank" rel=3D"noopener">Salt 3006.17 release notes (fix for = CVE-2025-62348)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Sangfor--Operation and Maintenance Security Ma= nagement System</td>
<td>A vulnerability has been found in Sangfor Operation and Maintenance Sec= urity Management System up to 3.0.12. The impacted element is an unknown fu= nction of the file /fort/audit/get_clip_img of the component HTTP POST Requ= est Handler. Such manipulation of the argument frame/dirno leads to command=
injection. It is possible to launch the attack remotely. The exploit has b= een disclosed to the public and may be used.</td>
<td>2026-01-26</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1412" target=3D"= _blank" rel=3D"noopener">CVE-2026-1412</a></td>

<a href=3D"https://vuldb.com/?id.342801" target=3D"_blank" rel=3D"noopener"= >VDB-342801 | Sangfor Operation and Maintenance Security Management System = HTTP POST Request get_clip_img command injection</a> <a href=3D"https://= vuldb.com/?ctiid.342801" target=3D"_blank" rel=3D"noopener">VDB-342801 | CT=
I Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?subm= it.736513" target=3D"_blank" rel=3D"noopener">Submit #736513 | Sangfor Oper= ation and Maintenance Security Management System (OSM / =C3=A8=C2=BF=C2=90= =C3=A7=C2=BB=C2=B4=C3=A5=C2=AE=E2=80=B0=C3=A5=E2=80=A6=C2=A8=C3=A7=C2=AE=C2= =A1=C3=A7=C2=90=E2=80=A0=C3=A7=C2=B3=C2=BB=C3=A7=C2=BB=C5=B8) v3.0.12 Comma=
nd Injectiona</a> <a href=3D"https://github.com/LX-LX88/cve/issues/22" t= arget=3D"_blank" rel=3D"noopener">https://github.com/LX-LX88/cve/issues/22<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Scille--parsec-cloud</td>
<td>Parsec is a cloud-based application for cryptographically secure file s= haring. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a=
component of the Parsec application, does not check for weak order point o=
f Curve25519 when compiled with its RustCrypto backend. In practice this me= ans an attacker in a man-in-the-middle position would be able to provide we=
ak order points to both parties in the Diffie-Hellman exchange, resulting i=
n a high probability to for both parties to obtain the same shared key (hen=
ce leading to a successful SAS code exchange, misleading both parties into = thinking no MITM has occurred) which is also known by the attacker. Note on=
ly Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with t=
he libsodium backend). Version 3.6.0 of Parsec patches the issue.</td> <td>2026-01-29</td>
<td>8.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62514" target=3D= "_blank" rel=3D"noopener">CVE-2025-62514</a></td>

<a href=3D"https://github.com/Scille/parsec-cloud/security/advisories/GHSA-= hrc9-gm58-pgj9" target=3D"_blank" rel=3D"noopener">https://github.com/Scill= e/parsec-cloud/security/advisories/GHSA-hrc9-gm58-pgj9</a> <a href=3D"ht= tps://github.com/Scille/parsec-cloud/commit/197bb6387b49fec872b5e4a04dcdb82= b3d2995b2" target=3D"_blank" rel=3D"noopener">https://github.com/Scille/par= sec-cloud/commit/197bb6387b49fec872b5e4a04dcdb82b3d2995b2</a> <a href=3D= "https://github.com/Scille/parsec-cloud/blob/e7c5cdbc4234f606ccf3ab2be7e9ed= c22db16feb/libparsec/crates/crypto/src/rustcrypto/private.rs#L136-L138" tar= get=3D"_blank" rel=3D"noopener">https://github.com/Scille/parsec-cloud/blob= /e7c5cdbc4234f606ccf3ab2be7e9edc22db16feb/libparsec/crates/crypto/src/rustc= rypto/private.rs#L136-L138</a> <a href=3D"https://github.com/dalek-crypt= ography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/curv= e25519-dalek/src/montgomery.rs#L132-L146" target=3D"_blank" rel=3D"noopener= ">https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146= a2fd65069437e3576e49b390e7a/curve25519-dalek/src/montgomery.rs#L132-L146</a= > <a href=3D"https://github.com/dalek-cryptography/curve25519-dalek/blob= /8c53a8f10b146a2fd65069437e3576e49b390e7a/x25519-dalek/src/x25519.rs#L364-L= 366" target=3D"_blank" rel=3D"noopener">https://github.com/dalek-cryptograp= hy/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/x25519-da= lek/src/x25519.rs#L364-L366</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">script3--soroban-fixed-point-math</td> <td>soroban-fixed-point-math is a fixed-point math library for Soroban smar=
t contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function inc= orrectly handled cases where both the intermediate product $x * y$ and the = divisor $z$ were negative. The logic assumed that if the intermediate produ=
ct was negative, the final result must also be negative, neglecting the sig=
n of $z$. This resulted in rounding being applied in the wrong direction fo=
r cases where both $x * y$ and $z$ were negative. The functions most at ris=
k are `fixed_div_floor` and `fixed_div_ceil`, as they often use non-constan=
t numbers as the divisor $z$ in `mulDiv`. This error is present in all sign=
ed `FixedPoint` and `SorobanFixedPoint` implementations, including `i64`, `= i128`, and `I256`. Versions 1.3.1 and 1.4.1 contain a patch. No known worka= rounds for this issue are available.</td>
<td>2026-01-27</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24783" target=3D= "_blank" rel=3D"noopener">CVE-2026-24783</a></td>

<a href=3D"https://github.com/script3/soroban-fixed-point-math/security/adv= isories/GHSA-x5m4-43jf-hh65" target=3D"_blank" rel=3D"noopener">https://git= hub.com/script3/soroban-fixed-point-math/security/advisories/GHSA-x5m4-43jf= -hh65</a> <a href=3D"https://github.com/script3/soroban-fixed-point-math= /commit/c9233f7094198a49ed66a4d75786a8a3755c936a" target=3D"_blank" rel=3D"= noopener">https://github.com/script3/soroban-fixed-point-math/commit/c9233f= 7094198a49ed66a4d75786a8a3755c936a</a> <a href=3D"https://github.com/scr= ipt3/soroban-fixed-point-math/releases/tag/v1.3.1" target=3D"_blank" rel=3D= "noopener">https://github.com/script3/soroban-fixed-point-math/releases/tag= /v1.3.1</a> <a href=3D"https://github.com/script3/soroban-fixed-point-ma= th/releases/tag/v1.4.1" target=3D"_blank" rel=3D"noopener">https://github.c= om/script3/soroban-fixed-point-math/releases/tag/v1.4.1</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">sebastianbergmann--phpunit</td>
<td>PHPUnit is a testing framework for PHP. A vulnerability has been discov= ered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 invo= lving unsafe deserialization of code coverage data in PHPT test execution. = The vulnerability exists in the `cleanupForCoverage()` method, which deseri= alizes code coverage files without validation, potentially allowing remote = code execution if malicious `.coverage` files are present prior to the exec= ution of the PHPT test. The vulnerability occurs when a `.coverage` file, w= hich should not exist before test execution, is deserialized without the `a= llowed_classes` parameter restriction. An attacker with local file write ac= cess can place a malicious serialized object with a `__wakeup()` method int=
o the file system, leading to arbitrary code execution during test runs wit=
h code coverage instrumentation enabled. This vulnerability requires local = file write access to the location where PHPUnit stores or expects code cove= rage files for PHPT tests. This can occur through CI/CD pipeline attacks, t=
he local development environment, and/or compromised dependencies. Rather t= han just silently sanitizing the input via `['allowed_classes' =3D> fals= e]`, the maintainer has chosen to make the anomalous state explicit by trea= ting pre-existing `.coverage` files for PHPT tests as an error condition. S= tarting in versions in versions 12.5.8, 11.5.50, 10.5.62, 9.6.33, when a `.= coverage` file is detected for a PHPT test prior to execution, PHPUnit will=
emit a clear error message identifying the anomalous state. Organizations = can reduce the effective risk of this vulnerability through proper CI/CD co= nfiguration, including ephemeral runners, code review enforcement, branch p= rotection, artifact isolation, and access control.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24765" target=3D= "_blank" rel=3D"noopener">CVE-2026-24765</a></td>

<a href=3D"https://github.com/sebastianbergmann/phpunit/security/advisories= /GHSA-vvj3-c3rp-c85p" target=3D"_blank" rel=3D"noopener">https://github.com= /sebastianbergmann/phpunit/security/advisories/GHSA-vvj3-c3rp-c85p</a> <=
a href=3D"https://github.com/sebastianbergmann/phpunit/commit/3141742e00620= e2968d3d2e732d320de76685fda" target=3D"_blank" rel=3D"noopener">https://git= hub.com/sebastianbergmann/phpunit/commit/3141742e00620e2968d3d2e732d320de76= 685fda</a> <a href=3D"https://github.com/sebastianbergmann/phpunit/relea= ses/tag/10.5.63" target=3D"_blank" rel=3D"noopener">https://github.com/seba= stianbergmann/phpunit/releases/tag/10.5.63</a> <a href=3D"https://github= .com/sebastianbergmann/phpunit/releases/tag/11.5.50" target=3D"_blank" rel= =3D"noopener">https://github.com/sebastianbergmann/phpunit/releases/tag/11.= 5.50</a> <a href=3D"https://github.com/sebastianbergmann/phpunit/release= s/tag/12.5.8" target=3D"_blank" rel=3D"noopener">https://github.com/sebasti= anbergmann/phpunit/releases/tag/12.5.8</a> <a href=3D"https://github.com= /sebastianbergmann/phpunit/releases/tag/8.5.52" target=3D"_blank" rel=3D"no= opener">https://github.com/sebastianbergmann/phpunit/releases/tag/8.5.52</a= > <a href=3D"https://github.com/sebastianbergmann/phpunit/releases/tag/9= .6.33" target=3D"_blank" rel=3D"noopener">https://github.com/sebastianbergm= ann/phpunit/releases/tag/9.6.33</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Segurazo--SAntivirus IC</td>
<td>SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerabilit=
y in its Windows service configuration that allows local attackers to poten= tially execute arbitrary code. Attackers can exploit the unquoted executabl=
e path to inject malicious files in the service binary path, enabling privi= lege escalation to system-level permissions.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36980" target=3D= "_blank" rel=3D"noopener">CVE-2020-36980</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49042" target=3D"_blank" rel= =3D"noopener">ExploitDB-49042</a> <a href=3D"https://www.segurazo.com/do= wnload.html" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a h= ref=3D"https://www.vulncheck.com/advisories/santivirus-ic-santivirusic-unqu= oted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: S= Antivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">SEIKO EPSON Corp--Status Monitor 3</td>
<td>EPSON Status Monitor 3 version 8.0 contains an unquoted service path vu= lnerability that allows local attackers to potentially execute arbitrary co=
de by exploiting the service binary path. Attackers can leverage the unquot=
ed path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to = inject malicious executables and escalate privileges.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36975" target=3D= "_blank" rel=3D"noopener">CVE-2020-36975</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49141" target=3D"_blank" rel= =3D"noopener">ExploitDB-49141</a> <a href=3D"https://epson.com" target= =3D"_blank" rel=3D"noopener">Official EPSON Corporate Homepage</a> <a hr= ef=3D"https://www.vulncheck.com/advisories/epson-status-monitor-epsonpmrpcv= -unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Adviso= ry: EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">shahrukhlinkgraph--Search Atlas SEO Premier SE=
O Plugin for One-Click WP Publishing & Integrated AI Optimization</td> <td>The Search Atlas SEO - Premier SEO Plugin for One-Click WP Publishing &= amp; Integrated AI Optimization plugin for WordPress is vulnerable to authe= ntication bypass due to a missing capability check on the 'generate_sso_url=
' and 'validate_sso_token' functions in versions 2.4.4 to 2.5.12. This make=
s it possible for authenticated attackers, with Subscriber-level access and=
above, to extract the 'nonce_token' authentication value to log in to the = first Administrator's account.</td>
<td>2026-01-28</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14386" target=3D= "_blank" rel=3D"noopener">CVE-2025-14386</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/6f63d2= c4-cbae-4177-8494-daca96449ecc?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/6f63d2c4-cba= e-4177-8494-daca96449ecc?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/metasync/tags/2.5.12/admin/class-metasync-admin.php= #L1042" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.o= rg/browser/metasync/tags/2.5.12/admin/class-metasync-admin.php#L1042</a><br= ><a href=3D"https://plugins.trac.wordpress.org/browser/metasync/tags/2.5.12= /admin/class-metasync-admin.php#L851" target=3D"_blank" rel=3D"noopener">ht= tps://plugins.trac.wordpress.org/browser/metasync/tags/2.5.12/admin/class-m= etasync-admin.php#L851</a> <a href=3D"https://plugins.trac.wordpress.org= /browser/metasync/tags/2.5.12/admin/class-metasync-admin.php#L1141" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/met= async/tags/2.5.12/admin/class-metasync-admin.php#L1141</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Sharemouse--ShareMouse</td>
<td>ShareMouse 5.0.43 contains an unquoted service path vulnerability that = allows local users to potentially execute arbitrary code with elevated syst=
em privileges. Attackers can exploit the insecure service path configuratio=
n by placing malicious executables in specific system directories to gain e= levated access during service startup.</td>
<td>2026-01-28</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36991" target=3D= "_blank" rel=3D"noopener">CVE-2020-36991</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48794" target=3D"_blank" rel= =3D"noopener">ExploitDB-48794</a> <a href=3D"https://www.sharemouse.com/=
" target=3D"_blank" rel=3D"noopener">ShareMouse Official Vendor Homepage</a= > <a href=3D"https://www.vulncheck.com/advisories/sharemouse-sharemouse-= service-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck=
Advisory: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Simplephpscripts--Simple CMS</td>
<td>Simple CMS 2.1 contains a remote SQL injection vulnerability that allow=
s privileged attackers to inject unfiltered SQL commands in the users modul=
e. Attackers can exploit unvalidated input parameters in the admin.php file=
to compromise the database management system and web application.</td> <td>2026-02-01</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47918" target=3D= "_blank" rel=3D"noopener">CVE-2021-47918</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2303" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://simplephpscripts.com/simple-cms-php" target=3D"_blank" rel=3D"n= oopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com/advis= ories/simple-cms-sql-injection-vulnerability-via-users-module2" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: Simple CMS 2.1 SQL Injection Vu= lnerability via Users Module</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">smartdatasoft--SmartBlog</td>
<td>SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id= _post' parameter of the details controller that allows attackers to extract=
database information. Attackers can systematically test and retrieve datab= ase contents by injecting crafted SQL queries that compare character-by-cha= racter of database information.</td>
<td>2026-01-28</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36972" target=3D= "_blank" rel=3D"noopener">CVE-2020-36972</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48995" target=3D"_blank" rel= =3D"noopener">ExploitDB-48995</a> <a href=3D"https://github.com/smartdat= asoft/smartblog" target=3D"_blank" rel=3D"noopener">SmartBlog GitHub Reposi= tory</a> <a href=3D"https://www.vulncheck.com/advisories/smartblog-idpos= t-blind-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advisor=
y: SmartBlog 2.0.1 - 'id_post' Blind SQL injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SOCUSOFT--Photo to Video Converter Professiona= l</td>
<td>Socusoft Photo to Video Converter Professional 8.07 contains a local bu= ffer overflow vulnerability in the 'Output Folder' input field that allows = attackers to execute arbitrary code. Attackers can craft a malicious payloa=
d and paste it into the output folder field to trigger a stack-based buffer=
overflow and potentially execute shellcode.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37028" target=3D= "_blank" rel=3D"noopener">CVE-2020-37028</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48691" target=3D"_blank" rel= =3D"noopener">ExploitDB-48691</a> <a href=3D"https://web.archive.org/web= /20190314225058/http://www.dvd-photo-slideshow.com/photo-to-video-converter= .html" target=3D"_blank" rel=3D"noopener">Archived Vendor Homepage</a> <=
a href=3D"https://www.vulncheck.com/advisories/socusoft-photo-to-video-conv= erter-professional-output-folder-buffer-overflow" target=3D"_blank" rel=3D"= noopener">VulnCheck Advisory: Socusoft Photo to Video Converter Professiona=
l 8.07 - 'Output Folder' Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SolarWinds--Web Help Desk</td>
<td>SolarWinds Web Help Desk was found to be susceptible to an untrusted da=
ta deserialization vulnerability that could lead to remote code execution, = which would allow an attacker to run commands on the host machine. This cou=
ld be exploited without authentication.</td>
<td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-40551" target=3D= "_blank" rel=3D"noopener">CVE-2025-40551</a></td>

<a href=3D"https://www.solarwinds.com/trust-center/security-advisories/CVE-= 2025-40551" target=3D"_blank" rel=3D"noopener">https://www.solarwinds.com/t= rust-center/security-advisories/CVE-2025-40551</a> <a href=3D"https://do= cumentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_= 2026-1_release_notes.htm" target=3D"_blank" rel=3D"noopener">https://docume= ntation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026= -1_release_notes.htm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SolarWinds--Web Help Desk</td>
<td>SolarWinds Web Help Desk was found to be susceptible to an authenticati=
on bypass vulnerability that if exploited, would allow a malicious actor to=
execute actions and methods that should be protected by authentication.</t=

<td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-40552" target=3D= "_blank" rel=3D"noopener">CVE-2025-40552</a></td>

<a href=3D"https://www.solarwinds.com/trust-center/security-advisories/CVE-= 2025-40552" target=3D"_blank" rel=3D"noopener">https://www.solarwinds.com/t= rust-center/security-advisories/CVE-2025-40552</a> <a href=3D"https://do= cumentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_= 2026-1_release_notes.htm" target=3D"_blank" rel=3D"noopener">https://docume= ntation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026= -1_release_notes.htm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SolarWinds--Web Help Desk</td>
<td>SolarWinds Web Help Desk was found to be susceptible to an untrusted da=
ta deserialization vulnerability that could lead to remote code execution, = which would allow an attacker to run commands on the host machine. This cou=
ld be exploited without authentication.</td>
<td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-40553" target=3D= "_blank" rel=3D"noopener">CVE-2025-40553</a></td>

<a href=3D"https://www.solarwinds.com/trust-center/security-advisories/CVE-= 2025-40553" target=3D"_blank" rel=3D"noopener">https://www.solarwinds.com/t= rust-center/security-advisories/CVE-2025-40553</a> <a href=3D"https://do= cumentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_= 2026-1_release_notes.htm" target=3D"_blank" rel=3D"noopener">https://docume= ntation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026= -1_release_notes.htm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SolarWinds--Web Help Desk</td>
<td>SolarWinds Web Help Desk was found to be susceptible to an authenticati=
on bypass vulnerability that, if exploited, could allow an attacker to invo=
ke specific actions within Web Help Desk.</td>
<td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-40554" target=3D= "_blank" rel=3D"noopener">CVE-2025-40554</a></td>

<a href=3D"https://www.solarwinds.com/trust-center/security-advisories/CVE-= 2025-40554" target=3D"_blank" rel=3D"noopener">https://www.solarwinds.com/t= rust-center/security-advisories/CVE-2025-40554</a> <a href=3D"https://do= cumentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_= 2026-1_release_notes.htm" target=3D"_blank" rel=3D"noopener">https://docume= ntation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026= -1_release_notes.htm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SolarWinds--Web Help Desk</td>
<td>SolarWinds Web Help Desk was found to be susceptible to a security cont= rol bypass vulnerability that if exploited, could allow an unauthenticated = attacker to gain access to certain restricted functionality.</td> <td>2026-01-28</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-40536" target=3D= "_blank" rel=3D"noopener">CVE-2025-40536</a></td>

<a href=3D"https://www.solarwinds.com/trust-center/security-advisories/CVE-= 2025-40536" target=3D"_blank" rel=3D"noopener">https://www.solarwinds.com/t= rust-center/security-advisories/CVE-2025-40536</a> <a href=3D"https://do= cumentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_= 2026-1_release_notes.htm" target=3D"_blank" rel=3D"noopener">https://docume= ntation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026= -1_release_notes.htm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SolarWinds--Web Help Desk</td>
<td>SolarWinds Web Help Desk was found to be susceptible to a hardcoded cre= dentials vulnerability that, under certain situations, could allow access t=
o administrative functions.</td>
<td>2026-01-28</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-40537" target=3D= "_blank" rel=3D"noopener">CVE-2025-40537</a></td>

<a href=3D"https://www.solarwinds.com/trust-center/security-advisories/CVE-= 2025-40537" target=3D"_blank" rel=3D"noopener">https://www.solarwinds.com/t= rust-center/security-advisories/CVE-2025-40537</a> <a href=3D"https://do= cumentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_= 2026-1_release_notes.htm" target=3D"_blank" rel=3D"noopener">https://docume= ntation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026= -1_release_notes.htm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Sonarqube--SonarQube</td>
<td>SonarQube 8.3.1 contains an unquoted service path vulnerability that al= lows local attackers to gain SYSTEM privileges by exploiting the service ex= ecutable path. Attackers can replace the wrapper.exe in the service path wi=
th a malicious executable to execute code with highest system privileges du= ring service restart.</td>
<td>2026-01-29</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37020" target=3D= "_blank" rel=3D"noopener">CVE-2020-37020</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48677" target=3D"_blank" rel= =3D"noopener">ExploitDB-48677</a> <a href=3D"https://www.sonarqube.org" = target=3D"_blank" rel=3D"noopener">SonarQube Official Homepage</a> <a hr= ef=3D"https://www.vulncheck.com/advisories/sonarqube-unquoted-service-path"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: SonarQube 8.3.1 - U= nquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Squidex--squidex</td>
<td>Squidex is an open source headless content management system and conten=
t management hub. Versions of the application up to and including 7.21.0 al= low users to define "Webhooks" as actions within the Rules engine. The url = parameter in the webhook configuration does not appear to validate or restr= ict destination IP addresses. It accepts local addresses such as 127.0.0.1 =
or localhost. When a rule is triggered (Either manual trigger by manually c= alling the trigger endpoint or by a content update or any other triggers), = the backend server executes an HTTP request to the user-supplied URL. Cruci= ally, the server logs the full HTTP response in the rule execution log (las= tDump field), which is accessible via the API. Which turns a "Blind" SSRF i= nto a "Full Read" SSRF. As of time of publication, no patched versions are = available.</td>
<td>2026-01-27</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24736" target=3D= "_blank" rel=3D"noopener">CVE-2026-24736</a></td>

<a href=3D"https://github.com/Squidex/squidex/security/advisories/GHSA-wxg2= -953m-fg2w" target=3D"_blank" rel=3D"noopener">https://github.com/Squidex/s= quidex/security/advisories/GHSA-wxg2-953m-fg2w</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">sunnygkp10--Online-Exam-System</td> <td>Online-Exam-System 2015 contains a time-based blind SQL injection vulne= rability in the feedback form that allows attackers to extract database pas= sword hashes. Attackers can exploit the 'feed.php' endpoint by crafting mal= icious payload requests that use time delays to systematically enumerate us=
er password characters.</td>
<td>2026-01-30</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37051" target=3D= "_blank" rel=3D"noopener">CVE-2020-37051</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48560" target=3D"_blank" rel= =3D"noopener">ExploitDB-48560</a> <a href=3D"https://github.com/sunnygkp= 10/Online-Exam-System-.git" target=3D"_blank" rel=3D"noopener">Software Rep= ository</a> <a href=3D"https://www.vulncheck.com/advisories/online-exam-= system-feedback-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck=
Advisory: Online-Exam-System 2015 - 'feedback' SQL Injection</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">sunnygkp10--Online-Exam-System</td> <td>Online-Exam-System 2015 contains a SQL injection vulnerability in the f= eedback module that allows attackers to manipulate database queries through=
the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid=
' parameter to potentially extract, modify, or delete database information.= </td>
<td>2026-01-30</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37057" target=3D= "_blank" rel=3D"noopener">CVE-2020-37057</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48529" target=3D"_blank" rel= =3D"noopener">ExploitDB-48529</a> <a href=3D"https://github.com/sunnygkp= 10/Online-Exam-System-.git" target=3D"_blank" rel=3D"noopener">Software Rep= ository</a> <a href=3D"https://www.vulncheck.com/advisories/online-exam-= system-fid-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advi= sory: Online-Exam-System 2015 - 'fid' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Techraft--Digital Multivendor Marketplace Onli=
ne Store</td>
<td>Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilitie=
s in inventory, customer, vendor, and order modules. Remote attackers with = privileged vendor or admin roles can exploit the 'id' parameter to execute = malicious SQL commands and compromise the database management system.</td> <td>2026-02-01</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47909" target=3D= "_blank" rel=3D"noopener">CVE-2021-47909</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2306" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://ultimate.multecart.com/" target=3D"_blank" rel=3D"noopener">Pro= duct Homepage</a> <a href=3D"https://www.techraft.in/" target=3D"_blank"=
rel=3D"noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.= com/advisories/mult-e-cart-ultimate-sql-injection-via-vulnerable-id-paramet= ers" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Mult-E-Cart Ult= imate 2.4 SQL Injection via Vulnerable ID Parameters</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">telnet-lite--Mocha Telnet Lite for iOS</td> <td>Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerabilit=
y that allows attackers to crash the application by manipulating the user c= onfiguration input. Attackers can overwrite the 'User' field with 350 bytes=
of repeated characters to trigger an application crash and prevent normal = functionality.</td>
<td>2026-01-29</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36995" target=3D= "_blank" rel=3D"noopener">CVE-2020-36995</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48728" target=3D"_blank" rel= =3D"noopener">ExploitDB-48728</a> <a href=3D"https://apps.apple.com/us/a= pp/telnet-lite/id286893976" target=3D"_blank" rel=3D"noopener">Official App=
Store Page for Mocha Telnet Lite</a> <a href=3D"https://www.vulncheck.c= om/advisories/mocha-telnet-lite-for-ios-user-denial-of-service" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: Mocha Telnet Lite for iOS 4.2 -=
'User' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--AC21</td>
<td>A vulnerability was identified in Tenda AC21 16.03.08.16. The affected = element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMt= uWan. The manipulation leads to stack-based buffer overflow. Remote exploit= ation of the attack is possible. The exploit is publicly available and migh=
t be used.</td>
<td>2026-01-29</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1637" target=3D"= _blank" rel=3D"noopener">CVE-2026-1637</a></td>

<a href=3D"https://vuldb.com/?id.343416" target=3D"_blank" rel=3D"noopener"= >VDB-343416 | Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based ov= erflow</a> <a href=3D"https://vuldb.com/?ctiid.343416" target=3D"_blank"=
rel=3D"noopener">VDB-343416 | CTI Indicators (IOB, IOC, IOA)</a> <a hre= f=3D"https://vuldb.com/?submit.740865" target=3D"_blank" rel=3D"noopener">S= ubmit #740865 | Tenda AC21 V16.03.08.16 Buffer Overflow</a> <a href=3D"h= ttps://github.com/LX-LX88/cve/issues/25" target=3D"_blank" rel=3D"noopener"= >https://github.com/LX-LX88/cve/issues/25</a> <a href=3D"https://www.ten= da.com.cn/" target=3D"_blank" rel=3D"noopener">https://www.tenda.com.cn/</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--AC23</td>
<td>A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknow=
n function of the file /goform/WifiExtraSet. This manipulation of the argum= ent wpapsk_crypto causes buffer overflow. Remote exploitation of the attack=
is possible. The exploit has been published and may be used.</td> <td>2026-01-26</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1420" target=3D"= _blank" rel=3D"noopener">CVE-2026-1420</a></td>

<a href=3D"https://vuldb.com/?id.342836" target=3D"_blank" rel=3D"noopener"= >VDB-342836 | Tenda AC23 WifiExtraSet buffer overflow</a> <a href=3D"htt= ps://vuldb.com/?ctiid.342836" target=3D"_blank" rel=3D"noopener">VDB-342836=
| CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?subm= it.736559" target=3D"_blank" rel=3D"noopener">Submit #736559 | Tenda AC23 V= 16.03.07.52 Buffer Overflow</a> <a href=3D"https://github.com/xyh4ck/iot= _poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffe= r_Overflow_WifiExtraSet.md" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/T= enda%20AC23_Buffer_Overflow_WifiExtraSet.md</a> <a href=3D"https://githu= b.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Te= nda%20AC23_Buffer_Overflow_WifiExtraSet.md#poc" target=3D"_blank" rel=3D"no= opener">https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Ove= rflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md#poc</a> =
<a href=3D"https://www.tenda.com.cn/" target=3D"_blank" rel=3D"noopener">ht= tps://www.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--AX12 Pro V2</td>
<td>A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected=
by this issue is some unknown functionality of the component Telnet Servic=
e. Performing a manipulation results in hard-coded credentials. The attack =
is possible to be carried out remotely. A high degree of complexity is need=
ed for the attack. The exploitation is known to be difficult. The exploit h=
as been made public and could be used.</td>
<td>2026-01-29</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1610" target=3D"= _blank" rel=3D"noopener">CVE-2026-1610</a></td>

<a href=3D"https://vuldb.com/?id.343378" target=3D"_blank" rel=3D"noopener"= >VDB-343378 | Tenda AX12 Pro V2 Telnet Service hard-coded credentials</a><b= r><a href=3D"https://vuldb.com/?ctiid.343378" target=3D"_blank" rel=3D"noop= ener">VDB-343378 | CTI Indicators (IOB, IOC, TTP)</a> <a href=3D"https:/= /vuldb.com/?submit.740766" target=3D"_blank" rel=3D"noopener">Submit #74076=
6 | Tenda AX12 pro V2 V16.03.49.24_cn Hard-coded Credentials</a> <a href= =3D"https://github.com/QIU-DIE/CVE/issues/49" target=3D"_blank" rel=3D"noop= ener">https://github.com/QIU-DIE/CVE/issues/49</a> <a href=3D"https://ww= w.tenda.com.cn/" target=3D"_blank" rel=3D"noopener">https://www.tenda.com.c= n/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--HG10</td>
<td>A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_30000113= 8_en_xpon. Impacted is an unknown function of the file /boaform/formSamba o=
f the component Boa Webserver. Executing a manipulation of the argument ser= verString can lead to command injection. It is possible to launch the attac=
k remotely. The exploit has been made available to the public and could be = used for attacks.</td>
<td>2026-01-30</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1687" target=3D"= _blank" rel=3D"noopener">CVE-2026-1687</a></td>

<a href=3D"https://vuldb.com/?id.343481" target=3D"_blank" rel=3D"noopener"= >VDB-343481 | Tenda HG10 Boa Webserver formSamba command injection</a> <=
a href=3D"https://vuldb.com/?ctiid.343481" target=3D"_blank" rel=3D"noopene= r">VDB-343481 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https= ://vuldb.com/?submit.741281" target=3D"_blank" rel=3D"noopener">Submit #741= 281 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Command Injection</a><= br><a href=3D"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/bl= ob/main/Tenda/HG10/formSamba-serverString-command.md" target=3D"_blank" rel= =3D"noopener">https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/bl= ob/main/Tenda/HG10/formSamba-serverString-command.md</a> <a href=3D"http= s://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10= /formSamba-serverString-command.md#poc" target=3D"_blank" rel=3D"noopener">= https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/= HG10/formSamba-serverString-command.md#poc</a> <a href=3D"https://www.te= nda.com.cn/" target=3D"_blank" rel=3D"noopener">https://www.tenda.com.cn/</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--HG10</td>
<td>A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_= en_xpon. The impacted element is the function checkUserFromLanOrWan of the = file /boaform/admin/formLogin of the component Login Interface. The manipul= ation of the argument Host results in command injection. The attack can be = launched remotely. The exploit is now public and may be used.</td> <td>2026-01-30</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1689" target=3D"= _blank" rel=3D"noopener">CVE-2026-1689</a></td>

<a href=3D"https://vuldb.com/?id.343483" target=3D"_blank" rel=3D"noopener"= >VDB-343483 | Tenda HG10 Login formLogin checkUserFromLanOrWan command inje= ction</a> <a href=3D"https://vuldb.com/?ctiid.343483" target=3D"_blank" = rel=3D"noopener">VDB-343483 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.741411" target=3D"_blank" rel=3D"noopene= r">Submit #741411 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Command = Injection</a> <a href=3D"https://github.com/SunnyYANGyaya/cuicuishark-sh= eep-fishIOT/blob/main/Tenda/HG10/formLogin-Host-command.md" target=3D"_blan=
k" rel=3D"noopener">https://github.com/SunnyYANGyaya/cuicuishark-sheep-fish= IOT/blob/main/Tenda/HG10/formLogin-Host-command.md</a> <a href=3D"https:= //github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/f= ormLogin-Host-command.md#poc" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formL= ogin-Host-command.md#poc</a> <a href=3D"https://www.tenda.com.cn/" targe= t=3D"_blank" rel=3D"noopener">https://www.tenda.com.cn/</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Tendenci--Tendenci</td>
<td>Tendenci 12.3.1 contains a CSV formula injection vulnerability in the c= ontact form message field that allows attackers to inject malicious formula=
s during export. Attackers can submit crafted payloads like '=3D10+20+cmd|'=
/C calc'!A0' in the message field to trigger arbitrary command execution w= hen the CSV is opened in spreadsheet applications.</td>
<td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36962" target=3D= "_blank" rel=3D"noopener">CVE-2020-36962</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49145" target=3D"_blank" rel= =3D"noopener">ExploitDB-49145</a> <a href=3D"https://www.tendenci.com/" = target=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a href= =3D"https://github.com/tendenci/tendenci" target=3D"_blank" rel=3D"noopener= ">Tendenci GitHub Repository</a> <a href=3D"https://www.vulncheck.com/ad= visories/tendenci-csv-formula-injection" target=3D"_blank" rel=3D"noopener"= >VulnCheck Advisory: Tendenci 12.3.1 - CSV/ Formula Injection</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">Testa--Testa Online Test Management System</td=

<td>Testa Online Test Management System 3.4.7 contains a SQL injection vuln= erability that allows attackers to manipulate database queries through the = 'q' search parameter. Attackers can inject malicious SQL code in the search=
field to extract database information, potentially accessing sensitive use=
r or system data.</td>
<td>2026-01-27</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47902" target=3D= "_blank" rel=3D"noopener">CVE-2021-47902</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49194" target=3D"_blank" rel= =3D"noopener">ExploitDB-49194</a> <a href=3D"https://web.archive.org/web= /20220406031253/https://testa.cc/" target=3D"_blank" rel=3D"noopener">Archi= ved Vendor Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/= testa-online-test-management-system-q-sql-injection" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: Testa Online Test Management System 3.4.7=
- 'q' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">themrdemonized--xray-monolith</td>
<td>Access of Resource Using Incompatible Type ('Type Confusion') vulnerabi= lity in themrdemonized xray-monolith. This issue affects xray-monolith: bef= ore 2025.12.30.</td>
<td>2026-01-27</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24874" target=3D= "_blank" rel=3D"noopener">CVE-2026-24874</a></td>

<a href=3D"https://github.com/themrdemonized/xray-monolith/pull/399" target= =3D"_blank" rel=3D"noopener">https://github.com/themrdemonized/xray-monolit= h/pull/399</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">tigroumeow--AI Engine The Chatbot and AI Frame= work for WordPress</td>
<td>The AI Engine - The Chatbot and AI Framework for WordPress plugin for W= ordPress is vulnerable to arbitrary file uploads due to missing file type v= alidation in the `rest_helpers_update_media_metadata` function in all versi= ons up to, and including, 3.3.2. This makes it possible for authenticated a= ttackers, with Editor-level access and above, to upload arbitrary files on = the affected site's server which may make remote code execution possible. T=
he attacker can upload a benign image file, then use the `update_media_meta= data` endpoint to rename it to a PHP file, creating an executable PHP file =
in the uploads directory.</td>
<td>2026-01-28</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1400" target=3D"= _blank" rel=3D"noopener">CVE-2026-1400</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/d52272= 69-4406-4fcf-af37-f1db0af857d6?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/d5227269-440= 6-4fcf-af37-f1db0af857d6?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/ai-engine/tags/3.3.0/classes/rest.php#L1104" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/ai-= engine/tags/3.3.0/classes/rest.php#L1104</a> <a href=3D"https://plugins.= trac.wordpress.org/browser/ai-engine/tags/3.3.0/classes/rest.php#L1141" tar= get=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/= ai-engine/tags/3.3.0/classes/rest.php#L1141</a> <a href=3D"https://plugi= ns.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classes/rest.php" t= arget=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/change= set/3447500/ai-engine/trunk/classes/rest.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tildeslash Ltd.--M/Monit</td>
<td>M/Monit 3.7.4 contains a privilege escalation vulnerability that allows=
authenticated users to modify user permissions by manipulating the admin p= arameter. Attackers can send a POST request to the /api/1/admin/users/updat=
e endpoint with a crafted payload to grant administrative access to a stand= ard user account.</td>
<td>2026-01-28</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36969" target=3D= "_blank" rel=3D"noopener">CVE-2020-36969</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49080" target=3D"_blank" rel= =3D"noopener">ExploitDB-49080</a> <a href=3D"https://mmonit.com/" target= =3D"_blank" rel=3D"noopener">M/Monit Official Vendor Homepage</a> <a hre= f=3D"https://www.vulncheck.com/advisories/mmonit-privilege-escalation" targ= et=3D"_blank" rel=3D"noopener">VulnCheck Advisory: M/Monit 3.7.4 - Privileg=
e Escalation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TimeClock Software--TimeClock Software</td> <td>TimeClock Software 1.01 contains an authenticated time-based SQL inject= ion vulnerability that allows attackers to enumerate valid usernames by man= ipulating the 'notes' parameter. Attackers can inject conditional time dela=
ys in the add_entry.php endpoint to determine user existence by measuring r= esponse time differences.</td>
<td>2026-01-29</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37005" target=3D= "_blank" rel=3D"noopener">CVE-2020-37005</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48874" target=3D"_blank" rel= =3D"noopener">ExploitDB-48874</a> <a href=3D"https://web.archive.org/web= /20190104104315/http://timeclock-software.net/" target=3D"_blank" rel=3D"no= opener">Archived Product Homepage</a> <a href=3D"https://www.vulncheck.c= om/advisories/timeclock-software-authenticated-time-based-sql-injection" ta= rget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: TimeClock Software 1.0=
1 Authenticated Time-Based SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Totolink--A3600R</td>
<td>A security flaw has been discovered in Totolink A3600R 5.9c.4959. This = issue affects the function setAppEasyWizardConfig in the library /lib/cste_= modules/app.so. Performing a manipulation of the argument apcliSsid results=
in buffer overflow. It is possible to initiate the attack remotely. The ex= ploit has been released to the public and may be used for attacks.</td> <td>2026-01-30</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1686" target=3D"= _blank" rel=3D"noopener">CVE-2026-1686</a></td>

<a href=3D"https://vuldb.com/?id.343480" target=3D"_blank" rel=3D"noopener"= >VDB-343480 | Totolink A3600R app.so setAppEasyWizardConfig buffer overflow= </a> <a href=3D"https://vuldb.com/?ctiid.343480" target=3D"_blank" rel= =3D"noopener">VDB-343480 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D= "https://vuldb.com/?submit.740888" target=3D"_blank" rel=3D"noopener">Submi=
t #740888 | TOTOLINK A3600R V5.9c.4959 Buffer Overflow</a> <a href=3D"ht= tps://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink= /A3600R/4959-apcliSsid-setAppEasyWizardConfig.md" target=3D"_blank" rel=3D"= noopener">https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/m= ain/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md</a> <a href= =3D"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/To= Tolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md#poc" target=3D"_blan=
k" rel=3D"noopener">https://github.com/SunnyYANGyaya/cuicuishark-sheep-fish= IOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md#poc<= /a> <a href=3D"https://www.totolink.net/" target=3D"_blank" rel=3D"noope= ner">https://www.totolink.net/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TrustTunnel--TrustTunnel</td>
<td>TrustTunnel is an open-source VPN protocol with a server-side request f= orgery and and private network restriction bypass in versions prior to 0.9.= 114. In `tcp_forwarder.rs`, SSRF protection for `allow_private_network_conn= ections =3D false` was only applied in the `TcpDestination::HostName(peer)`=
path. The `TcpDestination::Address(peer) =3D> peer` path proceeded to `= TcpStream::connect()` without equivalent checks (for example `is_global_ip`=
, `is_loopback`), allowing loopback/private targets to be reached by supply= ing a numeric IP. The vulnerability is fixed in version 0.9.114.</td> <td>2026-01-29</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24902" target=3D= "_blank" rel=3D"noopener">CVE-2026-24902</a></td>

<a href=3D"https://github.com/TrustTunnel/TrustTunnel/security/advisories/G= HSA-hgr9-frvw-5r76" target=3D"_blank" rel=3D"noopener">https://github.com/T= rustTunnel/TrustTunnel/security/advisories/GHSA-hgr9-frvw-5r76</a> <a hr= ef=3D"https://github.com/TrustTunnel/TrustTunnel/commit/734bb5cf103b72390a9= 5c853cbf91e699cc01bc0" target=3D"_blank" rel=3D"noopener">https://github.co= m/TrustTunnel/TrustTunnel/commit/734bb5cf103b72390a95c853cbf91e699cc01bc0</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TryGhost--Ghost</td>
<td>Ghost is an open source content management system. In Ghost versions 5.= 43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craf=
t a malicious link that, when accessed by an authenticated staff user or me= mber, would execute JavaScript with the victim's permissions, potentially l= eading to account takeover. Ghost Portal versions 2.29.1 through 2.51.4 and=
2.52.0 through 2.57.0 were vulnerable to this issue. Ghost automatically l= oads the latest patch of the members Portal component via CDN. For Ghost 5.=
x users, upgrading to v5.121.0 or later fixes the vulnerability. v5.121.0 l= oads Portal v2.51.5, which contains the patch. For Ghost 6.x users, upgradi=
ng to v6.15.0 or later fixes the vulnerability. v6.15.0 loads Portal v2.57.=
1, which contains the patch. For Ghost installations using a customized or = self-hosted version of Portal, it will be necessary to manually rebuild fro=
m or update to the latest patch version.</td>
<td>2026-01-27</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24778" target=3D= "_blank" rel=3D"noopener">CVE-2026-24778</a></td>

<a href=3D"https://github.com/TryGhost/Ghost/security/advisories/GHSA-gv6q-= 2m97-882h" target=3D"_blank" rel=3D"noopener">https://github.com/TryGhost/G= host/security/advisories/GHSA-gv6q-2m97-882h</a> <a href=3D"https://gith= ub.com/TryGhost/Ghost/commit/da858e640e88e69c1773a7b7ecdc2008fa143849" targ= et=3D"_blank" rel=3D"noopener">https://github.com/TryGhost/Ghost/commit/da8= 58e640e88e69c1773a7b7ecdc2008fa143849</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tucows Inc.--Audio Playback Recorder</td> <td>Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerab= ility in the eject and registration parameters that allows attackers to exe= cute arbitrary code. Attackers can craft malicious payloads and overwrite S= tructured Exception Handler (SEH) to execute shellcode when pasting special=
ly crafted input into the application's input fields.</td>
<td>2026-01-29</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37013" target=3D= "_blank" rel=3D"noopener">CVE-2020-37013</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48796" target=3D"_blank" rel= =3D"noopener">ExploitDB-48796</a> <a href=3D"https://web.archive.org/web= /20210105222148/https://whitecr0wz.github.io/assets/img/Findings11/11-proof= .gif" target=3D"_blank" rel=3D"noopener">Archived Researcher Proof of Conce=
pt Video</a> <a href=3D"https://archive.org/details/tucows_288670_Audio_= Playback_Recorder" target=3D"_blank" rel=3D"noopener">Product Software Arch= ive</a> <a href=3D"https://www.vulncheck.com/advisories/audio-playback-r= ecorder-local-buffer-overflow-seh" target=3D"_blank" rel=3D"noopener">VulnC= heck Advisory: Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tucows--Easy CD & DVD Cover Creator</td> <td>Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnera= bility in the serial number input field that allows attackers to crash the = application. Attackers can generate a 6000-byte payload and paste it into t=
he serial number field to trigger an application crash.</td> <td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36940" target=3D= "_blank" rel=3D"noopener">CVE-2020-36940</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49337" target=3D"_blank" rel= =3D"noopener">ExploitDB-49337</a> <a href=3D"https://www.vulncheck.com/a= dvisories/easy-cd-dvd-cover-creator-denial-of-service" target=3D"_blank" re= l=3D"noopener">VulnCheck Advisory: Easy CD & DVD Cover Creator 4.13 - D= enial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ubiquiti, Inc.--AirControl</td>
<td>AirControl 1.4.2 contains a pre-authentication remote code execution vu= lnerability that allows unauthenticated attackers to execute arbitrary syst=
em commands through malicious Java expression injection. Attackers can expl= oit the /.seam endpoint by crafting a specially constructed URL with embedd=
ed Java expressions to run commands with the application's system privilege= s.</td>
<td>2026-01-30</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37052" target=3D= "_blank" rel=3D"noopener">CVE-2020-37052</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48541" target=3D"_blank" rel= =3D"noopener">ExploitDB-48541</a> <a href=3D"https://www.ui.com/" target= =3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://www.= vulncheck.com/advisories/aircontrol-preauth-remote-code-execution" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: AirControl 1.4.2 - PreAuth=
Remote Code Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Veritas--NetBackup</td>
<td>Veritas NetBackup 7.0 contains an unquoted service path vulnerability i=
n the NetBackup INET Daemon service that allows local users to potentially = execute arbitrary code. Attackers can exploit the unquoted path in C:\Progr=
am Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that wo= uld execute with elevated LocalSystem privileges.</td>
<td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37045" target=3D= "_blank" rel=3D"noopener">CVE-2020-37045</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48227" target=3D"_blank" rel= =3D"noopener">ExploitDB-48227</a> <a href=3D"https://www.veritas.com/" t= arget=3D"_blank" rel=3D"noopener">Veritas Official Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/netbackup-netbackup-inet-daemon-un= quoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory:=
NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">VeryPDF.com, Inc.--docPrint Pro</td>
<td>docPrint Pro 8.0 contains a local buffer overflow vulnerability in the = 'Add URL' input field that allows attackers to execute arbitrary code by ov= erwriting memory. Attackers can craft a malicious payload that triggers a s= tructured exception handler (SEH) overwrite to execute shellcode and gain r= emote system access.</td>
<td>2026-01-28</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36965" target=3D= "_blank" rel=3D"noopener">CVE-2020-36965</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49100" target=3D"_blank" rel= =3D"noopener">ExploitDB-49100</a> <a href=3D"http://www.verypdf.com" tar= get=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://w= ww.vulncheck.com/advisories/docprint-pro-add-url-buffer-overflow-seh-egghun= ter" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: docPrint Pro 8.=
0 - 'Add URL' Buffer Overflow (SEH Egghunter)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">VestaCP--VestaCP</td>
<td>VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs = module that allows remote attackers to manipulate authentication tokens. At= tackers can exploit insufficient token validation to access user accounts a=
nd perform unauthorized login requests without proper administrative permis= sions.</td>
<td>2026-01-27</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36948" target=3D= "_blank" rel=3D"noopener">CVE-2020-36948</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49219" target=3D"_blank" rel= =3D"noopener">ExploitDB-49219</a> <a href=3D"https://vestacp.com/" targe= t=3D"_blank" rel=3D"noopener">VestaCP Official Homepage</a> <a href=3D"h= ttps://www.vulnerability-lab.com/get_content.php?id=3D2240" target=3D"_blan=
k" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href=3D"https://ww= w.vulnerability-lab.com/show.php?user=3DBenjamin%20K.M." target=3D"_blank" = rel=3D"noopener">Benjamin Kunz Mejri Profile</a> <a href=3D"https://www.= vulncheck.com/advisories/vestacp-loginas-insufficient-session-validation" t= arget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: VestaCP 0.9.8-26 - 'L= oginAs' Insufficient Session Validation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">VictorAlagwu--CMSsite</td>
<td>Victor CMS 1.0 contains a file upload vulnerability that allows authent= icated users to upload malicious PHP files through the profile image upload=
feature. Attackers can upload a PHP shell to the /img directory and execut=
e system commands by accessing the uploaded file via web browser.</td> <td>2026-01-27</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36942" target=3D= "_blank" rel=3D"noopener">CVE-2020-36942</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49310" target=3D"_blank" rel= =3D"noopener">ExploitDB-49310</a> <a href=3D"https://github.com/VictorAl= agwu/CMSsite" target=3D"_blank" rel=3D"noopener">Victor CMS Project Reposit= ory</a> <a href=3D"https://www.vulncheck.com/advisories/victor-cms-file-= upload-to-rce" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Victo=
r CMS 1.0 - File Upload To RCE</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">vllm-project--vllm</td>
<td>vLLM is an inference and serving engine for large language models (LLMs=
). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerabil= ity exists in the `MediaConnector` class within the vLLM project's multimod=
al feature set. The load_from_url and load_from_url_async methods obtain an=
d process media from URLs provided by users, using different Python parsing=
libraries when restricting the target host. These two parsing libraries ha=
ve different interpretations of backslashes, which allows the host name res= triction to be bypassed. This allows an attacker to coerce the vLLM server = into making arbitrary requests to internal network resources. This vulnerab= ility is particularly critical in containerized environments like `llm-d`, = where a compromised vLLM pod could be used to scan the internal network, in= teract with other pods, and potentially cause denial of service or access s= ensitive data. For example, an attacker could make the vLLM pod send malici= ous requests to an internal `llm-d` management endpoint, leading to system = instability by falsely reporting metrics like the KV cache state. Version 0= .14.1 contains a patch for the issue.</td>
<td>2026-01-27</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24779" target=3D= "_blank" rel=3D"noopener">CVE-2026-24779</a></td>

<a href=3D"https://github.com/vllm-project/vllm/security/advisories/GHSA-qh= 4c-xf7m-gxfc" target=3D"_blank" rel=3D"noopener">https://github.com/vllm-pr= oject/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc</a> <a href=3D"https:= //github.com/vllm-project/vllm/pull/32746" target=3D"_blank" rel=3D"noopene= r">https://github.com/vllm-project/vllm/pull/32746</a> <a href=3D"https:= //github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef1= 7d7" target=3D"_blank" rel=3D"noopener">https://github.com/vllm-project/vll= m/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WEBDAMN.COM--WebDamn User Registration & L= ogin System with User Panel</td>
<td>WebDamn User Registration Login System contains a SQL injection vulnera= bility that allows unauthenticated attackers to bypass login authentication=
by manipulating email credentials. Attackers can inject the payload '<e= mail>' OR '1'=3D'1' in both username and password fields to gain unautho= rized access to the user panel.</td>
<td>2026-01-28</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36945" target=3D= "_blank" rel=3D"noopener">CVE-2020-36945</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49170" target=3D"_blank" rel= =3D"noopener">ExploitDB-49170</a> <a href=3D"https://webdamn.com/" targe= t=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://web= damn.com/user-management-system-with-php-mysql/" target=3D"_blank" rel=3D"n= oopener">Software Product Page</a> <a href=3D"https://www.vulncheck.com/= advisories/webdamn-user-registration-login-system-with-user-panel-sqli-auth= -bypass" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: WebDamn Use=
r Registration & Login System with User Panel - SQLi Auth Bypass</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">Weird Solutions--DHCP Turbo</td>
<td>DHCP Turbo 4.61298 contains an unquoted service path vulnerability that=
allows local attackers to potentially execute arbitrary code by exploiting=
the service binary path. Attackers can place malicious executables in the = service path to gain elevated privileges when the service starts.</td> <td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37062" target=3D= "_blank" rel=3D"noopener">CVE-2020-37062</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48080" target=3D"_blank" rel= =3D"noopener">ExploitDB-48080</a> <a href=3D"https://www.weird-solutions= .com" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"= https://www.vulncheck.com/advisories/dhcp-turbo-dhcp-turbo-unquoted-service= -path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: DHCP Turbo 4.= 6.1298- 'DHCP Turbo 4' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Weird-Solutions--BOOTP Turbo</td>
<td>BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability th=
at allows local attackers to potentially execute arbitrary code with elevat=
ed system privileges. Attackers can exploit the unquoted executable path to=
inject malicious code that will be executed when the service starts with L= ocalSystem permissions.</td>
<td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37061" target=3D= "_blank" rel=3D"noopener">CVE-2020-37061</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48078" target=3D"_blank" rel= =3D"noopener">ExploitDB-48078</a> <a href=3D"https://www.weird-solutions= .com" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"= https://www.vulncheck.com/advisories/bootp-turbo-bootp-turbo-unquoted-servi= ce-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: BOOTP Turbo=
2.0.1214 - 'BOOTP Turbo' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Weird-Solutions--TFTP Turbo</td>
<td>TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability tha=
t allows local attackers to potentially execute arbitrary code with elevate=
d privileges. Attackers can exploit the unquoted path in the service config= uration to inject malicious executables that will be launched with LocalSys= tem permissions.</td>
<td>2026-02-01</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37063" target=3D= "_blank" rel=3D"noopener">CVE-2020-37063</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48085" target=3D"_blank" rel= =3D"noopener">ExploitDB-48085</a> <a href=3D"https://www.weird-solutions= .com" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"= https://www.vulncheck.com/advisories/tftp-turbo-tftp-turbo-unquoted-service= -path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: TFTP Turbo 4.= 6.1273 - 'TFTP Turbo 4' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WellChoose--Single Sign-On Portal System</td> <td>Single Sign-On Portal System developed by WellChoose has a OS Command I= njection vulnerability, allowing authenticated remote attackers to inject a= rbitrary OS commands and execute them on the server.</td>
<td>2026-01-26</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1427" target=3D"= _blank" rel=3D"noopener">CVE-2026-1427</a></td>

<a href=3D"https://www.twcert.org.tw/tw/cp-132-10654-23f40-1.html" target= =3D"_blank" rel=3D"noopener">https://www.twcert.org.tw/tw/cp-132-10654-23f4= 0-1.html</a> <a href=3D"https://www.twcert.org.tw/en/cp-139-10655-59160-= 2.html" target=3D"_blank" rel=3D"noopener">https://www.twcert.org.tw/en/cp-= 139-10655-59160-2.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WellChoose--Single Sign-On Portal System</td> <td>Single Sign-On Portal System developed by WellChoose has a OS Command I= njection vulnerability, allowing authenticated remote attackers to inject a= rbitrary OS commands and execute them on the server.</td>
<td>2026-01-26</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1428" target=3D"= _blank" rel=3D"noopener">CVE-2026-1428</a></td>

<a href=3D"https://www.twcert.org.tw/tw/cp-132-10654-23f40-1.html" target= =3D"_blank" rel=3D"noopener">https://www.twcert.org.tw/tw/cp-132-10654-23f4= 0-1.html</a> <a href=3D"https://www.twcert.org.tw/en/cp-139-10655-59160-= 2.html" target=3D"_blank" rel=3D"noopener">https://www.twcert.org.tw/en/cp-= 139-10655-59160-2.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wibu--CodeMeter</td>
<td>CodeMeter 6.60 contains an unquoted service path vulnerability that all= ows local users to potentially execute arbitrary code with elevated system = privileges. Attackers can exploit the unquoted binary path in the CodeMeter=
Runtime Server service to inject malicious code that would execute with Lo= calSystem permissions.</td>
<td>2026-01-29</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37017" target=3D= "_blank" rel=3D"noopener">CVE-2020-37017</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48735" target=3D"_blank" rel= =3D"noopener">ExploitDB-48735</a> <a href=3D"https://www.wibu.com/us/pro= ducts/codemeter/runtime.html" target=3D"_blank" rel=3D"noopener">CodeMeter = Runtime Product Homepage</a> <a href=3D"https://www.vulncheck.com/adviso= ries/codemeter-codemeterexe-unquoted-service-path" target=3D"_blank" rel=3D= "noopener">VulnCheck Advisory: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Se= rvice Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WinAVR--WinAVR</td>
<td>WinAVR version 20100110 contains an insecure permissions vulnerability = that allows authenticated users to modify system files and executables. Att= ackers can leverage the overly permissive access controls to potentially mo= dify critical DLLs and executable files in the WinAVR installation director= y.</td>
<td>2026-01-27</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36938" target=3D= "_blank" rel=3D"noopener">CVE-2020-36938</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49379" target=3D"_blank" rel= =3D"noopener">ExploitDB-49379</a> <a href=3D"https://sourceforge.net/pro= jects/winavr/" target=3D"_blank" rel=3D"noopener">WinAVR Official Project H= omepage</a> <a href=3D"https://www.vulncheck.com/advisories/winavr-versi= on-insecure-folder-permissions" target=3D"_blank" rel=3D"noopener">VulnChec=
k Advisory: WinAVR Version 20100110 - Insecure Folder Permissions</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">WinFrigate--Frigate 2</td>
<td>Frigate 2.02 contains a denial of service vulnerability that allows att= ackers to crash the application by sending oversized input to the command l= ine interface. Attackers can generate a payload of 8000 repeated characters=
and paste it into the application's command line field to trigger an appli= cation crash.</td>
<td>2026-01-30</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37039" target=3D= "_blank" rel=3D"noopener">CVE-2020-37039</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48613" target=3D"_blank" rel= =3D"noopener">ExploitDB-48613</a> <a href=3D"https://web.archive.org/web= /20190623044943/http://www.frigate3.com/index.php" target=3D"_blank" rel=3D= "noopener">Archived Vendor Homepage</a> <a href=3D"https://www.vulncheck= .com/advisories/frigate-denial-of-service" target=3D"_blank" rel=3D"noopene= r">VulnCheck Advisory: Frigate 2.02 - Denial Of Service</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">WinFrigate--Frigate 3 Professional</td> <td>Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerab= ility in the 'Find Computer' feature that allows attackers to execute arbit= rary code by overflowing the computer name input field. Attackers can craft=
a malicious payload that triggers a buffer overflow, enabling code executi=
on and launching calculator as a proof of concept.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37042" target=3D= "_blank" rel=3D"noopener">CVE-2020-37042</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48579" target=3D"_blank" rel= =3D"noopener">ExploitDB-48579</a> <a href=3D"https://web.archive.org/web= /20190623044943/http://www.frigate3.com/index.php" target=3D"_blank" rel=3D= "noopener">Archived Vendor Homepage</a> <a href=3D"https://www.vulncheck= .com/advisories/frigate-professional-find-computer-local-buffer-overflow" t= arget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Frigate Professional = 3.36.0.9 - 'Find Computer' Local Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WinFrigate--Frigate 3 Professional</td> <td>Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the = Command Line input field that allows attackers to execute arbitrary code. A= ttackers can craft a malicious payload to overflow the buffer, bypass DEP, = and execute commands like launching calc.exe through a specially crafted in= put sequence.</td>
<td>2026-01-30</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37049" target=3D= "_blank" rel=3D"noopener">CVE-2020-37049</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48563" target=3D"_blank" rel= =3D"noopener">ExploitDB-48563</a> <a href=3D"https://web.archive.org/web= /20190623044943/http://www.frigate3.com/index.php" target=3D"_blank" rel=3D= "noopener">Archived Vendor Homepage</a> <a href=3D"https://www.vulncheck= .com/advisories/frigate-command-line-local-buffer-overflow" target=3D"_blan=
k" rel=3D"noopener">VulnCheck Advisory: Frigate 3.36.0.9 - 'Command Line' L= ocal Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wing FTP Server--Wing FTP Server</td>
<td>Wing FTP Server 6.3.8 contains a remote code execution vulnerability in=
its Lua-based web console that allows authenticated users to execute syste=
m commands. Attackers can leverage the console to send POST requests with m= alicious commands that trigger operating system execution through the os.ex= ecute() function.</td>
<td>2026-01-30</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37032" target=3D= "_blank" rel=3D"noopener">CVE-2020-37032</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48676" target=3D"_blank" rel= =3D"noopener">ExploitDB-48676</a> <a href=3D"https://www.wftpserver.com/=
" target=3D"_blank" rel=3D"noopener">Wing FTP Server Official Homepage</a><= br><a href=3D"https://www.vulncheck.com/advisories/wing-ftp-server-remote-c= ode-execution" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Wing = FTP Server 6.3.8 - Remote Code Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wondershare--Wondershare Driver Install Servic=
e help</td>
<td>Wondershare Driver Install Service contains an unquoted service path vu= lnerability in the ElevationService executable that allows local attackers =
to potentially inject malicious code. Attackers can exploit the unquoted pa=
th to replace the service binary with a malicious executable, enabling priv= ilege escalation to LocalSystem account.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36977" target=3D= "_blank" rel=3D"noopener">CVE-2020-36977</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49101" target=3D"_blank" rel= =3D"noopener">ExploitDB-49101</a> <a href=3D"https://www.wondershare.com=
/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"htt= ps://www.wondershare.com/drfone/" target=3D"_blank" rel=3D"noopener">Softwa=
re Product Page</a> <a href=3D"https://www.vulncheck.com/advisories/wond= ershare-driver-install-service-help-elevationservice-unquote-service-path" = target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Wondershare Driver I= nstall Service help 10.7.1.321 - 'ElevationService' Unquote Service Path</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">wpcreatix--VidShop Shoppable Videos for WooCom= merce</td>
<td>The VidShop - Shoppable Videos for WooCommerce plugin for WordPress is = vulnerable to time-based SQL Injection via the 'fields' parameter in all ve= rsions up to, and including, 1.1.4 due to insufficient escaping on the user=
supplied parameter and lack of sufficient preparation on the existing SQL = query. This makes it possible for unauthenticated attackers to append addit= ional SQL queries into already existing queries that can be used to extract=
sensitive information from the database.</td>
<td>2026-01-28</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0702" target=3D"= _blank" rel=3D"noopener">CVE-2026-0702</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/a61d8d= 2a-742f-45f1-9146-f733b80ef195?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/a61d8d2a-742= f-45f1-9146-f733b80ef195?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/vidshop-for-woocommerce/trunk/includes/rest-api/v1/= class-videos-controller.php#L224" target=3D"_blank" rel=3D"noopener">https:= //plugins.trac.wordpress.org/browser/vidshop-for-woocommerce/trunk/includes= /rest-api/v1/class-videos-controller.php#L224</a> <a href=3D"https://plu= gins.trac.wordpress.org/browser/vidshop-for-woocommerce/trunk/includes/rest= -api/v1/class-videos-controller.php#L297" target=3D"_blank" rel=3D"noopener= ">https://plugins.trac.wordpress.org/browser/vidshop-for-woocommerce/trunk/= includes/rest-api/v1/class-videos-controller.php#L297</a> <a href=3D"htt= ps://plugins.trac.wordpress.org/browser/vidshop-for-woocommerce/trunk/inclu= des/utils/class-query-builder.php#L778" target=3D"_blank" rel=3D"noopener">= https://plugins.trac.wordpress.org/browser/vidshop-for-woocommerce/trunk/in= cludes/utils/class-query-builder.php#L778</a> <a href=3D"https://plugins= .trac.wordpress.org/changeset/3441106/" target=3D"_blank" rel=3D"noopener">= https://plugins.trac.wordpress.org/changeset/3441106/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yoyofr--modizer</td>
<td>Integer Overflow or Wraparound vulnerability in yoyofr modizer. This is= sue affects modizer: before 4.1.1.</td>
<td>2026-01-27</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24875" target=3D= "_blank" rel=3D"noopener">CVE-2026-24875</a></td>

<a href=3D"https://github.com/yoyofr/modizer/pull/133" target=3D"_blank" re= l=3D"noopener">https://github.com/yoyofr/modizer/pull/133</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">zalando--skipper</td>
<td>Skipper is an HTTP router and reverse proxy for service composition. Pr= ior to version 0.24.0, when running Skipper as an Ingress controller, users=
with permissions to create an Ingress and a Service of type ExternalName c=
an create routes that enable them to use Skipper's network access to reach = internal services. Version 0.24.0 disables Kubernetes ExternalName by defau= lt. As a workaround, developers can allow list targets of an ExternalName a=
nd allow list via regular expressions.</td>
<td>2026-01-26</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24470" target=3D= "_blank" rel=3D"noopener">CVE-2026-24470</a></td>

<a href=3D"https://github.com/zalando/skipper/security/advisories/GHSA-mxxc= -p822-2hx9" target=3D"_blank" rel=3D"noopener">https://github.com/zalando/s= kipper/security/advisories/GHSA-mxxc-p822-2hx9</a> <a href=3D"https://gi= thub.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a39cf6219" t= arget=3D"_blank" rel=3D"noopener">https://github.com/zalando/skipper/commit= /a4c87ce029a58eb8e1c2c1f93049194a39cf6219</a> <a href=3D"https://kuberne= tes.io/docs/concepts/services-networking/service/#externalname" target=3D"_= blank" rel=3D"noopener">https://kubernetes.io/docs/concepts/services-networ= king/service/#externalname</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Zortam.com--Zortam Mp3 Media Studio</td> <td>Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability =
in the library creation file selection process that allows remote code exec= ution. Attackers can craft a malicious text file with shellcode to trigger =
a structured exception handler (SEH) overwrite and execute arbitrary comman=
ds on the target system.</td>
<td>2026-01-28</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36967" target=3D= "_blank" rel=3D"noopener">CVE-2020-36967</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49084" target=3D"_blank" rel= =3D"noopener">ExploitDB-49084</a> <a href=3D"https://www.zortam.com/inde= x.html" target=3D"_blank" rel=3D"noopener">Zortam Official Homepage</a> =
<a href=3D"https://www.zortam.com/download.html" target=3D"_blank" rel=3D"n= oopener">Zortam Software Download Page</a> <a href=3D"https://www.vulnch= eck.com/advisories/zortam-mp-media-studio-remote-code-execution-seh" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: Zortam Mp3 Media Studio 27= .60 - Remote Code Execution (SEH)</a> =C2=A0</td>
</tr>
</tbody>
</table>
<a href=3D"#top">Back to top</a>
</div>
<div id=3D"medium_v">
<h2 id=3D"medium_v_title">Medium Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"Medium Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
Primary Vendor -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">2100 Technology--Official Document Management = System</td>
<td>Official Document Management System developed by 2100 Technology has a = Incorrect Authorization vulnerability, allowing authenticated remote attack= ers to modify front-end code to read all official documents.</td> <td>2026-01-28</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1514" target=3D"= _blank" rel=3D"noopener">CVE-2026-1514</a></td>

<a href=3D"https://www.twcert.org.tw/tw/cp-132-10658-c5a07-1.html" target= =3D"_blank" rel=3D"noopener">https://www.twcert.org.tw/tw/cp-132-10658-c5a0= 7-1.html</a> <a href=3D"https://www.twcert.org.tw/en/cp-139-10659-264cd-= 2.html" target=3D"_blank" rel=3D"noopener">https://www.twcert.org.tw/en/cp-= 139-10659-264cd-2.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Adikiss--Sistem Informasi Pengumuman Kelulusan=
Online</td>
<td>Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site = request forgery vulnerability that allows attackers to add unauthorized adm=
in users through the tambahuser.php endpoint. Attackers can craft a malicio=
us HTML form to submit admin credentials and create new administrative acco= unts without the victim's consent.</td>
<td>2026-01-30</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37046" target=3D= "_blank" rel=3D"noopener">CVE-2020-37046</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48571" target=3D"_blank" rel= =3D"noopener">ExploitDB-48571</a> <a href=3D"https://adikiss.net/" targe= t=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://adi= kiss.net/2014/06/aplikasi-sistem-informasi-pengumuman-kelulusan-online-2/" = target=3D"_blank" rel=3D"noopener">Software Download Page</a> <a href=3D= "https://www.vulncheck.com/advisories/sistem-informasi-pengumuman-kelulusan= -online-cross-site-request-forgery" target=3D"_blank" rel=3D"noopener">Vuln= Check Advisory: Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Si=
te Request Forgery</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ajay138--Knap Advanced PHP Login</td>
<td>Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scriptin=
g vulnerability that allows remote attackers to inject malicious script cod=
e in the name parameter. Attackers can exploit the vulnerability to execute=
arbitrary scripts in users and activity log backend modules, potentially l= eading to session hijacking and persistent phishing attacks.</td> <td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50940" target=3D= "_blank" rel=3D"noopener">CVE-2022-50940</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2307" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://laravel-vuejs.com/" target=3D"_blank" rel=3D"noopener">Laravel = & Vue.js</a> <a href=3D"https://www.vulncheck.com/advisories/knap-ad= vanced-php-login-persistent-cross-site-scripting-via-name-parameter" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: Knap Advanced PHP Login 3.= 1.3 Persistent Cross-Site Scripting via Name Parameter</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Akn Software Computer Import Export Industry a=
nd Trade Ltd.--QR Menu</td>
<td>Session Fixation vulnerability in Ak=C3=84=C2=B1n Software Computer Imp= ort Export Industry and Trade Ltd. QR Menu allows Session Fixation. This is= sue affects QR Menu: before s1.05.12.</td>
<td>2026-01-29</td>
<td>5.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7015" target=3D"= _blank" rel=3D"noopener">CVE-2025-7015</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0006" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0006</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Author: Scott Ferreira--Free Photo & Video=
Vault - WiFi Transfer</td>
<td>Free Photo & Video Vault 0.0.2 contains a directory traversal web v= ulnerability that allows remote attackers to manipulate application path re= quests and access sensitive system files. Attackers can exploit the vulnera= bility without privileges to retrieve environment variables and access unau= thorized system paths.</td>
<td>2026-02-01</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47921" target=3D= "_blank" rel=3D"noopener">CVE-2021-47921</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2271" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://apps.apple.com/us/app/free-photo-video-vault-wifi-transfer/id98= 1034501" target=3D"_blank" rel=3D"noopener">Product Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/free-photo-video-vault-directory-t= raversal-vulnerability-via-web-request" target=3D"_blank" rel=3D"noopener">= VulnCheck Advisory: Free Photo & Video Vault 0.0.2 Directory Traversal = Vulnerability via Web Request</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ays-pro--Popup Box Create Countdown, Coupon, V= ideo, Contact Form Popups</td>
<td>The Popup Box plugin for WordPress is vulnerable to Cross-Site Request = Forgery in all versions up to, and including, 6.1.1. This is due to a flawe=
d nonce implementation in the 'publish_unpublish_popupbox' function that ve= rifies a self-created nonce rather than one submitted in the request. This = makes it possible for unauthenticated attackers to change the publish statu=
s of popups via a forged request, granted they can trick a site administrat=
or into performing an action such as clicking a link.</td>
<td>2026-01-31</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1165" target=3D"= _blank" rel=3D"noopener">CVE-2026-1165</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/585a9e= b4-f394-4cb2-9050-659171a994d9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/585a9eb4-f39= 4-4cb2-9050-659171a994d9?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/ays-popup-box/tags/6.1.0/admin/partials/ays-pb-admi= n-display.php#L22" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/browser/ays-popup-box/tags/6.1.0/admin/partials/ays-pb-admin-= display.php#L22</a> <a href=3D"https://plugins.trac.wordpress.org/browse= r/ays-popup-box/tags/6.1.0/includes/lists/class-ays-pb-list-table.php#L701"=
target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brow= ser/ays-popup-box/tags/6.1.0/includes/lists/class-ays-pb-list-table.php#L70= 1</a> <a href=3D"https://plugins.trac.wordpress.org/changeset?sfp_email= =3D&sfph_mail=3D&reponame=3D&old=3D3439514@ays-popup-box/tags/6.1.1/&new=3D= 3444612@ays-popup-box/tags/6.1.2/" target=3D"_blank" rel=3D"noopener">https= ://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame= =3D&old=3D3439514@ays-popup-box/tags/6.1.1/&new=3D3444612@ays-popup-box/tag= s/6.1.2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">B&R Industrial Automation GmbH--Process Vi= sualization Interface (PVI)</td>
<td>An Insertion of Sensitive Information into Log File vulnerability in B&= amp;R PVI client versions prior to 6.5 may be abused by an authenticated lo= cal attacker to gather credential information which is processed by the PVI=
client application. The logging function of the PVI client application is = disabled by default and must be explicitly enabled by the user.</td> <td>2026-01-29</td>
<td>5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0936" target=3D"= _blank" rel=3D"noopener">CVE-2026-0936</a></td>

<a href=3D"https://www.br-automation.com/fileadmin/SA26P001-2862434c.pdf" t= arget=3D"_blank" rel=3D"noopener">https://www.br-automation.com/fileadmin/S= A26P001-2862434c.pdf</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">backstage--backstage</td>
<td>Backstage is an open framework for building developer portals, and @bac= kstage/plugin-techdocs-node provides common node.js functionalities for Tec= hDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and = 1.14.1, a path traversal vulnerability in the TechDocs local generator allo=
ws attackers to read arbitrary files from the host filesystem when Backstag=
e is configured with `techdocs.generator.runIn: local`. When processing doc= umentation from untrusted sources, symlinks within the docs directory are f= ollowed by MkDocs during the build process. File contents are embedded into=
generated HTML and exposed to users who can view the documentation. This v= ulnerability is fixed in` @backstage/plugin-techdocs-node` versions 1.13.11=
and 1.14.1. Some workarounds are available. Switch to `runIn: docker` in `= app-config.yaml` and/or restrict write access to TechDocs source repositori=
es to trusted users only.</td>
<td>2026-01-30</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25152" target=3D= "_blank" rel=3D"noopener">CVE-2026-25152</a></td>

<a href=3D"https://github.com/backstage/backstage/security/advisories/GHSA-= w669-jj7h-88m9" target=3D"_blank" rel=3D"noopener">https://github.com/backs= tage/backstage/security/advisories/GHSA-w669-jj7h-88m9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Banco de Guayaquil--Banco Guayaquil</td>
<td>Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cros= s-site scripting vulnerability in the TextBox Name Profile input. Attackers=
can inject malicious script code through a POST request that executes on a= pplication review without user interaction.</td>
<td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50952" target=3D= "_blank" rel=3D"noopener">CVE-2022-50952</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2315" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://apps.apple.com/ec/app/banco-guayaquil/id624963066" target=3D"_b= lank" rel=3D"noopener">Product Homepage</a> <a href=3D"https://www.vulnc= heck.com/advisories/banco-guayaquil-mobile-ios-cross-site-scripting-via-pro= file-name-input" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Ban=
co Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Bdtask--Bhojon All-In-One Restaurant Managemen=
t System</td>
<td>A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant M= anagement System up to 20260116. The affected element is an unknown functio=
n of the file /hungry/placeorder of the component Checkout. Executing a man= ipulation of the argument orggrandTotal/vat/service_charge/grandtotal can l= ead to business logic errors. It is possible to launch the attack remotely.=
The exploit has been publicly disclosed and may be utilized. The vendor wa=
s contacted early about this disclosure but did not respond in any way.</td=

<td>2026-01-29</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1599" target=3D"= _blank" rel=3D"noopener">CVE-2026-1599</a></td>

<a href=3D"https://vuldb.com/?id.343361" target=3D"_blank" rel=3D"noopener"= >VDB-343361 | Bdtask Bhojon All-In-One Restaurant Management System Checkou=
t placeorder logic error</a> <a href=3D"https://vuldb.com/?ctiid.343361"=
target=3D"_blank" rel=3D"noopener">VDB-343361 | CTI Indicators (IOB, IOC, = IOA)</a> <a href=3D"https://vuldb.com/?submit.740740" target=3D"_blank" = rel=3D"noopener">Submit #740740 | Bdtask Bhojon All-In-One Restaurant Manag= ement System latest Business Logic Errors</a> <a href=3D"https://github.= com/4m3rr0r/PoCVulDb/issues/13" target=3D"_blank" rel=3D"noopener">https://= github.com/4m3rr0r/PoCVulDb/issues/13</a> <a href=3D"https://www.youtube= .com/watch?v=3Dn7xLBAOrKAU" target=3D"_blank" rel=3D"noopener">https://www.= youtube.com/watch?v=3Dn7xLBAOrKAU</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Bdtask--Bhojon All-In-One Restaurant Managemen=
t System</td>
<td>A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant M= anagement System up to 20260116. The impacted element is an unknown functio=
n of the file /hungry/addtocart of the component Add-to-Cart Submission End= point. The manipulation of the argument price/allprice leads to business lo= gic errors. The attack can be initiated remotely. The exploit is publicly a= vailable and might be used. The vendor was contacted early about this discl= osure but did not respond in any way.</td>
<td>2026-01-29</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1600" target=3D"= _blank" rel=3D"noopener">CVE-2026-1600</a></td>

<a href=3D"https://vuldb.com/?id.343362" target=3D"_blank" rel=3D"noopener"= >VDB-343362 | Bdtask Bhojon All-In-One Restaurant Management System Add-to-= Cart Submission Endpoint addtocart logic error</a> <a href=3D"https://vu= ldb.com/?ctiid.343362" target=3D"_blank" rel=3D"noopener">VDB-343362 | CTI = Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?submit.7407= 41" target=3D"_blank" rel=3D"noopener">Submit #740741 | Bdtask Bhojon All-I= n-One Restaurant Management System latest Business Logic Errors</a> <a h= ref=3D"https://github.com/4m3rr0r/PoCVulDb/issues/14" target=3D"_blank" rel= =3D"noopener">https://github.com/4m3rr0r/PoCVulDb/issues/14</a> <a href= =3D"https://www.youtube.com/watch?v=3DUESZTjVS4Fs" target=3D"_blank" rel=3D= "noopener">https://www.youtube.com/watch?v=3DUESZTjVS4Fs</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Bdtask--SalesERP</td>
<td>A vulnerability has been found in Bdtask SalesERP up to 20260116. This = issue affects some unknown processing of the component Administrative Endpo= int. Such manipulation of the argument ci_session leads to improper authori= zation. The attack may be performed from remote. The exploit has been discl= osed to the public and may be used. The vendor was contacted early about th=
is disclosure but did not respond in any way.</td>
<td>2026-01-29</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1597" target=3D"= _blank" rel=3D"noopener">CVE-2026-1597</a></td>

<a href=3D"https://vuldb.com/?id.343359" target=3D"_blank" rel=3D"noopener"= >VDB-343359 | Bdtask SalesERP Administrative Endpoint improper authorizatio= n</a> <a href=3D"https://vuldb.com/?ctiid.343359" target=3D"_blank" rel= =3D"noopener">VDB-343359 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.740735" target=3D"_blank" rel=3D"noopener">= Submit #740735 | Bdtask SalesERP -- AI-Powered ERP Software For Small Busin= ess Unknown Broken Access Control / Privilege Escalation</a> <a href=3D"= https://github.com/4m3rr0r/PoCVulDb/issues/11" target=3D"_blank" rel=3D"noo= pener">https://github.com/4m3rr0r/PoCVulDb/issues/11</a> <a href=3D"http= s://www.youtube.com/watch?v=3DKSducixS3pk" target=3D"_blank" rel=3D"noopene= r">https://www.youtube.com/watch?v=3DKSducixS3pk</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Beckhoff Automation--Beckhoff.Device.Manager.X= AR</td>
<td>A low privileged remote attacker may be able to disclose confidential i= nformation from the memory of a privileged process by sending specially cra= fted calls to the Device Manager web service that cause an out-of-bounds re=
ad operation under certain circumstances due to ASLR and thereby potentiall=
y copy confidential information into a response.</td>
<td>2026-01-27</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41728" target=3D= "_blank" rel=3D"noopener">CVE-2025-41728</a></td>

<a href=3D"https://certvde.com/de/advisories/VDE-2025-092" target=3D"_blank=
" rel=3D"noopener">https://certvde.com/de/advisories/VDE-2025-092</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Beetel--777VR1</td>
<td>A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_5=
5. Impacted is an unknown function of the component UART Interface. The man= ipulation results in missing authentication. An attack on the physical devi=
ce is feasible. This attack is characterized by high complexity. The exploi= tability is considered difficult. The exploit is now public and may be used=
. The vendor was contacted early about this disclosure but did not respond =
in any way.</td>
<td>2026-01-26</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1410" target=3D"= _blank" rel=3D"noopener">CVE-2026-1410</a></td>

<a href=3D"https://vuldb.com/?id.342799" target=3D"_blank" rel=3D"noopener"= >VDB-342799 | Beetel 777VR1 UART missing authentication</a> <a href=3D"h= ttps://vuldb.com/?ctiid.342799" target=3D"_blank" rel=3D"noopener">VDB-3427=
99 | CTI Indicators (IOB, IOC)</a> <a href=3D"https://vuldb.com/?submit.= 739433" target=3D"_blank" rel=3D"noopener">Submit #739433 | Beetel Beetel 7= 77VR1 Broadband Router Firmware Versions: V01.00.09 / V01.00.09_55 CWE-306= =E2=80=9D Missing Authentication for Critical Function</a> <a href=3D"ht= tps://gist.github.com/raghav20232023/96a6b13ab00c493d21362e744627ea9f" targ= et=3D"_blank" rel=3D"noopener">https://gist.github.com/raghav20232023/96a6b= 13ab00c493d21362e744627ea9f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Beetel--777VR1</td>
<td>A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The = affected element is an unknown function of the component UART Interface. Th=
is manipulation causes improper access controls. It is feasible to perform = the attack on the physical device. The complexity of an attack is rather hi= gh. The exploitability is described as difficult. The exploit has been publ= ished and may be used. The vendor was contacted early about this disclosure=
but did not respond in any way.</td>
<td>2026-01-26</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1411" target=3D"= _blank" rel=3D"noopener">CVE-2026-1411</a></td>

<a href=3D"https://vuldb.com/?id.342800" target=3D"_blank" rel=3D"noopener"= >VDB-342800 | Beetel 777VR1 UART access control</a> <a href=3D"https://v= uldb.com/?ctiid.342800" target=3D"_blank" rel=3D"noopener">VDB-342800 | CTI=
Indicators (IOB, IOC, TTP)</a> <a href=3D"https://vuldb.com/?submit.740= 674" target=3D"_blank" rel=3D"noopener">Submit #740674 | Beetel Beetel 777V=
R1 Broadband Router Firmware Versions: V01.00.09 / V01.00.09_55 CWE-284=E2= =80=9D Improper Access Control</a> <a href=3D"https://gist.github.com/ra= ghav20232023/ea6adcd6d1eca35683570a1094164bd3" target=3D"_blank" rel=3D"noo= pener">https://gist.github.com/raghav20232023/ea6adcd6d1eca35683570a1094164= bd3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bfintal--Interactions Create Interactive Exper= iences in the Block Editor</td>
<td>The Interactions - Create Interactive Experiences in the Block Editor p= lugin for WordPress is vulnerable to Stored Cross-Site Scripting via event = selectors in all versions up to, and including, 1.3.1 due to insufficient i= nput sanitization and output escaping. This makes it possible for authentic= ated attackers, with Contributor-level access and above, to inject arbitrar=
y web scripts in pages that will execute whenever a user accesses an inject=
ed page.</td>
<td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12709" target=3D= "_blank" rel=3D"noopener">CVE-2025-12709</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/ab97f1= 25-3a4a-4293-b218-07586c1c021c?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/ab97f125-3a4= a-4293-b218-07586c1c021c?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D34480= 73%40interactions&new=3D3448073%40interactions" target=3D"_blank" rel=3D"no= opener">https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail= =3D&reponame=3D&old=3D3448073%40interactions&new=3D3448073%40interactions</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">birkir--prime</td>
<td>birkir prime <=3D 0.4.0.beta.0 contains a cross-site request forgery=
vulnerability in its GraphQL endpoint that allows attackers to exploit GET= -based query requests. Attackers can craft malicious GET requests to trigge=
r unauthorized actions against privileged users by manipulating GraphQL que=
ry parameters.</td>
<td>2026-01-29</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15550" target=3D= "_blank" rel=3D"noopener">CVE-2025-15550</a></td>

<a href=3D"https://github.com/birkir/prime/issues/547" target=3D"_blank" re= l=3D"noopener">GitHub Issue #547</a> <a href=3D"https://www.vulncheck.co= m/advisories/birkir-prime-beta-cross-site-request-forgery-in-graphql" targe= t=3D"_blank" rel=3D"noopener">VulnCheck Advisory: birkir prime <=3D 0.4.= 0.beta.0 - Cross-Site Request Forgery in GraphQL</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bobthecow--psysh</td>
<td>PsySH is a runtime developer console, interactive debugger, and REPL fo=
r PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and=
executes a `.psysh.php` file from the Current Working Directory (CWD) on s= tartup. If an attacker can write to a directory that a victim later uses as=
their CWD when launching PsySH, the attacker can trigger arbitrary code ex= ecution in the victim's context. When the victim runs PsySH with elevated p= rivileges (e.g., root), this results in local privilege escalation. This is=
a CWD configuration poisoning issue leading to arbitrary code execution in=
the victim user's context. If a privileged user (e.g., root, a CI runner, =
or an ops/debug account) launches PsySH with CWD set to an attacker-writabl=
e directory containing a malicious `.psysh.php`, the attacker can execute c= ommands with that privileged user's permissions, resulting in local privile=
ge escalation. Downstream consumers that embed PsySH inherit this risk. For=
example, Laravel Tinker (`php artisan tinker`) uses PsySH. If a privileged=
user runs Tinker while their shell is in an attacker-writable directory, t=
he `.psysh.php` auto-load behavior can be abused in the same way to execute=
attacker-controlled code under the victim's privileges. Versions 0.11.23 a=
nd 0.12.19 patch the issue.</td>
<td>2026-01-30</td>
<td>6.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25129" target=3D= "_blank" rel=3D"noopener">CVE-2026-25129</a></td>

<a href=3D"https://github.com/bobthecow/psysh/security/advisories/GHSA-4486= -gxhx-5mg7" target=3D"_blank" rel=3D"noopener">https://github.com/bobthecow= /psysh/security/advisories/GHSA-4486-gxhx-5mg7</a> <a href=3D"https://gi= thub.com/bobthecow/psysh/releases/tag/v0.11.23" target=3D"_blank" rel=3D"no= opener">https://github.com/bobthecow/psysh/releases/tag/v0.11.23</a> <a = href=3D"https://github.com/bobthecow/psysh/releases/tag/v0.12.19" target=3D= "_blank" rel=3D"noopener">https://github.com/bobthecow/psysh/releases/tag/v= 0.12.19</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bolo-solo--bolo-solo</td>
<td>A vulnerability has been found in bolo-solo up to 2.6.4. This impacts t=
he function importMarkdownsSync of the file src/main/java/org/b3log/solo/bo= lo/prop/BackupService.java of the component SnakeYAML. Such manipulation le= ads to deserialization. The attack may be launched remotely. The exploit ha=
s been disclosed to the public and may be used.</td>
<td>2026-01-30</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1691" target=3D"= _blank" rel=3D"noopener">CVE-2026-1691</a></td>

<a href=3D"https://vuldb.com/?id.343485" target=3D"_blank" rel=3D"noopener"= >VDB-343485 | bolo-solo SnakeYAML BackupService.java importMarkdownsSync de= serialization</a> <a href=3D"https://vuldb.com/?ctiid.343485" target=3D"= _blank" rel=3D"noopener">VDB-343485 | CTI Indicators (IOB, IOC, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.741899" target=3D"_blank" rel=3D"noop= ener">Submit #741899 | bolo-solo V2.6.4 SnakeYAML deserialization vulnerabi= lity</a> <a href=3D"https://github.com/bolo-blog/bolo-solo/issues/325" t= arget=3D"_blank" rel=3D"noopener">https://github.com/bolo-blog/bolo-solo/is= sues/325</a> <a href=3D"https://github.com/bolo-blog/bolo-solo/issues/32= 5#issue-3828755519" target=3D"_blank" rel=3D"noopener">https://github.com/b= olo-blog/bolo-solo/issues/325#issue-3828755519</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bplugins--Document Embedder Embed PDFs, Word, = Excel, and Other Files</td>
<td>The Document Embedder - Embed PDFs, Word, Excel, and Other Files plugin=
for WordPress is vulnerable to Insecure Direct Object Reference in all ver= sions up to, and including, 2.0.4. This is due to the plugin not verifying = that a user has permission to access the requested resource in the 'bplde_s= ave_document_library', 'bplde_get_single', and 'bplde_delete_document_libra= ry' AJAX actions. This makes it possible for authenticated attackers, with = Author-level access and above, to read, modify, and delete Document Library=
entries created by other users, including administrators, via the 'id' par= ameter.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1389" target=3D"= _blank" rel=3D"noopener">CVE-2026-1389</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/59d14f= 6c-6286-454c-8629-96a0c2de943c?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/59d14f6c-628= 6-454c-8629-96a0c2de943c?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/document-emberdder/tags/2.0.3/includes/DocumentLibr= ary/Init-DocumentLibrary.php#L66" target=3D"_blank" rel=3D"noopener">https:= //plugins.trac.wordpress.org/browser/document-emberdder/tags/2.0.3/includes= /DocumentLibrary/Init-DocumentLibrary.php#L66</a> <a href=3D"https://plu= gins.trac.wordpress.org/browser/document-emberdder/tags/2.0.3/includes/Docu= mentLibrary/Init-DocumentLibrary.php#L103" target=3D"_blank" rel=3D"noopene= r">https://plugins.trac.wordpress.org/browser/document-emberdder/tags/2.0.3= /includes/DocumentLibrary/Init-DocumentLibrary.php#L103</a> <a href=3D"h= ttps://plugins.trac.wordpress.org/browser/document-emberdder/tags/2.0.3/inc= ludes/DocumentLibrary/Init-DocumentLibrary.php#L159" target=3D"_blank" rel= =3D"noopener">https://plugins.trac.wordpress.org/browser/document-emberdder= /tags/2.0.3/includes/DocumentLibrary/Init-DocumentLibrary.php#L159</a> <=
a href=3D"https://plugins.trac.wordpress.org/browser/document-emberdder/tag= s/2.0.5/includes/DocumentLibrary/Init-DocumentLibrary.php" target=3D"_blank=
" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/document-embe= rdder/tags/2.0.5/includes/DocumentLibrary/Init-DocumentLibrary.php</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Broadcom--Symantec Endpoint Protection Windows=
Client</td>
<td>Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, = and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerabili= ty, which is a type of issue whereby an attacker may attempt to compromise = the software application to gain elevated access to resources that are norm= ally protected from an application or user.</td>
<td>2026-01-28</td>
<td>6.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13918" target=3D= "_blank" rel=3D"noopener">CVE-2025-13918</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36774" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36774</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Broadcom--Symantec Endpoint Protection Windows=
Client</td>
<td>Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, = and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which=
is a type of issue whereby an attacker attempts to establish persistence a=
nd evade detection by hijacking COM references in the Windows Registry.</td=

<td>2026-01-28</td>
<td>4.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13919" target=3D= "_blank" rel=3D"noopener">CVE-2025-13919</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36774" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36774</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brother Industries, Ltd.--Multiple MFPs</td> <td>Hidden functionality issue exists in multiple MFPs provided by Brother = Industries, Ltd., which may allow an attacker to obtain the logs of the aff= ected product and obtain sensitive information within the logs.</td> <td>2026-01-29</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-55704" target=3D= "_blank" rel=3D"noopener">CVE-2025-55704</a></td>

<a href=3D"https://faq.brother.co.jp/app/answers/detail/a_id/13716" target= =3D"_blank" rel=3D"noopener">https://faq.brother.co.jp/app/answers/detail/a= _id/13716</a> <a href=3D"https://www.konicaminolta.com/global-en/securit= y/advisory/pdf/km-2026-0001.pdf" target=3D"_blank" rel=3D"noopener">https:/= /www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.pdf</a>= <a href=3D"https://jvn.jp/en/vu/JVNVU92878805/" target=3D"_blank" rel= =3D"noopener">https://jvn.jp/en/vu/JVNVU92878805/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Bun--Bun</td>
<td>In Bun before 1.3.5, the default trusted dependencies list (aka trust a= llow list) can be spoofed by a non-npm package in the case of a matching na=
me (for file, link, git, or github).</td>
<td>2026-01-27</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24910" target=3D= "_blank" rel=3D"noopener">CVE-2026-24910</a></td>

<a href=3D"https://www.scworld.com/news/six-javascript-zero-day-bugs-lead-t= o-fears-of-supply-chain-attack" target=3D"_blank" rel=3D"noopener">https://= www.scworld.com/news/six-javascript-zero-day-bugs-lead-to-fears-of-supply-c= hain-attack</a> <a href=3D"https://bun.com/blog/bun-v1.3.5" target=3D"_b= lank" rel=3D"noopener">https://bun.com/blog/bun-v1.3.5</a> <a href=3D"ht= tps://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-np= m-wont-act" target=3D"_blank" rel=3D"noopener">https://www.koi.ai/blog/pack= agegate-6-zero-days-in-js-package-managers-but-npm-wont-act</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">chainguard-dev--malcontent</td>
<td>malcontent discovers supply-chain compromises through. context, differe= ntial analysis, and YARA. Starting in version 0.10.0 and prior to version 1= .20.3, malcontent could be made to expose Docker registry credentials if it=
scanned a specially crafted OCI image reference. malcontent uses google/go= -containerregistry for OCI image pulls, which by default uses the Docker cr= edential keychain. A malicious registry could return a `WWW-Authenticate` h= eader redirecting token authentication to an attacker-controlled endpoint, = causing credentials to be sent to that endpoint. Version 1.20.3 fixes the i= ssue by defaulting to anonymous auth for OCI pulls.</td>
<td>2026-01-29</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24845" target=3D= "_blank" rel=3D"noopener">CVE-2026-24845</a></td>

<a href=3D"https://github.com/chainguard-dev/malcontent/security/advisories= /GHSA-9m43-p3cx-w8j5" target=3D"_blank" rel=3D"noopener">https://github.com= /chainguard-dev/malcontent/security/advisories/GHSA-9m43-p3cx-w8j5</a> <=
a href=3D"https://github.com/chainguard-dev/malcontent/commit/538ed00cdc639= d687a4bd1e843a2be0428a3b3e7" target=3D"_blank" rel=3D"noopener">https://git= hub.com/chainguard-dev/malcontent/commit/538ed00cdc639d687a4bd1e843a2be0428= a3b3e7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chainguard-dev--malcontent</td>
<td>malcontent discovers supply-chain compromises through. context, differe= ntial analysis, and YARA. Starting in version 1.8.0 and prior to version 1.= 20.3, malcontent could be made to create symlinks outside the intended extr= action directory when scanning a specially crafted tar or deb archive. The = `handleSymlink` function received arguments in the wrong order, causing the=
symlink target to be used as the symlink location. Additionally, symlink t= argets were not validated to ensure they resolved within the extraction dir= ectory. Version 1.20.3 introduces fixes that swap handleSymlink arguments, = validate symlink location, and validate symlink targets that resolve within=
an extraction directory.</td>
<td>2026-01-29</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24846" target=3D= "_blank" rel=3D"noopener">CVE-2026-24846</a></td>

<a href=3D"https://github.com/chainguard-dev/malcontent/security/advisories= /GHSA-923j-vrcg-hxwh" target=3D"_blank" rel=3D"noopener">https://github.com= /chainguard-dev/malcontent/security/advisories/GHSA-923j-vrcg-hxwh</a> <=
a href=3D"https://github.com/chainguard-dev/malcontent/commit/259fca5abc004= f3ab238895463ef280a87f30e96" target=3D"_blank" rel=3D"noopener">https://git= hub.com/chainguard-dev/malcontent/commit/259fca5abc004f3ab238895463ef280a87= f30e96</a> <a href=3D"https://github.com/chainguard-dev/malcontent/commi= t/a7dd8a5328ddbaf235568437813efa7591e00017" target=3D"_blank" rel=3D"noopen= er">https://github.com/chainguard-dev/malcontent/commit/a7dd8a5328ddbaf2355= 68437813efa7591e00017</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chrisnowak--Change WP URL</td>
<td>The Change WP URL plugin for WordPress is vulnerable to Cross-Site Requ= est Forgery in all versions up to, and including, 1.0. This is due to missi=
ng or incorrect nonce validation on the 'change-wp-url' page. This makes it=
possible for unauthenticated attackers to change the WP Login URL via a fo= rged request granted they can trick a site administrator into performing an=
action such as clicking on a link.</td>
<td>2026-01-28</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1398" target=3D"= _blank" rel=3D"noopener">CVE-2026-1398</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5dead= 05-5960-4ccb-89c2-c8bb0cd9c9e9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/f5dead05-596= 0-4ccb-89c2-c8bb0cd9c9e9?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/change-wp-url/trunk/change-wp-url.php#L18" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/cha= nge-wp-url/trunk/change-wp-url.php#L18</a> <a href=3D"https://plugins.tr= ac.wordpress.org/browser/change-wp-url/tags/1.0/change-wp-url.php#L18" targ= et=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/c= hange-wp-url/tags/1.0/change-wp-url.php#L18</a> <a href=3D"https://plugi= ns.trac.wordpress.org/browser/change-wp-url/trunk/change-wp-url.php#L85" ta= rget=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser= /change-wp-url/trunk/change-wp-url.php#L85</a> <a href=3D"https://plugin= s.trac.wordpress.org/browser/change-wp-url/tags/1.0/change-wp-url.php#L85" = target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brows= er/change-wp-url/tags/1.0/change-wp-url.php#L85</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Examination System</td> <td>A vulnerability was determined in code-projects Online Examination Syst=
em 1.0. Affected by this issue is some unknown functionality of the file /a= dmin_pic.php. Executing a manipulation can lead to unrestricted upload. The=
attack may be performed from remote. The exploit has been publicly disclos=
ed and may be utilized.</td>
<td>2026-01-26</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1423" target=3D"= _blank" rel=3D"noopener">CVE-2026-1423</a></td>

<a href=3D"https://vuldb.com/?id.342839" target=3D"_blank" rel=3D"noopener"= >VDB-342839 | code-projects Online Examination System admin_pic.php unrestr= icted upload</a> <a href=3D"https://vuldb.com/?ctiid.342839" target=3D"_= blank" rel=3D"noopener">VDB-342839 | CTI Indicators (IOB, IOC, TTP, IOA)</a= > <a href=3D"https://vuldb.com/?submit.736607" target=3D"_blank" rel=3D"= noopener">Submit #736607 | code-projects Online Examination System 1 Unrest= ricted Upload</a> <a href=3D"https://github.com/geo-chen/code-projects/b= lob/main/Online%20Examination%20System%20In%20PHP%20With%20Source%20Code.md= #finding-3-remote-code-execution-via-unsafe-file-upload" target=3D"_blank" = rel=3D"noopener">https://github.com/geo-chen/code-projects/blob/main/Online= %20Examination%20System%20In%20PHP%20With%20Source%20Code.md#finding-3-remo= te-code-execution-via-unsafe-file-upload</a> <a href=3D"https://code-pro= jects.org/" target=3D"_blank" rel=3D"noopener">https://code-projects.org/</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Music Site</td>
<td>A security flaw has been discovered in code-projects Online Music Site = 1.0. The impacted element is an unknown function of the file /Administrator= /PHP/AdminAddCategory.php. The manipulation results in sql injection. The a= ttack may be performed from remote. The exploit has been released to the pu= blic and may be used for attacks.</td>
<td>2026-01-28</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1533" target=3D"= _blank" rel=3D"noopener">CVE-2026-1533</a></td>

<a href=3D"https://vuldb.com/?id.343219" target=3D"_blank" rel=3D"noopener"= >VDB-343219 | code-projects Online Music Site AdminAddCategory.php sql inje= ction</a> <a href=3D"https://vuldb.com/?ctiid.343219" target=3D"_blank" = rel=3D"noopener">VDB-343219 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.738704" target=3D"_blank" rel=3D"noopene= r">Submit #738704 | Code-Projects ONLINE MUSIC SITE V1.0 SQL injection</a><= br><a href=3D"https://github.com/yuji0903/silver-guide/issues/2" target=3D"= _blank" rel=3D"noopener">https://github.com/yuji0903/silver-guide/issues/2<= /a> <a href=3D"https://code-projects.org/" target=3D"_blank" rel=3D"noop= ener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">codeccoop--Forms Bridge Infinite integrations<=

<td>The Forms Bridge - Infinite integrations plugin for WordPress is vulner= able to Stored Cross-Site Scripting via the 'id' shortcode attribute in the=
'financoop_campaign' shortcode in all versions up to, and including, 4.2.5=
. This is due to insufficient input sanitization and output escaping on the=
user-supplied 'id' parameter in the forms_bridge_financoop_shortcode_error=
function. This makes it possible for authenticated attackers, with Contrib= utor-level access and above, to inject arbitrary web scripts in pages that = will execute whenever a user accesses an injected page.</td> <td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1244" target=3D"= _blank" rel=3D"noopener">CVE-2026-1244</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/3e0478= 22-5766-4e7f-be89-f4a15f0e6d51?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/3e047822-576= 6-4e7f-be89-f4a15f0e6d51?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/forms-bridge/trunk/addons/financoop/shortcodes.php#= L389" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org= /browser/forms-bridge/trunk/addons/financoop/shortcodes.php#L389</a> <a = href=3D"https://plugins.trac.wordpress.org/browser/forms-bridge/tags/4.2.3/= addons/financoop/shortcodes.php#L389" target=3D"_blank" rel=3D"noopener">ht= tps://plugins.trac.wordpress.org/browser/forms-bridge/tags/4.2.3/addons/fin= ancoop/shortcodes.php#L389</a> <a href=3D"https://plugins.trac.wordpress= .org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3446693%40forms-= bridge&new=3D3446693%40forms-bridge&sfp_email=3D&sfph_mail=3D#file1" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset?s= fp_email=3D&sfph_mail=3D&reponame=3D&old=3D3446693%40forms-bridge&new=3D344= 6693%40forms-bridge&sfp_email=3D&sfph_mail=3D#file1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">codepeople--Appointment Hour Booking Booking C= alendar</td>
<td>The Appointment Hour Booking - Booking Calendar plugin for WordPress is=
vulnerable to Stored Cross-Site Scripting via form field configuration par= ameters in all versions up to, and including, 1.5.60 due to insufficient in= put sanitization and output escaping on the 'Min length/characters' and 'Ma=
x length/characters' field configuration values. This makes it possible for=
authenticated attackers, with administrator-level access and above, to inj= ect arbitrary web scripts in pages that will execute whenever a user access=
es the form builder interface. This only affects multi-site installations a=
nd installations where unfiltered_html has been disabled.</td> <td>2026-01-28</td>
<td>4.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1083" target=3D"= _blank" rel=3D"noopener">CVE-2026-1083</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/a5cb1f= ea-134f-4c81-8f2f-76ee42df7f77?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/a5cb1fea-134= f-4c81-8f2f-76ee42df7f77?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/appointment-hour-booking/trunk/js/fields-admin/01_f= builder.ftext.js#L64" target=3D"_blank" rel=3D"noopener">https://plugins.tr= ac.wordpress.org/browser/appointment-hour-booking/trunk/js/fields-admin/01_= fbuilder.ftext.js#L64</a> <a href=3D"https://plugins.trac.wordpress.org/= browser/appointment-hour-booking/tags/1.5.57/js/fields-admin/01_fbuilder.ft= ext.js#L64" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpre= ss.org/browser/appointment-hour-booking/tags/1.5.57/js/fields-admin/01_fbui= lder.ftext.js#L64</a> <a href=3D"https://plugins.trac.wordpress.org/chan= geset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3442650%40appointment-hou= r-booking&new=3D3442650%40appointment-hour-booking&sfp_email=3D&sfph_mail=
=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/= changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3442650%40appointment= -hour-booking&new=3D3442650%40appointment-hour-booking&sfp_email=3D&sfph_ma= il</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">CriticalGears--PayPal PRO Payment Terminal</td=

<td>Multiple payment terminal versions contain non-persistent cross-site sc= ripting vulnerabilities in billing and payment information input fields. At= tackers can inject malicious script code through vulnerable parameters to m= anipulate client-side requests and potentially execute session hijacking or=
phishing attacks.</td>
<td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47885" target=3D= "_blank" rel=3D"noopener">CVE-2021-47885</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2280" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://www.criticalgears.com/product/authorize-net-payment-terminal/" = target=3D"_blank" rel=3D"noopener">Product Homepage</a> <a href=3D"https= ://www.criticalgears.com/product/paypal-pro-payment-terminal/" target=3D"_b= lank" rel=3D"noopener">Product Homepage</a> <a href=3D"https://www.criti= calgears.com/product/stripe-payment-terminal/" target=3D"_blank" rel=3D"noo= pener">Product Homepage</a> <a href=3D"https://www.vulncheck.com/advisor= ies/payment-terminal-multiple-versions-non-persistent-cross-site-scripting"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Payment Terminal Mu= ltiple Versions Non-Persistent Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">crmperks--Database for Contact Form 7, WPforms=
, Elementor forms</td>
<td>The Database for Contact Form 7, WPforms, Elementor forms plugin for Wo= rdPress is vulnerable to authorization bypass due to missing capability che= cks on the CSV export functionality in all versions up to, and including, 1= .4.5. This makes it possible for unauthenticated attackers to download sens= itive form submission data containing personally identifiable information (= PII) by accessing the CSV export endpoint with an export key that is expose=
d in publicly accessible page source code. The vulnerability is created bec= ause while the shortcode properly filters displayed entries by user, the CS=
V export handler completely bypasses this filtering and exports all entries=
regardless of user permissions.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0825" target=3D"= _blank" rel=3D"noopener">CVE-2026-0825</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/4048ae= 11-fece-42aa-baf3-c636c4875635?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/4048ae11-fec= e-42aa-baf3-c636c4875635?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/contact-form-entries/trunk/contact-form-entries.php= #L76" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org= /browser/contact-form-entries/trunk/contact-form-entries.php#L76</a> <a = href=3D"https://plugins.trac.wordpress.org/browser/contact-form-entries/tag= s/1.4.5/contact-form-entries.php#L76" target=3D"_blank" rel=3D"noopener">ht= tps://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.4.5/co= ntact-form-entries.php#L76</a> <a href=3D"https://plugins.trac.wordpress= .org/browser/contact-form-entries/trunk/contact-form-entries.php#L301" targ= et=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/c= ontact-form-entries/trunk/contact-form-entries.php#L301</a> <a href=3D"h= ttps://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/templa= tes/leads-table.php#L10" target=3D"_blank" rel=3D"noopener">https://plugins= .trac.wordpress.org/browser/contact-form-entries/trunk/templates/leads-tabl= e.php#L10</a> <a href=3D"https://plugins.trac.wordpress.org/changeset?sf= p_email=3D&sfph_mail=3D&reponame=3D&old=3D3442962%40contact-form-entries&ne= w=3D3442962%40contact-form-entries&sfp_email=3D&sfph_mail=3D" target=3D"_bl= ank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset?sfp_emai= l=3D&sfph_mail=3D&reponame=3D&old=3D3442962%40contact-form-entries&new=3D34= 42962%40contact-form-entries&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DCS700l</td>
<td>A weakness has been identified in D-Link DCS700l 1.03.09. Affected is a=
n unknown function of the file /setDayNightMode of the component Web Form H= andler. Executing a manipulation of the argument LightSensorControl can lea=
d to command injection. The attack may be launched remotely. The exploit ha=
s been made available to the public and could be used for attacks.</td> <td>2026-01-26</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1419" target=3D"= _blank" rel=3D"noopener">CVE-2026-1419</a></td>

<a href=3D"https://vuldb.com/?id.342815" target=3D"_blank" rel=3D"noopener"= >VDB-342815 | D-Link DCS700l Web Form setDayNightMode command injection</a>= <a href=3D"https://vuldb.com/?ctiid.342815" target=3D"_blank" rel=3D"no= opener">VDB-342815 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"= https://vuldb.com/?submit.736554" target=3D"_blank" rel=3D"noopener">Submit=
#736554 | D-Link DCS700l v1.03.09 Command Injection</a> <a href=3D"http= s://tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Command-Injection-Vulnerab= ility-in-LightSensorControl-Parameter-2e6b5c52018a80ada0f6d7e72efd7a45?sour= ce=3Dcopy_link" target=3D"_blank" rel=3D"noopener">https://tzh00203.notion.= site/D-Link-DCS700l-v1-03-09-Command-Injection-Vulnerability-in-LightSensor= Control-Parameter-2e6b5c52018a80ada0f6d7e72efd7a45?source=3Dcopy_link</a><b= r><a href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">htt= ps://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A security flaw has been discovered in D-Link DIR-823X 250416. Impacted=
is the function sub_41E2A0 of the file /goform/set_mode. Performing a mani= pulation of the argument lan_gateway results in os command injection. The a= ttack is possible to be carried out remotely. The exploit has been released=
to the public and may be used for attacks. This vulnerability only affects=
products that are no longer supported by the maintainer.</td> <td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1544" target=3D"= _blank" rel=3D"noopener">CVE-2026-1544</a></td>

<a href=3D"https://vuldb.com/?id.343228" target=3D"_blank" rel=3D"noopener"= >VDB-343228 | D-Link DIR-823X set_mode sub_41E2A0 os command injection</a><= br><a href=3D"https://vuldb.com/?ctiid.343228" target=3D"_blank" rel=3D"noo= pener">VDB-343228 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"h= ttps://vuldb.com/?submit.739155" target=3D"_blank" rel=3D"noopener">Submit = #739155 | D-Link DIR-823X 250416 OS Command Injection</a> <a href=3D"htt= ps://github.com/master-abc/cve/issues/16" target=3D"_blank" rel=3D"noopener= ">https://github.com/master-abc/cve/issues/16</a> <a href=3D"https://www= .dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DWR-M961</td>
<td>A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability aff= ects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel.=
This manipulation of the argument fota_url causes command injection. The a= ttack is possible to be carried out remotely. The exploit has been publishe=
d and may be used.</td>
<td>2026-01-29</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1596" target=3D"= _blank" rel=3D"noopener">CVE-2026-1596</a></td>

<a href=3D"https://vuldb.com/?id.343358" target=3D"_blank" rel=3D"noopener"= >VDB-343358 | D-Link DWR-M961 formLtefotaUpgradeQuectel sub_419920 command = injection</a> <a href=3D"https://vuldb.com/?ctiid.343358" target=3D"_bla= nk" rel=3D"noopener">VDB-343358 | CTI Indicators (IOB, IOC, TTP, IOA)</a><b= r><a href=3D"https://vuldb.com/?submit.740693" target=3D"_blank" rel=3D"noo= pener">Submit #740693 | D-Link DWR-M961 V1.1.47 Command Injection</a> <a=
href=3D"https://github.com/QIU-DIE/CVE/issues/48" target=3D"_blank" rel=3D= "noopener">https://github.com/QIU-DIE/CVE/issues/48</a> <a href=3D"https= ://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com= /</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DWR-M961</td>
<td>A security vulnerability has been detected in D-Link DWR-M961 1.1.47. T=
he affected element is an unknown function of the file /boafrm/formLtefotaU= pgradeFibocom. Such manipulation of the argument fota_url leads to command = injection. The attack can be launched remotely. The exploit has been disclo= sed publicly and may be used.</td>
<td>2026-01-29</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1624" target=3D"= _blank" rel=3D"noopener">CVE-2026-1624</a></td>

<a href=3D"https://vuldb.com/?id.343383" target=3D"_blank" rel=3D"noopener"= >VDB-343383 | D-Link DWR-M961 formLtefotaUpgradeFibocom command injection</= a> <a href=3D"https://vuldb.com/?ctiid.343383" target=3D"_blank" rel=3D"= noopener">VDB-343383 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.740770" target=3D"_blank" rel=3D"noopener">Su= bmit #740770 | D-Link DWR-M961 V1.1.47 Command Injection</a> <a href=3D"= https://github.com/QIU-DIE/CVE/issues/50" target=3D"_blank" rel=3D"noopener= ">https://github.com/QIU-DIE/CVE/issues/50</a> <a href=3D"https://www.dl= ink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DWR-M961</td>
<td>A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted el= ement is the function sub_4250E0 of the file /boafrm/formSmsManage of the c= omponent SMS Message. Performing a manipulation of the argument action_valu=
e results in command injection. The attack may be initiated remotely. The e= xploit is now public and may be used.</td>
<td>2026-01-29</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1625" target=3D"= _blank" rel=3D"noopener">CVE-2026-1625</a></td>

<a href=3D"https://vuldb.com/?id.343384" target=3D"_blank" rel=3D"noopener"= >VDB-343384 | D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command = injection</a> <a href=3D"https://vuldb.com/?ctiid.343384" target=3D"_bla= nk" rel=3D"noopener">VDB-343384 | CTI Indicators (IOB, IOC, TTP, IOA)</a><b= r><a href=3D"https://vuldb.com/?submit.740792" target=3D"_blank" rel=3D"noo= pener">Submit #740792 | D-Link DW V1.1.47 Command Injection</a> <a href= =3D"https://github.com/QIU-DIE/CVE/issues/51" target=3D"_blank" rel=3D"noop= ener">https://github.com/QIU-DIE/CVE/issues/51</a> <a href=3D"https://ww= w.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">dcooney--Ajax Load More Infinite Scroll, Load = More, & Lazy Load</td>
<td>The Ajax Load More - Infinite Scroll, Load More, & Lazy Load plugin=
for WordPress is vulnerable to unauthorized access of data due to incorrec=
t authorization on the parse_custom_args() function in all versions up to, = and including, 7.8.1. This makes it possible for unauthenticated attackers =
to expose the titles and excerpts of private, draft, pending, scheduled, an=
d trashed posts.</td>
<td>2026-01-31</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15525" target=3D= "_blank" rel=3D"noopener">CVE-2025-15525</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/d01f4e= 67-a463-4973-97b1-41a64398686a?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/d01f4e67-a46= 3-4973-97b1-41a64398686a?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/ajax-load-more/tags/7.8.1/core/classes/class-alm-qu= eryargs.php#L500" target=3D"_blank" rel=3D"noopener">https://plugins.trac.w= ordpress.org/browser/ajax-load-more/tags/7.8.1/core/classes/class-alm-query= args.php#L500</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dell--OpenManage Network Integration</td>
<td>Dell OpenManage Network Integration, versions prior to 3.9, contains an=
Improper Authentication vulnerability. A low privileged attacker with remo=
te access could potentially exploit this vulnerability, leading to Informat= ion exposure.</td>
<td>2026-01-29</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22764" target=3D= "_blank" rel=3D"noopener">CVE-2026-22764</a></td>

<a href=3D"https://www.dell.com/support/kbdoc/en-us/000420893/dsa-2026-045-= security-update-for-dell-openmanage-network-integration-omni-vulnerabilitie=
s" target=3D"_blank" rel=3D"noopener">https://www.dell.com/support/kbdoc/en= -us/000420893/dsa-2026-045-security-update-for-dell-openmanage-network-inte= gration-omni-vulnerabilities</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the `mo= derators_change_post_ownership` setting enabled can change ownership of pos=
ts in private messages and restricted categories they cannot access, then e= xport their data to view the content. This is a broken access control vulne= rability affecting sites that grant moderators post ownership transfer perm= issions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and=
2026.1.0. The patch adds visibility checks for both the topic and posts be= fore allowing ownership transfer. As a workaround, disable the `moderators_= change_post_ownership` site setting to prevent non-admin moderators from us= ing the post ownership transfer feature.</td>
<td>2026-01-28</td>
<td>6.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68933" target=3D= "_blank" rel=3D"noopener">CVE-2025-68933</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= hpxv-mw7v-fqg2" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-hpxv-mw7v-fqg2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit cr= afted payloads to /drafts.json that cause O(n^2) processing in Base62.decod=
e, tying up workers for 35-60 seconds per request. This affects all users a=
s the shared worker pool becomes exhausted. This issue is patched in versio=
ns 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length=
site setting reduces attack surface but does not fully mitigate the issue,=
as payloads under the limit can still trigger the slow code path.</td> <td>2026-01-28</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68934" target=3D= "_blank" rel=3D"noopener">CVE-2025-68934</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= vwjh-vrx9-9849" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-vwjh-vrx9-9849</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some perso= nal messages to public topics when they shouldn't have access. This issue i=
s patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a worka= round, site admin can temporarily revoke the moderation role from untrusted=
moderators or remove the moderator group from the "personal message enable=
d groups" site setting until the Discourse instance has been upgraded to a = version that has been patched.</td>
<td>2026-01-28</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21865" target=3D= "_blank" rel=3D"noopener">CVE-2026-21865</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= 4777-wrv5-3g39" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-4777-wrv5-3g39</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sen= sitive information in staff action logs that should be restricted to admini= strators only. The exposed information includes webhook payload URLs and se= crets, API key details, site setting changes, private message content, rest= ricted category names and structures, and private chat channel titles. This=
allows moderators to bypass intended access controls and extract confident= ial data by monitoring the staff action logs. With leaked webhook secrets, =
an attacker could potentially spoof webhook events to integrated services. = This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0=
. As a workaround, site administrators should review and limit moderator ap= pointments to fully trusted users. There is no configuration-based workarou=
nd to prevent this access.</td>
<td>2026-01-28</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24742" target=3D= "_blank" rel=3D"noopener">CVE-2026-24742</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= hwjv-9gqj-m7h6" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-hwjv-9gqj-m7h6</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. A vulnerability presen=
t in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects an= yone who uses S3 for uploads. While scripts may be executed, they will only=
be run in the context of the S3/CDN domain, with no site credentials. Vers= ions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 fix the issue. As a workarou= nd, disallow html or xml files for uploads in authorized_extensions. For ex= isting html xml uploads, site owners can consider deleting them.</td> <td>2026-01-28</td>
<td>4.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-66488" target=3D= "_blank" rel=3D"noopener">CVE-2025-66488</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= 68jp-3934-62rx" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-68jp-3934-62rx</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. Versions prior to 3.5.=
4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitiga= ted cross-site scriptinv vulnerability on the Discourse Math plugin when us= ing its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2, = 2025.12.1, and 2026.1.0. As a workaround, the Discourse Math plugin can be = disabled, or the Mathjax provider can be used instead of KaTeX.</td> <td>2026-01-28</td>
<td>4.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67723" target=3D= "_blank" rel=3D"noopener">CVE-2025-67723</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= 955h-m28g-5379" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-955h-m28g-5379</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. Versions prior to 3.5.=
4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of s= ervice vulnerabilityin the username change functionality at try.discourse.o= rg. The vulnerability allows attackers to cause noticeable server delays an=
d resource exhaustion by sending large JSON payloads to the username prefer= ence endpoint PUT /u//preferences/username, resulting in degraded performan=
ce for other users and endpoints. This issue is patched in versions 3.5.4, = 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.</td=

<td>2026-01-28</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68659" target=3D= "_blank" rel=3D"noopener">CVE-2025-68659</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= rmp6-c9rq-6q7p" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-rmp6-c9rq-6q7p</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dnnsoftware--Dnn.Platform</td>
<td>DNN (formerly DotNetNuke) is an open-source web content management plat= form (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior =
to versions 9.13.10 and 10.2.0, a content editor could inject scripts in mo= dule headers/footers that would run for other users. Versions 9.13.10 and 1= 0.2.0 contain a fix for the issue.</td>
<td>2026-01-27</td>
<td>6.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24784" target=3D= "_blank" rel=3D"noopener">CVE-2026-24784</a></td>

<a href=3D"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/= GHSA-jjwg-4948-6wxp" target=3D"_blank" rel=3D"noopener">https://github.com/= dnnsoftware/Dnn.Platform/security/advisories/GHSA-jjwg-4948-6wxp</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Dokploy--dokploy</td>
<td>Dokploy is a free, self-hostable Platform as a Service (PaaS). In versi= ons prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjackin=
g attacks due to missing frame-busting headers. This allows attackers to em= bed Dokploy pages in malicious iframes and trick authenticated users into p= erforming unintended actions. Version 0.26.6 patches the issue.</td> <td>2026-01-28</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24839" target=3D= "_blank" rel=3D"noopener">CVE-2026-24839</a></td>

<a href=3D"https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j= -8wgf-2q9q" target=3D"_blank" rel=3D"noopener">https://github.com/Dokploy/d= okploy/security/advisories/GHSA-c94j-8wgf-2q9q</a> <a href=3D"https://gi= thub.com/Dokploy/dokploy/pull/3500" target=3D"_blank" rel=3D"noopener">http= s://github.com/Dokploy/dokploy/pull/3500</a> <a href=3D"https://github.c= om/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699df8" target= =3D"_blank" rel=3D"noopener">https://github.com/Dokploy/dokploy/commit/9714= 695d5a78fe24496f989ab81807ba04699df8</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dolibarr--Dolibarr</td>
<td>Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerabilit=
y in LDAP synchronization settings that allows attackers to inject maliciou=
s scripts through multiple parameters. Attackers can exploit the host, slav=
e, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary Jav= aScript and potentially steal user cookie information.</td>
<td>2026-01-30</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36966" target=3D= "_blank" rel=3D"noopener">CVE-2020-36966</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48504" target=3D"_blank" rel= =3D"noopener">ExploitDB-48504</a> <a href=3D"https://www.dolibarr.org/" = target=3D"_blank" rel=3D"noopener">Official Dolibarr Product Homepage</a><b= r><a href=3D"https://www.vulncheck.com/advisories/dolibarr-ldapphp-persiste= nt-cross-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Advis= ory: Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Eclipse Foundation--Eclipse ThreadX - USBX</td=

<td>The function _ux_host_class_storage_media_mount()=C2=A0is responsible f=
or mounting partitions on a USB mass storage device. When it encounters an = extended partition entry in the partition table, it recursively calls itsel=
f to mount the next logical partition. This recursion occurs in _ux_host_cl= ass_storage_partition_read(), which parses up to four partition entries. If=
an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_= EXTENDED=C2=A0or EXTENDED_LBA_MAPPED), the code invokes: _ux_host_class_sto= rage_media_mount(storage, sector + _ux_utility_long_get(...)); There is no = limit on the recursion depth or tracking of visited sectors. As a result, a=
malicious or malformed disk image can include cyclic or excessively deep c= hains of extended partitions, causing the function to recurse until stack o= verflow occurs.</td>
<td>2026-01-27</td>
<td>4.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-55095" target=3D= "_blank" rel=3D"noopener">CVE-2025-55095</a></td>

<a href=3D"https://github.com/eclipse-threadx/usbx/security/advisories/GHSA= -qfmp-wch9-rpv2" target=3D"_blank" rel=3D"noopener">https://github.com/ecli= pse-threadx/usbx/security/advisories/GHSA-qfmp-wch9-rpv2</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Esri--ArcGIS Pro</td>
<td>There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0=
and earlier. A local attacker could supply malicious strings into ArcGIS P=
ro which may execute when a specific dialog is opened. This issue is fixed =
in ArcGIS Pro 3.6.1.</td>
<td>2026-01-26</td>
<td>5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1446" target=3D"= _blank" rel=3D"noopener">CVE-2026-1446</a></td>

<a href=3D"https://www.esri.com/arcgis-blog/products/arcgis-pro/administrat= ion/arcgis-pro-3-6-1-patch" target=3D"_blank" rel=3D"noopener">https://www.= esri.com/arcgis-blog/products/arcgis-pro/administration/arcgis-pro-3-6-1-pa= tch</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EVerest--everest-core</td>
<td>EVerest is an EV charging software stack. In versions up to and includi=
ng 2025.12.1, it is possible to bypass the sequence state verification incl= uding authentication, and send requests that transition to forbidden states=
relative to the current one, thereby updating the current context with ill= egitimate data.cThanks to the modular design of EVerest, authorization is h= andled in a separate module and EVSEManager Charger internal state machine = cannot transition out of the `WaitingForAuthentication` state through ISO 1= 5118-2 communication. From this state, it was however possible through ISO = 15118-2 messages which are published to the MQTT server to trick it into pr= eparing to charge, and even to prepare to send current. The final requireme=
nt to actually send current to the EV was the closure of the contactors, wh= ich does not appear to be possible without leaving the `WaitingForAuthentic= ation` state and leveraging ISO 15118-2 messages. As of time of publication=
, no fixed versions are available.</td>
<td>2026-01-26</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24003" target=3D= "_blank" rel=3D"noopener">CVE-2026-24003</a></td>

<a href=3D"https://github.com/EVerest/everest-core/security/advisories/GHSA= -9vv5-67cv-9crq" target=3D"_blank" rel=3D"noopener">https://github.com/EVer= est/everest-core/security/advisories/GHSA-9vv5-67cv-9crq</a> <a href=3D"= https://github.com/EVerest/everest-core/blob/main/modules/EVSE/EvseV2G/iso_= server.cpp#L44" target=3D"_blank" rel=3D"noopener">https://github.com/EVere= st/everest-core/blob/main/modules/EVSE/EvseV2G/iso_server.cpp#L44</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Filigran--OpenCTI</td>
<td>OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) a= ttack via the /graphql endpoint. An attacker can inject arbitrary JavaScrip=
t code by sending a crafted GET request with a malicious payload in the que=
ry string, leading to execution of JavaScript in the victim's browser. For = example, a request to /graphql?'"--></style></scRipt><scR= ipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vuln= erability was discovered by Raif Berkay Dincel and confirmed on Linux Mint = and Windows 10.</td>
<td>2026-01-30</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37044" target=3D= "_blank" rel=3D"noopener">CVE-2020-37044</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48595" target=3D"_blank" rel= =3D"noopener">ExploitDB-48595</a> <a href=3D"https://www.opencti.io/" ta= rget=3D"_blank" rel=3D"noopener">OpenCTI Official Homepage</a> <a href= =3D"https://github.com/OpenCTI-Platform/opencti" target=3D"_blank" rel=3D"n= oopener">OpenCTI GitHub Repository</a> <a href=3D"https://www.vulncheck.= com/advisories/opencti-cross-site-scripting" target=3D"_blank" rel=3D"noope= ner">VulnCheck Advisory: OpenCTI 3.3.1 - Cross Site Scripting</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">forma--E-Learning Suite</td>
<td>Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site=
scripting vulnerability in multiple course and profile parameters. Attacke=
rs can inject malicious scripts in course code, name, description fields, a=
nd email parameter to execute arbitrary JavaScript without proper input san= itization.</td>
<td>2026-01-30</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36998" target=3D= "_blank" rel=3D"noopener">CVE-2020-36998</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48478" target=3D"_blank" rel= =3D"noopener">ExploitDB-48478</a> <a href=3D"https://sourceforge.net/pro= jects/forma/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a = href=3D"https://sourceforge.net/projects/forma/files/latest/download" targe= t=3D"_blank" rel=3D"noopener">Software Download Link</a> <a href=3D"http= s://www.vulncheck.com/advisories/formalms-the-e-learning-suite-persistent-c= ross-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory:=
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Formalms--Forma LMS</td>
<td>Forma LMS 2.3 contains a stored cross-site scripting vulnerability that=
allows attackers to inject malicious scripts into user profile first and l= ast name fields. Attackers can craft scripts like '<script>alert(docu= ment.cookie)</script>' to execute arbitrary JavaScript when the profi=
le is viewed by other users.</td>
<td>2026-01-26</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36960" target=3D= "_blank" rel=3D"noopener">CVE-2020-36960</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49197" target=3D"_blank" rel= =3D"noopener">ExploitDB-49197</a> <a href=3D"https://www.formalms.org/" = target=3D"_blank" rel=3D"noopener">Official Product Website</a> <a href= =3D"https://www.vulncheck.com/advisories/forma-lms-first-last-name-stored-c= ross-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory:=
Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">Free5GC--SMF</td>
<td>A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the funct= ion HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/h= andler.go of the component PFCP UDP Endpoint. Executing a manipulation can = lead to null pointer dereference. The attack may be launched remotely. The = exploit has been published and may be used. A patch should be applied to re= mediate this issue.</td>
<td>2026-01-30</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1682" target=3D"= _blank" rel=3D"noopener">CVE-2026-1682</a></td>

<a href=3D"https://vuldb.com/?id.343475" target=3D"_blank" rel=3D"noopener"= >VDB-343475 | Free5GC SMF PFCP UDP Endpoint handler.go HandlePfcpAssociatio= nReleaseRequest null pointer dereference</a> <a href=3D"https://vuldb.co= m/?ctiid.343475" target=3D"_blank" rel=3D"noopener">VDB-343475 | CTI Indica= tors (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?submit.739508" ta= rget=3D"_blank" rel=3D"noopener">Submit #739508 | free5gc SMF v4.1.0 Denial=
of Service</a> <a href=3D"https://github.com/free5gc/free5gc/issues/794=
" target=3D"_blank" rel=3D"noopener">https://github.com/free5gc/free5gc/iss= ues/794</a> <a href=3D"https://github.com/free5gc/free5gc/issues/794#iss= uecomment-3761063382" target=3D"_blank" rel=3D"noopener">https://github.com= /free5gc/free5gc/issues/794#issuecomment-3761063382</a> <a href=3D"https= ://github.com/free5gc/free5gc/issues/794#issue-3811888505" target=3D"_blank=
" rel=3D"noopener">https://github.com/free5gc/free5gc/issues/794#issue-3811= 888505</a> <a href=3D"https://github.com/free5gc/smf/pull/188" target=3D= "_blank" rel=3D"noopener">https://github.com/free5gc/smf/pull/188</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Free5GC--SMF</td>
<td>A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by = this vulnerability is the function HandlePfcpSessionReportRequest of the fi=
le internal/pfcp/handler/handler.go of the component PFCP. The manipulation=
leads to denial of service. Remote exploitation of the attack is possible.=
The exploit has been disclosed to the public and may be used. To fix this = issue, it is recommended to deploy a patch.</td>
<td>2026-01-30</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1683" target=3D"= _blank" rel=3D"noopener">CVE-2026-1683</a></td>

<a href=3D"https://vuldb.com/?id.343476" target=3D"_blank" rel=3D"noopener"= >VDB-343476 | Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest de= nial of service</a> <a href=3D"https://vuldb.com/?ctiid.343476" target= =3D"_blank" rel=3D"noopener">VDB-343476 | CTI Indicators (IOB, IOC, TTP, IO= A)</a> <a href=3D"https://vuldb.com/?submit.739653" target=3D"_blank" re= l=3D"noopener">Submit #739653 | free5gc SMF v4.1.0 Denial of Service</a><br= ><a href=3D"https://vuldb.com/?submit.739654" target=3D"_blank" rel=3D"noop= ener">Submit #739654 | free5gc SMF v4.1.0 Denial of Service (Duplicate)</a>= <a href=3D"https://github.com/free5gc/free5gc/issues/804" target=3D"_bl= ank" rel=3D"noopener">https://github.com/free5gc/free5gc/issues/804</a> =
<a href=3D"https://github.com/free5gc/free5gc/issues/804#issue-3816086696" = target=3D"_blank" rel=3D"noopener">https://github.com/free5gc/free5gc/issue= s/804#issue-3816086696</a> <a href=3D"https://github.com/free5gc/smf/pul= l/188" target=3D"_blank" rel=3D"noopener">https://github.com/free5gc/smf/pu= ll/188</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Free5GC--SMF</td>
<td>A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this = issue is the function HandleReports of the file /internal/context/pfcp_repo= rts.go of the component PFCP UDP Endpoint. The manipulation results in deni=
al of service. The attack can be executed remotely. It is advisable to impl= ement a patch to correct this issue.</td>
<td>2026-01-30</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1684" target=3D"= _blank" rel=3D"noopener">CVE-2026-1684</a></td>

<a href=3D"https://vuldb.com/?id.343477" target=3D"_blank" rel=3D"noopener"= >VDB-343477 | Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports d= enial of service</a> <a href=3D"https://vuldb.com/?ctiid.343477" target= =3D"_blank" rel=3D"noopener">VDB-343477 | CTI Indicators (IOB, IOC, TTP, IO= A)</a> <a href=3D"https://vuldb.com/?submit.739655" target=3D"_blank" re= l=3D"noopener">Submit #739655 | free5gc SMF v4.1.0 Denial of Service</a><br= ><a href=3D"https://vuldb.com/?submit.739656" target=3D"_blank" rel=3D"noop= ener">Submit #739656 | free5gc SMF v4.1.0 Denial of Service (Duplicate)</a>= <a href=3D"https://github.com/free5gc/free5gc/issues/806" target=3D"_bl= ank" rel=3D"noopener">https://github.com/free5gc/free5gc/issues/806</a> =
<a href=3D"https://github.com/free5gc/smf/pull/188" target=3D"_blank" rel= =3D"noopener">https://github.com/free5gc/smf/pull/188</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Froxlor--Froxlor Froxlor Server Management Pan= el</td>
<td>Froxlor Server Management Panel 0.10.16 contains a persistent cross-sit=
e scripting vulnerability in customer registration input fields. Attackers = can inject malicious scripts through username, name, and firstname paramete=
rs to execute code when administrators view customer traffic modules.</td> <td>2026-01-27</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36978" target=3D= "_blank" rel=3D"noopener">CVE-2020-36978</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49063" target=3D"_blank" rel= =3D"noopener">ExploitDB-49063</a> <a href=3D"https://froxlor.org/" targe= t=3D"_blank" rel=3D"noopener">Official Froxlor Homepage</a> <a href=3D"h= ttps://froxlor.org/download/" target=3D"_blank" rel=3D"noopener">Froxlor Do= wnload Page</a> <a href=3D"https://www.vulnerability-lab.com/get_content= .php?id=3D2241" target=3D"_blank" rel=3D"noopener">Vulnerability Lab Adviso= ry</a> <a href=3D"https://www.vulnerability-lab.com/show.php?user=3DVuln= erability-Lab" target=3D"_blank" rel=3D"noopener">Vulnerability Lab Profile= </a> <a href=3D"https://www.vulnerability-lab.com/show.php?user=3DBenjam= in%20K.M." target=3D"_blank" rel=3D"noopener">Researcher Profile</a> <a = href=3D"https://www.vulncheck.com/advisories/froxlor-froxlor-server-managem= ent-panel-persistent-cross-site-scripting" target=3D"_blank" rel=3D"noopene= r">VulnCheck Advisory: Froxlor Froxlor Server Management Panel 0.10.16 - Pe= rsistent Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Getgrav--Grav CMS Admin Plugin</td>
<td>Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-si=
te scripting vulnerability that allows authenticated attackers to inject ma= licious scripts through the page title field. Attackers can create a new pa=
ge with a malicious script in the title, which will be executed when the pa=
ge is viewed in the admin panel or on the site.</td>
<td>2026-01-26</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36955" target=3D= "_blank" rel=3D"noopener">CVE-2020-36955</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49264" target=3D"_blank" rel= =3D"noopener">ExploitDB-49264</a> <a href=3D"https://getgrav.org/" targe= t=3D"_blank" rel=3D"noopener">Grav CMS Official Homepage</a> <a href=3D"= https://www.vulncheck.com/advisories/grav-cms-admin-plugin-page-title-persi= stent-cross-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Ad= visory: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross= -Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gi-docgen--gi-docgen</td>
<td>A flaw was found in the gi-docgen. This vulnerability allows arbitrary = JavaScript execution in the context of the page - enabling DOM access, sess= ion cookie theft and other client-side attacks - via a crafted URL that sup= plies a malicious value to the q GET parameter (reflected DOM XSS).</td> <td>2026-01-26</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11687" target=3D= "_blank" rel=3D"noopener">CVE-2025-11687</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-11687" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-1= 1687</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D240353=
6" target=3D"_blank" rel=3D"noopener">RHBZ#2403536</a> <a href=3D"https:= //gitlab.gnome.org/GNOME/gi-docgen/-/issues/228" target=3D"_blank" rel=3D"n= oopener">https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">GitoxideLabs--gitoxide</td>
<td>A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` fu= nction can generate strings containing invalid non-UTF8 characters. This is= sue violates the internal safety invariants of the `TimeBuf` component, lea= ding to undefined behavior when these malformed strings are subsequently pr= ocessed. This could potentially result in application instability or other = unforeseen consequences.</td>
<td>2026-01-26</td>
<td>6.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0810" target=3D"= _blank" rel=3D"noopener">CVE-2026-0810</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-0810" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-08= 10</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2427057"=
target=3D"_blank" rel=3D"noopener">RHBZ#2427057</a> <a href=3D"https://= crates.io/crates/gix-date" target=3D"_blank" rel=3D"noopener">https://crate= s.io/crates/gix-date</a> <a href=3D"https://github.com/GitoxideLabs/gito= xide/issues/2305" target=3D"_blank" rel=3D"noopener">https://github.com/Git= oxideLabs/gitoxide/issues/2305</a> <a href=3D"https://rustsec.org/adviso= ries/RUSTSEC-2025-0140.html" target=3D"_blank" rel=3D"noopener">https://rus= tsec.org/advisories/RUSTSEC-2025-0140.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Goautodial--GOautodial</td>
<td>GOautodial 4.0 contains a persistent cross-site scripting vulnerability=
that allows authenticated agents to inject malicious scripts through messa=
ge subjects. Attackers can craft messages with embedded JavaScript that wil=
l execute when an administrator reads the message, potentially stealing ses= sion cookies or executing client-side attacks.</td>
<td>2026-01-29</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37018" target=3D= "_blank" rel=3D"noopener">CVE-2020-37018</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48690" target=3D"_blank" rel= =3D"noopener">ExploitDB-48690</a> <a href=3D"https://goautodial.org/" ta= rget=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a href=3D= "https://www.vulncheck.com/advisories/goautodial-persistent-cross-site-scri= pting" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: GOautodial 4.=
0 - Persistent Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">GPAc--GPAC</td>
<td>A security vulnerability has been detected in GPAC up to 2.4.0. This af= fects the function gf_text_import_srt_bifs of the file src/scene_manager/te= xt_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads =
to out-of-bounds write. The attack needs to be performed locally. The explo=
it has been disclosed publicly and may be used. The name of the patch is 10= c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patc=
h to resolve this issue.</td>
<td>2026-01-26</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1418" target=3D"= _blank" rel=3D"noopener">CVE-2026-1418</a></td>

<a href=3D"https://vuldb.com/?id.342807" target=3D"_blank" rel=3D"noopener"= >VDB-342807 | GPAC SRT Subtitle Import text_to_bifs.c gf_text_import_srt_bi=
fs out-of-bounds write</a> <a href=3D"https://vuldb.com/?ctiid.342807" t= arget=3D"_blank" rel=3D"noopener">VDB-342807 | CTI Indicators (IOB, IOC, IO= A)</a> <a href=3D"https://vuldb.com/?submit.736544" target=3D"_blank" re= l=3D"noopener">Submit #736544 | gpac v2.4.0 Out-of-bounds Write</a> <a h= ref=3D"https://github.com/gpac/gpac/issues/3425" target=3D"_blank" rel=3D"n= oopener">https://github.com/gpac/gpac/issues/3425</a> <a href=3D"https:/= /github.com/gpac/gpac/issues/3425#issue-3801961068" target=3D"_blank" rel= =3D"noopener">https://github.com/gpac/gpac/issues/3425#issue-3801961068</a>= <a href=3D"https://github.com/enocknt/gpac/commit/10c73b82cf0e367383d09= 1db38566a0e4fe71772" target=3D"_blank" rel=3D"noopener">https://github.com/= enocknt/gpac/commit/10c73b82cf0e367383d091db38566a0e4fe71772</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">GuidoNeele--PDW File Browser</td>
<td>PDW File Browser version 1.3 contains stored and reflected cross-site s= cripting vulnerabilities that allow authenticated attackers to inject malic= ious scripts through file rename and path parameters. Attackers can craft m= alicious URLs or rename files with XSS payloads to execute arbitrary JavaSc= ript in victims' browsers when they access the file browser.</td> <td>2026-01-28</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36988" target=3D= "_blank" rel=3D"noopener">CVE-2020-36988</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48947" target=3D"_blank" rel= =3D"noopener">ExploitDB-48947</a> <a href=3D"https://github.com/GuidoNee= le/PDW-File-Browser" target=3D"_blank" rel=3D"noopener">PDW File Browser Gi= tHub Repository</a> <a href=3D"https://www.vulncheck.com/advisories/pdw-= file-browser-cross-site-scripting-xss" target=3D"_blank" rel=3D"noopener">V= ulnCheck Advisory: PDW File Browser <=3D v1.3 - Cross-Site Scripting (XS= S)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">halfdata--Stripe Green Downloads</td>
<td>Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cros= s-site scripting vulnerability allowing remote attackers to inject maliciou=
s scripts in button label fields. Attackers can exploit input parameters to=
execute arbitrary scripts, potentially leading to session hijacking and ap= plication module manipulation.</td>
<td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50797" target=3D= "_blank" rel=3D"noopener">CVE-2022-50797</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2287" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://halfdata.com/green-downloads/stripe/" target=3D"_blank" rel=3D"= noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com/advi= sories/stripe-green-downloads-wordpress-plugin-persistent-xss-via-settings"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Stripe Green Downlo= ads Wordpress Plugin 2.03 Persistent XSS via Settings</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HappyHackingSpace--gakido</td>
<td>Gakido is a Python HTTP client focused on browser impersonation and ant= i-bot evasion. A vulnerability was discovered in Gakido prior to version 0.= 1.1 that allowed HTTP header injection through CRLF (Carriage Return Line F= eed) sequences in user-supplied header values and names. When making HTTP r= equests with user-controlled header values containing `\r\n` (CRLF), `\n` (= LF), or `\x00` (null byte) characters, an attacker could inject arbitrary H= TTP headers into the request. The fix in version 0.1.1 adds a `_sanitize_he= ader()` function that strips `\r`, `\n`, and `\x00` characters from both he= ader names and values before they are included in HTTP requests.</td> <td>2026-01-27</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24489" target=3D= "_blank" rel=3D"noopener">CVE-2026-24489</a></td>

<a href=3D"https://github.com/HappyHackingSpace/gakido/security/advisories/= GHSA-gcgx-chcp-hxp9" target=3D"_blank" rel=3D"noopener">https://github.com/= HappyHackingSpace/gakido/security/advisories/GHSA-gcgx-chcp-hxp9</a> <a = href=3D"https://github.com/HappyHackingSpace/gakido/commit/369c67e67c63da51= 0c8a9ab021e54a92ccf1f788" target=3D"_blank" rel=3D"noopener">https://github= .com/HappyHackingSpace/gakido/commit/369c67e67c63da510c8a9ab021e54a92ccf1f7= 88</a> <a href=3D"https://github.com/HappyHackingSpace/gakido/releases/t= ag/v0.1.1-1bc6019" target=3D"_blank" rel=3D"noopener">https://github.com/Ha= ppyHackingSpace/gakido/releases/tag/v0.1.1-1bc6019</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HCLSoftware--BigFix Compliance</td>
<td>A sensitive information disclosure in HCL BigFix Compliance allows a re= mote attacker to access files under the WEB-INF directory, which may contai=
n Java class files and configuration information, leading to unauthorized a= ccess to application internals.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2023-37525" target=3D= "_blank" rel=3D"noopener">CVE-2023-37525</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0128385" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0128385</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">HIKSEMI--HS-AFS-S1H1</td>
<td>Due to inadequate access control, authenticated users of certain HIKSEM=
I NAS products can manipulate other users' file resources without proper au= thorization.</td>
<td>2026-01-30</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22624" target=3D= "_blank" rel=3D"noopener">CVE-2026-22624</a></td>

<a href=3D"https://www.hiksemitech.com/en/hiksemi/support/security-advisory= .html" target=3D"_blank" rel=3D"noopener">https://www.hiksemitech.com/en/hi= ksemi/support/security-advisory.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HIKSEMI--HS-AFS-S1H1</td>
<td>Improper handling of filenames in certain HIKSEMI NAS products may lead=
to the exposure of sensitive system files.</td>
<td>2026-01-30</td>
<td>4.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22625" target=3D= "_blank" rel=3D"noopener">CVE-2026-22625</a></td>

<a href=3D"https://www.hiksemitech.com/en/hiksemi/support/security-advisory= .html" target=3D"_blank" rel=3D"noopener">https://www.hiksemitech.com/en/hi= ksemi/support/security-advisory.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HIKSEMI--HS-AFS-S1H1</td>
<td>Due to insufficient input parameter validation on the interface, authen= ticated users of certain HIKSEMI NAS products can cause abnormal device beh= avior by crafting specific messages.</td>
<td>2026-01-30</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22626" target=3D= "_blank" rel=3D"noopener">CVE-2026-22626</a></td>

<a href=3D"https://www.hiksemitech.com/en/hiksemi/support/security-advisory= .html" target=3D"_blank" rel=3D"noopener">https://www.hiksemitech.com/en/hi= ksemi/support/security-advisory.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">honojs--hono</td>
<td>Hono is a Web application framework that provides support for any JavaS= cript runtime. Prior to version 4.11.7, Cache Middleware contains an inform= ation disclosure vulnerability caused by improper handling of HTTP cache co= ntrol directives. The middleware does not respect standard cache control he= aders such as `Cache-Control: private` or `Cache-Control: no-store`, which = may result in private or authenticated responses being cached and subsequen= tly exposed to unauthorized users. Version 4.11.7 has a patch for the issue= .</td>
<td>2026-01-27</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24472" target=3D= "_blank" rel=3D"noopener">CVE-2026-24472</a></td>

<a href=3D"https://github.com/honojs/hono/security/advisories/GHSA-6wqw-2p9= w-4vw4" target=3D"_blank" rel=3D"noopener">https://github.com/honojs/hono/s= ecurity/advisories/GHSA-6wqw-2p9w-4vw4</a> <a href=3D"https://github.com= /honojs/hono/commit/12c511745b3f1e7a3f863a23ce5f921c7fa805d1" target=3D"_bl= ank" rel=3D"noopener">https://github.com/honojs/hono/commit/12c511745b3f1e7= a3f863a23ce5f921c7fa805d1</a> <a href=3D"https://github.com/honojs/hono/= releases/tag/v4.11.7" target=3D"_blank" rel=3D"noopener">https://github.com= /honojs/hono/releases/tag/v4.11.7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">honojs--hono</td>
<td>Hono is a Web application framework that provides support for any JavaS= cript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono i=
s vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern a=
nd `convertIPv4ToBinary` function in `src/utils/ipaddr.ts` do not properly = validate that IPv4 octet values are within the valid range of 0-255, allowi=
ng attackers to craft malformed IP addresses that bypass IP-based access co= ntrols. Version 4.11.7 contains a patch for the issue.</td>
<td>2026-01-27</td>
<td>4.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24398" target=3D= "_blank" rel=3D"noopener">CVE-2026-24398</a></td>

<a href=3D"https://github.com/honojs/hono/security/advisories/GHSA-r354-f38= 8-2fhh" target=3D"_blank" rel=3D"noopener">https://github.com/honojs/hono/s= ecurity/advisories/GHSA-r354-f388-2fhh</a> <a href=3D"https://github.com= /honojs/hono/commit/edbf6eea8e6c26a3937518d4ed91d8666edeec37" target=3D"_bl= ank" rel=3D"noopener">https://github.com/honojs/hono/commit/edbf6eea8e6c26a= 3937518d4ed91d8666edeec37</a> <a href=3D"https://github.com/honojs/hono/= releases/tag/v4.11.7" target=3D"_blank" rel=3D"noopener">https://github.com= /honojs/hono/releases/tag/v4.11.7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">honojs--hono</td>
<td>Hono is a Web application framework that provides support for any JavaS= cript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulner= ability exists in the `ErrorBoundary` component of the hono/jsx library. Un= der certain usage patterns, untrusted user-controlled strings may be render=
ed as raw HTML, allowing arbitrary script execution in the victim's browser=
. Version 4.11.7 patches the issue.</td>
<td>2026-01-27</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24771" target=3D= "_blank" rel=3D"noopener">CVE-2026-24771</a></td>

<a href=3D"https://github.com/honojs/hono/security/advisories/GHSA-9r54-q6c= x-xmh5" target=3D"_blank" rel=3D"noopener">https://github.com/honojs/hono/s= ecurity/advisories/GHSA-9r54-q6cx-xmh5</a> <a href=3D"https://github.com= /honojs/hono/commit/2cf60046d730df9fd0aba85178f3ecfe8212d990" target=3D"_bl= ank" rel=3D"noopener">https://github.com/honojs/hono/commit/2cf60046d730df9= fd0aba85178f3ecfe8212d990</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">hu_chao--imwptip</td>
<td>The imwptip plugin for WordPress is vulnerable to Cross-Site Request Fo= rgery in all versions up to, and including, 1.1. This is due to missing non=
ce validation on the settings update functionality. This makes it possible = for unauthenticated attackers to update the plugin's settings via a forged = request granted they can trick a site administrator into performing an acti=
on such as clicking on a link.</td>
<td>2026-01-28</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1377" target=3D"= _blank" rel=3D"noopener">CVE-2026-1377</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe987= f0-6887-4ad1-a748-eb987bb574fa?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe987f0-688= 7-4ad1-a748-eb987bb574fa?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/imwptip/trunk/classes/imwptipadmin.php#L11" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/imw= ptip/trunk/classes/imwptipadmin.php#L11</a> <a href=3D"https://plugins.t= rac.wordpress.org/browser/imwptip/tags/1.1/classes/imwptipadmin.php#L11" ta= rget=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser= /imwptip/tags/1.1/classes/imwptipadmin.php#L11</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)=C2=A0= 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may cras=
h when an authenticated user creates a specially crafted query.</td> <td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-2668" target=3D"= _blank" rel=3D"noopener">CVE-2025-2668</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257518" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257518</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a=
denial of service using a specially crafted SQL statement including XML th=
at performs uncontrolled recursion.</td>
<td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36001" target=3D= "_blank" rel=3D"noopener">CVE-2025-36001</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257616" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257616</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an unauthenticated user to cause=
a denial of service due to excessive use of a global variable.</td> <td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36009" target=3D= "_blank" rel=3D"noopener">CVE-2025-36009</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257623" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257623</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)=C2=A0= 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as=
a trap may occur when selecting from certain types of tables.</td> <td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36070" target=3D= "_blank" rel=3D"noopener">CVE-2025-36070</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257624" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257624</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a=
denial of service due to improper allocation of resources.</td> <td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36098" target=3D= "_blank" rel=3D"noopener">CVE-2025-36098</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257629" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257629</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3=C2=A0could allow a local user to cause a den= ial of service when copying large table containing XML data due to improper=
allocation of system resources.</td>
<td>2026-01-30</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36123" target=3D= "_blank" rel=3D"noopener">CVE-2025-36123</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257627" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257627</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial o=
f service due to improper neutralization of special elements in data query = logic.</td>
<td>2026-01-30</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36353" target=3D= "_blank" rel=3D"noopener">CVE-2025-36353</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257632" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257632</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged re= mote storage aliases could allow an authenticated user to execute unauthori= zed commands due to an authorization bypass vulnerability using a user-cont= rolled key.</td>
<td>2026-01-30</td>
<td>6.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36365" target=3D= "_blank" rel=3D"noopener">CVE-2025-36365</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257665" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257665</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial o=
f service due to improper neutralization of special elements in data query = logic.</td>
<td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36366" target=3D= "_blank" rel=3D"noopener">CVE-2025-36366</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257681" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257681</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.=
0 - 11.5.9 could allow an authenticated user to cause a denial of service w= hen given specially crafted query.</td>
<td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36387" target=3D= "_blank" rel=3D"noopener">CVE-2025-36387</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257690" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257690</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)=C2=A0= 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a den= ial of service due to improper neutralization of special elements in data q= uery logic.</td>
<td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36407" target=3D= "_blank" rel=3D"noopener">CVE-2025-36407</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257692" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257692</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.=
0 - 12.1.3 could allow a local user to cause a denial of service due to imp= roper neutralization of special elements in data query logic.</td> <td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36423" target=3D= "_blank" rel=3D"noopener">CVE-2025-36423</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257694" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257694</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial o=
f service due to improper neutralization of special elements in data query = logic.</td>
<td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36424" target=3D= "_blank" rel=3D"noopener">CVE-2025-36424</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257695" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257695</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial o=
f service due to improper neutralization of special elements in data query = logic.</td>
<td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36427" target=3D= "_blank" rel=3D"noopener">CVE-2025-36427</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257696" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257696</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the = server may crash under certain conditions with a specially crafted query wi=
th XML columns.</td>
<td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36442" target=3D= "_blank" rel=3D"noopener">CVE-2025-36442</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257698" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257698</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 for Linux, UNIX and Windows</td>
<td>IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.=
0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a=
denial of service due to improper neutralization of special elements in da=
ta query logic when the RPSCAN feature is enabled.</td>
<td>2026-01-30</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36428" target=3D= "_blank" rel=3D"noopener">CVE-2025-36428</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257697" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257697</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">igniterealtime--Openfire</td>
<td>Openfire 4.6.0 contains a stored cross-site scripting vulnerability in = the nodejs plugin that allows attackers to inject malicious scripts through=
the 'path' parameter. Attackers can craft a payload with script tags to ex= ecute arbitrary JavaScript in the context of administrative users viewing t=
he nodejs configuration page.</td>
<td>2026-01-26</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36956" target=3D= "_blank" rel=3D"noopener">CVE-2020-36956</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49229" target=3D"_blank" rel= =3D"noopener">ExploitDB-49229</a> <a href=3D"https://github.com/ignitere= altime/Openfire" target=3D"_blank" rel=3D"noopener">Openfire GitHub Reposit= ory</a> <a href=3D"https://www.igniterealtime.org/downloads/" target=3D"= _blank" rel=3D"noopener">Openfire Software Downloads</a> <a href=3D"http= s://www.vulncheck.com/advisories/openfire-path-stored-xss" target=3D"_blank=
" rel=3D"noopener">VulnCheck Advisory: Openfire 4.6.0 - 'path' Stored XSS</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">iJason-Liu--Books_Manager</td>
<td>A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387= ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of t=
he file controllers/books_center/upload_bookCover.php. Performing a manipul= ation of the argument book_cover results in unrestricted upload. The attack=
may be initiated remotely. The exploit has been made public and could be u= sed. This product uses a rolling release model to deliver continuous update=
s. As a result, specific version information for affected or updated releas=
es is not available.</td>
<td>2026-01-26</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1445" target=3D"= _blank" rel=3D"noopener">CVE-2026-1445</a></td>

<a href=3D"https://vuldb.com/?id.342874" target=3D"_blank" rel=3D"noopener"= >VDB-342874 | iJason-Liu Books_Manager upload_bookCover.php unrestricted up= load</a> <a href=3D"https://vuldb.com/?ctiid.342874" target=3D"_blank" r= el=3D"noopener">VDB-342874 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a = href=3D"https://vuldb.com/?submit.736971" target=3D"_blank" rel=3D"noopener= ">Submit #736971 | https://github.com/iJason-Liu/Books_Manager Books_Manage=
r 1.0 File Upload</a> <a href=3D"https://blog.y1fan.work/2026/01/13/%E4%= BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0getshell/" target=3D"_bla= nk" rel=3D"noopener">https://blog.y1fan.work/2026/01/13/%E4%BB%BB%E6%84%8F%= E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0getshell/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ilias.de--ILIAS Learning Management System</td=

<td>ILIAS Learning Management System 4.3 contains a server-side request for= gery vulnerability that allows attackers to read local files through portfo= lio PDF export functionality. Attackers can inject a script that uses XMLHt= tpRequest to retrieve local file contents when the portfolio is exported to=
PDF.</td>
<td>2026-01-28</td>
<td>4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36944" target=3D= "_blank" rel=3D"noopener">CVE-2020-36944</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49148" target=3D"_blank" rel= =3D"noopener">ExploitDB-49148</a> <a href=3D"https://www.ilias.de/" targ= et=3D"_blank" rel=3D"noopener">ILIAS Official Vendor Homepage</a> <a hre= f=3D"https://github.com/ILIAS-eLearning/ILIAS" target=3D"_blank" rel=3D"noo= pener">ILIAS GitHub Repository</a> <a href=3D"https://www.vulncheck.com/= advisories/ilias-learning-management-system-ssrf" target=3D"_blank" rel=3D"= noopener">VulnCheck Advisory: ILIAS Learning Management System 4.3 - SSRF</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Inciga--Inciga Web</td>
<td>Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerabil= ity that allows remote attackers to inject malicious script codes through t=
he icinga.min.js file. Attackers can exploit the EventListener.handleEvent = method to execute arbitrary scripts, potentially leading to session hijacki=
ng and non-persistent phishing attacks.</td>
<td>2026-02-01</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50942" target=3D= "_blank" rel=3D"noopener">CVE-2022-50942</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2273" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://icinga.com/" target=3D"_blank" rel=3D"noopener">Product Homepag= e</a> <a href=3D"https://github.com/Icinga/icingaweb2" target=3D"_blank"=
rel=3D"noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.= com/advisories/inciga-web-client-side-cross-site-scripting-via-eventlistene=
r" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Inciga Web 2.8.2 = Client-Side Cross-Site Scripting via EventListener</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Prior=
to version 2.3.1.2, a heap buffer over-read when the strlen() function att= empts to read a non-null-terminated buffer potentially leaking heap memory = contents and causing application termination. This vulnerability affects us= ers of the iccDEV library who process ICC color profiles. ICC Profile Injec= tion vulnerabilities arise when user-controllable input is incorporated int=
o ICC profile data or other structured binary blobs in an unsafe manner. Ve= rsion 2.3.1.2 contains a fix for the issue. No known workarounds are availa= ble.</td>
<td>2026-01-28</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24852" target=3D= "_blank" rel=3D"noopener">CVE-2026-24852</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-q8g2-mp32-3j7f" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-q8g= 2-mp32-3j7f</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/pull/540" target=3D"_blank" rel=3D"noopener">https://github.com/I= nternationalColorConsortium/iccDEV/pull/540</a> <a href=3D"https://githu= b.com/InternationalColorConsortium/iccDEV/commit/3092499cd4d0775f4a716b9998= 99f9c26f9bc614" target=3D"_blank" rel=3D"noopener">https://github.com/Inter= nationalColorConsortium/iccDEV/commit/3092499cd4d0775f4a716b999899f9c26f9bc= 614</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Is-Daouda--is-Engine</td>
<td>Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Dao= uda is-Engine. This issue affects is-Engine: before 3.3.4.</td> <td>2026-01-27</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24829" target=3D= "_blank" rel=3D"noopener">CVE-2026-24829</a></td>

<a href=3D"https://github.com/Is-Daouda/is-Engine/pull/7" target=3D"_blank"=
rel=3D"noopener">https://github.com/Is-Daouda/is-Engine/pull/7</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--School Management System</td>
<td>A weakness has been identified in itsourcecode School Management System=
1.0. This affects an unknown part of the file /ramonsys/course/controller.= php. Executing a manipulation of the argument ID can lead to sql injection.=
The attack can be executed remotely. The exploit has been made available t=
o the public and could be used for attacks.</td>
<td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1551" target=3D"= _blank" rel=3D"noopener">CVE-2026-1551</a></td>

<a href=3D"https://vuldb.com/?id.343247" target=3D"_blank" rel=3D"noopener"= >VDB-343247 | itsourcecode School Management System controller.php sql inje= ction</a> <a href=3D"https://vuldb.com/?ctiid.343247" target=3D"_blank" = rel=3D"noopener">VDB-343247 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.740644" target=3D"_blank" rel=3D"noopene= r">Submit #740644 | itsourcecode School Management System V1.0 SQL Injectio= n</a> <a href=3D"https://vuldb.com/?submit.740680" target=3D"_blank" rel= =3D"noopener">Submit #740680 | itsourcecode School Management System v1.0 S=
QL Injection (Duplicate)</a> <a href=3D"https://mega.nz/file/6cVwiA5A#BV= waxWlfeQCkkpHnuxPiMDZVb5qcYrsI6ftqdm_8mGk" target=3D"_blank" rel=3D"noopene= r">https://mega.nz/file/6cVwiA5A#BVwaxWlfeQCkkpHnuxPiMDZVb5qcYrsI6ftqdm_8mG= k</a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noo= pener">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">iulia-cazan--Easy Replace Image</td>
<td>The Easy Replace Image plugin for WordPress is vulnerable to Missing Au= thorization in all versions up to, and including, 3.5.2. This is due to mis= sing capability checks on the `image_replacement_from_url` function that is=
hooked to the `eri_from_url` AJAX action. This makes it possible for authe= nticated attackers, with Contributor-level access and above, to replace arb= itrary image attachments on the site with images from external URLs, potent= ially enabling site defacement, phishing attacks, or content manipulation.<=

<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1298" target=3D"= _blank" rel=3D"noopener">CVE-2026-1298</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/27332c= 13-c25f-47ec-980d-035fc35ce553?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/27332c13-c25= f-47ec-980d-035fc35ce553?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/easy-replace-image/trunk/easy-replace-image.php#L96=
1" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/easy-replace-image/trunk/easy-replace-image.php#L961</a> <a href= =3D"https://plugins.trac.wordpress.org/browser/easy-replace-image/tags/3.5.= 2/easy-replace-image.php#L961" target=3D"_blank" rel=3D"noopener">https://p= lugins.trac.wordpress.org/browser/easy-replace-image/tags/3.5.2/easy-replac= e-image.php#L961</a> <a href=3D"https://plugins.trac.wordpress.org/chang= eset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3447984%40easy-replace-ima= ge&new=3D3447984%40easy-replace-image&sfp_email=3D&sfph_mail=3D" target=3D"= _blank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset?sfp_e= mail=3D&sfph_mail=3D&reponame=3D&old=3D3447984%40easy-replace-image&new=3D3= 447984%40easy-replace-image&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jdwebdesigner--Affiliate Pro</td>
<td>Affiliate Pro 1.7 contains multiple reflected cross-site scripting vuln= erabilities in the index module's input fields. Attackers can inject malici= ous scripts through fullname, username, and email parameters to execute cli= ent-side attacks and manipulate browser requests.</td>
<td>2026-02-01</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47911" target=3D= "_blank" rel=3D"noopener">CVE-2021-47911</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2281" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://jdwebdesigner.com/" target=3D"_blank" rel=3D"noopener">Product = Homepage</a> <a href=3D"https://codecanyon.net/item/affiliate-pro-affili= ate-management-system/12908496" target=3D"_blank" rel=3D"noopener">Product = Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/affiliate-p= ro-reflected-cross-site-scripting-via-index-module" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: Affiliate Pro 1.7 Reflected Cross-Site Sc= ripting via Index Module</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Jirafeau project--Jirafeau</td>
<td>Jirafeau normally prevents browser preview for text files due to the po= ssibility that for example SVG and HTML documents could be exploited for cr= oss site scripting. This was done by storing the MIME type of a file and al= lowing only browser preview for MIME types beginning with image (except for=
image/svg+xml, see CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066), vide=
o and audio. However, it was possible to bypass this check by sending a man= ipulated HTTP request with an invalid MIME type like image. When doing the = preview, the browser tries to automatically detect the MIME type resulting =
in detecting SVG and possibly executing JavaScript code. To prevent this, M= IME sniffing is disabled by sending the HTTP header X-Content-Type-Options:=
nosniff.</td>
<td>2026-01-28</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1466" target=3D"= _blank" rel=3D"noopener">CVE-2026-1466</a></td>

<a href=3D"https://gitlab.com/jirafeau/Jirafeau/-/commit/747afb20bfcff14bb6= 7e40e7035d47a6311ba3e1" target=3D"_blank" rel=3D"noopener">https://gitlab.c= om/jirafeau/Jirafeau/-/commit/747afb20bfcff14bb67e40e7035d47a6311ba3e1</a><= br><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-30110" target=3D"= _blank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2022-30110<= /a> <a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-12326" target= =3D"_blank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2024-12= 326</a> <a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7066" tar= get=3D"_blank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2025= -7066</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jishenghua--jshERP</td>
<td>A security vulnerability has been detected in jishenghua jshERP up to 3= .6. The impacted element is the function getBillItemByParam of the file /js= hERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource= .mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads=
to sql injection. It is possible to initiate the attack remotely. The expl= oit has been disclosed publicly and may be used. The project was informed o=
f the problem early through an issue report but has not responded yet.</td> <td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1546" target=3D"= _blank" rel=3D"noopener">CVE-2026-1546</a></td>

<a href=3D"https://vuldb.com/?id.343230" target=3D"_blank" rel=3D"noopener"= >VDB-343230 | jishenghua jshERP com.jsh.erp.datasource.mappers.DepotItemMap= perEx importItemExcel getBillItemByParam sql injection</a> <a href=3D"ht= tps://vuldb.com/?ctiid.343230" target=3D"_blank" rel=3D"noopener">VDB-34323=
0 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com= /?submit.739688" target=3D"_blank" rel=3D"noopener">Submit #739688 | https:= //github.com/jishenghua/jshERP jshERP v3.6 SQL Injection</a> <a href=3D"= https://github.com/jishenghua/jshERP/issues/145" target=3D"_blank" rel=3D"n= oopener">https://github.com/jishenghua/jshERP/issues/145</a> <a href=3D"= https://github.com/jishenghua/jshERP/issues/145#issue-3816930151" target=3D= "_blank" rel=3D"noopener">https://github.com/jishenghua/jshERP/issues/145#i= ssue-3816930151</a> <a href=3D"https://github.com/jishenghua/jshERP/" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/jishenghua/jshERP/</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">jishenghua--jshERP</td>
<td>A vulnerability was identified in jishenghua jshERP up to 3.6. Affected=
by this vulnerability is an unknown functionality of the file /jshERP-boot= /plugin/uploadPluginConfigFile of the component PluginController. Such mani= pulation of the argument configFile leads to path traversal. The attack may=
be launched remotely. The exploit is publicly available and might be used.=
The project was informed of the problem early through an issue report but = has not responded yet.</td>
<td>2026-01-28</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1549" target=3D"= _blank" rel=3D"noopener">CVE-2026-1549</a></td>

<a href=3D"https://vuldb.com/?id.343245" target=3D"_blank" rel=3D"noopener"= >VDB-343245 | jishenghua jshERP PluginController uploadPluginConfigFile pat=
h traversal</a> <a href=3D"https://vuldb.com/?ctiid.343245" target=3D"_b= lank" rel=3D"noopener">VDB-343245 | CTI Indicators (IOB, IOC, TTP, IOA)</a>= <a href=3D"https://vuldb.com/?submit.739805" target=3D"_blank" rel=3D"n= oopener">Submit #739805 | https://github.com/jishenghua/jshERP jshERP v3.6 = Path Traversal</a> <a href=3D"https://github.com/jishenghua/jshERP/issue= s/146" target=3D"_blank" rel=3D"noopener">https://github.com/jishenghua/jsh= ERP/issues/146</a> <a href=3D"https://github.com/jishenghua/jshERP/issue= s/146#issue-3817997461" target=3D"_blank" rel=3D"noopener">https://github.c= om/jishenghua/jshERP/issues/146#issue-3817997461</a> <a href=3D"https://= github.com/jishenghua/jshERP/" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/jishenghua/jshERP/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Laravel Holdings Inc.--Laravel Nova</td> <td>Laravel Nova 3.7.0 contains a denial of service vulnerability that allo=
ws authenticated users to crash the application by manipulating the 'range'=
parameter. Attackers can send simultaneous requests with an extremely high=
range value to overwhelm and crash the server.</td>
<td>2026-01-27</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36950" target=3D= "_blank" rel=3D"noopener">CVE-2020-36950</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49198" target=3D"_blank" rel= =3D"noopener">ExploitDB-49198</a> <a href=3D"https://nova.laravel.com/" = target=3D"_blank" rel=3D"noopener">Laravel Nova Official Homepage</a> <a=
href=3D"https://nova.laravel.com/releases" target=3D"_blank" rel=3D"noopen= er">Laravel Nova Releases Page</a> <a href=3D"https://www.vulncheck.com/= advisories/laravel-nova-range-dos" target=3D"_blank" rel=3D"noopener">VulnC= heck Advisory: Laravel Nova 3.7.0 - 'range' DoS</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">libexpat project--libexpat</td>
<td>In libexpat before 2.7.4, the doContent function does not properly dete= rmine the buffer size bufSize because there is no integer overflow check fo=
r tag buffer reallocation.</td>
<td>2026-01-30</td>
<td>6.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25210" target=3D= "_blank" rel=3D"noopener">CVE-2026-25210</a></td>

<a href=3D"https://github.com/libexpat/libexpat/pull/1075" target=3D"_blank=
" rel=3D"noopener">https://github.com/libexpat/libexpat/pull/1075</a> <a=
href=3D"https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e= 6abe2e44527eeaa8b39f16fe859c7" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b3= 9f16fe859c7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Limesurvey--LimeSurvey</td>
<td>LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability =
in the Survey Menu functionality of the administration panel. Attackers can=
inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[= parent_id] parameters to execute arbitrary JavaScript in administrative con= texts.</td>
<td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36993" target=3D= "_blank" rel=3D"noopener">CVE-2020-36993</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48762" target=3D"_blank" rel= =3D"noopener">ExploitDB-48762</a> <a href=3D"https://www.limesurvey.org"=
target=3D"_blank" rel=3D"noopener">LimeSurvey Official Website</a> <a h= ref=3D"https://github.com/LimeSurvey/LimeSurvey/commit/3712854a8fd8d875c676= 40969a1d54c4d93d3676" target=3D"_blank" rel=3D"noopener">LimeSurvey Patch C= ommit</a> <a href=3D"https://www.vulncheck.com/advisories/limesurvey-sur= vey-menu-persistent-cross-site-scripting" target=3D"_blank" rel=3D"noopener= ">VulnCheck Advisory: LimeSurvey <=3D 4.3.10 - 'Survey Menu' Persistent = Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">linknacional--Link Invoice Payment for WooComm= erce</td>
<td>The Link Invoice Payment for WooCommerce plugin for WordPress is vulner= able to unauthorized modification of data due to a missing capability check=
on the createPartialPayment and cancelPartialPayment functions in all vers= ions up to, and including, 2.8.0. This makes it possible for unauthenticate=
d attackers to create partial payments on any order or cancel any existing = partial payment via ID enumeration.</td>
<td>2026-01-27</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14971" target=3D= "_blank" rel=3D"noopener">CVE-2025-14971</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/96a8fc= 8b-6f0a-486c-89d1-7211b4ca31bd?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/96a8fc8b-6f0= a-486c-89d1-7211b4ca31bd?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/invoice-payment-for-woocommerce/tags/2.8.0/Includes= /WcPaymentInvoiceEndpoint.php#L19" target=3D"_blank" rel=3D"noopener">https= ://plugins.trac.wordpress.org/browser/invoice-payment-for-woocommerce/tags/= 2.8.0/Includes/WcPaymentInvoiceEndpoint.php#L19</a> <a href=3D"https://p= lugins.trac.wordpress.org/browser/invoice-payment-for-woocommerce/tags/2.8.= 0/Includes/WcPaymentInvoiceEndpoint.php#L179" target=3D"_blank" rel=3D"noop= ener">https://plugins.trac.wordpress.org/browser/invoice-payment-for-woocom= merce/tags/2.8.0/Includes/WcPaymentInvoiceEndpoint.php#L179</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">litonice13--WP Adminify White Label WordPress,=
Admin Menu Editor, Login Customizer</td>
<td>The WP Adminify plugin for WordPress is vulnerable to Sensitive Informa= tion Exposure in all versions up to, and including, 4.0.7.7 via the /wp-jso= n/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered=
with permission_callback set to __return_true, allowing unauthenticated at= tackers to retrieve the complete list of available addons, their installati=
on status, version numbers, and download URLs.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1060" target=3D"= _blank" rel=3D"noopener">CVE-2026-1060</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/7ecb4f= 95-346e-49b3-859f-44f28a72f065?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/7ecb4f95-346= e-49b3-859f-44f28a72f065?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/adminify/tags/4.0.6.1/Libs/Addons.php#L54" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/adm= inify/tags/4.0.6.1/Libs/Addons.php#L54</a> <a href=3D"https://plugins.tr= ac.wordpress.org/changeset/3442928/" target=3D"_blank" rel=3D"noopener">htt= ps://plugins.trac.wordpress.org/changeset/3442928/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">localsend--localsend</td>
<td>LocalSend is a free, open-source app that allows users to share files a=
nd messages with nearby devices over their local network without needing an=
internet connection. In versions up to and including 1.17.0, when a user i= nitiates a "Share via Link" session, the LocalSend application starts a loc=
al HTTP server to host the selected files. The client-side logic for this w=
eb interface is contained in `app/assets/web/main.js`. Note that at [0], th=
e `handleFilesDisplay` function constructs the HTML for the file list by it= erating over the files received from the server. Commit 8f3cec85aa29b2b13fe= d9b2f8e499e1ac9b0504c contains a patch.</td>
<td>2026-01-30</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25154" target=3D= "_blank" rel=3D"noopener">CVE-2026-25154</a></td>

<a href=3D"https://github.com/localsend/localsend/security/advisories/GHSA-= 34v6-52hh-x4r4" target=3D"_blank" rel=3D"noopener">https://github.com/local= send/localsend/security/advisories/GHSA-34v6-52hh-x4r4</a> <a href=3D"ht= tps://github.com/localsend/localsend/commit/8f3cec85aa29b2b13fed9b2f8e499e1= ac9b0504c" target=3D"_blank" rel=3D"noopener">https://github.com/localsend/= localsend/commit/8f3cec85aa29b2b13fed9b2f8e499e1ac9b0504c</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">lxicon--Bitcoin Donate Button</td>
<td>The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-S= ite Request Forgery in all versions up to, and including, 1.0. This is due =
to missing or incorrect nonce validation on the settings page. This makes i=
t possible for unauthenticated attackers to modify the plugin's settings, i= ncluding donation addresses and display configurations, via a forged reques=
t granted they can trick a site administrator into performing an action suc=
h as clicking on a link.</td>
<td>2026-01-28</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1380" target=3D"= _blank" rel=3D"noopener">CVE-2026-1380</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/3c973d= d9-cfa3-4f06-a25a-c2786e3dca4d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/3c973dd9-cfa= 3-4f06-a25a-c2786e3dca4d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/bitcoin-donate-button/trunk/btcbutton.php#L1" targe= t=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/bi= tcoin-donate-button/trunk/btcbutton.php#L1</a> <a href=3D"https://plugin= s.trac.wordpress.org/browser/bitcoin-donate-button/tags/1.0/btcbutton.php#L=
1" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/bitcoin-donate-button/tags/1.0/btcbutton.php#L1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">mamunreza--Vzaar Media Management</td>
<td>The Vzaar Media Management plugin for WordPress is vulnerable to Reflec= ted Cross-Site Scripting in all versions up to, and including, 1.2 due to i= nsufficient input sanitization and output escaping on the $_SERVER['PHP_SEL= F'] variable. This makes it possible for unauthenticated attackers to injec=
t arbitrary web scripts in pages that execute if they can successfully tric=
k a user into performing an action such as clicking on a link.</td> <td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1391" target=3D"= _blank" rel=3D"noopener">CVE-2026-1391</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/398a75= b1-6470-44b3-aaea-d5e8b10db115?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/398a75b1-647= 0-44b3-aaea-d5e8b10db115?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/vzaar-media-management/trunk/admin/vzaar-media-uplo= ad.php#L103" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpr= ess.org/browser/vzaar-media-management/trunk/admin/vzaar-media-upload.php#L= 103</a> <a href=3D"https://plugins.trac.wordpress.org/browser/vzaar-medi= a-management/tags/1.2/admin/vzaar-media-upload.php#L103" target=3D"_blank" = rel=3D"noopener">https://plugins.trac.wordpress.org/browser/vzaar-media-man= agement/tags/1.2/admin/vzaar-media-upload.php#L103</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">mapstructure--mapstructure</td>
<td>A flaw was found in github.com/go-viper/mapstructure/v2, in the field p= rocessing component using mapstructure.WeakDecode. This vulnerability allow=
s information disclosure through detailed error messages that may leak sens= itive input values via malformed user-supplied data processed in security-c= ritical contexts.</td>
<td>2026-01-26</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11065" target=3D= "_blank" rel=3D"noopener">CVE-2025-11065</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-11065" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-1= 1065</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D239182=
9" target=3D"_blank" rel=3D"noopener">RHBZ#2391829</a> <a href=3D"https:= //github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc507= 5d2c39c" target=3D"_blank" rel=3D"noopener">https://github.com/go-viper/map= structure/commit/742921c9ba2854d27baa64272487fc5075d2c39c</a> <a href=3D= "https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7= c-4cjm" target=3D"_blank" rel=3D"noopener">https://github.com/go-viper/maps= tructure/security/advisories/GHSA-2464-8j7c-4cjm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">metagauss--RegistrationMagic Custom Registrati=
on Forms, User Registration, Payment, and User Login</td>
<td>The RegistrationMagic plugin for WordPress is vulnerable to Missing Aut= horization in versions up to, and including, 6.0.7.4. This is due to missin=
g nonce verification and capability checks on the rm_set_otp AJAX action ha= ndler. This makes it possible for unauthenticated attackers to modify arbit= rary plugin settings, including reCAPTCHA keys, security settings, and fron= tend menu titles.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1054" target=3D"= _blank" rel=3D"noopener">CVE-2026-1054</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/daf4d2= 46-85f3-48b3-985f-982fea4772f1?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/daf4d246-85f= 3-48b3-985f-982fea4772f1?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/custom-registration-form-builder-with-submission-ma= nager/tags/6.0.6.9/admin/controllers/class_rm_options_controller.php#L209" = target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brows= er/custom-registration-form-builder-with-submission-manager/tags/6.0.6.9/ad= min/controllers/class_rm_options_controller.php#L209</a> <a href=3D"http= s://plugins.trac.wordpress.org/changeset/3444777/" target=3D"_blank" rel=3D= "noopener">https://plugins.trac.wordpress.org/changeset/3444777/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">michalc--PDW File Browser</td>
<td>PDW File Browser 1.3 contains a remote code execution vulnerability tha=
t allows authenticated users to upload and rename webshell files to arbitra=
ry web server locations. Attackers can upload a .txt webshell, rename it to=
.php, and move it to accessible directories using double-encoded path trav= ersal techniques.</td>
<td>2026-01-28</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36973" target=3D= "_blank" rel=3D"noopener">CVE-2020-36973</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48987" target=3D"_blank" rel= =3D"noopener">ExploitDB-48987</a> <a href=3D"https://github.com/michalc/= PDW-File-Browser" target=3D"_blank" rel=3D"noopener">PDW File Browser GitHu=
b Repository</a> <a href=3D"https://www.vulncheck.com/advisories/pdw-fil= e-browser-remote-code-execution" target=3D"_blank" rel=3D"noopener">VulnChe=
ck Advisory: PDW File Browser 1.3 - Remote Code Execution</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">microsoft--maker.js</td>
<td>Maker.js is a 2D vector line drawing and shape modeling for CNC and las=
er cutters. In versions up to and including 0.19.1, the `makerjs.extendObje= ct` function copies properties from source objects without proper validatio=
n, potentially exposing applications to security risks. The function lacks = `hasOwnProperty()` checks and does not filter dangerous keys, allowing inhe= rited properties and potentially malicious properties to be copied to targe=
t objects. A patch is available in commit 85e0f12bd868974b891601a141974f929= dec36b8, which is expected to be part of version 0.19.2.</td> <td>2026-01-28</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24888" target=3D= "_blank" rel=3D"noopener">CVE-2026-24888</a></td>

<a href=3D"https://github.com/microsoft/maker.js/security/advisories/GHSA-2= cp6-34r9-54xx" target=3D"_blank" rel=3D"noopener">https://github.com/micros= oft/maker.js/security/advisories/GHSA-2cp6-34r9-54xx</a> <a href=3D"http= s://github.com/microsoft/maker.js/commit/85e0f12bd868974b891601a141974f929d= ec36b8" target=3D"_blank" rel=3D"noopener">https://github.com/microsoft/mak= er.js/commit/85e0f12bd868974b891601a141974f929dec36b8</a> <a href=3D"htt= ps://github.com/microsoft/maker.js/blob/98cffa82a372ff942194c925a12a3112535= 87167/packages/maker.js/src/core/maker.ts#L232-L241" target=3D"_blank" rel= =3D"noopener">https://github.com/microsoft/maker.js/blob/98cffa82a372ff9421= 94c925a12a311253587167/packages/maker.js/src/core/maker.ts#L232-L241</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">midgetspy--Sickbeard</td>
<td>Sickbeard alpha contains a cross-site request forgery vulnerability tha=
t allows attackers to disable authentication by submitting crafted configur= ation parameters. Attackers can trick users into submitting a malicious for=
m that clears web username and password, effectively removing authenticatio=
n protection.</td>
<td>2026-01-30</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37026" target=3D= "_blank" rel=3D"noopener">CVE-2020-37026</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48712" target=3D"_blank" rel= =3D"noopener">ExploitDB-48712</a> <a href=3D"https://web.archive.org/web= /20190722085652/https://sickbeard.com/" target=3D"_blank" rel=3D"noopener">= Archived Sickbeard Official Homepage</a> <a href=3D"https://github.com/m= idgetspy/Sick-Beard" target=3D"_blank" rel=3D"noopener">Sickbeard GitHub Re= pository</a> <a href=3D"https://www.vulncheck.com/advisories/sickbeard-c= ross-site-request-forgery" target=3D"_blank" rel=3D"noopener">VulnCheck Adv= isory: Sickbeard 0.1 - Cross-Site Request Forgery</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">migaweb--Simple calendar for Elementor</td> <td>The Simple calendar for Elementor plugin for WordPress is vulnerable to=
Missing Authorization in all versions up to, and including, 1.6.6. This is=
due to missing capability checks on the `miga_ajax_editor_cal_delete` func= tion that is hooked to the `miga_editor_cal_delete` AJAX action with both a= uthenticated and unauthenticated access enabled. This makes it possible for=
unauthenticated attackers to delete arbitrary calendar entries by sending =
a request with a valid nonce and the calendar entry ID.</td> <td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1310" target=3D"= _blank" rel=3D"noopener">CVE-2026-1310</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/e537c5= 6d-7c5e-4f21-b266-ef3d1a87caf2?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/e537c56d-7c5= e-4f21-b266-ef3d1a87caf2?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/simple-calendar-for-elementor/trunk/widget/includes= /backend_functions.php#L3" target=3D"_blank" rel=3D"noopener">https://plugi= ns.trac.wordpress.org/browser/simple-calendar-for-elementor/trunk/widget/in= cludes/backend_functions.php#L3</a> <a href=3D"https://plugins.trac.word= press.org/browser/simple-calendar-for-elementor/tags/1.6.6/widget/includes/= backend_functions.php#L3" target=3D"_blank" rel=3D"noopener">https://plugin= s.trac.wordpress.org/browser/simple-calendar-for-elementor/tags/1.6.6/widge= t/includes/backend_functions.php#L3</a> <a href=3D"https://plugins.trac.= wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3444617= %40simple-calendar-for-elementor&new=3D3444617%40simple-calendar-for-elemen= tor&sfp_email=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://p= lugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&o= ld=3D3444617%40simple-calendar-for-elementor&new=3D3444617%40simple-calenda= r-for-elementor&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">miles99--WP Google Ad Manager Plugin</td>
<td>The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to S= tored Cross-Site Scripting via admin settings in all versions up to, and in= cluding, 1.1.0 due to insufficient input sanitization and output escaping. = This makes it possible for authenticated attackers, with administrator-leve=
l permissions and above, to inject arbitrary web scripts in pages that will=
execute whenever a user accesses an injected page. This only affects multi= -site installations and installations where unfiltered_html has been disabl= ed.</td>
<td>2026-01-28</td>
<td>4.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1399" target=3D"= _blank" rel=3D"noopener">CVE-2026-1399</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/f3185d= 82-a785-4165-8469-abc0be38f852?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/f3185d82-a78= 5-4165-8469-abc0be38f852?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wp-google-ad-manager-plugin/trunk/WP-Google-Ad-Mana= ger.php#L194" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordp= ress.org/browser/wp-google-ad-manager-plugin/trunk/WP-Google-Ad-Manager.php= #L194</a> <a href=3D"https://plugins.trac.wordpress.org/browser/wp-googl= e-ad-manager-plugin/tags/1.1.0/WP-Google-Ad-Manager.php#L194" target=3D"_bl= ank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/wp-google-= ad-manager-plugin/tags/1.1.0/WP-Google-Ad-Manager.php#L194</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">MongoDB--Mongo-c-driver</td>
<td>User-controlled chunkSize metadata from MongoDB lacks appropriate valid= ation allowing malformed GridFS metadata to overflow the bounding container= .</td>
<td>2026-01-27</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14911" target=3D= "_blank" rel=3D"noopener">CVE-2025-14911</a></td>

<a href=3D"https://jira.mongodb.org/browse/CDRIVER-6125" target=3D"_blank" = rel=3D"noopener">https://jira.mongodb.org/browse/CDRIVER-6125</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">MrPlugins--BootCommerce</td>
<td>BootCommerce 3.2.1 contains persistent input validation vulnerabilities=
that allow remote attackers to inject malicious script code through guest = order checkout input fields. Attackers can exploit unvalidated input parame= ters to execute arbitrary scripts, potentially leading to session hijacking=
, phishing attacks, and application module manipulation.</td> <td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50941" target=3D= "_blank" rel=3D"noopener">CVE-2022-50941</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2279" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://codecanyon.net/item/bootcommerce-ecommerce-twitter-bootstrap-ba= sed/5702921" target=3D"_blank" rel=3D"noopener">Product Homepage</a> <a = href=3D"https://www.vulncheck.com/advisories/bootcommerce-persistent-cross-= site-scripting-via-order-checkout" target=3D"_blank" rel=3D"noopener">VulnC= heck Advisory: BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order=
Checkout</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Naviwebs S.C.--Navigate CMS</td>
<td>Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability = that allows attackers to upload malicious extensions through a crafted HTML=
page. Attackers can trick authenticated administrators into executing arbi= trary file uploads by leveraging the extension upload functionality without=
additional validation.</td>
<td>2026-01-30</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37054" target=3D= "_blank" rel=3D"noopener">CVE-2020-37054</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48548" target=3D"_blank" rel= =3D"noopener">ExploitDB-48548</a> <a href=3D"https://www.navigatecms.com= /en/home" target=3D"_blank" rel=3D"noopener">Navigate CMS Official Homepage= </a> <a href=3D"https://sourceforge.net/projects/navigatecms" target=3D"= _blank" rel=3D"noopener">Navigate CMS SourceForge Page</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/navigate-cms-cross-site-request-forgery"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Navigate CMS 2.8.7 =
- Cross-Site Request Forgery</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nebojsadabic--Target Video Easy Publish</td> <td>The Target Video Easy Publish plugin for WordPress is vulnerable to Sto= red Cross-Site Scripting via the 'placeholder_img' parameter in all version=
s up to, and including, 3.8.8 due to insufficient input sanitization and ou= tput escaping. This makes it possible for authenticated attackers, with Con= tributor-level access and above, to inject arbitrary web scripts in pages t= hat will execute whenever a user accesses an injected page.</td> <td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-8072" target=3D"= _blank" rel=3D"noopener">CVE-2025-8072</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/26e16d= d3-66bc-4174-acc1-ee22713ae979?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/26e16dd3-66b= c-4174-acc1-ee22713ae979?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/brid-video-easy-publish/tags/3.8.6/lib/BridShortcod= e.php#L204" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpre= ss.org/browser/brid-video-easy-publish/tags/3.8.6/lib/BridShortcode.php#L20= 4</a> <a href=3D"https://wordpress.org/plugins/brid-video-easy-publish/#= developers" target=3D"_blank" rel=3D"noopener">https://wordpress.org/plugin= s/brid-video-easy-publish/#developers</a> <a href=3D"https://plugins.tra= c.wordpress.org/changeset/3437514/brid-video-easy-publish/trunk/lib/BridSho= rtcode.php" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpre= ss.org/changeset/3437514/brid-video-easy-publish/trunk/lib/BridShortcode.ph= p</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NetArt Media--Easy Cart Shopping Cart</td> <td>Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scrip= ting vulnerability in the search module's keyword parameter. Remote attacke=
rs can inject malicious script code through the search input to compromise = user sessions and manipulate application content.</td>
<td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47856" target=3D= "_blank" rel=3D"noopener">CVE-2021-47856</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2298" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://www.netartmedia.net/easy-cart" target=3D"_blank" rel=3D"noopene= r">Product Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/= easy-cart-shopping-cart-cross-site-scripting-via-search-parameter" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: Easy Cart Shopping Cart 20=
21 Cross-Site Scripting via Search Parameter</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nocodb--nocodb</td>
<td>NocoDB is software for building databases as spreadsheets. Prior to ver= sion 0.301.0, an authenticated user with org-level-creator permissions can = exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint,=
causing all database write operations to fail application-wide until serve=
r restart. While the pollution technically bypasses SUPER_ADMIN authorizati=
on checks, no practical privileged actions can be performed because databas=
e operations fail immediately after pollution. Version 0.301.0 patches the = issue.</td>
<td>2026-01-28</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24766" target=3D= "_blank" rel=3D"noopener">CVE-2026-24766</a></td>

<a href=3D"https://github.com/nocodb/nocodb/security/advisories/GHSA-95ff-4= 6g6-6gw9" target=3D"_blank" rel=3D"noopener">https://github.com/nocodb/noco= db/security/advisories/GHSA-95ff-46g6-6gw9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nocodb--nocodb</td>
<td>NocoDB is software for building databases as spreadsheets. Prior to ver= sion 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exis=
ts in the `uploadViaURL` functionality due to an unprotected `HEAD` request=
. While the subsequent file retrieval logic correctly enforces SSRF protect= ions, the initial metadata request executes without validation. This allows=
limited outbound requests to arbitrary URLs before SSRF controls are appli= ed. Version 0.301.0 contains a patch for the issue.</td>
<td>2026-01-28</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24767" target=3D= "_blank" rel=3D"noopener">CVE-2026-24767</a></td>

<a href=3D"https://github.com/nocodb/nocodb/security/advisories/GHSA-xr7v-j= 379-34v9" target=3D"_blank" rel=3D"noopener">https://github.com/nocodb/noco= db/security/advisories/GHSA-xr7v-j379-34v9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NVIDIA--GeForce</td>
<td>NVIDIA HD Audio Driver for Windows contains a vulnerability where an at= tacker could exploit a NULL pointer dereference issue. A successful exploit=
of this vulnerability might lead to a denial of service.</td> <td>2026-01-28</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33237" target=3D= "_blank" rel=3D"noopener">CVE-2025-33237</a></td>

<a href=3D"https://nvd.nist.gov/vuln/detail/CVE-2025-33237" target=3D"_blan=
k" rel=3D"noopener">https://nvd.nist.gov/vuln/detail/CVE-2025-33237</a> =
<a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33237" target=3D"_bl= ank" rel=3D"noopener">https://www.cve.org/CVERecord?id=3DCVE-2025-33237</a>= <a href=3D"https://nvidia.custhelp.com/app/answers/detail/a_id/5747" ta= rget=3D"_blank" rel=3D"noopener">https://nvidia.custhelp.com/app/answers/de= tail/a_id/5747</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OISF--suricata</td>
<td>Suricata is a network IDS, IPS and NSM engine. While saving a dataset a=
stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.= 14, if the data in the dataset is too large, this can result in a stack ove= rflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not u=
se rules with datasets `save` nor `state` options.</td>
<td>2026-01-27</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22262" target=3D= "_blank" rel=3D"noopener">CVE-2026-22262</a></td>

<a href=3D"https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2= gwh-xp86" target=3D"_blank" rel=3D"noopener">https://github.com/OISF/surica= ta/security/advisories/GHSA-9qg5-2gwh-xp86</a> <a href=3D"https://github= .com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf" target= =3D"_blank" rel=3D"noopener">https://github.com/OISF/suricata/commit/0eff24= 213763c2aa2bb0957901d5dc1e18414dbf</a> <a href=3D"https://github.com/OIS= F/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1" target=3D"_blan=
k" rel=3D"noopener">https://github.com/OISF/suricata/commit/27a2180bceaa347= 7419c78c54fce364398d011f1</a> <a href=3D"https://github.com/OISF/suricat= a/commit/32609e6896f9079c175665a94005417cec7637eb" target=3D"_blank" rel=3D= "noopener">https://github.com/OISF/suricata/commit/32609e6896f9079c175665a9= 4005417cec7637eb</a> <a href=3D"https://github.com/OISF/suricata/commit/= 32a1b9ae6aa80a60c073897e38a2ac6ea0f64521" target=3D"_blank" rel=3D"noopener= ">https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea= 0f64521</a> <a href=3D"https://github.com/OISF/suricata/commit/d6bc718e3= 03ecbec5999066b8bc88eeeca743658" target=3D"_blank" rel=3D"noopener">https:/= /github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658</= a> <a href=3D"https://github.com/OISF/suricata/commit/d767dfadcd166f8268= 3757818b9e46943326ac90" target=3D"_blank" rel=3D"noopener">https://github.c= om/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90</a> <a = href=3D"https://redmine.openinfosecfoundation.org/issues/8110" target=3D"_b= lank" rel=3D"noopener">https://redmine.openinfosecfoundation.org/issues/811= 0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OISF--suricata</td>
<td>Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.=
0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lea=
d to slowdown over multiple packets. Version 8.0.3 patches the issue. No kn= own workarounds are available.</td>
<td>2026-01-27</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22263" target=3D= "_blank" rel=3D"noopener">CVE-2026-22263</a></td>

<a href=3D"https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-h= xj6-hwx7" target=3D"_blank" rel=3D"noopener">https://github.com/OISF/surica= ta/security/advisories/GHSA-rwc5-hxj6-hwx7</a> <a href=3D"https://github= .com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428" target= =3D"_blank" rel=3D"noopener">https://github.com/OISF/suricata/commit/018a37= 7f74e3eb2b042c6f783ad9043060923428</a> <a href=3D"https://redmine.openin= fosecfoundation.org/issues/8201" target=3D"_blank" rel=3D"noopener">https:/= /redmine.openinfosecfoundation.org/issues/8201</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Open5GS--Open5GS</td>
<td>A security flaw has been discovered in Open5GS up to 2.7.6. This affect=
s the function sgwc_s5c_handle_bearer_resource_failure_indication of the fi=
le src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation = results in denial of service. The attack can be initiated remotely. The exp= loit has been released to the public and may be used for attacks. The patch=
is named 69b53add90a9479d7960b822fc60601d659c328b. It is recommended to ap= ply a patch to fix this issue.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1521" target=3D"= _blank" rel=3D"noopener">CVE-2026-1521</a></td>

<a href=3D"https://vuldb.com/?id.343192" target=3D"_blank" rel=3D"noopener"= >VDB-343192 | Open5GS SGWC s5c-handler.c denial of service</a> <a href= =3D"https://vuldb.com/?ctiid.343192" target=3D"_blank" rel=3D"noopener">VDB= -343192 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vul= db.com/?submit.738370" target=3D"_blank" rel=3D"noopener">Submit #738370 | = Open5GS SGWC v2.7.6 Denial of Service</a> <a href=3D"https://github.com/= open5gs/open5gs/issues/4268" target=3D"_blank" rel=3D"noopener">https://git= hub.com/open5gs/open5gs/issues/4268</a> <a href=3D"https://github.com/op= en5gs/open5gs/issues/4268#event-21989483261" target=3D"_blank" rel=3D"noope= ner">https://github.com/open5gs/open5gs/issues/4268#event-21989483261</a><b= r><a href=3D"https://github.com/open5gs/open5gs/issues/4268#issue-379501286=
1" target=3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/is= sues/4268#issue-3795012861</a> <a href=3D"https://github.com/open5gs/ope= n5gs/commit/69b53add90a9479d7960b822fc60601d659c328b" target=3D"_blank" rel= =3D"noopener">https://github.com/open5gs/open5gs/commit/69b53add90a9479d796= 0b822fc60601d659c328b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Open5GS--Open5GS</td>
<td>A weakness has been identified in Open5GS up to 2.7.6. This vulnerabili=
ty affects the function sgwc_s5c_handle_modify_bearer_response of the file = src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can = lead to denial of service. The attack can be launched remotely. The exploit=
has been made available to the public and could be used for attacks. This = patch is called b19cf6a. Applying a patch is advised to resolve this issue.=
The issue report is flagged as already-fixed.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1522" target=3D"= _blank" rel=3D"noopener">CVE-2026-1522</a></td>

<a href=3D"https://vuldb.com/?id.343193" target=3D"_blank" rel=3D"noopener"= >VDB-343193 | Open5GS SGWC s5c-handler.c sgwc_s5c_handle_modify_bearer_resp= onse denial of service</a> <a href=3D"https://vuldb.com/?ctiid.343193" t= arget=3D"_blank" rel=3D"noopener">VDB-343193 | CTI Indicators (IOB, IOC, TT=
P, IOA)</a> <a href=3D"https://vuldb.com/?submit.738371" target=3D"_blan=
k" rel=3D"noopener">Submit #738371 | Open5GS SGWC v2.7.6 Denial of Service<= /a> <a href=3D"https://github.com/open5gs/open5gs/issues/4266" target=3D= "_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/issues/4266</a= > <a href=3D"https://github.com/open5gs/open5gs/issues/4266#event-219685= 68116" target=3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5g= s/issues/4266#event-21968568116</a> <a href=3D"https://github.com/open5g= s/open5gs/issues/4266#issue-3794991595" target=3D"_blank" rel=3D"noopener">= https://github.com/open5gs/open5gs/issues/4266#issue-3794991595</a> <a h= ref=3D"https://github.com/open5gs/open5gs/commit/b19cf6a" target=3D"_blank"=
rel=3D"noopener">https://github.com/open5gs/open5gs/commit/b19cf6a</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Open5GS--Open5GS</td>
<td>A flaw has been found in Open5GS up to 2.7.5. Impacted is the function = ogs_gtp2_f_teid_to_ip of the file /sgwc/s11-handler.c of the component SGWC=
. Executing a manipulation can lead to denial of service. The attack may be=
performed from remote. The exploit has been published and may be used. It =
is advisable to implement a patch to correct this issue. The issue report i=
s flagged as already-fixed.</td>
<td>2026-01-29</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1586" target=3D"= _blank" rel=3D"noopener">CVE-2026-1586</a></td>

<a href=3D"https://vuldb.com/?id.343349" target=3D"_blank" rel=3D"noopener"= >VDB-343349 | Open5GS SGWC s11-handler.c ogs_gtp2_f_teid_to_ip denial of se= rvice</a> <a href=3D"https://vuldb.com/?ctiid.343349" target=3D"_blank" = rel=3D"noopener">VDB-343349 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.738375" target=3D"_blank" rel=3D"noopene= r">Submit #738375 | Open5GS SGWC v2.7.6 Denial of Service</a> <a href=3D= "https://github.com/open5gs/open5gs/issues/4273" target=3D"_blank" rel=3D"n= oopener">https://github.com/open5gs/open5gs/issues/4273</a> <a href=3D"h= ttps://github.com/open5gs/open5gs/issues/4273#event-21968643659" target=3D"= _blank" rel=3D"noopener">https://github.com/open5gs/open5gs/issues/4273#eve= nt-21968643659</a> <a href=3D"https://github.com/open5gs/open5gs/issues/= 4273#issue-3796030721" target=3D"_blank" rel=3D"noopener">https://github.co= m/open5gs/open5gs/issues/4273#issue-3796030721</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Open5GS--Open5GS</td>
<td>A vulnerability has been found in Open5GS up to 2.7.6. The affected ele= ment is the function sgwc_s11_handle_modify_bearer_request of the file /sgw= c/s11-handler.c of the component SGWC. The manipulation leads to denial of = service. It is possible to initiate the attack remotely. The exploit has be=
en disclosed to the public and may be used. Applying a patch is the recomme= nded action to fix this issue. The issue report is flagged as already-fixed= .</td>
<td>2026-01-29</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1587" target=3D"= _blank" rel=3D"noopener">CVE-2026-1587</a></td>

<a href=3D"https://vuldb.com/?id.343350" target=3D"_blank" rel=3D"noopener"= >VDB-343350 | Open5GS SGWC s11-handler.c sgwc_s11_handle_modify_bearer_requ= est denial of service</a> <a href=3D"https://vuldb.com/?ctiid.343350" ta= rget=3D"_blank" rel=3D"noopener">VDB-343350 | CTI Indicators (IOB, IOC, TTP=
, IOA)</a> <a href=3D"https://vuldb.com/?submit.738376" target=3D"_blank=
" rel=3D"noopener">Submit #738376 | Open5GS SGWC v2.7.6 Denial of Service</= a> <a href=3D"https://github.com/open5gs/open5gs/issues/4272" target=3D"= _blank" rel=3D"noopener">https://github.com/open5gs/open5gs/issues/4272</a>= <a href=3D"https://github.com/open5gs/open5gs/issues/4272#event-2196863= 5948" target=3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs= /issues/4272#event-21968635948</a> <a href=3D"https://github.com/open5gs= /open5gs/issues/4272#issue-3795156752" target=3D"_blank" rel=3D"noopener">h= ttps://github.com/open5gs/open5gs/issues/4272#issue-3795156752</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenZ--OpenZ ERP</td>
<td>OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerabili=
ty in the Employee module's name and description parameters. Attackers can = inject malicious scripts through POST requests to , enabling session hijack= ing and manipulation of application modules.</td>
<td>2026-01-30</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37022" target=3D= "_blank" rel=3D"noopener">CVE-2020-37022</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48450" target=3D"_blank" rel= =3D"noopener">ExploitDB-48450</a> <a href=3D"https://www.openz.de/" targ= et=3D"_blank" rel=3D"noopener">OpenZ Official Website</a> <a href=3D"htt= ps://www.openz.de/download.html" target=3D"_blank" rel=3D"noopener">OpenZ D= ownload Page</a> <a href=3D"https://www.vulnerability-lab.com/get_conten= t.php?id=3D2234" target=3D"_blank" rel=3D"noopener">Vulnerability Lab Advis= ory</a> <a href=3D"https://www.vulncheck.com/advisories/openz-erp-persis= tent-cross-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Adv= isory: OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">opf--openproject</td>
<td>OpenProject is an open-source, web-based project management software. I=
n the new editor for collaborative documents based on BlockNote, OpenProjec=
t maintainers added a custom extension in OpenProject version 17.0.0 that a= llows to mention OpenProject work packages in the document. To show work pa= ckage details, the editor loads details about the work package via the Open= Project API. For this API call, the extension to the BlockNote editor did n=
ot properly validate the given work package ID to be only a number. This al= lowed an attacker to generate a document with relative links that upon open= ing could make arbitrary `GET` requests to any URL within the OpenProject i= nstance. This issue was patched in version version 0.0.22 of op-blocknote-e= xtensions, which was shipped with OpenProject 17.0.2. If users cannot updat=
e immediately to version 17.0.2 of OpenProject, administrators can disable = collaborative document editing in Settings -> Documents -> Real time = collaboration -> Disable.</td>
<td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24775" target=3D= "_blank" rel=3D"noopener">CVE-2026-24775</a></td>

<a href=3D"https://github.com/opf/openproject/security/advisories/GHSA-35c6= -x276-2pvc" target=3D"_blank" rel=3D"noopener">https://github.com/opf/openp= roject/security/advisories/GHSA-35c6-x276-2pvc</a> <a href=3D"https://gi= thub.com/opf/op-blocknote-extensions/releases/tag/v0.0.22" target=3D"_blank=
" rel=3D"noopener">https://github.com/opf/op-blocknote-extensions/releases/= tag/v0.0.22</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Orchardcore--Orchard Core</td>
<td>Orchard Core RC1 contains a persistent cross-site scripting vulnerabili=
ty that allows remote attackers to inject malicious scripts through blog po=
st creation. Attackers can create blog posts with embedded JavaScript in th=
e MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim = browsers.</td>
<td>2026-01-30</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37019" target=3D= "_blank" rel=3D"noopener">CVE-2020-37019</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48456" target=3D"_blank" rel= =3D"noopener">ExploitDB-48456</a> <a href=3D"http://www.orchardcore.net/=
" target=3D"_blank" rel=3D"noopener">Orchard Core Official Website</a> <=
a href=3D"https://github.com/OrchardCMS/OrchardCore" target=3D"_blank" rel= =3D"noopener">Orchard Core GitHub Repository</a> <a href=3D"https://gith= ub.com/OrchardCMS/OrchardCore/issues/5802" target=3D"_blank" rel=3D"noopene= r">GitHub Issue #5802</a> <a href=3D"https://www.vulncheck.com/advisorie= s/orchard-core-rc-persistent-cross-site-scripting" target=3D"_blank" rel=3D= "noopener">VulnCheck Advisory: Orchard Core RC1 - Persistent Cross-Site Scr= ipting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Php-Fusion--PHPFusion</td>
<td>PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerabil= ity in the print.php page that fails to properly sanitize user-submitted me= ssage content. Attackers can inject malicious JavaScript through forum mess= ages that will execute when the print page is generated, allowing script ex= ecution in victim browsers.</td>
<td>2026-01-30</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36996" target=3D= "_blank" rel=3D"noopener">CVE-2020-36996</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48497" target=3D"_blank" rel= =3D"noopener">ExploitDB-48497</a> <a href=3D"https://www.php-fusion.co.u= k/home.php" target=3D"_blank" rel=3D"noopener">PHPFusion Official Homepage<= /a> <a href=3D"https://www.php-fusion.co.uk/php_fusion_9_downloads.php" = target=3D"_blank" rel=3D"noopener">PHPFusion Download Page</a> <a href= =3D"https://www.vulncheck.com/advisories/phpfusion-persistent-cross-site-sc= ripting" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: PHPFusion 9= .03.50 - Persistent Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PHPGurukul--Hospital Management System</td>
<td>A security flaw has been discovered in PHPGurukul Hospital Management S= ystem 1.0. Affected by this issue is some unknown functionality of the file=
/hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard = Page. Performing a manipulation results in improper authorization. Remote e= xploitation of the attack is possible. The exploit has been released to the=
public and may be used for attacks.</td>
<td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1550" target=3D"= _blank" rel=3D"noopener">CVE-2026-1550</a></td>

<a href=3D"https://vuldb.com/?id.343246" target=3D"_blank" rel=3D"noopener"= >VDB-343246 | PHPGurukul Hospital Management System Admin Dashboard adminvi= ews.py improper authorization</a> <a href=3D"https://vuldb.com/?ctiid.34= 3246" target=3D"_blank" rel=3D"noopener">VDB-343246 | CTI Indicators (IOB, = IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.739837" target= =3D"_blank" rel=3D"noopener">Submit #739837 | PHPGurukul Hospital Managemen=
t System v1.0 Missing Authorization</a> <a href=3D"https://github.com/rs= ecroot/Hospital-Management-System/blob/main/Broken%20Access%20Control.md" t= arget=3D"_blank" rel=3D"noopener">https://github.com/rsecroot/Hospital-Mana= gement-System/blob/main/Broken%20Access%20Control.md</a> <a href=3D"http= s://phpgurukul.com/" target=3D"_blank" rel=3D"noopener">https://phpgurukul.= com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PHPGurukul--News Portal</td>
<td>A vulnerability was identified in PHPGurukul News Portal 1.0. This affe= cts an unknown part of the component Profile Pic Handler. The manipulation = leads to unrestricted upload. It is possible to initiate the attack remotel=
y. The exploit is publicly available and might be used.</td> <td>2026-01-26</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1424" target=3D"= _blank" rel=3D"noopener">CVE-2026-1424</a></td>

<a href=3D"https://vuldb.com/?id.342840" target=3D"_blank" rel=3D"noopener"= >VDB-342840 | PHPGurukul News Portal Profile Pic unrestricted upload</a><br= ><a href=3D"https://vuldb.com/?ctiid.342840" target=3D"_blank" rel=3D"noope= ner">VDB-342840 | CTI Indicators (IOB, IOC, TTP)</a> <a href=3D"https://= vuldb.com/?submit.736637" target=3D"_blank" rel=3D"noopener">Submit #736637=
| PHPGurukul News Portal v1.0 Cross Site Scripting</a> <a href=3D"https= ://github.com/rsecroot/News-Portal/blob/main/Cross%20Site%20Scripting.md" t= arget=3D"_blank" rel=3D"noopener">https://github.com/rsecroot/News-Portal/b= lob/main/Cross%20Site%20Scripting.md</a> <a href=3D"https://phpgurukul.c= om/" target=3D"_blank" rel=3D"noopener">https://phpgurukul.com/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">PHPSUGAR--PHP Melody</td>
<td>PHP Melody version 3.0 contains multiple non-persistent cross-site scri= pting vulnerabilities in categories, import, and user import files. Attacke=
rs can inject malicious scripts through unvalidated parameters to execute c= lient-side attacks and potentially hijack user sessions.</td> <td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47912" target=3D= "_blank" rel=3D"noopener">CVE-2021-47912</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2290" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-repo= rt-fix/" target=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a><= br><a href=3D"https://www.phpsugar.com/phpmelody.html" target=3D"_blank" re= l=3D"noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com= /advisories/php-melody-non-persistent-cross-site-scripting-via-multiple-par= ameters" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: PHP Melody = 3.0 Non-Persistent Cross-Site Scripting via Multiple Parameters</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">PHPSUGAR--PHP Melody</td>
<td>PHP Melody 3.0 contains a persistent cross-site scripting vulnerability=
in the video editor that allows privileged users to inject malicious scrip= ts. Attackers can exploit the WYSIWYG editor to execute persistent scripts,=
potentially leading to session hijacking and application manipulation.</td=

<td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47913" target=3D= "_blank" rel=3D"noopener">CVE-2021-47913</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2291" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-repo= rt-fix/" target=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a><= br><a href=3D"https://www.phpsugar.com/phpmelody.html" target=3D"_blank" re= l=3D"noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com= /advisories/php-melody-persistent-cross-site-scripting-via-video-editor" ta= rget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: PHP Melody 3.0 Persist= ent Cross-Site Scripting via Video Editor</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PHPSUGAR--PHP Melody</td>
<td>PHP Melody version 3.0 contains a persistent cross-site scripting vulne= rability in the edit-video.php submitted parameter that allows remote attac= kers to inject malicious script code. Attackers can exploit this vulnerabil= ity to execute arbitrary JavaScript, potentially leading to session hijacki= ng, persistent phishing, and manipulation of application modules.</td> <td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47914" target=3D= "_blank" rel=3D"noopener">CVE-2021-47914</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2292" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-repo= rt-fix/" target=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a><= br><a href=3D"https://www.phpsugar.com/phpmelody.html" target=3D"_blank" re= l=3D"noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com= /advisories/php-melody-persistent-xss-vulnerability-via-edit-video-paramete=
r" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: PHP Melody 3.0 Pe= rsistent XSS Vulnerability via Edit Video Parameter</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pnpm--pnpm</td>
<td>pnpm is a package manager. Prior to version 10.28.1, a path traversal v= ulnerability in pnpm's binary fetcher allows malicious packages to write fi= les outside the intended extraction directory. The vulnerability has two at= tack vectors: (1) Malicious ZIP entries containing `../` or absolute paths = that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `B= inaryResolution.prefix` field is concatenated into the extraction path with= out validation, allowing a crafted prefix like `../../evil` to redirect ext= racted files outside `targetDir`. The issue impacts all pnpm users who inst= all packages with binary assets, users who configure custom Node.js binary = locations and CI/CD pipelines that auto-install binary dependencies. It can=
lead to overwriting config files, scripts, or other sensitive files leadin=
g to RCE. Version 10.28.1 contains a patch.</td>
<td>2026-01-26</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23888" target=3D= "_blank" rel=3D"noopener">CVE-2026-23888</a></td>

<a href=3D"https://github.com/pnpm/pnpm/security/advisories/GHSA-6pfh-p556-= v868" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnpm/secur= ity/advisories/GHSA-6pfh-p556-v868</a> <a href=3D"https://github.com/pnp= m/pnpm/commit/5c382f0ca3b7cc49963b94677426e66539dcb3f5" target=3D"_blank" r= el=3D"noopener">https://github.com/pnpm/pnpm/commit/5c382f0ca3b7cc49963b946= 77426e66539dcb3f5</a> <a href=3D"https://github.com/pnpm/pnpm/releases/t= ag/v10.28.1" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnp= m/releases/tag/v10.28.1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pnpm--pnpm</td>
<td>pnpm is a package manager. Prior to version 10.28.1, a path traversal v= ulnerability in pnpm's tarball extraction allows malicious packages to writ=
e files outside the package directory on Windows. The path normalization on=
ly checks for `./` but not `.
You are subscribed to Vulnerability Bulletins for Cybersecurity and Infr= astructure Security Agency. This information has recently been updated and =
is now available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilitie=
s that have been recorded in the past week. In some cases, the vulnerabilit= ies in the bulletin may not yet have assigned CVSS scores. Vulnerabilities are based on the=C2=A0<a href=3D"https://www.cve.org/" t= arget=3D"_blank" class=3D"ext" data-extlink=3D"" rel=3D"noopener">Common Vu= lnerabilities and Exposures</a>=C2=A0(CVE) vulnerability naming standard an=
d are organized according to severity, determined by the=C2=A0<a href=3D"ht= tps://www.cve.org/about/relatedefforts" target=3D"_blank" rel=3D"noopener">= Common Vulnerability Scoring System</a>=C2=A0(CVSS) standard. The division =
of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0=E2=80= =9310.0</li>

Medium: vulnerabilities with a CVSS base score of 4.0=E2= =80=936.9</li>

Low: vulnerabilities with a CVSS base score of 0.0=E2=80= =933.9</li>
</ul>
Entries may include additional information provided by organizations and=
efforts sponsored by CISA. This information may include identifying inform= ation, values, definitions, and related links. Patch information is provide=
d when available. Please note that some of the information in the bulletin =
is compiled from external, open-source reports and is not a direct result o=
f CISA analysis.
. On Windows, backslashes are directory separators, enabling path traver= sal. This vulnerability is Windows-only. This issue impacts Windows pnpm us= ers and Windows CI/CD pipelines (GitHub Actions Windows runners, Azure DevO= ps). It can lead to overwriting `.npmrc`, build configs, or other files. Ve= rsion 10.28.1 contains a patch.
</td>
<td>2026-01-26</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23889" target=3D= "_blank" rel=3D"noopener">CVE-2026-23889</a></td>

<a href=3D"https://github.com/pnpm/pnpm/security/advisories/GHSA-6x96-7vc8-= cm3p" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnpm/secur= ity/advisories/GHSA-6x96-7vc8-cm3p</a> <a href=3D"https://github.com/pnp= m/pnpm/commit/6ca07ffbe6fc0e8b8cdc968f228903ba0886f7c0" target=3D"_blank" r= el=3D"noopener">https://github.com/pnpm/pnpm/commit/6ca07ffbe6fc0e8b8cdc968= f228903ba0886f7c0</a> <a href=3D"https://github.com/pnpm/pnpm/releases/t= ag/v10.28.1" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnp= m/releases/tag/v10.28.1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pnpm--pnpm</td>
<td>pnpm is a package manager. Prior to version 10.28.1, a path traversal v= ulnerability in pnpm's bin linking allows malicious npm packages to create = executable shims or symlinks outside of `node_modules/.bin`. Bin names star= ting with `@` bypass validation, and after scope normalization, path traver= sal sequences like `../../` remain intact. This issue affects all pnpm user=
s who install npm packages and CI/CD pipelines using pnpm. It can lead to o= verwriting config files, scripts, or other sensitive files. Version 10.28.1=
contains a patch.</td>
<td>2026-01-26</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23890" target=3D= "_blank" rel=3D"noopener">CVE-2026-23890</a></td>

<a href=3D"https://github.com/pnpm/pnpm/security/advisories/GHSA-xpqm-wm3m-= f34h" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnpm/secur= ity/advisories/GHSA-xpqm-wm3m-f34h</a> <a href=3D"https://github.com/pnp= m/pnpm/commit/8afbb1598445d37985d91fda18abb4795ae5062d" target=3D"_blank" r= el=3D"noopener">https://github.com/pnpm/pnpm/commit/8afbb1598445d37985d91fd= a18abb4795ae5062d</a> <a href=3D"https://github.com/pnpm/pnpm/releases/t= ag/v10.28.1" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnp= m/releases/tag/v10.28.1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">presstigers--Simple Folio</td>
<td>The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Sit=
e Scripting via the '_simple_folio_item_client_name' and '_simple_folio_ite= m_link' meta fields in all versions up to, and including, 1.1.1 due to insu= fficient input sanitization and output escaping. This makes it possible for=
authenticated attackers, with Contributor-level access and above, to injec=
t arbitrary web scripts in pages that will execute whenever a user accesses=
an injected page.</td>
<td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14039" target=3D= "_blank" rel=3D"noopener">CVE-2025-14039</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/c32a71= d6-d61c-4f6f-9d35-70140235af7c?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/c32a71d6-d61= c-4f6f-9d35-70140235af7c?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/simple-folio/trunk/templates/single-simple-folio.ph= p#L70" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.or= g/browser/simple-folio/trunk/templates/single-simple-folio.php#L70</a> <=
a href=3D"https://plugins.trac.wordpress.org/browser/simple-folio/tags/1.1.= 1/templates/single-simple-folio.php#L70" target=3D"_blank" rel=3D"noopener"= >https://plugins.trac.wordpress.org/browser/simple-folio/tags/1.1.1/templat= es/single-simple-folio.php#L70</a> <a href=3D"https://plugins.trac.wordp= ress.org/browser/simple-folio/trunk/templates/single-simple-folio.php#L76" = target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brows= er/simple-folio/trunk/templates/single-simple-folio.php#L76</a> <a href= =3D"https://plugins.trac.wordpress.org/browser/simple-folio/tags/1.1.1/temp= lates/single-simple-folio.php#L76" target=3D"_blank" rel=3D"noopener">https= ://plugins.trac.wordpress.org/browser/simple-folio/tags/1.1.1/templates/sin= gle-simple-folio.php#L76</a> <a href=3D"https://plugins.trac.wordpress.o= rg/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3442515%40simple-f= olio&new=3D3442515%40simple-folio&sfp_email=3D&sfph_mail=3D" target=3D"_bla= nk" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset?sfp_email= =3D&sfph_mail=3D&reponame=3D&old=3D3442515%40simple-folio&new=3D3442515%40s= imple-folio&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Product Owner: Webile--Webile</td>
<td>Webile 1.0.1 contains a directory traversal vulnerability that allows r= emote attackers to manipulate file system paths without authentication. Att= ackers can exploit path manipulation to access sensitive system directories=
and potentially compromise the mobile device's local file system.</td> <td>2026-02-01</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50950" target=3D= "_blank" rel=3D"noopener">CVE-2022-50950</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2320" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://play.google.com/store/apps/details?id=3Dcom.techprd.filetransfe= r&hl=3Den_US" target=3D"_blank" rel=3D"noopener">Product Homepage</a> <a=
href=3D"https://www.vulncheck.com/advisories/webile-directory-traversal-vu= lnerability-via-web-application" target=3D"_blank" rel=3D"noopener">VulnChe=
ck Advisory: Webile 1.0.1 Directory Traversal Vulnerability via Web Applica= tion</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">psmplugins--SupportCandy Helpdesk & Custom=
er Support Ticket System</td>
<td>The SupportCandy - Helpdesk & Customer Support Ticket System plugin=
for WordPress is vulnerable to SQL Injection via the Number-type custom fi= eld filter in all versions up to, and including, 3.4.4. This is due to insu= fficient escaping on the user-supplied operand value when using the equals = operator and lack of sufficient preparation on the existing SQL query. This=
makes it possible for authenticated attackers, with Subscriber-level acces=
s and above (customers), to append additional SQL queries into already exis= ting queries that can be used to extract sensitive information from the dat= abase.</td>
<td>2026-01-31</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0683" target=3D"= _blank" rel=3D"noopener">CVE-2026-0683</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/a7856d= 0f-bc7d-436c-968c-631fd6a686ab?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/a7856d0f-bc7= d-436c-968c-631fd6a686ab?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/supportcandy/tags/3.4.4/includes/admin/tickets/clas= s-wpsc-ticket-list.php#L1265" target=3D"_blank" rel=3D"noopener">https://pl= ugins.trac.wordpress.org/browser/supportcandy/tags/3.4.4/includes/admin/tic= kets/class-wpsc-ticket-list.php#L1265</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/supportcandy/tags/3.4.4/includes/admin/tickets/clas= s-wpsc-ticket-list.php#L1288" target=3D"_blank" rel=3D"noopener">https://pl= ugins.trac.wordpress.org/browser/supportcandy/tags/3.4.4/includes/admin/tic= kets/class-wpsc-ticket-list.php#L1288</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/supportcandy/tags/3.4.4/includes/custom-field-types= /class-wpsc-cf-number.php#L371" target=3D"_blank" rel=3D"noopener">https://= plugins.trac.wordpress.org/browser/supportcandy/tags/3.4.4/includes/custom-= field-types/class-wpsc-cf-number.php#L371</a> <a href=3D"https://plugins= .trac.wordpress.org/changeset/3448376/" target=3D"_blank" rel=3D"noopener">= https://plugins.trac.wordpress.org/changeset/3448376/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">psmplugins--SupportCandy Helpdesk & Custom=
er Support Ticket System</td>
<td>The SupportCandy - Helpdesk & Customer Support Ticket System plugin=
for WordPress is vulnerable to Insecure Direct Object Reference in all ver= sions up to, and including, 3.4.4 via the 'add_reply' function due to missi=
ng validation on a user controlled key. This makes it possible for authenti= cated attackers, with subscriber-level access and above, to steal file atta= chments uploaded by other users by specifying arbitrary attachment IDs in t=
he 'description_attachments' parameter, re-associating those files to their=
own tickets and removing access from the original owners.</td> <td>2026-01-31</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1251" target=3D"= _blank" rel=3D"noopener">CVE-2026-1251</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/89df30= 05-0967-474f-8a4e-3b23273dd1a2?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/89df3005-096= 7-474f-8a4e-3b23273dd1a2?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/supportcandy/trunk/includes/admin/tickets/class-wps= c-individual-ticket.php#L1603" target=3D"_blank" rel=3D"noopener">https://p= lugins.trac.wordpress.org/browser/supportcandy/trunk/includes/admin/tickets= /class-wpsc-individual-ticket.php#L1603</a> <a href=3D"https://plugins.t= rac.wordpress.org/changeset/3448376/" target=3D"_blank" rel=3D"noopener">ht= tps://plugins.trac.wordpress.org/changeset/3448376/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pymumu--SmartDNS</td>
<td>A security flaw has been discovered in pymumu SmartDNS up to 47.1. This=
vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HT= TPS of the file src/dns.c of the component SVBC Record Parser. The manipula= tion results in stack-based buffer overflow. It is possible to launch the a= ttack remotely. A high complexity level is associated with this attack. It =
is stated that the exploitability is difficult. The patch is identified as = 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a patch is advised to re= solve this issue.</td>
<td>2026-01-26</td>
<td>5.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1425" target=3D"= _blank" rel=3D"noopener">CVE-2026-1425</a></td>

<a href=3D"https://vuldb.com/?id.342841" target=3D"_blank" rel=3D"noopener"= >VDB-342841 | pymumu SmartDNS SVBC Record dns.c _dns_decode_SVCB_HTTPS stac= k-based overflow</a> <a href=3D"https://vuldb.com/?ctiid.342841" target= =3D"_blank" rel=3D"noopener">VDB-342841 | CTI Indicators (IOB, IOC, IOA)</a= > <a href=3D"https://vuldb.com/?submit.736827" target=3D"_blank" rel=3D"= noopener">Submit #736827 | pymumu smartdns 47.1 Stack-based Buffer Overflow= </a> <a href=3D"https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9= b4537aeb403f794a084727e1c8" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">QlikTech International AB--QlikView</td> <td>QlikView 12.50.20000.0 contains a denial of service vulnerability in th=
e FTP server address input field that allows local attackers to crash the a= pplication. Attackers can paste a 300-character buffer into the FTP server = address field to trigger an application crash and prevent normal functional= ity.</td>
<td>2026-01-29</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36994" target=3D= "_blank" rel=3D"noopener">CVE-2020-36994</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48732" target=3D"_blank" rel= =3D"noopener">ExploitDB-48732</a> <a href=3D"https://www.qlik.com" targe= t=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://www= .vulncheck.com/advisories/qlikview-ftp-server-address-denial-of-service" ta= rget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: QlikView 12.50.20000.0=
- 'FTP Server Address' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">QR Menu Pro Smart Menu Systems--Menu Panel</td=

<td>Authorization Bypass Through User-Controlled Key vulnerability in QR Me=
nu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identif= iers. This issue affects Menu Panel: through 29012026.=C2=A0 NOTE: The vend=
or was contacted early about this disclosure but did not respond in any way= .</td>
<td>2026-01-29</td>
<td>5.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7013" target=3D"= _blank" rel=3D"noopener">CVE-2025-7013</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0007" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0007</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">QR Menu Pro Smart Menu Systems--Menu Panel</td=

<td>Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu P= anel allows Session Hijacking. This issue affects Menu Panel: through 29012= 026.=C2=A0 NOTE: The vendor was contacted early about this disclosure but d=
id not respond in any way.</td>
<td>2026-01-29</td>
<td>5.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7014" target=3D"= _blank" rel=3D"noopener">CVE-2025-7014</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0007" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0007</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">QWE Labs--QWE DL</td>
<td>QWE DL 2.0.1 mobile web application contains a persistent input validat= ion vulnerability allowing remote attackers to inject malicious script code=
through path parameter manipulation. Attackers can exploit the vulnerabili=
ty to execute persistent cross-site scripting attacks, potentially leading =
to session hijacking and application module manipulation.</td> <td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2023-54343" target=3D= "_blank" rel=3D"noopener">CVE-2023-54343</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2326" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://apps.apple.com/us/app/qwe/id935520103" target=3D"_blank" rel=3D= "noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com/adv= isories/qwe-dl-persistent-xss-vulnerability-via-path-parameter" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: QWE DL 2.0.1 Persistent XSS Vul= nerability via Path Parameter</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">recooty--Recooty Job Widget (Old Dashboard)</t=

<td>The Recooty - Job Widget (Old Dashboard) plugin for WordPress is vulner= able to Cross-Site Request Forgery in all versions up to, and including, 1.= 0.6. This is due to missing nonce validation on the recooty_save_maybe() fu= nction. This makes it possible for unauthenticated attackers to update the = recooty_key option and inject malicious content into iframe src attributes = via a forged request granted they can trick a site administrator into perfo= rming an action such as clicking on a link.</td>
<td>2026-01-28</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14616" target=3D= "_blank" rel=3D"noopener">CVE-2025-14616</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/eb14f0= 84-6f36-4702-8a28-b62811739407?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/eb14f084-6f3= 6-4702-8a28-b62811739407?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/recooty/trunk/admin/init.php#L72" target=3D"_blank"=
rel=3D"noopener">https://plugins.trac.wordpress.org/browser/recooty/trunk/= admin/init.php#L72</a> <a href=3D"https://plugins.trac.wordpress.org/bro= wser/recooty/tags/1.0.4/admin/init.php#L72" target=3D"_blank" rel=3D"noopen= er">https://plugins.trac.wordpress.org/browser/recooty/tags/1.0.4/admin/ini= t.php#L72</a> <a href=3D"https://plugins.trac.wordpress.org/browser/reco= oty/trunk/init.php#L41" target=3D"_blank" rel=3D"noopener">https://plugins.= trac.wordpress.org/browser/recooty/trunk/init.php#L41</a> <a href=3D"htt= ps://plugins.trac.wordpress.org/browser/recooty/tags/1.0.4/init.php#L41" ta= rget=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser= /recooty/tags/1.0.4/init.php#L41</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat build of Quarkus</td>
<td>A flaw was found in Hibernate Reactive. When an HTTP endpoint is expose=
d to perform database operations, a remote client can prematurely close the=
HTTP connection. This action may lead to leaking connections from the data= base connection pool, potentially causing a Denial of Service (DoS) by exha= usting available database connections.</td>
<td>2026-01-26</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14969" target=3D= "_blank" rel=3D"noopener">CVE-2025-14969</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-14969" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-1= 4969</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242382=
2" target=3D"_blank" rel=3D"noopener">RHBZ#2423822</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in libsoup, an HTTP client library. This vulnerability=
, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP = proxy is configured and the library improperly handles URL-decoded input us=
ed to create the Host header. A remote attacker can exploit this by providi=
ng a specially crafted URL containing CRLF sequences, allowing them to inje=
ct additional HTTP headers or complete HTTP request bodies. This can lead t=
o unintended or unauthorized HTTP requests being forwarded by the proxy, po= tentially impacting downstream services.</td>
<td>2026-01-27</td>
<td>5.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1467" target=3D"= _blank" rel=3D"noopener">CVE-2026-1467</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1467" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-14= 67</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2433174"=
target=3D"_blank" rel=3D"noopener">RHBZ#2433174</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in GLib. An integer overflow vulnerability in its Unic= ode case conversion implementation can lead to memory corruption. By proces= sing specially crafted and extremely large Unicode strings, an attacker cou=
ld trigger an undersized memory allocation, resulting in out-of-bounds writ= es. This could cause applications utilizing GLib for string conversion to c= rash or become unstable.</td>
<td>2026-01-27</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1489" target=3D"= _blank" rel=3D"noopener">CVE-2026-1489</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1489" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-14= 89</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2433348"=
target=3D"_blank" rel=3D"noopener">RHBZ#2433348</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in libsoup. An attacker who can control the input for = the Content-Disposition header can inject CRLF (Carriage Return Line Feed) = sequences into the header value. These sequences are then interpreted verba= tim when the HTTP request or response is constructed, allowing arbitrary HT=
TP headers to be injected. This vulnerability can lead to HTTP header injec= tion or HTTP response splitting without requiring authentication or user in= teraction.</td>
<td>2026-01-28</td>
<td>5.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1536" target=3D"= _blank" rel=3D"noopener">CVE-2026-1536</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1536" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-15= 36</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2433834"=
target=3D"_blank" rel=3D"noopener">RHBZ#2433834</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in the libsoup HTTP library that can cause proxy authe= ntication credentials to be sent to unintended destinations. When handling = HTTP redirects, libsoup removes the Authorization header but does not remov=
e the Proxy-Authorization header if the request is redirected to a differen=
t host. As a result, sensitive proxy credentials may be leaked to third-par=
ty servers. Applications using libsoup for HTTP communication may unintenti= onally expose proxy authentication data.</td>
<td>2026-01-28</td>
<td>5.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1539" target=3D"= _blank" rel=3D"noopener">CVE-2026-1539</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1539" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-15= 39</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs= 11_token_init() function that handles PKCS#11 token initialization. When a = token label longer than expected is processed, the function writes past the=
end of a fixed-size stack buffer. This programming error can cause the app= lication using GnuTLS to crash or, in certain conditions, be exploited for = code execution. As a result, systems or applications relying on GnuTLS may =
be vulnerable to a denial of service or local privilege escalation attacks.= </td>
<td>2026-01-26</td>
<td>4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9820" target=3D"= _blank" rel=3D"noopener">CVE-2025-9820</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-9820" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-98= 20</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2392528"=
target=3D"_blank" rel=3D"noopener">RHBZ#2392528</a> <a href=3D"https://= gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5"=
target=3D"_blank" rel=3D"noopener">https://gitlab.com/gnutls/gnutls/-/comm= it/1d56f96f6ab5034d677136b9d50b5a75dff0faf5</a> <a href=3D"https://gitla= b.com/gnutls/gnutls/-/issues/1732" target=3D"_blank" rel=3D"noopener">https= ://gitlab.com/gnutls/gnutls/-/issues/1732</a> <a href=3D"https://www.gnu= tls.org/security-new.html#GNUTLS-SA-2025-11-18" target=3D"_blank" rel=3D"no= opener">https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in the GLib Base64 encoding routine when processing ve=
ry large input data. Due to incorrect use of integer types during length ca= lculation, the library may miscalculate buffer boundaries. This can cause m= emory writes outside the allocated buffer. Applications that process untrus= ted or extremely large Base64 input using GLib may crash or behave unpredic= tably.</td>
<td>2026-01-27</td>
<td>4.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1484" target=3D"= _blank" rel=3D"noopener">CVE-2026-1484</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1484" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-14= 84</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2433259"=
target=3D"_blank" rel=3D"noopener">RHBZ#2433259</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat OpenShift Virtualization 4</t=

<td>A flaw was found in kubevirt. A user within a virtual machine (VM), if = the guest agent is active, can exploit this by causing the agent to report =
an excessive number of network interfaces. This action can overwhelm the sy= stem's ability to store VM configuration updates, effectively blocking chan= ges to the Virtual Machine Instance (VMI). This allows the VM user to restr= ict the VM administrator's ability to manage the VM, leading to a denial of=
service for administrative operations.</td>
<td>2026-01-26</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14525" target=3D= "_blank" rel=3D"noopener">CVE-2025-14525</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-14525" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-1= 4525</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242136=
0" target=3D"_blank" rel=3D"noopener">RHBZ#2421360</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">rupantorpay--Rupantorpay</td>
<td>The Rupantorpay plugin for WordPress is vulnerable to unauthorized modi= fication of data due to a missing capability check on the handle_webhook() = function in all versions up to, and including, 2.0.0. This makes it possibl=
e for unauthenticated attackers to modify WooCommerce order statuses by sen= ding crafted requests to the WooCommerce API endpoint.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15511" target=3D= "_blank" rel=3D"noopener">CVE-2025-15511</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b21bd= fd-42ec-43fe-b581-04276b86c50b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/1b21bdfd-42e= c-43fe-b581-04276b86c50b?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/rupantorpay/tags/2.0.0/includes/class-wc-rupantorpa= y-gateway.php#L172" target=3D"_blank" rel=3D"noopener">https://plugins.trac= .wordpress.org/browser/rupantorpay/tags/2.0.0/includes/class-wc-rupantorpay= -gateway.php#L172</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">RustCrypto--signatures</td>
<td>The ML-DSA crate is a Rust implementation of the Module-Lattice-Based D= igital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to = version 0.1.0-rc.4, the ML-DSA signature verification implementation in the=
RustCrypto `ml-dsa` crate incorrectly accepts signatures with repeated (du= plicate) hint indices. According to the ML-DSA specification (FIPS 204 / RF=
C 9881), hint indices within each polynomial must be **strictly increasing*=
*. The current implementation uses a non-strict monotonic check (`<=3D` = instead of `<`), allowing duplicate indices. This is a regression bug. T=
he original implementation was correct, but a commit in version 0.0.4 inadv= ertently changed the strict `<` comparison to `<=3D`, introducing the=
vulnerability. Version 0.1.0-rc.4 fixes the issue.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24850" target=3D= "_blank" rel=3D"noopener">CVE-2026-24850</a></td>

<a href=3D"https://github.com/RustCrypto/signatures/security/advisories/GHS= A-5x2r-hc65-25f9" target=3D"_blank" rel=3D"noopener">https://github.com/Rus= tCrypto/signatures/security/advisories/GHSA-5x2r-hc65-25f9</a> <a href= =3D"https://github.com/RustCrypto/signatures/issues/894" target=3D"_blank" = rel=3D"noopener">https://github.com/RustCrypto/signatures/issues/894</a><br= ><a href=3D"https://github.com/RustCrypto/signatures/pull/895" target=3D"_b= lank" rel=3D"noopener">https://github.com/RustCrypto/signatures/pull/895</a= > <a href=3D"https://github.com/RustCrypto/signatures/commit/400961412be= 2e2ab787942cf30e0a9b66b37a54a" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/RustCrypto/signatures/commit/400961412be2e2ab787942cf30e0a9b66b37= a54a</a> <a href=3D"https://github.com/RustCrypto/signatures/commit/b01c= 3b73dd08d0094e089aa234f78b6089ec1f38" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/RustCrypto/signatures/commit/b01c3b73dd08d0094e089aa234f78= b6089ec1f38</a> <a href=3D"https://csrc.nist.gov/pubs/fips/204/final" ta= rget=3D"_blank" rel=3D"noopener">https://csrc.nist.gov/pubs/fips/204/final<= /a> <a href=3D"https://datatracker.ietf.org/doc/html/rfc9881" target=3D"= _blank" rel=3D"noopener">https://datatracker.ietf.org/doc/html/rfc9881</a><= br><a href=3D"https://github.com/C2SP/wycheproof" target=3D"_blank" rel=3D"= noopener">https://github.com/C2SP/wycheproof</a> <a href=3D"https://gith= ub.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_44_verify_test.json=
" target=3D"_blank" rel=3D"noopener">https://github.com/C2SP/wycheproof/blo= b/master/testvectors_v1/mldsa_44_verify_test.json</a> <a href=3D"https:/= /github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_65_verify_test= .json" target=3D"_blank" rel=3D"noopener">https://github.com/C2SP/wycheproo= f/blob/master/testvectors_v1/mldsa_65_verify_test.json</a> <a href=3D"ht= tps://github.com/C2SP/wycheproof/blob/master/testvectors_v1/mldsa_87_verify= _test.json" target=3D"_blank" rel=3D"noopener">https://github.com/C2SP/wych= eproof/blob/master/testvectors_v1/mldsa_87_verify_test.json</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">salihciftci--Liman</td>
<td>Liman 0.7 contains a cross-site request forgery vulnerability that allo=
ws attackers to manipulate user account settings without proper request val= idation. Attackers can craft malicious HTML forms to change user passwords =
or modify account information by tricking logged-in users into submitting u= nauthorized requests.</td>
<td>2026-01-29</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37007" target=3D= "_blank" rel=3D"noopener">CVE-2020-37007</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48869" target=3D"_blank" rel= =3D"noopener">ExploitDB-48869</a> <a href=3D"https://web.archive.org/web= /20201109042653/https://github.com/salihciftci/liman" target=3D"_blank" rel= =3D"noopener">Archived Liman GitHub Repository</a> <a href=3D"https://ww= w.vulncheck.com/advisories/liman-cross-site-request-forgery-change-password=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Liman 0.7 - Cross-= Site Request Forgery (Change Password)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Salt Project--Salt</td>
<td>Salt contains an authentication protocol version downgrade weakness tha=
t can allow a malicious minion to bypass newer authentication/security feat= ures by using an older request payload format, enabling minion impersonatio=
n and circumventing protections introduced in response to prior issues.</td=

<td>2026-01-30</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62349" target=3D= "_blank" rel=3D"noopener">CVE-2025-62349</a></td>

<a href=3D"https://docs.saltproject.io/en/latest/topics/releases/3006.17.ht= ml" target=3D"_blank" rel=3D"noopener">Salt 3006.17 release notes (fix and = minimum_auth_version)</a> <a href=3D"https://docs.saltproject.io/en/late= st/topics/releases/3007.9.html" target=3D"_blank" rel=3D"noopener">Salt 300= 7.9 release notes (fix and minimum_auth_version)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Sangfor--Operation and Maintenance Security Ma= nagement System</td>
<td>A vulnerability was found in Sangfor Operation and Maintenance Security=
Management System up to 3.0.12. This affects the function portValidate of = the file /fort/ip_and_port/port_validate of the component HTTP POST Request=
Handler. Performing a manipulation of the argument port results in command=
injection. The attack can be initiated remotely. The exploit has been made=
public and could be used.</td>
<td>2026-01-26</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1413" target=3D"= _blank" rel=3D"noopener">CVE-2026-1413</a></td>

<a href=3D"https://vuldb.com/?id.342802" target=3D"_blank" rel=3D"noopener"= >VDB-342802 | Sangfor Operation and Maintenance Security Management System = HTTP POST Request port_validate portValidate command injection</a> <a hr= ef=3D"https://vuldb.com/?ctiid.342802" target=3D"_blank" rel=3D"noopener">V= DB-342802 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://v= uldb.com/?submit.736522" target=3D"_blank" rel=3D"noopener">Submit #736522 =
| Sangfor Operation and Maintenance Security Management System (OSM / =C3= =A8=C2=BF=C2=90=C3=A7=C2=BB=C2=B4=C3=A5=C2=AE=E2=80=B0=C3=A5=E2=80=A6=C2=A8= =C3=A7=C2=AE=C2=A1=C3=A7=C2=90=E2=80=A0=C3=A7=C2=B3=C2=BB=C3=A7=C2=BB=C5=B8=
) v3.0.12 Command Injection</a> <a href=3D"https://github.com/LX-LX88/cv= e/issues/23" target=3D"_blank" rel=3D"noopener">https://github.com/LX-LX88/= cve/issues/23</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Sangfor--Operation and Maintenance Security Ma= nagement System</td>
<td>A vulnerability was determined in Sangfor Operation and Maintenance Sec= urity Management System up to 3.0.12. This impacts the function getInformat= ion of the file /equipment/get_Information of the component HTTP POST Reque=
st Handler. Executing a manipulation of the argument fortEquipmentIp can le=
ad to command injection. The attack can be launched remotely. The exploit h=
as been publicly disclosed and may be utilized.</td>
<td>2026-01-26</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1414" target=3D"= _blank" rel=3D"noopener">CVE-2026-1414</a></td>

<a href=3D"https://vuldb.com/?id.342803" target=3D"_blank" rel=3D"noopener"= >VDB-342803 | Sangfor Operation and Maintenance Security Management System = HTTP POST Request get_Information getInformation command injection</a> <=
a href=3D"https://vuldb.com/?ctiid.342803" target=3D"_blank" rel=3D"noopene= r">VDB-342803 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https= ://vuldb.com/?submit.736524" target=3D"_blank" rel=3D"noopener">Submit #736= 524 | Sangfor Operation and Maintenance Security Management System (OSM / = =C3=A8=C2=BF=C2=90=C3=A7=C2=BB=C2=B4=C3=A5=C2=AE=E2=80=B0=C3=A5=E2=80=A6=C2= =A8=C3=A7=C2=AE=C2=A1=C3=A7=C2=90=E2=80=A0=C3=A7=C2=B3=C2=BB=C3=A7=C2=BB=C5= =B8) v3.0.12 Command Injection</a> <a href=3D"https://github.com/LX-LX88= /cve/issues/24" target=3D"_blank" rel=3D"noopener">https://github.com/LX-LX= 88/cve/issues/24</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SAP_SE--SAP Fiori App (Intercompany Balance Re= conciliation)</td>
<td>SAP Fiori App Intercompany Balance Reconciliation does not perform nece= ssary authorization checks for an authenticated user, resulting in escalati=
on of privileges. This has low impact on confidentiality, integrity and ava= ilability are not impacted.</td>
<td>2026-01-27</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23683" target=3D= "_blank" rel=3D"noopener">CVE-2026-23683</a></td>

<a href=3D"https://me.sap.com/notes/3122486" target=3D"_blank" rel=3D"noope= ner">https://me.sap.com/notes/3122486</a> <a href=3D"https://url.sap/sap= securitypatchday" target=3D"_blank" rel=3D"noopener">https://url.sap/sapsec= uritypatchday</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Sellacious--Sellacious eCommerce</td> <td>Sellacious eCommerce 4.6 contains a persistent cross-site scripting vul= nerability in the Manage Your Addresses module that allows attackers to inj= ect malicious scripts. Attackers can exploit multiple address input fields = like full name, company, and address to execute persistent script code that=
can hijack user sessions and manipulate application modules.</td> <td>2026-01-30</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37003" target=3D= "_blank" rel=3D"noopener">CVE-2020-37003</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48467" target=3D"_blank" rel= =3D"noopener">ExploitDB-48467</a> <a href=3D"https://www.sellacious.com"=
target=3D"_blank" rel=3D"noopener">Official Sellacious eCommerce Homepage<= /a> <a href=3D"https://www.sellacious.com/free-open-source-ecommerce-sof= tware" target=3D"_blank" rel=3D"noopener">Sellacious Product Details</a><br= ><a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2226" ta= rget=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://www.vulncheck.com/advisories/sellacious-ecommerce-persistent-cr= oss-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: = Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">SEMCMS--SEMCMS</td>
<td>A security vulnerability has been detected in SEMCMS 5.0. This vulnerab= ility affects unknown code of the file /SEMCMS_Info.php. The manipulation o=
f the argument searchml leads to sql injection. The attack is possible to b=
e carried out remotely. The exploit has been disclosed publicly and may be = used. The vendor was contacted early about this disclosure but did not resp= ond in any way.</td>
<td>2026-01-29</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1552" target=3D"= _blank" rel=3D"noopener">CVE-2026-1552</a></td>

<a href=3D"https://vuldb.com/?id.343248" target=3D"_blank" rel=3D"noopener"= >VDB-343248 | SEMCMS SEMCMS_Info.php sql injection</a> <a href=3D"https:= //vuldb.com/?ctiid.343248" target=3D"_blank" rel=3D"noopener">VDB-343248 | = CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?su= bmit.740549" target=3D"_blank" rel=3D"noopener">Submit #740549 | SEMCMS SEM= CMS =C3=A5=C2=A4=E2=80=93=C3=A8=C2=B4=C2=B8=C3=A7=C2=BD=E2=80=98=C3=A7=C2= =AB=E2=84=A2php=C3=A5=C2=A4=C5=A1=C3=A8=C2=AF=C2=AD=C3=A8=C2=A8=E2=82=AC=C3= =A7=E2=80=B0=CB=86 V5.0 SQL Injection</a> <a href=3D"https://github.com/= Sqli22/Sqli/issues/4" target=3D"_blank" rel=3D"noopener">https://github.com= /Sqli22/Sqli/issues/4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">seomantis--SEO Links Interlinking</td>
<td>The SEO Links Interlinking plugin for WordPress is vulnerable to Reflec= ted Cross-Site Scripting via the 'google_error' parameter in all versions u=
p to, and including, 1.7.5 due to insufficient input sanitization and outpu=
t escaping. This makes it possible for unauthenticated attackers to inject = arbitrary web scripts in pages that execute if they can successfully trick =
a user into performing an action such as clicking on a link.</td> <td>2026-01-28</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14063" target=3D= "_blank" rel=3D"noopener">CVE-2025-14063</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/d71143= d6-d477-4a63-8f99-f4cc8a590536?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/d71143d6-d47= 7-4a63-8f99-f4cc8a590536?source=3Dcve</a> <a href=3D"https://wordpress.o= rg/plugins/seo-links-interlinking/" target=3D"_blank" rel=3D"noopener">http= s://wordpress.org/plugins/seo-links-interlinking/</a> <a href=3D"https:/= /plugins.trac.wordpress.org/browser/seo-links-interlinking/trunk/scdata.php= #L504" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.or= g/browser/seo-links-interlinking/trunk/scdata.php#L504</a> <a href=3D"ht= tps://plugins.trac.wordpress.org/browser/seo-links-interlinking/tags/1.7.5/= scdata.php#L504" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wo= rdpress.org/browser/seo-links-interlinking/tags/1.7.5/scdata.php#L504</a><b= r><a href=3D"https://plugins.trac.wordpress.org/browser/seo-links-interlink= ing/trunk/scdata.php#L512" target=3D"_blank" rel=3D"noopener">https://plugi= ns.trac.wordpress.org/browser/seo-links-interlinking/trunk/scdata.php#L512<= /a> <a href=3D"https://plugins.trac.wordpress.org/browser/seo-links-inte= rlinking/tags/1.7.5/scdata.php#L512" target=3D"_blank" rel=3D"noopener">htt= ps://plugins.trac.wordpress.org/browser/seo-links-interlinking/tags/1.7.5/s= cdata.php#L512</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Simplephpscripts--Simple CMS</td>
<td>Simple CMS 2.1 contains a persistent cross-site scripting vulnerability=
in user input parameters that allows remote attackers to inject malicious = script code. Attackers can exploit the newUser and editUser modules to inje=
ct persistent scripts that execute on user list preview, potentially leadin=
g to session hijacking and application manipulation.</td>
<td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47917" target=3D= "_blank" rel=3D"noopener">CVE-2021-47917</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2302" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://simplephpscripts.com/simple-cms-php" target=3D"_blank" rel=3D"n= oopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com/advis= ories/simple-cms-persistent-cross-site-scripting-via-user-input-parameters"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Simple CMS 2.1 Pers= istent Cross-Site Scripting via User Input Parameters</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Simplephpscripts--Simple CMS</td>
<td>Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerabi= lity in the preview.php file's id parameter. Attackers can inject malicious=
script code through a GET request to execute arbitrary scripts and potenti= ally hijack user sessions or perform phishing attacks.</td>
<td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47919" target=3D= "_blank" rel=3D"noopener">CVE-2021-47919</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2301" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://simplephpscripts.com/simple-cms-php" target=3D"_blank" rel=3D"n= oopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com/advis= ories/simple-cms-non-persistent-cross-site-scripting-via-preview-parameter"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Simple CMS 2.1 Non-= Persistent Cross-Site Scripting via Preview Parameter</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">smarterDroid--WiFi File Transfer</td>
<td>WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vul= nerability that allows remote attackers to inject malicious script codes th= rough file and folder names. Attackers can exploit the web server's input v= alidation weakness to execute arbitrary JavaScript when users preview infec= ted file paths, potentially compromising user browser sessions.</td> <td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50951" target=3D= "_blank" rel=3D"noopener">CVE-2022-50951</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2322" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://play.google.com/store/apps/details?id=3Dcom.dooblou.WiFiFileExp= lorerPRO&hl=3Den_US" target=3D"_blank" rel=3D"noopener">Product Homepage</a= > <a href=3D"https://www.vulncheck.com/advisories/wifi-file-transfer-per= sistent-xss-via-web-server-input-validation" target=3D"_blank" rel=3D"noope= ner">VulnCheck Advisory: WiFi File Transfer 1.0.8 Persistent XSS via Web Se= rver Input Validation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Pet Grooming Management Softwa= re</td>
<td>A vulnerability was detected in SourceCodester Pet Grooming Management = Software 1.0. Impacted is an unknown function of the file /admin/operation/= user.php of the component User Management. Performing a manipulation of the=
argument group_id results in improper authorization. The attack can be ini= tiated remotely. The exploit is now public and may be used.</td> <td>2026-01-30</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1702" target=3D"= _blank" rel=3D"noopener">CVE-2026-1702</a></td>

<a href=3D"https://vuldb.com/?id.343492" target=3D"_blank" rel=3D"noopener"= >VDB-343492 | SourceCodester Pet Grooming Management Software User Manageme=
nt user.php improper authorization</a> <a href=3D"https://vuldb.com/?cti= id.343492" target=3D"_blank" rel=3D"noopener">VDB-343492 | CTI Indicators (= IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.742226" tar= get=3D"_blank" rel=3D"noopener">Submit #742226 | SourceCodester Pet groomin=
g management software 1.0 Improper Access Controls</a> <a href=3D"https:= //github.com/Asim-QAZi/Improper-Access-Control---in-Pet-Grooming-Management= -Software" target=3D"_blank" rel=3D"noopener">https://github.com/Asim-QAZi/= Improper-Access-Control---in-Pet-Grooming-Management-Software</a> <a hre= f=3D"https://www.sourcecodester.com/" target=3D"_blank" rel=3D"noopener">ht= tps://www.sourcecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">stellar--rs-soroban-sdk</td>
<td>soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow ca=
n be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (= for `u64`) methods in the `soroban-sdk` in versions up to and including `25= .0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-controlled or compu= ted range bounds to `Bytes::slice`, `Vec::slice`, or `Prng::gen_range` may = silently operate on incorrect data ranges or generate random numbers from a=
n unintended range, potentially resulting in corrupted contract state. Note=
that the best practice when using the `soroban-sdk` and building Soroban c= ontracts is to always enable `overflow-checks =3D true`. The `stellar contr= act init` tool that prepares the boiler plate for a Soroban contract, as we=
ll as all examples and docs, encourage the use of configuring `overflow-che= cks =3D true` on `release` profiles so that these arithmetic operations fai=
l rather than silently wrap. Contracts are only impacted if they use `overf= low-checks =3D false` either explicitly or implicitly. It is anticipated th=
e majority of contracts could not be impacted because the best practice enc= ouraged by tooling is to enable `overflow-checks`. The fix available in `25= .0.1`, `23.5.1`, and `25.0.2` replaces bare arithmetic with `checked_add` /=
`checked_sub`, ensuring overflow traps regardless of the `overflow-checks`=
profile setting. As a workaround, contract workspaces can be configured wi=
th a profile available in the GitHub Securtity Advisory to enable overflow = checks on the arithmetic operations. This is the best practice when develop= ing Soroban contracts, and the default if using the contract boilerplate ge= nerated using `stellar contract init`. Alternatively, contracts can validat=
e range bounds before passing them to `slice` or `gen_range` to ensure the = conversions cannot overflow.</td>
<td>2026-01-28</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24889" target=3D= "_blank" rel=3D"noopener">CVE-2026-24889</a></td>

<a href=3D"https://github.com/stellar/rs-soroban-sdk/security/advisories/GH= SA-96xm-fv9w-pf3f" target=3D"_blank" rel=3D"noopener">https://github.com/st= ellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f</a> <a href= =3D"https://github.com/stellar/rs-soroban-sdk/pull/1703" target=3D"_blank" = rel=3D"noopener">https://github.com/stellar/rs-soroban-sdk/pull/1703</a><br= ><a href=3D"https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71b= b4d892b21f5a283a1e836cfa38" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa= 38</a> <a href=3D"https://github.com/stellar/rs-soroban-sdk/commit/59fce= f437260ed4da42d1efb357137a5c166c02e" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb35713= 7a5c166c02e</a> <a href=3D"https://github.com/stellar/rs-soroban-sdk/com= mit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462" target=3D"_blank" rel=3D"noop= ener">https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a= 0b77ffe282e59f0f8462</a> <a href=3D"https://github.com/stellar/rs-soroba= n-sdk/releases/tag/v22.0.9" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9</a> <a href=3D"https:= //github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1" target=3D"_blank"=
rel=3D"noopener">https://github.com/stellar/rs-soroban-sdk/releases/tag/v2= 3.5.1</a> <a href=3D"https://github.com/stellar/rs-soroban-sdk/releases/= tag/v25.0.2" target=3D"_blank" rel=3D"noopener">https://github.com/stellar/= rs-soroban-sdk/releases/tag/v25.0.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">supercleanse--Stripe Payments by Buy Now Plus = Best WordPress Stripe Credit Card Payments Plugin</td>
<td>The Buy Now Plus - Buy Now buttons for Stripe plugin for WordPress is v= ulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in = all versions up to, and including, 1.0.2 due to insufficient input sanitiza= tion and output escaping on shortcode attributes. This makes it possible fo=
r authenticated attackers, with Contributor-level access and above, to inje=
ct arbitrary web scripts in pages that will execute whenever a user accesse=
s an injected page.</td>
<td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1295" target=3D"= _blank" rel=3D"noopener">CVE-2026-1295</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/87d228= bb-eb5b-44ca-91f7-ada730635a3f?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/87d228bb-eb5= b-44ca-91f7-ada730635a3f?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/buy-now-plus/tags/1.0.2/class-bnp-buttons.php#L17" = target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brows= er/buy-now-plus/tags/1.0.2/class-bnp-buttons.php#L17</a> <a href=3D"http= s://plugins.trac.wordpress.org/browser/buy-now-plus/tags/1.0.2/class-bnp-bu= ttons.php#L36" target=3D"_blank" rel=3D"noopener">https://plugins.trac.word= press.org/browser/buy-now-plus/tags/1.0.2/class-bnp-buttons.php#L36</a> =
<a href=3D"https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_m= ail=3D&reponame=3D&old=3D3444416%40buy-now-plus&new=3D3444416%40buy-now-plu= s&sfp_email=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plu= gins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old= =3D3444416%40buy-now-plus&new=3D3444416%40buy-now-plus&sfp_email=3D&sfph_ma= il</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">symfony--symfony</td>
<td>Symfony is a PHP framework for web and console applications and a set o=
f reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5,=
and 8.0.5, the Symfony Process component did not correctly treat some char= acters (notably `=3D`) as "special" when escaping arguments on Windows. Whe=
n PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfo=
ny Process spawns native Windows executables, MSYS2's argument/path convers= ion can mis-handle unquoted arguments containing these characters. This can=
cause the spawned process to receive corrupted/truncated arguments compare=
d to what Symfony intended. If an application (or tooling such as Composer = scripts) uses Symfony Process to invoke file-management commands (e.g. `rmd= ir`, `del`, etc.) with a path argument containing `=3D`, the MSYS2 conversi=
on layer may alter the argument at runtime. In affected setups this can res= ult in operations being performed on an unintended path, up to and includin=
g deletion of the contents of a broader directory or drive. The issue is pa= rticularly relevant when untrusted input can influence process arguments (d= irectly or indirectly, e.g. via repository paths, extracted archive paths, = temporary directories, or user-controlled configuration). Versions 5.4.51, = 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for the issue. Some worka= rounds are available. Avoid running PHP/one's own tooling from MSYS2-based = shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn na= tive executables. Avoid passing paths containing `=3D` (and similar MSYS2-s= ensitive characters) to Symfony Process when operating under Git Bash/MSYS2=
. Where applicable, configure MSYS2 to disable or restrict argument convers= ion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other t= ooling behavior.</td>
<td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24739" target=3D= "_blank" rel=3D"noopener">CVE-2026-24739</a></td>

<a href=3D"https://github.com/symfony/symfony/security/advisories/GHSA-r39x= -jcww-82v6" target=3D"_blank" rel=3D"noopener">https://github.com/symfony/s= ymfony/security/advisories/GHSA-r39x-jcww-82v6</a> <a href=3D"https://gi= thub.com/symfony/symfony/issues/62921" target=3D"_blank" rel=3D"noopener">h= ttps://github.com/symfony/symfony/issues/62921</a> <a href=3D"https://gi= thub.com/symfony/symfony/pull/63164" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/symfony/symfony/pull/63164</a> <a href=3D"https://github= .com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3" targe= t=3D"_blank" rel=3D"noopener">https://github.com/symfony/symfony/commit/352= 03939050e5abd3caf2202113b00cab5d379b3</a> <a href=3D"https://github.com/= symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b" target=3D"= _blank" rel=3D"noopener">https://github.com/symfony/symfony/commit/ec154f6f= 95f8c60f831998ec4d246a857e9d179b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Asset</td>
<td>Tanium addressed a SQL injection vulnerability in Asset.</td> <td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15344" target=3D= "_blank" rel=3D"noopener">CVE-2025-15344</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-035" target=3D"_blank" rel= =3D"noopener">TAN-2025-035</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Discover</td>
<td>Tanium addressed an uncontrolled resource consumption vulnerability in = Discover.</td>
<td>2026-01-26</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1224" target=3D"= _blank" rel=3D"noopener">CVE-2026-1224</a></td>

<a href=3D"https://security.tanium.com/TAN-2026-001" target=3D"_blank" rel= =3D"noopener">TAN-2026-001</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Tanium Server</td>
<td>Tanium addressed an improper access controls vulnerability in Tanium Se= rver.</td>
<td>2026-01-30</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15322" target=3D= "_blank" rel=3D"noopener">CVE-2025-15322</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-028" target=3D"_blank" rel= =3D"noopener">TAN-2025-028</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>A vulnerability in TeamViewer DEX Client (former 1E Client) - Content D= istribution Service (NomadBranch.exe) prior version 26.1 for Windows allows=
an attacker on the adjacent network to cause normally encrypted UDP traffi=
c to be sent in cleartext. This can result in disclosure of sensitive infor= mation.</td>
<td>2026-01-29</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23564" target=3D= "_blank" rel=3D"noopener">CVE-2026-23564</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1001/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>A vulnerability in TeamViewer DEX Client (former 1E Client) - Content D= istribution Service (NomadBranch.exe) prior version 26.1 for Windows allows=
an attacker on the adjacent network to cause the NomadBranch.exe process t=
o terminate via crafted requests. This can result in a denial-of-service co= ndition of the Content Distribution Service.</td>
<td>2026-01-29</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23565" target=3D= "_blank" rel=3D"noopener">CVE-2026-23565</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1001/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>A vulnerability in TeamViewer DEX Client (former 1E Client) - Content D= istribution Service (NomadBranch.exe) prior version 26.1 for Windows allows=
an attacker on the adjacent network to inject, tamper with, or forge log e= ntries in \Nomad Branch.log via crafted data sent to the UDP network handle=
r. This can impact log integrity and nonrepudiation.</td>
<td>2026-01-29</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23566" target=3D= "_blank" rel=3D"noopener">CVE-2026-23566</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1001/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>An integer underflow in the UDP command handler of the TeamViewer DEX C= lient (former 1E Client) - Content Distribution Service (NomadBranch.exe) p= rior version 26.1 for Windows allows an adjacent network attacker to trigge=
r a heap-based buffer overflow and cause a denial-of-service (service crash=
) via specially crafted UDP packets.</td>
<td>2026-01-29</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23567" target=3D= "_blank" rel=3D"noopener">CVE-2026-23567</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1001/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>An out-of-bounds read vulnerability in the TeamViewer DEX Client (forme=
r 1E Client) - Content Distribution Service (NomadBranch.exe) prior version=
26.1 for Windows allows a remote attacker to leak stack memory and cause a=
denial of service via a crafted request. The leaked stack memory could be = used to bypass ASLR remotely and facilitate exploitation of other vulnerabi= lities on the affected system.</td>
<td>2026-01-29</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23569" target=3D= "_blank" rel=3D"noopener">CVE-2026-23569</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1001/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>A missing validation of a user-controlled value in the TeamViewer DEX C= lient (former 1E Client) - Content Distribution Service (NomadBranch.exe) p= rior version 26.1 for Windows allows an adjacent network attacker to tamper=
with log timestamps via crafted UDP Sync command. This could result in for= ged or nonsensical datetime prefixes and compromising log integrity and for= ensic correlation.</td>
<td>2026-01-29</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23570" target=3D= "_blank" rel=3D"noopener">CVE-2026-23570</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1001/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>A command injection vulnerability was discovered in TeamViewer DEX (for= mer 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instructi= on. Improper input validation allows authenticated attackers with actioner = privilege to run elevated arbitrary commands on connected hosts via malicio=
us commands injected into the instruction's input field.=C2=A0Users of 1E C= lient version 24.5 or higher are not affected.</td>
<td>2026-01-29</td>
<td>6.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23571" target=3D= "_blank" rel=3D"noopener">CVE-2026-23571</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1002/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>Improper Link Resolution Before File Access (invoked by 1E Explorer Tac= hyonCore DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before=
version 26.1 on Windows allows a low privileged local attacker to delete p= rotected system files via a crafted RPC control junction or symlink that is=
followed when the delete instruction executes.</td>
<td>2026-01-29</td>
<td>5.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23563" target=3D= "_blank" rel=3D"noopener">CVE-2026-23563</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1002/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1002/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--DEX</td>
<td>An out-of-bounds read vulnerability in the TeamViewer DEX Client (forme=
r 1E Client) - Content Distribution Service (NomadBranch.exe) prior version=
26.1 for Windows allows an attacker on the adjacent network to cause infor= mation disclosure or denial-of-service via a special crafted packet. The le= aked memory could be used to bypass ASLR and facilitate further exploitatio= n.</td>
<td>2026-01-29</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23568" target=3D= "_blank" rel=3D"noopener">CVE-2026-23568</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1001/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1001/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--AC21</td>
<td>A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03= .08.16. The impacted element is the function mDMZSetCfg of the file /goform= /mDMZSetCfg. The manipulation of the argument dmzIp results in command inje= ction. The attack can be executed remotely. The exploit has been released t=
o the public and may be used for attacks.</td>
<td>2026-01-29</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1638" target=3D"= _blank" rel=3D"noopener">CVE-2026-1638</a></td>

<a href=3D"https://vuldb.com/?id.343417" target=3D"_blank" rel=3D"noopener"= >VDB-343417 | Tenda AC21 mDMZSetCfg command injection</a> <a href=3D"htt= ps://vuldb.com/?ctiid.343417" target=3D"_blank" rel=3D"noopener">VDB-343417=
| CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/= ?submit.740871" target=3D"_blank" rel=3D"noopener">Submit #740871 | Tenda A= C21 V16.03.08.16 Command Injection</a> <a href=3D"https://github.com/LX-= LX88/cve/issues/26" target=3D"_blank" rel=3D"noopener">https://github.com/L= X-LX88/cve/issues/26</a> <a href=3D"https://www.tenda.com.cn/" target=3D= "_blank" rel=3D"noopener">https://www.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--HG10</td>
<td>A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon=
. This affects the function system of the file /boaform/formSysCmd. This ma= nipulation of the argument sysCmd causes command injection. The attack may =
be initiated remotely. The exploit has been published and may be used.</td> <td>2026-01-30</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1690" target=3D"= _blank" rel=3D"noopener">CVE-2026-1690</a></td>

<a href=3D"https://vuldb.com/?id.343484" target=3D"_blank" rel=3D"noopener"= >VDB-343484 | Tenda HG10 formSysCmd system command injection</a> <a href= =3D"https://vuldb.com/?ctiid.343484" target=3D"_blank" rel=3D"noopener">VDB= -343484 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vul= db.com/?submit.741425" target=3D"_blank" rel=3D"noopener">Submit #741425 | = Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Command Injection</a> <a = href=3D"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/mai= n/Tenda/HG10/formSysCmd-sysCmd-command.md" target=3D"_blank" rel=3D"noopene= r">https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Ten= da/HG10/formSysCmd-sysCmd-command.md</a> <a href=3D"https://github.com/S= unnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSysCmd-sysC= md-command.md#poc" target=3D"_blank" rel=3D"noopener">https://github.com/Su= nnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSysCmd-sysCm= d-command.md#poc</a> <a href=3D"https://www.tenda.com.cn/" target=3D"_bl= ank" rel=3D"noopener">https://www.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">theupdateframework--go-tuf</td>
<td>go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's T=
AP 4 Multirepo Client uses the map file repository name string (`repoName`)=
as a filesystem path component when selecting the local metadata cache dir= ectory. Starting in version 2.0.0 and prior to version 2.4.1, if an applica= tion accepts a map file from an untrusted source, an attacker can supply a = `repoName` containing traversal (e.g., `../escaped-repo`) and cause go-tuf =
to create directories and write the root metadata file outside the intended=
`LocalMetadataDir` cache base, within the running process's filesystem per= missions. Version 2.4.1 contains a patch.</td>
<td>2026-01-27</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24686" target=3D= "_blank" rel=3D"noopener">CVE-2026-24686</a></td>

<a href=3D"https://github.com/theupdateframework/go-tuf/security/advisories= /GHSA-jqc5-w2xx-5vq4" target=3D"_blank" rel=3D"noopener">https://github.com= /theupdateframework/go-tuf/security/advisories/GHSA-jqc5-w2xx-5vq4</a> <=
a href=3D"https://github.com/theupdateframework/go-tuf/commit/d361e2ea24e42= 7581343dee5c7a32b485d79fcc0" target=3D"_blank" rel=3D"noopener">https://git= hub.com/theupdateframework/go-tuf/commit/d361e2ea24e427581343dee5c7a32b485d= 79fcc0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">thewebfosters-thewebfosters</td>
<td>Ultimate POS 4.4 contains a persistent cross-site scripting vulnerabili=
ty in the product name parameter that allows remote attackers to inject mal= icious scripts. Attackers can exploit the vulnerability through product add=
or edit functions to execute arbitrary JavaScript and potentially hijack u= ser sessions.</td>
<td>2026-02-01</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47908" target=3D= "_blank" rel=3D"noopener">CVE-2021-47908</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2296" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://ultimatefosters.com/docs/ultimatepos/" target=3D"_blank" rel=3D= "noopener">Product Homepage</a> <a href=3D"https://www.vulncheck.com/adv= isories/ultimate-pos-persistent-cross-site-scripting-via-product-name" targ= et=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Ultimate POS 4.4 Persist= ent Cross-Site Scripting via Product Name</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">tigroumeow--AI Engine The Chatbot and AI Frame= work for WordPress</td>
<td>The AI Engine plugin for WordPress is vulnerable to Server-Side Request=
Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' fu= nction. This makes it possible for authenticated attackers, with Subscriber= -level access and above, to make web requests to arbitrary locations origin= ating from the web application and can be used to query and modify informat= ion from internal services, if "Public API" is enabled in the plugin settin= gs, and 'allow_url_fopen' is set to 'On' on the server.</td> <td>2026-01-27</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0746" target=3D"= _blank" rel=3D"noopener">CVE-2026-0746</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/cbba86= 6d-93dd-4ef5-9670-ab958f61f06e?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/cbba866d-93d= d-4ef5-9670-ab958f61f06e?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/ai-engine/tags/3.3.1/classes/engines/chatml.php#L94=
6" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/ai-engine/tags/3.3.1/classes/engines/chatml.php#L946</a> <a href= =3D"https://plugins.trac.wordpress.org/changeset/3447500/ai-engine/trunk/cl= asses/engines/chatml.php" target=3D"_blank" rel=3D"noopener">https://plugin= s.trac.wordpress.org/changeset/3447500/ai-engine/trunk/classes/engines/chat= ml.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tildeslash Ltd.--M/Monit</td>
<td>M/Monit 3.7.4 contains an authentication vulnerability that allows auth= enticated attackers to retrieve user password hashes through an administrat= ive API endpoint. Attackers can send requests to the /api/1/admin/users/lis=
t and /api/1/admin/users/get endpoints to extract MD5 password hashes for a=
ll users.</td>
<td>2026-01-28</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36968" target=3D= "_blank" rel=3D"noopener">CVE-2020-36968</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49081" target=3D"_blank" rel= =3D"noopener">ExploitDB-49081</a> <a href=3D"https://mmonit.com/" target= =3D"_blank" rel=3D"noopener">M/Monit Official Vendor Homepage</a> <a hre= f=3D"https://www.vulncheck.com/advisories/mmonit-password-disclosure" targe= t=3D"_blank" rel=3D"noopener">VulnCheck Advisory: M/Monit 3.7.4 - Password = Disclosure</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Totolink--A7000R</td>
<td>A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affect=
s the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The mani= pulation of the argument plugin_name results in command injection. It is po= ssible to launch the attack remotely. The exploit is now public and may be = used.</td>
<td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1547" target=3D"= _blank" rel=3D"noopener">CVE-2026-1547</a></td>

<a href=3D"https://vuldb.com/?id.343231" target=3D"_blank" rel=3D"noopener"= >VDB-343231 | Totolink A7000R cstecgi.cgi setUnloadUserData command injecti= on</a> <a href=3D"https://vuldb.com/?ctiid.343231" target=3D"_blank" rel= =3D"noopener">VDB-343231 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.739713" target=3D"_blank" rel=3D"noopener">= Submit #739713 | TOTOLINK A7000R V4.1cu.4154 Command Injection</a> <a hr= ef=3D"https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/01_RCE_se= tUnloadUserData_RCE.md" target=3D"_blank" rel=3D"noopener">https://github.c= om/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/01_RCE_setUnloadUserData_RCE.md= </a> <a href=3D"https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A70= 00R/01_RCE_setUnloadUserData_RCE.md#poc" target=3D"_blank" rel=3D"noopener"= >https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/01_RCE_setUnlo= adUserData_RCE.md#poc</a> <a href=3D"https://www.totolink.net/" target= =3D"_blank" rel=3D"noopener">https://www.totolink.net/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Totolink--A7000R</td>
<td>A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the f= unction CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This = manipulation of the argument url causes command injection. The attack can b=
e initiated remotely. The exploit has been published and may be used.</td> <td>2026-01-28</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1548" target=3D"= _blank" rel=3D"noopener">CVE-2026-1548</a></td>

<a href=3D"https://vuldb.com/?id.343232" target=3D"_blank" rel=3D"noopener"= >VDB-343232 | Totolink A7000R cstecgi.cgi CloudACMunualUpdateUserdata comma=
nd injection</a> <a href=3D"https://vuldb.com/?ctiid.343232" target=3D"_= blank" rel=3D"noopener">VDB-343232 | CTI Indicators (IOB, IOC, TTP, IOA)</a= > <a href=3D"https://vuldb.com/?submit.739715" target=3D"_blank" rel=3D"= noopener">Submit #739715 | TOTOLINK A7000R V4.1cu.4154 Command Injection</a= > <a href=3D"https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R= /02_RCE_CloudACMunualUpdateUserdata_RCE.md" target=3D"_blank" rel=3D"noopen= er">https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_Clou= dACMunualUpdateUserdata_RCE.md</a> <a href=3D"https://github.com/xyh4ck/= iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACMunualUpdateUserdata_RCE.md= #poc" target=3D"_blank" rel=3D"noopener">https://github.com/xyh4ck/iot_poc/= blob/main/TOTOLINK/A7000R/02_RCE_CloudACMunualUpdateUserdata_RCE.md#poc</a>= <a href=3D"https://www.totolink.net/" target=3D"_blank" rel=3D"noopener= ">https://www.totolink.net/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Totolink--A7000R</td>
<td>A weakness has been identified in Totolink A7000R 4.1cu.4154. The impac= ted element is the function setUploadUserData of the file /cgi-bin/cstecgi.= cgi. Executing a manipulation of the argument FileName can lead to command = injection. The attack can be launched remotely. The exploit has been made a= vailable to the public and could be used for attacks.</td>
<td>2026-01-29</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1601" target=3D"= _blank" rel=3D"noopener">CVE-2026-1601</a></td>

<a href=3D"https://vuldb.com/?id.343373" target=3D"_blank" rel=3D"noopener"= >VDB-343373 | Totolink A7000R cstecgi.cgi setUploadUserData command injecti= on</a> <a href=3D"https://vuldb.com/?ctiid.343373" target=3D"_blank" rel= =3D"noopener">VDB-343373 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.740760" target=3D"_blank" rel=3D"noopener">= Submit #740760 | TOTOLINK A7000R V4.1cu.4154 Command Injection</a> <a hr= ef=3D"https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/03_RCE_se= tUploadUserData_RCE.md" target=3D"_blank" rel=3D"noopener">https://github.c= om/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/03_RCE_setUploadUserData_RCE.md= </a> <a href=3D"https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A70= 00R/03_RCE_setUploadUserData_RCE.md#poc" target=3D"_blank" rel=3D"noopener"= >https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/03_RCE_setUplo= adUserData_RCE.md#poc</a> <a href=3D"https://www.totolink.net/" target= =3D"_blank" rel=3D"noopener">https://www.totolink.net/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Totolink--A7000R</td>
<td>A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted =
is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipul= ation of the argument FileName causes command injection. The attack can be = initiated remotely. The exploit has been made available to the public and c= ould be used for attacks.</td>
<td>2026-01-29</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1623" target=3D"= _blank" rel=3D"noopener">CVE-2026-1623</a></td>

<a href=3D"https://vuldb.com/?id.343382" target=3D"_blank" rel=3D"noopener"= >VDB-343382 | Totolink A7000R cstecgi.cgi setUpgradeFW command injection</a= > <a href=3D"https://vuldb.com/?ctiid.343382" target=3D"_blank" rel=3D"n= oopener">VDB-343382 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D= "https://vuldb.com/?submit.740767" target=3D"_blank" rel=3D"noopener">Submi=
t #740767 | TOTOLINK A7000R V4.1cu.4154 Command Injection</a> <a href=3D= "https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/04_RCE_setUpgr= adeFW_RCE.md" target=3D"_blank" rel=3D"noopener">https://github.com/xyh4ck/= iot_poc/blob/main/TOTOLINK/A7000R/04_RCE_setUpgradeFW_RCE.md</a> <a href= =3D"https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/04_RCE_setU= pgradeFW_RCE.md#poc" target=3D"_blank" rel=3D"noopener">https://github.com/= xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/04_RCE_setUpgradeFW_RCE.md#poc</a>= <a href=3D"https://www.totolink.net/" target=3D"_blank" rel=3D"noopener= ">https://www.totolink.net/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TrustTunnel--TrustTunnel</td>
<td>TrustTunnel is an open-source VPN protocol with a rule bypass issue in = versions prior to 0.9.115. In `tls_listener.rs`, `TlsListener::listen()` pe= eks 1024 bytes and calls `extract_client_random(...)`. If `parse_tls_plaint= ext` fails (for example, a fragmented/partial ClientHello split across TCP = writes), `extract_client_random` returns `None`. In `rules.rs`, `RulesEngin= e::evaluate` only evaluates `client_random_prefix` when `client_random` is = `Some(...)`. As a result, when extraction fails (`client_random =3D=3D None= `), any rule that relies on `client_random_prefix` matching is skipped and = evaluation falls through to later rules. As an important semantics note: `c= lient_random_prefix` is a match condition only. It does not mean "block non= -matching prefixes" by itself. A rule with `client_random_prefix =3D ...` t= riggers its `action` only when the prefix matches (and the field is availab=
le to evaluate). Non-matches (or `None`) simply do not match that rule and = continue to fall through. The vulnerability is fixed in version 0.9.115.</t=

<td>2026-01-29</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24904" target=3D= "_blank" rel=3D"noopener">CVE-2026-24904</a></td>

<a href=3D"https://github.com/TrustTunnel/TrustTunnel/security/advisories/G= HSA-fqh7-r5gf-3r87" target=3D"_blank" rel=3D"noopener">https://github.com/T= rustTunnel/TrustTunnel/security/advisories/GHSA-fqh7-r5gf-3r87</a> <a hr= ef=3D"https://github.com/TrustTunnel/TrustTunnel/commit/aa5060145506952b943= 1b0ed3edb52bb6c08d9a6" target=3D"_blank" rel=3D"noopener">https://github.co= m/TrustTunnel/TrustTunnel/commit/aa5060145506952b9431b0ed3edb52bb6c08d9a6</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tryton--Tryton</td>
<td>Tryton 5.4 contains a persistent cross-site scripting vulnerability in = the user profile name input that allows remote attackers to inject maliciou=
s scripts. Attackers can exploit the vulnerability by inserting script payl= oads in the name field, which execute in the frontend and backend user inte= rfaces.</td>
<td>2026-01-30</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37014" target=3D= "_blank" rel=3D"noopener">CVE-2020-37014</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48466" target=3D"_blank" rel= =3D"noopener">ExploitDB-48466</a> <a href=3D"https://www.tryton.org/" ta= rget=3D"_blank" rel=3D"noopener">Official Tryton Homepage</a> <a href=3D= "https://www.tryton.org/download" target=3D"_blank" rel=3D"noopener">Tryton=
Download Page</a> <a href=3D"https://www.vulnerability-lab.com/get_cont= ent.php?id=3D2233" target=3D"_blank" rel=3D"noopener">Vulnerability Lab Adv= isory</a> <a href=3D"https://www.vulncheck.com/advisories/tryton-persist= ent-cross-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Advi= sory: Tryton 5.4 - Persistent Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">vercel--next</td>
<td>A denial of service vulnerability exists in self-hosted Next.js applica= tions that have `remotePatterns` configured for the Image Optimizer. The im= age optimization endpoint (`/_next/image`) loads external images entirely i= nto memory without enforcing a maximum size limit, allowing an attacker to = cause out-of-memory conditions by requesting optimization of arbitrarily la= rge images. This vulnerability requires that `remotePatterns` is configured=
to allow image optimization from external domains and that the attacker ca=
n serve or control a large image on an allowed domain. Strongly consider up= grading to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues=
in Next applications.</td>
<td>2026-01-26</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59471" target=3D= "_blank" rel=3D"noopener">CVE-2025-59471</a></td>

<a href=3D"https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-= 9gw9-jx7f" target=3D"_blank" rel=3D"noopener">https://github.com/vercel/nex= t.js/security/advisories/GHSA-9g9p-9gw9-jx7f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">vercel--next</td>
<td>A denial of service vulnerability exists in Next.js versions with Parti=
al Prerendering (PPR) enabled when running in minimal mode. The PPR resume = endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` he= ader and processes attacker-controlled postponed state data. Two closely re= lated vulnerabilities allow an attacker to crash the server process through=
memory exhaustion: 1. **Unbounded request body buffering**: The server buf= fers the entire POST request body into memory using `Buffer.concat()` witho=
ut enforcing any size limit, allowing arbitrarily large payloads to exhaust=
available memory. 2. **Unbounded decompression (zipbomb)**: The resume dat=
a cache is decompressed using `inflateSync()` without limiting the decompre= ssed output size. A small compressed payload can expand to hundreds of mega= bytes or gigabytes, causing memory exhaustion. Both attack vectors result i=
n a fatal V8 out-of-memory error (`FATAL ERROR: Reached heap limit Allocati=
on failed - JavaScript heap out of memory`) causing the Node.js process to = terminate. The zipbomb variant is particularly dangerous as it can bypass r= everse proxy request size limits while still causing large memory allocatio=
n on the server. To be affected you must have an application running with `= experimental.ppr: true` or `cacheComponents: true` configured along with th=
e NEXT_PRIVATE_MINIMAL_MODE=3D1 environment variable. Strongly consider upg= rading to 15.6.0-canary.61 or 16.1.5 to reduce risk and prevent availabilit=
y issues in Next applications.</td>
<td>2026-01-26</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59472" target=3D= "_blank" rel=3D"noopener">CVE-2025-59472</a></td>

<a href=3D"https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-= jpqc-wp7h" target=3D"_blank" rel=3D"noopener">https://github.com/vercel/nex= t.js/security/advisories/GHSA-5f7q-jpqc-wp7h</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">vinod-dalvi--Ivory Search WordPress Search Plu= gin</td>
<td>The Ivory Search - WordPress Search Plugin plugin for WordPress is vuln= erable to Stored Cross-Site Scripting via admin settings in all versions up=
to, and including, 5.5.13 due to insufficient input sanitization and outpu=
t escaping. This makes it possible for authenticated attackers, with admini= strator-level permissions and above, to inject arbitrary web scripts in pag=
es that will execute whenever a user accesses an injected page. This only a= ffects multi-site installations and installations where unfiltered_html has=
been disabled.</td>
<td>2026-01-28</td>
<td>4.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1053" target=3D"= _blank" rel=3D"noopener">CVE-2026-1053</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/cdc5ef= 6a-32d8-4c4b-b459-d9b543b56898?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/cdc5ef6a-32d= 8-4c4b-b459-d9b543b56898?source=3Dcve</a> <a href=3D"https://plugins.svn= .wordpress.org/add-search-to-menu/tags/5.5.13/public/class-is-public.php" t= arget=3D"_blank" rel=3D"noopener">https://plugins.svn.wordpress.org/add-sea= rch-to-menu/tags/5.5.13/public/class-is-public.php</a> <a href=3D"https:= //plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.13/public/= class-is-public.php#L204" target=3D"_blank" rel=3D"noopener">https://plugin= s.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.13/public/class-is= -public.php#L204</a> <a href=3D"https://plugins.trac.wordpress.org/brows= er/add-search-to-menu/tags/5.5.13/public/class-is-public.php#L249" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/add= -search-to-menu/tags/5.5.13/public/class-is-public.php#L249</a> <a href= =3D"https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.= 13/public/partials/is-ajax-results.php#L148" target=3D"_blank" rel=3D"noope= ner">https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5= .13/public/partials/is-ajax-results.php#L148</a> <a href=3D"https://plug= ins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old= =3D3444659%40add-search-to-menu&new=3D3444659%40add-search-to-menu&sfp_emai= l=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3444659= %40add-search-to-menu&new=3D3444659%40add-search-to-menu&sfp_email=3D&sfph_= mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">vlt--vlt</td>
<td>vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to=
path traversal during extraction.</td>
<td>2026-01-27</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24909" target=3D= "_blank" rel=3D"noopener">CVE-2026-24909</a></td>

<a href=3D"https://www.scworld.com/news/six-javascript-zero-day-bugs-lead-t= o-fears-of-supply-chain-attack" target=3D"_blank" rel=3D"noopener">https://= www.scworld.com/news/six-javascript-zero-day-bugs-lead-to-fears-of-supply-c= hain-attack</a> <a href=3D"https://github.com/vltpkg/vltpkg/releases/tag= /v1.0.0-rc.10" target=3D"_blank" rel=3D"noopener">https://github.com/vltpkg= /vltpkg/releases/tag/v1.0.0-rc.10</a> <a href=3D"https://github.com/vltp= kg/vltpkg/pull/1334" target=3D"_blank" rel=3D"noopener">https://github.com/= vltpkg/vltpkg/pull/1334</a> <a href=3D"https://www.koi.ai/blog/packagega= te-6-zero-days-in-js-package-managers-but-npm-wont-act" target=3D"_blank" r= el=3D"noopener">https://www.koi.ai/blog/packagegate-6-zero-days-in-js-packa= ge-managers-but-npm-wont-act</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">webaways--NEX-Forms Ultimate Forms Plugin for = WordPress</td>
<td>The NEX-Forms - Ultimate Forms Plugin for WordPress is vulnerable to un= authorized access of data due to a missing capability check on the NF5_Expo= rt_Forms class constructor in all versions up to, and including, 9.1.8. Thi=
s makes it possible for unauthenticated attackers to export form configurat= ions, that may include sensitive data, such as email addresses, PayPal API = credentials, and third-party integration keys by enumerating the nex_forms_=
Id parameter.</td>
<td>2026-01-31</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15510" target=3D= "_blank" rel=3D"noopener">CVE-2025-15510</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddfa5a= 3d-fef2-4049-915c-51c3e28153bf?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/ddfa5a3d-fef= 2-4049-915c-51c3e28153bf?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.1.7/includ= es/classes/class.export.php#L11" target=3D"_blank" rel=3D"noopener">https:/= /plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/= 9.1.7/includes/classes/class.export.php#L11</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">webguyio--Stop Spammers Classic</td>
<td>The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-S= ite Request Forgery in all versions up to, and including, 2026.1. This is d=
ue to missing nonce validation in the ss_addtoallowlist class. This makes i=
t possible for unauthenticated attackers to add arbitrary email addresses t=
o the spam allowlist via a forged request granted they can trick a site adm= inistrator into performing an action such as clicking on a link. The vulner= ability was partially patched in version 2026.1.</td>
<td>2026-01-28</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14795" target=3D= "_blank" rel=3D"noopener">CVE-2025-14795</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d6f38= d7-a769-422d-ae3f-565cb1cc8a73?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/5d6f38d7-a76= 9-422d-ae3f-565cb1cc8a73?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/stop-spammer-registrations-plugin/tags/2025.4/class= es/ss_addtoallowlist.php#L21" target=3D"_blank" rel=3D"noopener">https://pl= ugins.trac.wordpress.org/browser/stop-spammer-registrations-plugin/tags/202= 5.4/classes/ss_addtoallowlist.php#L21</a> <a href=3D"https://plugins.tra= c.wordpress.org/changeset/3436357/" target=3D"_blank" rel=3D"noopener">http= s://plugins.trac.wordpress.org/changeset/3436357/</a> <a href=3D"https:/= /plugins.trac.wordpress.org/changeset/3440788/" target=3D"_blank" rel=3D"no= opener">https://plugins.trac.wordpress.org/changeset/3440788/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">WebMO, LLC--WebMO Job Manager</td>
<td>WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in=
search parameters that allows remote attackers to inject malicious script = code. Attackers can exploit the filterSearch and filterSearchType parameter=
s to perform non-persistent attacks including session hijacking and externa=
l redirects.</td>
<td>2026-02-01</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2021-47920" target=3D= "_blank" rel=3D"noopener">CVE-2021-47920</a></td>

<a href=3D"https://www.vulnerability-lab.com/get_content.php?id=3D2270" tar= get=3D"_blank" rel=3D"noopener">Vulnerability Lab Advisory</a> <a href= =3D"https://www.webmo.net" target=3D"_blank" rel=3D"noopener">Product Homep= age</a> <a href=3D"https://www.vulncheck.com/advisories/webmo-job-manage= r-cross-site-scripting-via-search-parameters" target=3D"_blank" rel=3D"noop= ener">VulnCheck Advisory: WebMO Job Manager 20.0 Cross-Site Scripting via S= earch Parameters</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WellChoose--Single Sign-On Portal System</td> <td>Single Sign-On Portal System developed by WellChoose has a Reflected Cr= oss-site Scripting vulnerability, allowing authenticated remote attackers t=
o execute arbitrary JavaScript codes in user's browser through phishing att= acks.</td>
<td>2026-01-26</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1429" target=3D"= _blank" rel=3D"noopener">CVE-2026-1429</a></td>

<a href=3D"https://www.twcert.org.tw/tw/cp-132-10654-23f40-1.html" target= =3D"_blank" rel=3D"noopener">https://www.twcert.org.tw/tw/cp-132-10654-23f4= 0-1.html</a> <a href=3D"https://www.twcert.org.tw/en/cp-139-10655-59160-= 2.html" target=3D"_blank" rel=3D"noopener">https://www.twcert.org.tw/en/cp-= 139-10655-59160-2.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">withstudiocms--studiocms</td>
<td>StudioCMS is a server-side-rendered, Astro native, headless content man= agement system. Versions prior to 0.2.0 contain a Broken Object Level Autho= rization (BOLA) vulnerability in the Content Management feature that allows=
users with the "Visitor" role to access draft content created by Editor/Ad= min/Owner users. Version 0.2.0 patches the issue.</td>
<td>2026-01-27</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24134" target=3D= "_blank" rel=3D"noopener">CVE-2026-24134</a></td>

<a href=3D"https://github.com/withstudiocms/studiocms/security/advisories/G= HSA-8cw6-53m5-4932" target=3D"_blank" rel=3D"noopener">https://github.com/w= ithstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932</a> <a hr= ef=3D"https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd7= 5463622c30dda390c50ad" target=3D"_blank" rel=3D"noopener">https://github.co= m/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad</= a> <a href=3D"https://github.com/withstudiocms/studiocms/releases/tag/st= udiocms%400.2.0" target=3D"_blank" rel=3D"noopener">https://github.com/with= studiocms/studiocms/releases/tag/studiocms%400.2.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wpbits--WPBITS Addons For Elementor Page Build= er</td>
<td>The WPBITS Addons For Elementor plugin for WordPress is vulnerable to S= tored Cross-Site Scripting via multiple widget parameters in versions up to=
, and including, 1.8 due to insufficient input sanitization and output esca= ping when dynamic content is enabled. This makes it possible for authentica= ted attackers with contributor-level permissions and above to inject arbitr= ary web scripts in pages that will execute whenever a user accesses an inje= cted page.</td>
<td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9082" target=3D"= _blank" rel=3D"noopener">CVE-2025-9082</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/99b478= 56-502e-4e9d-b0ea-62c57509b46a?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/99b47856-502= e-4e9d-b0ea-62c57509b46a?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/= image_compare.php#L607" target=3D"_blank" rel=3D"noopener">https://plugins.= trac.wordpress.org/browser/wpbits-addons-for-elementor/trunk/includes/widge= ts/image_compare.php#L607</a> <a href=3D"https://plugins.trac.wordpress.= org/browser/wpbits-addons-for-elementor/trunk/includes/widgets/tooltip.php#= L860" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org= /browser/wpbits-addons-for-elementor/trunk/includes/widgets/tooltip.php#L86= 0</a> <a href=3D"https://plugins.trac.wordpress.org/browser/wpbits-addon= s-for-elementor/trunk/includes/widgets/text_rotator.php#L369" target=3D"_bl= ank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/wpbits-add= ons-for-elementor/trunk/includes/widgets/text_rotator.php#L369</a> <a hr= ef=3D"https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail= =3D&reponame=3D&old=3D3442812%40wpbits-addons-for-elementor&new=3D3442812%4= 0wpbits-addons-for-elementor&sfp_email=3D&sfph_mail=3D" target=3D"_blank" r= el=3D"noopener">https://plugins.trac.wordpress.org/changeset?sfp_email=3D&s= fph_mail=3D&reponame=3D&old=3D3442812%40wpbits-addons-for-elementor&new=3D3= 442812%40wpbits-addons-for-elementor&sfp_email=3D&sfph_mail</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">wpblockart--BlockArt Blocks Gutenberg Blocks, = Page Builder Blocks ,WordPress Block Plugin, Sections & Template Librar= y</td>
<td>The BlockArt Blocks - Gutenberg Blocks, Page Builder Blocks ,WordPress = Block Plugin, Sections & Template Library plugin for WordPress is vulne= rable to Stored Cross-Site Scripting via the BlockArt Counter in all versio=
ns up to, and including, 2.2.14 due to insufficient input sanitization and = output escaping on user supplied attributes. This makes it possible for aut= henticated attackers, with contributor-level access and above, to inject ar= bitrary web scripts in pages that will execute whenever a user accesses an = injected page.</td>
<td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14283" target=3D= "_blank" rel=3D"noopener">CVE-2025-14283</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/d9526a= 8b-fefe-4ca6-871f-1ead3f498679?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/d9526a8b-fef= e-4ca6-871f-1ead3f498679?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/blockart-blocks/trunk/dist/counter.js" target=3D"_b= lank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/blockart-= blocks/trunk/dist/counter.js</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wpchill--Passster Password Protect Pages and C= ontent</td>
<td>The Passster - Password Protect Pages and Content plugin for WordPress =
is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_prot= ector' shortcode in all versions up to, and including, 4.2.24. This makes i=
t possible for authenticated attackers, with Contributor-level access and a= bove, to inject arbitrary web scripts in pages that will execute whenever a=
user accesses an injected page. The vulnerability was partially patched in=
version 4.2.21.</td>
<td>2026-01-28</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14865" target=3D= "_blank" rel=3D"noopener">CVE-2025-14865</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea939= f5-8b56-44be-bd20-b69e9ded5970?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea939f5-8b5= 6-44be-bd20-b69e9ded5970?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/content-protector/tags/4.2.20/inc/class-ps-public.p= hp#L136" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.= org/browser/content-protector/tags/4.2.20/inc/class-ps-public.php#L136</a><= br><a href=3D"https://plugins.trac.wordpress.org/changeset/3422595/" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset/3= 422595/</a> <a href=3D"https://plugins.trac.wordpress.org/changeset/3439= 532/" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org= /changeset/3439532/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wpcodefactory--Order Minimum/Maximum Amount Li= mits for WooCommerce</td>
<td>The Order Minimum/Maximum Amount Limits for WooCommerce plugin for Word= Press is vulnerable to Stored Cross-Site Scripting via settings in all vers= ions up to, and including, 4.6.8 due to insufficient input sanitization and=
output escaping. This makes it possible for authenticated attackers, with = Shop Manager-level permissions and above, to inject arbitrary web scripts i=
n pages that will execute whenever a user accesses an injected page. This o= nly affects multi-site installations and installations where unfiltered_htm=
l has been disabled.</td>
<td>2026-01-28</td>
<td>4.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1381" target=3D"= _blank" rel=3D"noopener">CVE-2026-1381</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/3f54f1= 17-0dde-49f9-8014-7650bc1a00ac?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/3f54f117-0dd= e-49f9-8014-7650bc1a00ac?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/order-minimum-amount-for-woocommerce/trunk/includes= /settings/class-alg-wc-oma-settings-general.php" target=3D"_blank" rel=3D"n= oopener">https://plugins.trac.wordpress.org/browser/order-minimum-amount-fo= r-woocommerce/trunk/includes/settings/class-alg-wc-oma-settings-general.php= </a> <a href=3D"https://plugins.trac.wordpress.org/browser/order-minimum= -amount-for-woocommerce/trunk/includes/class-alg-wc-oma-core.php#L86" targe= t=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/or= der-minimum-amount-for-woocommerce/trunk/includes/class-alg-wc-oma-core.php= #L86</a> <a href=3D"https://plugins.trac.wordpress.org/browser/order-min= imum-amount-for-woocommerce/tags/4.6.8/includes/class-alg-wc-oma-core.php#L= 86" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/b= rowser/order-minimum-amount-for-woocommerce/tags/4.6.8/includes/class-alg-w= c-oma-core.php#L86</a> <a href=3D"https://plugins.trac.wordpress.org/cha= ngeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3447432%40order-minimum-= amount-for-woocommerce&new=3D3447432%40order-minimum-amount-for-woocommerce= &sfp_email=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plug= ins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old= =3D3447432%40order-minimum-amount-for-woocommerce&new=3D3447432%40order-min= imum-amount-for-woocommerce&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wpdevelop--Booking Calendar</td>
<td>The Booking Calendar plugin for WordPress is vulnerable to unauthorized=
access of data due to a missing capability check on the wpbc_ajax_WPBC_FLE= XTIMELINE_NAV() function in all versions up to, and including, 10.14.13. Th=
is makes it possible for unauthenticated attackers to retrieve booking info= rmation including customer names, phones and emails.</td>
<td>2026-01-31</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1431" target=3D"= _blank" rel=3D"noopener">CVE-2026-1431</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/0bd92f= 91-d9b1-4f6f-ac1a-477950ea2e80?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/0bd92f91-d9b= 1-4f6f-ac1a-477950ea2e80?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/booking/tags/10.14.13/core/lib/wpbc-ajax.php#L25" t= arget=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browse= r/booking/tags/10.14.13/core/lib/wpbc-ajax.php#L25</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Xeroneit--Xeroneit Library Management System</=

<td>Xeroneit Library Management System 3.1 contains a stored cross-site scr= ipting vulnerability in the Book Category feature that allows administrator=
s to inject malicious scripts. Attackers can insert a payload in the Catego=
ry Name field to execute arbitrary JavaScript code when the page is loaded.= </td>
<td>2026-01-26</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-36954" target=3D= "_blank" rel=3D"noopener">CVE-2020-36954</a></td>

<a href=3D"https://www.exploit-db.com/exploits/49292" target=3D"_blank" rel= =3D"noopener">ExploitDB-49292</a> <a href=3D"https://xeroneit.net/" targ= et=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://xe= roneit.net/portfolio/library-management-system-lms" target=3D"_blank" rel= =3D"noopener">Software Product Page</a> <a href=3D"https://www.vulncheck= .com/advisories/xeroneit-library-management-system-add-book-category-stored= -xss" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Xeroneit Libra=
ry Management System 3.1 - "Add Book Category " Stored XSS</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">zephyrproject-rtos--Zephyr</td>
<td>A flaw in Zephyr's network stack allows an IPv4 packet containing ICMP = type 128 to be misclassified as an ICMPv6 Echo Request. This results in an = out-of-bounds memory read and creates a potential information-leak vulnerab= ility in the networking subsystem.</td>
<td>2026-01-30</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12899" target=3D= "_blank" rel=3D"noopener">CVE-2025-12899</a></td>

<a href=3D"https://github.com/zephyrproject-rtos/zephyr/security/advisories= /GHSA-c2vg-hj83-c2vg" target=3D"_blank" rel=3D"noopener">https://github.com= /zephyrproject-rtos/zephyr/security/advisories/GHSA-c2vg-hj83-c2vg</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Zhong Bang--CRMEB</td>
<td>A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. Th=
is vulnerability affects unknown code of the file crmeb/app/api/controller/= v1/CrontabController.php of the component crontab Endpoint. The manipulatio=
n results in missing authorization. The attack can be launched remotely. Th=
e exploit has been released to the public and may be used for attacks. The = vendor was contacted early about this disclosure but did not respond in any=
way.</td>
<td>2026-02-01</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1734" target=3D"= _blank" rel=3D"noopener">CVE-2026-1734</a></td>

<a href=3D"https://vuldb.com/?id.343633" target=3D"_blank" rel=3D"noopener"= >VDB-343633 | Zhong Bang CRMEB crontab Endpoint CrontabController.php autho= rization</a> <a href=3D"https://vuldb.com/?ctiid.343633" target=3D"_blan=
k" rel=3D"noopener">VDB-343633 | CTI Indicators (IOB, IOC, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.736619" target=3D"_blank" rel=3D"noopener"= >Submit #736619 | Zhongbang CRMEB v5.6.3 Missing Authorization</a> <a hr= ef=3D"https://github.com/foeCat/CVE/blob/main/CRMEB/crontab_unauthorized_ac= cess.md" target=3D"_blank" rel=3D"noopener">https://github.com/foeCat/CVE/b= lob/main/CRMEB/crontab_unauthorized_access.md</a> <a href=3D"https://git= hub.com/foeCat/CVE/blob/main/CRMEB/crontab_unauthorized_access.md#proof-of-= concept" target=3D"_blank" rel=3D"noopener">https://github.com/foeCat/CVE/b= lob/main/CRMEB/crontab_unauthorized_access.md#proof-of-concept</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Zhong Bang--CRMEB</td>
<td>A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This af= fects the function detail/tidyOrder of the file /api/store_integral/order/d= etail/:uni. The manipulation of the argument order_id leads to improper aut= horization. The attack can be initiated remotely. The exploit is publicly a= vailable and might be used. The vendor was contacted early about this discl= osure but did not respond in any way.</td>
<td>2026-02-01</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1733" target=3D"= _blank" rel=3D"noopener">CVE-2026-1733</a></td>

<a href=3D"https://vuldb.com/?id.343632" target=3D"_blank" rel=3D"noopener"= >VDB-343632 | Zhong Bang CRMEB :uni tidyOrder improper authorization</a><br= ><a href=3D"https://vuldb.com/?ctiid.343632" target=3D"_blank" rel=3D"noope= ner">VDB-343632 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"htt= ps://vuldb.com/?submit.736558" target=3D"_blank" rel=3D"noopener">Submit #7= 36558 | Zhongbang CRMEB v5.6.3 Improper Access Controls</a> <a href=3D"h= ttps://github.com/foeCat/CVE/blob/main/CRMEB/integral_order_detail_idor.md"=
target=3D"_blank" rel=3D"noopener">https://github.com/foeCat/CVE/blob/main= /CRMEB/integral_order_detail_idor.md</a> <a href=3D"https://github.com/f= oeCat/CVE/blob/main/CRMEB/integral_order_detail_idor.md#%E6%BC%8F%E6%B4%9E%= E5%A4%8D%E7%8E%B0" target=3D"_blank" rel=3D"noopener">https://github.com/fo= eCat/CVE/blob/main/CRMEB/integral_order_detail_idor.md#%E6%BC%8F%E6%B4%9E%E= 5%A4%8D%E7%8E%B0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Zohocorp--ManageEngine OpManager</td>
<td>Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions=
prior to 128582 are affected by a stored cross-site scripting vulnerabilit=
y in the Subnet Details.</td>
<td>2026-01-30</td>
<td>4.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9226" target=3D"= _blank" rel=3D"noopener">CVE-2025-9226</a></td>

<a href=3D"https://www.manageengine.com/itom/advisory/cve-2025-9226.html" t= arget=3D"_blank" rel=3D"noopener">https://www.manageengine.com/itom/advisor= y/cve-2025-9226.html</a> =C2=A0</td>
</tr>
</tbody>
</table>
<a href=3D"#top">Back to top</a>
</div>
<div id=3D"low_v">
<h2 id=3D"low_v_title">Low Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"Low Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
Primary Vendor -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">Bdtask--Bhojon All-In-One Restaurant Managemen=
t System</td>
<td>A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Manage= ment System up to 20260116. Impacted is an unknown function of the file /da= shboard/home/profile of the component User Information Module. Performing a=
manipulation of the argument fullname results in cross site scripting. It =
is possible to initiate the attack remotely. The exploit has been made publ=
ic and could be used. The vendor was contacted early about this disclosure = but did not respond in any way.</td>
<td>2026-01-29</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1598" target=3D"= _blank" rel=3D"noopener">CVE-2026-1598</a></td>

<a href=3D"https://vuldb.com/?id.343360" target=3D"_blank" rel=3D"noopener"= >VDB-343360 | Bdtask Bhojon All-In-One Restaurant Management System User In= formation profile cross site scripting</a> <a href=3D"https://vuldb.com/= ?ctiid.343360" target=3D"_blank" rel=3D"noopener">VDB-343360 | CTI Indicato=
rs (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.740738"=
target=3D"_blank" rel=3D"noopener">Submit #740738 | Bdtask Bhojon All-In-O=
ne Restaurant Management System Latest Stored Cross-Site Scripting</a> <=
a href=3D"https://github.com/4m3rr0r/PoCVulDb/issues/12" target=3D"_blank" = rel=3D"noopener">https://github.com/4m3rr0r/PoCVulDb/issues/12</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Brother Industries, Ltd.--Multiple MFPs</td> <td>Multiple MFPs provided by Brother Industries, Ltd. does not properly va= lidate server certificates, which may allow a man-in-the-middle attacker to=
replace the set of root certificates used by the product with a set of arb= itrary certificates.</td>
<td>2026-01-29</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-53869" target=3D= "_blank" rel=3D"noopener">CVE-2025-53869</a></td>

<a href=3D"https://faq.brother.co.jp/app/answers/detail/a_id/13716" target= =3D"_blank" rel=3D"noopener">https://faq.brother.co.jp/app/answers/detail/a= _id/13716</a> <a href=3D"https://www.konicaminolta.com/global-en/securit= y/advisory/pdf/km-2026-0001.pdf" target=3D"_blank" rel=3D"noopener">https:/= /www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.pdf</a>= <a href=3D"https://www.ricoh.com/products/security/vulnerabilities/vul?= id=3Dricoh-2026-000001" target=3D"_blank" rel=3D"noopener">https://www.rico= h.com/products/security/vulnerabilities/vul?id=3Dricoh-2026-000001</a> <=
a href=3D"https://jvn.jp/en/vu/JVNVU92878805/" target=3D"_blank" rel=3D"noo= pener">https://jvn.jp/en/vu/JVNVU92878805/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Examination System</td> <td>A vulnerability has been found in code-projects Online Examination Syst=
em 1.0. Affected is an unknown function of the component Add Pages. Such ma= nipulation leads to cross site scripting. The attack can be executed remote= ly. The exploit has been disclosed to the public and may be used.</td> <td>2026-01-26</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1421" target=3D"= _blank" rel=3D"noopener">CVE-2026-1421</a></td>

<a href=3D"https://vuldb.com/?id.342837" target=3D"_blank" rel=3D"noopener"= >VDB-342837 | code-projects Online Examination System Add Pages cross site = scripting</a> <a href=3D"https://vuldb.com/?ctiid.342837" target=3D"_bla= nk" rel=3D"noopener">VDB-342837 | CTI Indicators (IOB, IOC, TTP)</a> <a = href=3D"https://vuldb.com/?submit.736605" target=3D"_blank" rel=3D"noopener= ">Submit #736605 | code-projects Online Examination System 1 Cross Site Scr= ipting</a> <a href=3D"https://github.com/geo-chen/code-projects/blob/mai= n/Online%20Examination%20System%20In%20PHP%20With%20Source%20Code.md#findin= g-1-stored-xss-in-all-add-pages" target=3D"_blank" rel=3D"noopener">https:/= /github.com/geo-chen/code-projects/blob/main/Online%20Examination%20System%= 20In%20PHP%20With%20Source%20Code.md#finding-1-stored-xss-in-all-add-pages<= /a> <a href=3D"https://code-projects.org/" target=3D"_blank" rel=3D"noop= ener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DCS-700L</td>
<td>A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected=
element is the function uploadmusic of the file /setUploadMusic of the com= ponent Music File Upload Service. The manipulation of the argument UploadMu= sic leads to path traversal. The attack can only be initiated within the lo= cal network. The exploit is publicly available and might be used. This vuln= erability only affects products that are no longer supported by the maintai= ner.</td>
<td>2026-01-28</td>
<td>2.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1532" target=3D"= _blank" rel=3D"noopener">CVE-2026-1532</a></td>

<a href=3D"https://vuldb.com/?id.343218" target=3D"_blank" rel=3D"noopener"= >VDB-343218 | D-Link DCS-700L Music File Upload Service setUploadMusic uplo= admusic path traversal</a> <a href=3D"https://vuldb.com/?ctiid.343218" t= arget=3D"_blank" rel=3D"noopener">VDB-343218 | CTI Indicators (IOB, IOC, TT=
P, IOA)</a> <a href=3D"https://vuldb.com/?submit.738693" target=3D"_blan=
k" rel=3D"noopener">Submit #738693 | D-Link DCS700l v1.03.09 Absolute Path = Traversal</a> <a href=3D"https://tzh00203.notion.site/D-Link-DCS700l-v1-= 03-09-Path-Traversal-Vulnerability-in-Music-File-Upload-2e8b5c52018a8036955= 3f07ab91aabe2?source=3Dcopy_link" target=3D"_blank" rel=3D"noopener">https:= //tzh00203.notion.site/D-Link-DCS700l-v1-03-09-Path-Traversal-Vulnerability= -in-Music-File-Upload-2e8b5c52018a80369553f07ab91aabe2?source=3Dcopy_link</= a> <a href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener"= >https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A vulnerability was identified in D-Link DIR-823X 250416. This vulnerab= ility affects the function sub_40AC74 of the component Login. Such manipula= tion leads to improper restriction of excessive authentication attempts. Th=
e attack may be performed from remote. This attack is characterized by high=
complexity. It is stated that the exploitability is difficult. The exploit=
is publicly available and might be used.</td>
<td>2026-01-30</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1685" target=3D"= _blank" rel=3D"noopener">CVE-2026-1685</a></td>

<a href=3D"https://vuldb.com/?id.343479" target=3D"_blank" rel=3D"noopener"= >VDB-343479 | D-Link DIR-823X Login sub_40AC74 excessive authentication</a>= <a href=3D"https://vuldb.com/?ctiid.343479" target=3D"_blank" rel=3D"no= opener">VDB-343479 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"= https://vuldb.com/?submit.740886" target=3D"_blank" rel=3D"noopener">Submit=
#740886 | D-Link dir-823X 250416 A logical flaw in the authentication mech= anism exists</a> <a href=3D"https://github.com/master-abc/cve/issues/17"=
target=3D"_blank" rel=3D"noopener">https://github.com/master-abc/cve/issue= s/17</a> <a href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noo= pener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DSL-6641K</td>
<td>A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Aff= ected by this issue is the function ad_virtual_server_vdsl of the component=
Web Interface. Performing a manipulation of the argument Name results in c= ross site scripting. It is possible to initiate the attack remotely. The ex= ploit is now public and may be used.</td>
<td>2026-01-30</td>
<td>2.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1705" target=3D"= _blank" rel=3D"noopener">CVE-2026-1705</a></td>

<a href=3D"https://vuldb.com/?id.343510" target=3D"_blank" rel=3D"noopener"= >VDB-343510 | D-Link DSL-6641K Web ad_virtual_server_vdsl cross site script= ing</a> <a href=3D"https://vuldb.com/?ctiid.343510" target=3D"_blank" re= l=3D"noopener">VDB-343510 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.742421" target=3D"_blank" rel=3D"noopener"= >Submit #742421 | D-Link DSL6641K version N8.TR069.20131126 Cross Site Scri= pting</a> <a href=3D"https://tzh00203.notion.site/D-Link-DSL6641K-versio= n-N8-TR069-20131126-XSS-via-ad_virtual_server_vdsl-Configuration-2eeb5c5201= 8a805d97adfb23dfec39c9?source=3Dcopy_link" target=3D"_blank" rel=3D"noopene= r">https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-X= SS-via-ad_virtual_server_vdsl-Configuration-2eeb5c52018a805d97adfb23dfec39c= 9?source=3Dcopy_link</a> <a href=3D"https://www.dlink.com/" target=3D"_b= lank" rel=3D"noopener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">GnuPG--GnuPG</td>
<td>In GnuPG before 2.5.17, a long signature packet length causes parse_sig= nature to return success with sig->data[] set to a NULL value, leading t=
o a denial of service (application crash).</td>
<td>2026-01-27</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24883" target=3D= "_blank" rel=3D"noopener">CVE-2026-24883</a></td>

<a href=3D"https://www.openwall.com/lists/oss-security/2026/01/27/8" target= =3D"_blank" rel=3D"noopener">https://www.openwall.com/lists/oss-security/20= 26/01/27/8</a> <a href=3D"https://dev.gnupg.org/T8049" target=3D"_blank"=
rel=3D"noopener">https://dev.gnupg.org/T8049</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">GPAC--GPAC</td>
<td>A vulnerability was identified in GPAC up to 2.4.0. Affected is the fun= ction gf_media_export_webvtt_metadata of the file src/media_tools/media_exp= ort.c. The manipulation of the argument Name leads to null pointer derefere= nce. The attack must be carried out locally. The exploit is publicly availa= ble and might be used. The identifier of the patch is af951b892dfbaaa38336b= a2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch= .</td>
<td>2026-01-26</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1415" target=3D"= _blank" rel=3D"noopener">CVE-2026-1415</a></td>

<a href=3D"https://vuldb.com/?id.342804" target=3D"_blank" rel=3D"noopener"= >VDB-342804 | GPAC media_export.c gf_media_export_webvtt_metadata null poin= ter dereference</a> <a href=3D"https://vuldb.com/?ctiid.342804" target= =3D"_blank" rel=3D"noopener">VDB-342804 | CTI Indicators (IOB, IOC, IOA)</a= > <a href=3D"https://vuldb.com/?submit.736541" target=3D"_blank" rel=3D"= noopener">Submit #736541 | gpac v2.4.0 NULL Pointer Dereference</a> <a h= ref=3D"https://github.com/gpac/gpac/issues/3428" target=3D"_blank" rel=3D"n= oopener">https://github.com/gpac/gpac/issues/3428</a> <a href=3D"https:/= /github.com/gpac/gpac/issues/3428#issue-3802223345" target=3D"_blank" rel= =3D"noopener">https://github.com/gpac/gpac/issues/3428#issue-3802223345</a>= <a href=3D"https://github.com/enocknt/gpac/commit/af951b892dfbaaa38336b= a2eba6d6a42c25810fd" target=3D"_blank" rel=3D"noopener">https://github.com/= enocknt/gpac/commit/af951b892dfbaaa38336ba2eba6d6a42c25810fd</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">GPAC--GPAC</td>
<td>A security flaw has been discovered in GPAC up to 2.4.0. Affected by th=
is vulnerability is the function DumpMovieInfo of the file applications/mp4= box/filedump.c. The manipulation results in null pointer dereference. The a= ttack must be initiated from a local position. The exploit has been release=
d to the public and may be used for attacks. The patch is identified as d45= c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch=
to correct this issue.</td>
<td>2026-01-26</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1416" target=3D"= _blank" rel=3D"noopener">CVE-2026-1416</a></td>

<a href=3D"https://vuldb.com/?id.342805" target=3D"_blank" rel=3D"noopener"= >VDB-342805 | GPAC filedump.c DumpMovieInfo null pointer dereference</a><br= ><a href=3D"https://vuldb.com/?ctiid.342805" target=3D"_blank" rel=3D"noope= ner">VDB-342805 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://= vuldb.com/?submit.736542" target=3D"_blank" rel=3D"noopener">Submit #736542=
| gpac v2.4.0 NULL Pointer Dereference</a> <a href=3D"https://github.co= m/gpac/gpac/issues/3427" target=3D"_blank" rel=3D"noopener">https://github.= com/gpac/gpac/issues/3427</a> <a href=3D"https://github.com/gpac/gpac/is= sues/3427#issue-3802197432" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/gpac/gpac/issues/3427#issue-3802197432</a> <a href=3D"https://git= hub.com/enocknt/gpac/commit/d45c264c20addf0c1cc05124ede33f8ffa800e68" targe= t=3D"_blank" rel=3D"noopener">https://github.com/enocknt/gpac/commit/d45c26= 4c20addf0c1cc05124ede33f8ffa800e68</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">GPAC--GPAC</td>
<td>A weakness has been identified in GPAC up to 2.4.0. Affected by this is= sue is the function dump_isom_rtp of the file applications/mp4box/filedump.=
c. This manipulation causes null pointer dereference. The attack needs to b=
e launched locally. The exploit has been made available to the public and c= ould be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe29699= 3de. Applying a patch is the recommended action to fix this issue.</td> <td>2026-01-26</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1417" target=3D"= _blank" rel=3D"noopener">CVE-2026-1417</a></td>

<a href=3D"https://vuldb.com/?id.342806" target=3D"_blank" rel=3D"noopener"= >VDB-342806 | GPAC filedump.c dump_isom_rtp null pointer dereference</a><br= ><a href=3D"https://vuldb.com/?ctiid.342806" target=3D"_blank" rel=3D"noope= ner">VDB-342806 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://= vuldb.com/?submit.736543" target=3D"_blank" rel=3D"noopener">Submit #736543=
| gpac v2.4.0 NULL Pointer Dereference</a> <a href=3D"https://github.co= m/gpac/gpac/issues/3426" target=3D"_blank" rel=3D"noopener">https://github.= com/gpac/gpac/issues/3426</a> <a href=3D"https://github.com/gpac/gpac/is= sues/3426#issue-3802172856" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/gpac/gpac/issues/3426#issue-3802172856</a> <a href=3D"https://git= hub.com/enocknt/gpac/commit/f96bd57c3ccdcde4335a0be28cd3e8fe296993de" targe= t=3D"_blank" rel=3D"noopener">https://github.com/enocknt/gpac/commit/f96bd5= 7c3ccdcde4335a0be28cd3e8fe296993de</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">iJason-Liu--Books_Manager</td>
<td>A vulnerability has been found in iJason-Liu Books_Manager up to 298ba7= 36387ca37810466349af13a0fdf828e99c. This affects an unknown part of the fil=
e controllers/books_center/add_book_check.php. Such manipulation of the arg= ument mark leads to cross site scripting. The attack can be launched remote= ly. The exploit has been disclosed to the public and may be used. This prod= uct does not use versioning. This is why information about affected and una= ffected releases are unavailable.</td>
<td>2026-01-26</td>
<td>2.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1444" target=3D"= _blank" rel=3D"noopener">CVE-2026-1444</a></td>

<a href=3D"https://vuldb.com/?id.342873" target=3D"_blank" rel=3D"noopener"= >VDB-342873 | iJason-Liu Books_Manager add_book_check.php cross site script= ing</a> <a href=3D"https://vuldb.com/?ctiid.342873" target=3D"_blank" re= l=3D"noopener">VDB-342873 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.736968" target=3D"_blank" rel=3D"noopener"= >Submit #736968 | https://github.com/iJason-Liu/Books_Manager Books_Manager=
1.0 Stored XSS</a> <a href=3D"https://blog.y1fan.work/2026/01/13/%E5%AD= %98%E5%82%A8%E5%9E%8Bxss/" target=3D"_blank" rel=3D"noopener">https://blog.= y1fan.work/2026/01/13/%E5%AD%98%E5%82%A8%E5%9E%8Bxss/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ixray-team--ixray-1.6-stcop</td>
<td>Exposure of Sensitive Information to an Unauthorized Actor vulnerabilit=
y in ixray-team ixray-1.6-stcop. This issue affects ixray-1.6-stcop: before=
1.3.</td>
<td>2026-01-27</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24870" target=3D= "_blank" rel=3D"noopener">CVE-2026-24870</a></td>

<a href=3D"https://github.com/ixray-team/ixray-1.6-stcop/pull/258" target= =3D"_blank" rel=3D"noopener">https://github.com/ixray-team/ixray-1.6-stcop/= pull/258</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jishenghua--jshERP</td>
<td>A vulnerability was found in jishenghua jshERP up to 3.6. The impacted = element is the function install of the file /jshERP-boot/plugin/installByPa=
th of the component com.gitee.starblues.integration.operator.DefaultPluginO= perator. The manipulation of the argument path results in path traversal. I=
t is possible to launch the attack remotely. The exploit has been made publ=
ic and could be used. The project was informed of the problem early through=
an issue report but has not responded yet.</td>
<td>2026-01-29</td>
<td>2.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1588" target=3D"= _blank" rel=3D"noopener">CVE-2026-1588</a></td>

<a href=3D"https://vuldb.com/?id.343351" target=3D"_blank" rel=3D"noopener"= >VDB-343351 | jishenghua jshERP installByPath install path traversal</a><br= ><a href=3D"https://vuldb.com/?ctiid.343351" target=3D"_blank" rel=3D"noope= ner">VDB-343351 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"htt= ps://vuldb.com/?submit.740649" target=3D"_blank" rel=3D"noopener">Submit #7= 40649 | https://github.com/jishenghua/jshERP jshERP v3.6 Path Traversal</a>= <a href=3D"https://github.com/jishenghua/jshERP/issues/147" target=3D"_= blank" rel=3D"noopener">https://github.com/jishenghua/jshERP/issues/147</a>= <a href=3D"https://github.com/jishenghua/jshERP/" target=3D"_blank" rel= =3D"noopener">https://github.com/jishenghua/jshERP/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">llamastack--Llama Stack</td>
<td>Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvec= tor password in the initialization log.</td>
<td>2026-01-30</td>
<td>3.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25211" target=3D= "_blank" rel=3D"noopener">CVE-2026-25211</a></td>

<a href=3D"https://github.com/llamastack/llama-stack/pull/4439" target=3D"_= blank" rel=3D"noopener">https://github.com/llamastack/llama-stack/pull/4439= </a> <a href=3D"https://github.com/llamastack/llama-stack/compare/v0.4.0= rc2...v0.4.0rc3" target=3D"_blank" rel=3D"noopener">https://github.com/llam= astack/llama-stack/compare/v0.4.0rc2...v0.4.0rc3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MoonshotAI--kimi-agent-sdk</td>
<td>Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CL=
I) agent runtime in applications. The vsix-publish.js and ovsx-publish.js s= cripts pass filenames to execSync() as shell command strings. Prior to vers= ion 0.1.6, filenames containing shell metacharacters like $(cmd) could exec= ute arbitrary commands. Note: This vulnerability exists only in the reposit= ory's development scripts. The published VSCode extension does not include = these files and end users are not affected. This is fixed in version 0.1.6 =
by replacing execSync with execFileSync using array arguments. As a workaro= und, ensure .vsix files in the project directory have safe filenames before=
running publish scripts.</td>
<td>2026-01-29</td>
<td>2.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25046" target=3D= "_blank" rel=3D"noopener">CVE-2026-25046</a></td>

<a href=3D"https://github.com/MoonshotAI/kimi-agent-sdk/security/advisories= /GHSA-mv58-gxx5-8hj3" target=3D"_blank" rel=3D"noopener">https://github.com= /MoonshotAI/kimi-agent-sdk/security/advisories/GHSA-mv58-gxx5-8hj3</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">OISF--suricata</td>
<td>Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 = and 7.0.14, various inefficiencies in xff handling, especially for alerts n=
ot triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.=
14 contain a patch. As a workaround, disable XFF support in the eve configu= ration. The setting is disabled by default.</td>
<td>2026-01-27</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22261" target=3D= "_blank" rel=3D"noopener">CVE-2026-22261</a></td>

<a href=3D"https://github.com/OISF/suricata/security/advisories/GHSA-5jvg-5= j3p-34cf" target=3D"_blank" rel=3D"noopener">https://github.com/OISF/surica= ta/security/advisories/GHSA-5jvg-5j3p-34cf</a> <a href=3D"https://github= .com/OISF/suricata/commit/3f0725b34c7871c2de4346c8af872f10f4501e44" target= =3D"_blank" rel=3D"noopener">https://github.com/OISF/suricata/commit/3f0725= b34c7871c2de4346c8af872f10f4501e44</a> <a href=3D"https://github.com/OIS= F/suricata/commit/af246ae7ab1b70c09f83c0619b253095ccc18667" target=3D"_blan=
k" rel=3D"noopener">https://github.com/OISF/suricata/commit/af246ae7ab1b70c= 09f83c0619b253095ccc18667</a> <a href=3D"https://redmine.openinfosecfoun= dation.org/issues/8156" target=3D"_blank" rel=3D"noopener">https://redmine.= openinfosecfoundation.org/issues/8156</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">projectworlds--House Rental and Property Listi= ng</td>
<td>A weakness has been identified in projectworlds House Rental and Proper=
ty Listing 1.0. This vulnerability affects unknown code of the file /app/sm= s.php. This manipulation of the argument Message causes cross site scriptin=
g. It is possible to initiate the attack remotely. The exploit has been mad=
e available to the public and could be used for attacks.</td> <td>2026-01-30</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1700" target=3D"= _blank" rel=3D"noopener">CVE-2026-1700</a></td>

<a href=3D"https://vuldb.com/?id.343490" target=3D"_blank" rel=3D"noopener"= >VDB-343490 | projectworlds House Rental and Property Listing sms.php cross=
site scripting</a> <a href=3D"https://vuldb.com/?ctiid.343490" target= =3D"_blank" rel=3D"noopener">VDB-343490 | CTI Indicators (IOB, IOC, TTP, IO= A)</a> <a href=3D"https://vuldb.com/?submit.741977" target=3D"_blank" re= l=3D"noopener">Submit #741977 | projectworlds.com House rental And Property=
Listing Project V1.0 cross site scripting</a> <a href=3D"https://github= .com/jiahao412/CVE/issues/3" target=3D"_blank" rel=3D"noopener">https://git= hub.com/jiahao412/CVE/issues/3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Build of Keycloak</td>
<td>A flaw was found in Keycloak's SAML brokering functionality. When Keycl= oak is configured as a client in a Security Assertion Markup Language (SAML=
) setup, it fails to validate the `NotOnOrAfter` timestamp within the `Subj= ectConfirmationData`. This allows an attacker to delay the expiration of SA=
ML responses, potentially extending the time a response is considered valid=
and leading to unexpected session durations or resource consumption.</td> <td>2026-01-26</td>
<td>3.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1190" target=3D"= _blank" rel=3D"noopener">CVE-2026-1190</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1190" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-11= 90</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2430835"=
target=3D"_blank" rel=3D"noopener">RHBZ#2430835</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in Glib's content type parsing logic. This buffer unde= rflow vulnerability occurs because the length of a header line is stored in=
a signed integer, which can lead to integer wraparound for very large inpu= ts. This results in pointer underflow and out-of-bounds memory access. Expl= oitation requires a local user to install or process a specially crafted tr= eemagic file, which can lead to local denial of service or application inst= ability.</td>
<td>2026-01-27</td>
<td>2.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1485" target=3D"= _blank" rel=3D"noopener">CVE-2026-1485</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1485" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-14= 85</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2433325"=
target=3D"_blank" rel=3D"noopener">RHBZ#2433325</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">rethinkdb--rethinkdb</td>
<td>A vulnerability was identified in rethinkdb up to 2.4.3. Affected by th=
is issue is some unknown functionality of the component Secondary Index Han= dler. Such manipulation leads to cross site scripting. It is possible to la= unch the attack remotely. The exploit is publicly available and might be us= ed. The vendor was contacted early about this disclosure but did not respon=
d in any way.</td>
<td>2026-01-28</td>
<td>2.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1520" target=3D"= _blank" rel=3D"noopener">CVE-2026-1520</a></td>

<a href=3D"https://vuldb.com/?id.343191" target=3D"_blank" rel=3D"noopener"= >VDB-343191 | rethinkdb Secondary Index cross site scripting</a> <a href= =3D"https://vuldb.com/?ctiid.343191" target=3D"_blank" rel=3D"noopener">VDB= -343191 | CTI Indicators (IOB, IOC, TTP)</a> <a href=3D"https://vuldb.co= m/?submit.738312" target=3D"_blank" rel=3D"noopener">Submit #738312 | rethi= nkdb V2.4.3(latest) cross-site scripting(XSS)</a> <a href=3D"https://git= hub.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scripting(XSS)%2= 0vulnerability%20in%20the%20rethinkdb%20database.md" target=3D"_blank" rel= =3D"noopener">https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cros= s-site%20scripting(XSS)%20vulnerability%20in%20the%20rethinkdb%20database.m= d</a> <a href=3D"https://github.com/59lab/dbdb/blob/main/There%20is%20a%= 20cross-site%20scripting(XSS)%20vulnerability%20in%20the%20rethinkdb%20data= base.md#poc" target=3D"_blank" rel=3D"noopener">https://github.com/59lab/db= db/blob/main/There%20is%20a%20cross-site%20scripting(XSS)%20vulnerability%2= 0in%20the%20rethinkdb%20database.md#poc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Discover</td>
<td>Tanium addressed an improper input validation vulnerability in Discover= .</td>
<td>2026-01-26</td>
<td>2.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0925" target=3D"= _blank" rel=3D"noopener">CVE-2026-0925</a></td>

<a href=3D"https://security.tanium.com/TAN-2026-002" target=3D"_blank" rel= =3D"noopener">TAN-2026-002</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Interact</td>
<td>Tanium addressed an improper access controls vulnerability in Interact.= </td>
<td>2026-01-29</td>
<td>3.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15288" target=3D= "_blank" rel=3D"noopener">CVE-2025-15288</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-034" target=3D"_blank" rel= =3D"noopener">TAN-2025-034</a> =C2=A0</td>
</tr>
</tbody>
</table>
<a href=3D"#top">Back to top</a>
</div>
<div id=3D"snya_v">
<h2 id=3D"snya_v_title">Severity Not Yet Assigned</h2>
<table id=3D"table_severity_not_yet_assigned" class=3D"table no-tablesaw" s= tyle=3D"table-layout: fixed; width: 100%;" border=3D"1" summary=3D"Severity=
Not Yet Assigned" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
Primary Vendor -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">aangine--aangine</td>
<td>An issue in continuous.software aangine v.2025.2 allows a remote attack=
er to obtain sensitive information via the excel-integration-service templa=
te download module, integration-persistence-service job listing module, por= tfolio-item-service data retrieval module endpoints</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67274" target=3D= "_blank" rel=3D"noopener">CVE-2025-67274</a></td>

<a href=3D"https://aangine.com" target=3D"_blank" rel=3D"noopener">https://= aangine.com</a> <a href=3D"https://continuous.software/products" target= =3D"_blank" rel=3D"noopener">https://continuous.software/products</a> <a=
href=3D"https://gist.github.com/c4m0uflag3/26fec868b764c4e7314ad246bab01c8=
8" target=3D"_blank" rel=3D"noopener">https://gist.github.com/c4m0uflag3/26= fec868b764c4e7314ad246bab01c88</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">abcz316--SKRoot-linuxKernelRoot</td>
<td>NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoo=
t (testRoot/jni/utils modules). This vulnerability is associated with progr=
am files cJSON.Cpp. This issue affects SKRoot-linuxKernelRoot.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24813" target=3D= "_blank" rel=3D"noopener">CVE-2026-24813</a></td>

<a href=3D"https://github.com/abcz316/SKRoot-linuxKernelRoot/pull/116" targ= et=3D"_blank" rel=3D"noopener">https://github.com/abcz316/SKRoot-linuxKerne= lRoot/pull/116</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Acronis--Acronis Cloud Manager</td>
<td>Local privilege escalation due to insecure folder permissions. The foll= owing products are affected: Acronis Cloud Manager (Windows) before build 6= .4.25342.354.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0705" target=3D"= _blank" rel=3D"noopener">CVE-2026-0705</a></td>

<a href=3D"https://security-advisory.acronis.com/advisories/SEC-7316" targe= t=3D"_blank" rel=3D"noopener">SEC-7316</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AhaChat--AhaChat Messenger Marketing</td>
<td>The AhaChat Messenger Marketing WordPress plugin through 1.1 does not s= anitise and escape a parameter before outputting it back in the page, leadi=
ng to a Reflected Cross-Site Scripting which could be used against high pri= vilege users such as admin</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14316" target=3D= "_blank" rel=3D"noopener">CVE-2025-14316</a></td>

<a href=3D"https://wpscan.com/vulnerability/7d69ebec-f940-4491-a51e-70a9e1b= f8a4c/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /7d69ebec-f940-4491-a51e-70a9e1bf8a4c/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">akuity--kargo</td>
<td>Kargo manages and automates the promotion of software artifacts. Prior =
to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication ch= ecks on the `GetConfig()` API endpoint. This allowed unauthenticated users =
to access this endpoint by specifying an `Authorization` header with any no= n-empty `Bearer` token value, regardless of validity. This vulnerability di=
d allow for exfiltration of configuration data such as endpoints for connec= ted Argo CD clusters. This data could allow an attacker to enumerate cluste=
r URLs and namespaces for use in subsequent attacks. Additionally, the same=
bug affected the `RefreshResource` endpoint. This endpoint does not lead t=
o any information disclosure, but could be used by an unauthenticated attac= ker to perform a denial-of-service style attack against the Kargo API. `Ref= reshResource` sets an annotation on specific Kubernetes resources to trigge=
r reconciliations. If run on a constant loop, this could also slow down leg= itimate requests to the Kubernetes API server. This problem has been patche=
d in Kargo versiosn 1.8.7, 1.7.7, and 1.6.3. There are no workarounds for t= his issue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24748" target=3D= "_blank" rel=3D"noopener">CVE-2026-24748</a></td>

<a href=3D"https://github.com/akuity/kargo/security/advisories/GHSA-w5wv-wv= rp-v5m5" target=3D"_blank" rel=3D"noopener">https://github.com/akuity/kargo= /security/advisories/GHSA-w5wv-wvrp-v5m5</a> <a href=3D"https://github.c= om/akuity/kargo/commit/23646eaefb449a6cc2e76a8033e8a57f71369772" target=3D"= _blank" rel=3D"noopener">https://github.com/akuity/kargo/commit/23646eaefb4= 49a6cc2e76a8033e8a57f71369772</a> <a href=3D"https://github.com/akuity/k= argo/commit/aa28f81ac15ad871c6eba329fc2f0417a08c39d7" target=3D"_blank" rel= =3D"noopener">https://github.com/akuity/kargo/commit/aa28f81ac15ad871c6eba3= 29fc2f0417a08c39d7</a> <a href=3D"https://github.com/akuity/kargo/commit= /b3297ace0d3b9e7f7128858c5c4288d77f072b8c" target=3D"_blank" rel=3D"noopene= r">https://github.com/akuity/kargo/commit/b3297ace0d3b9e7f7128858c5c4288d77= f072b8c</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ALSA Project--alsa-lib</td>
<td>alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5= f7fe33, contain a heap-based buffer overflow in the topology mixer control = decoder. The tplg_decode_control_mixer1() function reads the num_channels f= ield from untrusted .tplg data and uses it as a loop bound without validati=
ng it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted t= opology file with an excessive num_channels value can cause out-of-bounds h= eap writes, leading to a crash.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25068" target=3D= "_blank" rel=3D"noopener">CVE-2026-25068</a></td>

<a href=3D"https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d= 84f72e381ec2cccc0d5d3d40" target=3D"_blank" rel=3D"noopener">https://github= .com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40<= /a> <a href=3D"https://www.vulncheck.com/advisories/alsa-lib-topology-de= coder-heap-based-buffer-overflow" target=3D"_blank" rel=3D"noopener">https:= //www.vulncheck.com/advisories/alsa-lib-topology-decoder-heap-based-buffer-= overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Altitude--Altitude Communication Server</td> <td>Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communica= tion Server, caused by inconsistent analysis of multiple HTTP requests over=
a single Keep-Alive connection using Content-Length headers. This can caus=
e a desynchronization of requests between frontend and backend servers, whi=
ch could allow request hiding, cache poisoning or security bypass.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41082" target=3D= "_blank" rel=3D"noopener">CVE-2025-41082</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-altitude-communication-server" target=3D"_blank" rel=3D"noopene= r">https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilit= ies-altitude-communication-server</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Altitude--Altitude Communication Server</td> <td>Vulnerability in Altitude Authentication Service and Altitude Communica= tion Server v8.5.3290.0 by Altitude, where manipulation of Host header in H= TTP requests allows redirection to an arbitrary URL or modification of the = base URL to trick the victim into sending login credentials to a malicious = website. This behavior can be used to redirect clients to endpoints control= led by the attacker.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41083" target=3D= "_blank" rel=3D"noopener">CVE-2025-41083</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-altitude-communication-server" target=3D"_blank" rel=3D"noopene= r">https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilit= ies-altitude-communication-server</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AltumCode--AltumCode</td>
<td>A directory traversal (Zip Slip) vulnerability exists in the "Static Si= tes" feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are = automatically extracted without validating or sanitizing file paths. An att= acker can include traversal sequences (e.g., ../) in ZIP entries to write f= iles outside the intended extraction directory. This allows static files (h= tml, js, css, images) file write to unintended locations, or overwriting ex= isting HTML files, potentially leading to content defacement and, in certai=
n deployments, further impact if sensitive files are overwritten.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69601" target=3D= "_blank" rel=3D"noopener">CVE-2025-69601</a></td>

<a href=3D"https://gist.github.com/Waqar-Arain/9cd59aa74de540eeb3b09d15bac3= 5e36" target=3D"_blank" rel=3D"noopener">https://gist.github.com/Waqar-Arai= n/9cd59aa74de540eeb3b09d15bac35e36</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AltumCode--AltumCode</td>
<td>A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumC= ode, where the application does not regenerate the session identifier after=
successful authentication. As a result, the same session cookie value is r= eused for users logging in from the same browser, allowing an attacker who = can set or predict a session ID to potentially hijack an authenticated sess= ion.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69602" target=3D= "_blank" rel=3D"noopener">CVE-2025-69602</a></td>

<a href=3D"https://gist.github.com/Waqar-Arain/c8117308325a91b8f3b782964691= 5275" target=3D"_blank" rel=3D"noopener">https://gist.github.com/Waqar-Arai= n/c8117308325a91b8f3b7829646915275</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Amidaware--Amidaware</td>
<td>A Server-Side Template Injection (SSTI) vulnerability in the /reporting= /templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions = equal to or earlier than v1.3.1, allows low-privileged users with Report Vi= ewer or Report Manager permissions to achieve remote command execution on t=
he server. This occurs due to improper sanitization of the template_md para= meter, enabling direct injection of Jinja2 templates. This occurs due to mi= suse of the generate_html() function, the user-controlled value is inserted=
into `env.from_string`, a function that processes Jinja2 templates arbitra= rily, making an SSTI possible.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69516" target=3D= "_blank" rel=3D"noopener">CVE-2025-69516</a></td>

<a href=3D"https://github.com/amidaware/tacticalrmm" target=3D"_blank" rel= =3D"noopener">https://github.com/amidaware/tacticalrmm</a> <a href=3D"ht= tps://www.amidaware.com/" target=3D"_blank" rel=3D"noopener">https://www.am= idaware.com/</a> <a href=3D"https://gist.github.com/NtGabrielGomes/7c424= 367cc316fd7527f668ff076fece" target=3D"_blank" rel=3D"noopener">https://gis= t.github.com/NtGabrielGomes/7c424367cc316fd7527f668ff076fece</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Amidaware--Amidaware</td>
<td>An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 an=
d earlier allows authenticated users to inject arbitrary HTML content durin=
g the creation of a new agent via the POST /api/v3/newagent/ endpoint. The = agent_id parameter accepts up to 255 characters and is improperly sanitized=
using DOMPurify.sanitize() with the html: true option enabled, which fails=
to adequately filter HTML input. The injected HTML is rendered in the Tact= ical RMM management panel when an administrator attempts to remove or shut = down the affected agent, potentially leading to client-side attacks such as=
UI manipulation or phishing. NOTE: the Supplier's position is that this ha=
s incorrect information.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69517" target=3D= "_blank" rel=3D"noopener">CVE-2025-69517</a></td>

<a href=3D"https://github.com/amidaware/tacticalrmm" target=3D"_blank" rel= =3D"noopener">https://github.com/amidaware/tacticalrmm</a> <a href=3D"ht= tps://www.amidaware.com/" target=3D"_blank" rel=3D"noopener">https://www.am= idaware.com/</a> <a href=3D"https://gist.github.com/NtGabrielGomes/fdabc= d9e85d841c5490739686e0f8b72" target=3D"_blank" rel=3D"noopener">https://gis= t.github.com/NtGabrielGomes/fdabcd9e85d841c5490739686e0f8b72</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">amir20--dozzle</td>
<td>Dozzle is a realtime log viewer for docker containers. Prior to version=
9.0.3, a flaw in Dozzle's agent-backed shell endpoints allows a user restr= icted by label filters (for example, `label=3Denv=3Ddev`) to obtain an inte= ractive root shell in out of scope containers (for example, `env=3Dprod`) o=
n the same agent host by directly targeting their container IDs. Version 9.= 0.3 contains a patch for the issue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24740" target=3D= "_blank" rel=3D"noopener">CVE-2026-24740</a></td>

<a href=3D"https://github.com/amir20/dozzle/security/advisories/GHSA-m855-r= 557-5rc5" target=3D"_blank" rel=3D"noopener">https://github.com/amir20/dozz= le/security/advisories/GHSA-m855-r557-5rc5</a> <a href=3D"https://github= .com/amir20/dozzle/commit/620e59aa246347ba8a27e68c532853b8a5137bc1" target= =3D"_blank" rel=3D"noopener">https://github.com/amir20/dozzle/commit/620e59= aa246347ba8a27e68c532853b8a5137bc1</a> <a href=3D"https://github.com/ami= r20/dozzle/releases/tag/v9.0.3" target=3D"_blank" rel=3D"noopener">https://= github.com/amir20/dozzle/releases/tag/v9.0.3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">anyrtcIO-Community--anyRTC-RTMP-OpenSource</td=

<td>Improper Restriction of Operations within the Bounds of a Memory Buffer=
vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/fa= ad2-2.7/libfaad modules). This vulnerability is associated with program fil=
es bits.C, syntax.C. This issue affects anyRTC-RTMP-OpenSource: before 1.0.= </td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1465" target=3D"= _blank" rel=3D"noopener">CVE-2026-1465</a></td>

<a href=3D"https://github.com/anyrtcIO-Community/anyRTC-RTMP-OpenSource/pul= l/166" target=3D"_blank" rel=3D"noopener">https://github.com/anyrtcIO-Commu= nity/anyRTC-RTMP-OpenSource/pull/166</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Apache Software Foundation--Apache Karaf</td> <td>Deserialization of Untrusted Data vulnerability in Apache Karaf Decante=
r. The Decanter log socket collector exposes the port 4560, without authent= ication. If the collector exposes allowed classes property, this configurat= ion can be bypassed. It means that the log socket collector is vulnerable t=
o deserialization of untrusted data, eventually causing DoS. NB: Decanter l=
og socket collector is not installed by default. Users who have not install=
ed Decanter log socket are not impacted by this issue. This issue affects A= pache Karaf Decanter before 2.12.0. Users are recommended to upgrade to ver= sion 2.12.0, which fixes the issue.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24656" target=3D= "_blank" rel=3D"noopener">CVE-2026-24656</a></td>

<a href=3D"https://lists.apache.org/thread/dc5wmdn6hyc992olntkl75kk04ndzx34=
" target=3D"_blank" rel=3D"noopener">https://lists.apache.org/thread/dc5wmd= n6hyc992olntkl75kk04ndzx34</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Apache Software Foundation--HDFS native client= </td>
<td>Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. = This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recomm= ended to upgrade to version 3.4.2, which fixes the issue.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-27821" target=3D= "_blank" rel=3D"noopener">CVE-2025-27821</a></td>

<a href=3D"https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh=
" target=3D"_blank" rel=3D"noopener">https://lists.apache.org/thread/kwjhyy= x0wl2z9b0mw0styjk0hhdbyplh</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Apple--iOS and iPadOS</td>
<td>The issue was addressed with improved bounds checks. This issue is fixe=
d in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a malic= iously crafted Keynote file may disclose memory contents.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-46306" target=3D= "_blank" rel=3D"noopener">CVE-2025-46306</a></td>

<a href=3D"https://support.apple.com/en-us/125108" target=3D"_blank" rel=3D= "noopener">https://support.apple.com/en-us/125108</a> <a href=3D"https:/= /support.apple.com/en-us/126254" target=3D"_blank" rel=3D"noopener">https:/= /support.apple.com/en-us/126254</a> <a href=3D"https://support.apple.com= /en-us/125110" target=3D"_blank" rel=3D"noopener">https://support.apple.com= /en-us/125110</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Apple--macOS</td>
<td>An out-of-bounds read was addressed with improved input validation. Thi=
s issue is fixed in iOS 26.1 and iPadOS 26.1, Pages 15.1, macOS Tahoe 26.1.=
Processing a maliciously crafted Pages document may result in unexpected t= ermination or disclosure of process memory.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-46316" target=3D= "_blank" rel=3D"noopener">CVE-2025-46316</a></td>

<a href=3D"https://support.apple.com/en-us/125634" target=3D"_blank" rel=3D= "noopener">https://support.apple.com/en-us/125634</a> <a href=3D"https:/= /support.apple.com/en-us/126255" target=3D"_blank" rel=3D"noopener">https:/= /support.apple.com/en-us/126255</a> <a href=3D"https://support.apple.com= /en-us/125632" target=3D"_blank" rel=3D"noopener">https://support.apple.com= /en-us/125632</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">askbot--askbot</td>
<td>All versions of askbot before and including 0.12.2 allow an attacker au= thenticated with normal user permissions to modify the profile picture of o= ther application users. This issue affects askbot: 0.12.2.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1213" target=3D"= _blank" rel=3D"noopener">CVE-2026-1213</a></td>

<a href=3D"https://fluidattacks.com/advisories/ghost" target=3D"_blank" rel= =3D"noopener">https://fluidattacks.com/advisories/ghost</a> <a href=3D"h= ttps://askbot.com/" target=3D"_blank" rel=3D"noopener">https://askbot.com/<= /a> <a href=3D"https://github.com/ASKBOT/askbot-devel/commit/3da3d75f352= 04aa71633c7a315327ba39cb6295d" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/ASKBOT/askbot-devel/commit/3da3d75f35204aa71633c7a315327ba39cb629= 5d</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">assertj--assertj</td>
<td>AssertJ provides Fluent testing assertions for Java and the Java Virtua=
l Machine (JVM). Starting in version 1.4.0 and prior to version 3.27.7, an = XML External Entity (XXE) vulnerability exists in `org.assertj.core.util.xm= l.XmlStringPrettyFormatter`: the `toXmlDocument(String)` method initializes=
`DocumentBuilderFactory` with default settings, without disabling DTDs or = external entities. This formatter is used by the `isXmlEqualTo(CharSequence=
)` assertion for `CharSequence` values. An application is vulnerable only w= hen it uses untrusted XML input with either `isXmlEqualTo(CharSequence)` fr=
om `org.assertj.core.api.AbstractCharSequenceAssert` or `xmlPrettyFormat(St= ring)` from `org.assertj.core.util.xml.XmlStringPrettyFormatter`. If untrus= ted XML input is processed by tone of these methods, an attacker couldnread=
arbitrary local files via `file://` URIs (e.g., `/etc/passwd`, application=
configuration files); perform Server-Side Request Forgery (SSRF) via HTTP/= HTTPS URIs, and/or cause Denial of Service via "Billion Laughs" entity expa= nsion attacks. `isXmlEqualTo(CharSequence)` has been deprecated in favor of=
XMLUnit in version 3.18.0 and will be removed in version 4.0. Users of aff= ected versions should, in order of preference: replace `isXmlEqualTo(CharSe= quence)` with XMLUnit, upgrade to version 3.27.7, or avoid using `isXmlEqua= lTo(CharSequence)` or `XmlStringPrettyFormatter` with untrusted input. `Xml= StringPrettyFormatter` has historically been considered a utility for `isXm= lEqualTo(CharSequence)` rather than a feature for AssertJ users, so it is d= eprecated in version 3.27.7 and removed in version 4.0, with no replacement= .</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24400" target=3D= "_blank" rel=3D"noopener">CVE-2026-24400</a></td>

<a href=3D"https://github.com/assertj/assertj/security/advisories/GHSA-rqfh= -9r24-8c9r" target=3D"_blank" rel=3D"noopener">https://github.com/assertj/a= ssertj/security/advisories/GHSA-rqfh-9r24-8c9r</a> <a href=3D"https://gi= thub.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a" t= arget=3D"_blank" rel=3D"noopener">https://github.com/assertj/assertj/commit= /85ca7eb6609bb179c043b85ae7d290523b1ba79a</a> <a href=3D"https://cheatsh= eetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.= html" target=3D"_blank" rel=3D"noopener">https://cheatsheetseries.owasp.org= /cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html</a> <a href= =3D"https://github.com/assertj/assertj/releases/tag/assertj-build-3.27.7" t= arget=3D"_blank" rel=3D"noopener">https://github.com/assertj/assertj/releas= es/tag/assertj-build-3.27.7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Atlassian--Crowd Data Center</td>
<td>This High severity XXE (XML External Entity Injection) vulnerability wa=
s introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XM=
L External Entity Injection) vulnerability, with a CVSS Score of 7.9, allow=
s an authenticated attacker to access local and remote content which has hi=
gh impact to confidentiality, low impact to integrity, high impact to avail= ability, and requires no user interaction. Atlassian recommends that Crowd = Data Center and Server customers upgrade to latest version, if you are unab=
le to do so, upgrade your instance to one of the specified supported fixed = versions: * Crowd Data Center and Server 7.1: Upgrade to a release greater = than or equal to 7.1.3 See the release notes (https://confluence.atlassian.= com/crowd/crowd-release-notes-199094.html). You can download the latest ver= sion of Crowd Data Center and Server from the download center (https://www.= atlassian.com/software/crowd/download-archive). This vulnerability was repo= rted via our Atlassian (Internal) program.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21569" target=3D= "_blank" rel=3D"noopener">CVE-2026-21569</a></td>

<a href=3D"https://confluence.atlassian.com/pages/viewpage.action?pageId=3D= 1712324819" target=3D"_blank" rel=3D"noopener">https://confluence.atlassian= .com/pages/viewpage.action?pageId=3D1712324819</a> <a href=3D"https://ji= ra.atlassian.com/browse/CWD-6453" target=3D"_blank" rel=3D"noopener">https:= //jira.atlassian.com/browse/CWD-6453</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">azerothcore--azerothcore-wotlk</td> <td>Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Class=
ic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/z= lib modules). This vulnerability is associated with program files inflate.C=
. This issue affects azerothcore-wotlk: through v4.0.0.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24793" target=3D= "_blank" rel=3D"noopener">CVE-2026-24793</a></td>

<a href=3D"https://github.com/azerothcore/azerothcore-wotlk/pull/21599" tar= get=3D"_blank" rel=3D"noopener">https://github.com/azerothcore/azerothcore-= wotlk/pull/21599</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">briandilley--jsonrpc4j</td>
<td>Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in=
briandilley jsonrpc4j (src/main/java/com/googlecode/jsonrpc4j modules). Th=
is vulnerability is associated with program files NoCloseOutputStream.Java.=
This issue affects jsonrpc4j: through 1.6.0.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24802" target=3D= "_blank" rel=3D"noopener">CVE-2026-24802</a></td>

<a href=3D"https://github.com/briandilley/jsonrpc4j/pull/333" target=3D"_bl= ank" rel=3D"noopener">https://github.com/briandilley/jsonrpc4j/pull/333</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Budibase--budibase</td>
<td>Budibase is a low code platform for creating internal tools, workflows,=
and admin panels. In versions up to and including 3.26.3, a Creator-level = user, who normally has no UI permission to invite users, can manipulate API=
requests to invite new users with any role, including Admin, Creator, or A=
pp Viewer, and assign them to any group in the organization. This allows fu=
ll privilege escalation, bypassing UI restrictions, and can lead to complet=
e takeover of the workspace or organization. As of time of publication, no = known fixed versions are available.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25040" target=3D= "_blank" rel=3D"noopener">CVE-2026-25040</a></td>

<a href=3D"https://github.com/Budibase/budibase/security/advisories/GHSA-4w= fw-r86x-qxrm" target=3D"_blank" rel=3D"noopener">https://github.com/Budibas= e/budibase/security/advisories/GHSA-4wfw-r86x-qxrm</a> <a href=3D"https:= //drive.google.com/file/d/1Dtn1WLJILRYUeoMjEbUfCbqQ3g2AW2Qz/view?usp=3Dshar= ing" target=3D"_blank" rel=3D"noopener">https://drive.google.com/file/d/1Dt= n1WLJILRYUeoMjEbUfCbqQ3g2AW2Qz/view?usp=3Dsharing</a> <a href=3D"https:/= /github.com/user-attachments/files/22066135/budibase-privileged-esc-poc.txt=
" target=3D"_blank" rel=3D"noopener">https://github.com/user-attachments/fi= les/22066135/budibase-privileged-esc-poc.txt</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bytecodealliance--wasmtime</td>
<td>Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and p= rior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, W= asmtime's compilation of the `f64.copysign` WebAssembly instruction with Cr= anelift may load 8 more bytes than is necessary. When signals-based-traps a=
re disabled this can result in a uncaught segfault due to loading from unma= pped guard pages. With guard pages disabled it's possible for out-of-sandbo=
x data to be loaded, but unless there is another bug in Cranelift this data=
is not visible to WebAssembly guests. Wasmtime 36.0.5, 40.0.3, and 41.0.1 = have been released to fix this issue. Users are recommended to upgrade to t=
he patched versions of Wasmtime. Other affected versions are not patched an=
d users should updated to supported major version instead. This bug can be = worked around by enabling signals-based-traps. While disabling guard pages = can be a quick fix in some situations, it's not recommended to disabled gua=
rd pages as it is a key defense-in-depth measure of Wasmtime.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24116" target=3D= "_blank" rel=3D"noopener">CVE-2026-24116</a></td>

<a href=3D"https://github.com/bytecodealliance/wasmtime/security/advisories= /GHSA-vc8c-j3xm-xj73" target=3D"_blank" rel=3D"noopener">https://github.com= /bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73</a> <=
a href=3D"https://github.com/bytecodealliance/wasmtime/commit/728fa07184f8d= a2a046f48ef9b61f869dce133a6" target=3D"_blank" rel=3D"noopener">https://git= hub.com/bytecodealliance/wasmtime/commit/728fa07184f8da2a046f48ef9b61f869dc= e133a6</a> <a href=3D"https://github.com/bytecodealliance/wasmtime/commi= t/799585fc362fcb991de147dd1a9f2ba0861ed440" target=3D"_blank" rel=3D"noopen= er">https://github.com/bytecodealliance/wasmtime/commit/799585fc362fcb991de= 147dd1a9f2ba0861ed440</a> <a href=3D"https://github.com/bytecodealliance= /wasmtime/commit/ac92d9bb729ad3a6d93f0724c4c33a0c4a9c0227" target=3D"_blank=
" rel=3D"noopener">https://github.com/bytecodealliance/wasmtime/commit/ac92= d9bb729ad3a6d93f0724c4c33a0c4a9c0227</a> <a href=3D"https://docs.rs/wasm= time/latest/wasmtime/struct.Config.html#method.memory_guard_size" target=3D= "_blank" rel=3D"noopener">https://docs.rs/wasmtime/latest/wasmtime/struct.C= onfig.html#method.memory_guard_size</a> <a href=3D"https://docs.rs/wasmt= ime/latest/wasmtime/struct.Config.html#method.signals_based_traps" target= =3D"_blank" rel=3D"noopener">https://docs.rs/wasmtime/latest/wasmtime/struc= t.Config.html#method.signals_based_traps</a> <a href=3D"https://docs.was= mtime.dev/stability-release.html" target=3D"_blank" rel=3D"noopener">https:= //docs.wasmtime.dev/stability-release.html</a> <a href=3D"https://rustse= c.org/advisories/RUSTSEC-2026-0006.html" target=3D"_blank" rel=3D"noopener"= >https://rustsec.org/advisories/RUSTSEC-2026-0006.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cacti--Cacti</td>
<td>A HTML injection vulnerability exists in the file upload functionality =
of Cacti <=3D 1.2.29. When a file with an invalid format is uploaded, th=
e application reflects the submitted filename back into an error popup with= out proper sanitization. As a result, attackers can inject arbitrary HTML e= lements (e.g., <h1>, , <svg>) into the rendered page.<=

<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-45160" target=3D= "_blank" rel=3D"noopener">CVE-2025-45160</a></td>

<a href=3D"https://github.com/Cacti/cacti" target=3D"_blank" rel=3D"noopene= r">https://github.com/Cacti/cacti</a> <a href=3D"https://gist.github.com= /BEND0US/49d76897a5bb676d8c3f51425553cc32" target=3D"_blank" rel=3D"noopene= r">https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">cadaver--turso3d</td>
<td>Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of U= ninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerabilit=
y in cadaver turso3d. This issue affects .</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24826" target=3D= "_blank" rel=3D"noopener">CVE-2026-24826</a></td>

<a href=3D"https://github.com/cadaver/turso3d/pull/11" target=3D"_blank" re= l=3D"noopener">https://github.com/cadaver/turso3d/pull/11</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Canonical--juju</td>
<td>Vulnerable cross-model authorization in juju. If a charm's cross-model = permissions are revoked or expire, a malicious user who is able to update d= atabase records can mint an invalid macaroon that is incorrectly validated =
by the juju controller, enabling a charm to maintain otherwise revoked or e= xpired permissions. This allows a charm to continue relating to another cha=
rm in a cross-model relation, and use their workload without their permissi= on. No fix is available as of the time of writing.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1237" target=3D"= _blank" rel=3D"noopener">CVE-2026-1237</a></td>

<a href=3D"https://github.com/juju/juju/security/advisories/GHSA-j477-6vpg-= 6c8x" target=3D"_blank" rel=3D"noopener">https://github.com/juju/juju/secur= ity/advisories/GHSA-j477-6vpg-6c8x</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">CardboardPowered--cardboard</td>
<td>Improper Restriction of Operations within the Bounds of a Memory Buffer=
vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpo= wered/impl/world modules). This vulnerability is associated with program fi= les WorldImpl.Java. This issue affects cardboard: before 1.21.4.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24794" target=3D= "_blank" rel=3D"noopener">CVE-2026-24794</a></td>

<a href=3D"https://github.com/CardboardPowered/cardboard/pull/506" target= =3D"_blank" rel=3D"noopener">https://github.com/CardboardPowered/cardboard/= pull/506</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ChurchCRM--CRM</td>
<td>ChurchCRM is an open-source church management system. Versions prior to=
6.7.2 have a Stored Cross-Site Scripting (XSS) vulnerability occurs in Cre= ate Events in Church Calendar. Users with low privileges can create XSS pay= loads in the Description field. This payload is stored in the database, and=
when other users view that event (including the admin), the payload is tri= ggered, leading to account takeover. Version 6.7.2 fixes the vulnerability.= </td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24855" target=3D= "_blank" rel=3D"noopener">CVE-2026-24855</a></td>

<a href=3D"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-49qp-c= fqx-c767" target=3D"_blank" rel=3D"noopener">https://github.com/ChurchCRM/C= RM/security/advisories/GHSA-49qp-cfqx-c767</a> <a href=3D"https://github= .com/ChurchCRM/CRM/commit/0cd0d211459b8c19509d36b3c1dfcd7f8c10d914" target= =3D"_blank" rel=3D"noopener">https://github.com/ChurchCRM/CRM/commit/0cd0d2= 11459b8c19509d36b3c1dfcd7f8c10d914</a> <a href=3D"https://github.com/Chu= rchCRM/CRM/commit/ec4b16e9a3ca09c8a01a712bcb90579c42f2ba28" target=3D"_blan=
k" rel=3D"noopener">https://github.com/ChurchCRM/CRM/commit/ec4b16e9a3ca09c= 8a01a712bcb90579c42f2ba28</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">CloverHackyColor--CloverBootloader</td> <td>Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader = (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulne= rability is associated with program files regcomp.C. This issue affects Clo= verBootloader: before 5162.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24795" target=3D= "_blank" rel=3D"noopener">CVE-2026-24795</a></td>

<a href=3D"https://github.com/CloverHackyColor/CloverBootloader/pull/733" t= arget=3D"_blank" rel=3D"noopener">https://github.com/CloverHackyColor/Clove= rBootloader/pull/733</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">CloverHackyColor--CloverBootloader</td> <td>Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (= MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulner= ability is associated with program files regparse.C. This issue affects Clo= verBootloader: before 5162.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24796" target=3D= "_blank" rel=3D"noopener">CVE-2026-24796</a></td>

<a href=3D"https://github.com/CloverHackyColor/CloverBootloader/pull/732" t= arget=3D"_blank" rel=3D"noopener">https://github.com/CloverHackyColor/Clove= rBootloader/pull/732</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--code-projects</td> <td>code-projects Computer Book Store 1.0 is vulnerable to File Upload in a= dmin_add.php.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69559" target=3D= "_blank" rel=3D"noopener">CVE-2025-69559</a></td>

<a href=3D"https://gitee.com/Z_180yc/zyy/issues/IDBY27" target=3D"_blank" r= el=3D"noopener">https://gitee.com/Z_180yc/zyy/issues/IDBY27</a> <a href= =3D"https://gist.github.com/lih28984-commits/cd3a275dfd9c92a79b6a4a0e8801f4= fa" target=3D"_blank" rel=3D"noopener">https://gist.github.com/lih28984-com= mits/cd3a275dfd9c92a79b6a4a0e8801f4fa</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--code-projects</td> <td>code-projects Mobile Shop Management System 1.0 is vulnerable to SQL In= jection in /insertmessage.php via the userid parameter.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69562" target=3D= "_blank" rel=3D"noopener">CVE-2025-69562</a></td>

<a href=3D"https://gitee.com/Z_180yc/zyy/issues/IDC5FU" target=3D"_blank" r= el=3D"noopener">https://gitee.com/Z_180yc/zyy/issues/IDC5FU</a> <a href= =3D"https://gist.github.com/lih28984-commits/a847a034c3bb626904dcc6ab757625= 7f" target=3D"_blank" rel=3D"noopener">https://gist.github.com/lih28984-com= mits/a847a034c3bb626904dcc6ab7576257f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--code-projects</td> <td>code-projects Mobile Shop Management System 1.0 is vulnerable to SQL In= jection in /ExLogin.php via the Password parameter.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69563" target=3D= "_blank" rel=3D"noopener">CVE-2025-69563</a></td>

<a href=3D"https://gitee.com/Z_180yc/zyy/issues/IDC3IB" target=3D"_blank" r= el=3D"noopener">https://gitee.com/Z_180yc/zyy/issues/IDC3IB</a> <a href= =3D"https://gist.github.com/lih28984-commits/544eaaca3ea58563a807c43b521d76= e6" target=3D"_blank" rel=3D"noopener">https://gist.github.com/lih28984-com= mits/544eaaca3ea58563a807c43b521d76e6</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--code-projects</td> <td>code-projects Mobile Shop Management System 1.0 is vulnerable to SQL In= jection in /ExAddNewUser.php via the Name, Address, email, UserName, Passwo= rd, confirm_password, Role, Branch, and Activate parameters.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69564" target=3D= "_blank" rel=3D"noopener">CVE-2025-69564</a></td>

<a href=3D"https://gitee.com/Z_180yc/zyy/issues/IDCEJP" target=3D"_blank" r= el=3D"noopener">https://gitee.com/Z_180yc/zyy/issues/IDCEJP</a> <a href= =3D"https://gist.github.com/lih28984-commits/87eacfc32186020a04e03a2af44872= 3f" target=3D"_blank" rel=3D"noopener">https://gist.github.com/lih28984-com= mits/87eacfc32186020a04e03a2af448723f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--code-projects</td> <td>code-projects Mobile Shop Management System 1.0 is vulnerable to File U= pload in /ExAddProduct.php.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69565" target=3D= "_blank" rel=3D"noopener">CVE-2025-69565</a></td>

<a href=3D"https://gitee.com/Z_180yc/zyy/issues/IDCFAQ" target=3D"_blank" r= el=3D"noopener">https://gitee.com/Z_180yc/zyy/issues/IDCFAQ</a> <a href= =3D"https://gist.github.com/lih28984-commits/81d523afde3b122c652f652bab808e= 33" target=3D"_blank" rel=3D"noopener">https://gist.github.com/lih28984-com= mits/81d523afde3b122c652f652bab808e33</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">coolsnowwolf--lede</td>
<td>Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in=
coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/se= curity modules). This vulnerability is associated with program files bn_lib= .C. This issue affects lede: through r25.10.1.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24803" target=3D= "_blank" rel=3D"noopener">CVE-2026-24803</a></td>

<a href=3D"https://github.com/coolsnowwolf/lede/pull/13346" target=3D"_blan=
k" rel=3D"noopener">https://github.com/coolsnowwolf/lede/pull/13346</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">coolsnowwolf--lede</td>
<td>Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in=
coolsnowwolf lede (package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common = modules). This vulnerability is associated with program files bn_lib.C. Thi=
s issue affects lede: through r25.10.1.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24804" target=3D= "_blank" rel=3D"noopener">CVE-2026-24804</a></td>

<a href=3D"https://github.com/coolsnowwolf/lede/pull/13368" target=3D"_blan=
k" rel=3D"noopener">https://github.com/coolsnowwolf/lede/pull/13368</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">CPU-Z--CPU-Z</td>
<td>The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate us= er-supplied values passed via its IOCTL interface, allowing an attacker to = access sensitive information via a crafted request.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65264" target=3D= "_blank" rel=3D"noopener">CVE-2025-65264</a></td>

<a href=3D"https://www.cpuid.com/softwares/cpu-z.html" target=3D"_blank" re= l=3D"noopener">https://www.cpuid.com/softwares/cpu-z.html</a> <a href=3D= "https://github.com/cwjchoi01/CVE-2025-65264" target=3D"_blank" rel=3D"noop= ener">https://github.com/cwjchoi01/CVE-2025-65264</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">datavane--tis</td>
<td>Unrestricted Upload of File with Dangerous Type, Deserialization of Unt= rusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qla= ngtech/tis/extension/impl modules). This vulnerability is associated with p= rogram files XmlFile.Java. This issue affects tis: before v4.3.0.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24815" target=3D= "_blank" rel=3D"noopener">CVE-2026-24815</a></td>

<a href=3D"https://github.com/datavane/tis/pull/443" target=3D"_blank" rel= =3D"noopener">https://github.com/datavane/tis/pull/443</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">datavane--tis</td>
<td>Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in=
datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/a= ction modules). This vulnerability is associated with program files ChangeD= omainAction.Java. This issue affects tis: before v4.3.0.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24816" target=3D= "_blank" rel=3D"noopener">CVE-2026-24816</a></td>

<a href=3D"https://github.com/datavane/tis/pull/444" target=3D"_blank" rel= =3D"noopener">https://github.com/datavane/tis/pull/444</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">davisking--dlib</td>
<td>Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Class=
ic Buffer Overflow') vulnerability in davisking dlib (dlib/external/zlib mo= dules). This vulnerability is associated with program files inflate.C. This=
issue affects dlib: before v19.24.9.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24799" target=3D= "_blank" rel=3D"noopener">CVE-2026-24799</a></td>

<a href=3D"https://github.com/davisking/dlib/pull/3063" target=3D"_blank" r= el=3D"noopener">https://github.com/davisking/dlib/pull/3063</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Delinea Inc.--Secret Server On-Prem</td> <td>Improper Authentication vulnerability in Delinea Inc. Secret Server On-= Prem (RPC Password Rotation modules). This issue affects Secret Server On-P= rem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" e= nabled automatically checks in even when the password change fails after re= aching its retry limit. This leaves the secret in an inconsistent state wit=
h the wrong password. Remediation: Upgrade to 11.9.47 or later. The secret = will remain checked out when the password change fails.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12810" target=3D= "_blank" rel=3D"noopener">CVE-2025-12810</a></td>

<a href=3D"https://docs.delinea.com/online-help/secret-server/release-notes= /ss-rn-11-9-000047.htm" target=3D"_blank" rel=3D"noopener">https://docs.del= inea.com/online-help/secret-server/release-notes/ss-rn-11-9-000047.htm</a><= br><a href=3D"https://trust.delinea.com/?tcuUid=3D48260de9-954d-45c2-9c66-2= c9510798a0b" target=3D"_blank" rel=3D"noopener">https://trust.delinea.com/?= tcuUid=3D48260de9-954d-45c2-9c66-2c9510798a0b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticate=
d user bypass the ai_discover_persona access controls and gain ongoing DM a= ccess to personas that may be wired to staff-only categories, RAG document = sets, or automated tooling, enabling unauthorized data disclosure. Because = the controller also accepts arbitrary user_id, an attacker can impersonate = other accounts to trigger unwanted AI conversations on their behalf, genera= ting confusing or abusive PM traffic. This issue is patched in versions 3.5= .4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.= </td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68660" target=3D= "_blank" rel=3D"noopener">CVE-2025-68660</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= mrvm-rprq-jqqh" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-mrvm-rprq-jqqh</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by us= ers with moderation privileges even though moderators should not have acces=
s to the archives. Private topic/post content made by the users are leaked = through the archives leading to a breach of confidentiality. This issue is = patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. To work arou=
nd this problem, a site admin can temporarily revoke the moderation role fr=
om all moderators until the Discourse instance has been upgraded to a versi=
on that has been patched.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68666" target=3D= "_blank" rel=3D"noopener">CVE-2025-68666</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= xmvw-jjqq-25mv" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-xmvw-jjqq-25mv</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the `top_up= loads` admin report which should be restricted to admins only. This report = displays direct URLs to all uploaded files on the site, including sensitive=
content such as user data exports, admin backups, and other private attach= ments that moderators should not have access to. This issue is patched in v= ersions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. There is no workaround. = Limit moderator privileges to trusted users until the patch is applied.</td=

<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69218" target=3D= "_blank" rel=3D"noopener">CVE-2025-69218</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= 79f9-j8h4-3w6w" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-79f9-j8h4-3w6w</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. A privilege escalation=
vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1=
.0 allows a non-admin moderator to bypass email-change restrictions, allowi=
ng a takeover of non-staff accounts. This issue is patched in versions 3.5.=
4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, ensure moderators a=
re trusted or enable the "require_change_email_confirmation" setting.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69289" target=3D= "_blank" rel=3D"noopener">CVE-2025-69289</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= p39j-x54c-rwqq" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-p39j-x54c-rwqq</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">discourse--discourse</td>
<td>Discourse is an open source discussion platform. In versions prior to 3= .5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-res= tricted resources (private topics, categories, posts, or hidden tags) were = redirecting users to URLs containing the resource slug, even when the user = didn't have access to view the resource. This leaked potentially sensitive = information (e.g., private topic titles) via the redirect Location header a=
nd the 404 page's search box. This issue is patched in versions 3.5.4, 2025= .11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23743" target=3D= "_blank" rel=3D"noopener">CVE-2026-23743</a></td>

<a href=3D"https://github.com/discourse/discourse/security/advisories/GHSA-= v5jw-rxc6-4cvv" target=3D"_blank" rel=3D"noopener">https://github.com/disco= urse/discourse/security/advisories/GHSA-v5jw-rxc6-4cvv</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">DokuWiki--DokuWiki</td>
<td>aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthen= ticated attackers to execute arbitrary system commands via lib/plugins/runc= ommand/postaction.php.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-51958" target=3D= "_blank" rel=3D"noopener">CVE-2025-51958</a></td>

<a href=3D"https://www.dokuwiki.org/plugin:runcommand" target=3D"_blank" re= l=3D"noopener">https://www.dokuwiki.org/plugin:runcommand</a> <a href=3D= "https://github.com/aelsantex/runcommand" target=3D"_blank" rel=3D"noopener= ">https://github.com/aelsantex/runcommand</a> <a href=3D"https://gist.gi= thub.com/NtustLin/f64528002e4f61874045799127dc49a4" target=3D"_blank" rel= =3D"noopener">https://gist.github.com/NtustLin/f64528002e4f61874045799127dc= 49a4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>The exos 9300 application can be used to configure Access Managers (e.g=
. 92xx, 9230 and 9290). The configuration is done in a graphical user inter= face on the dormakaba exos server. As soon as the save button is clicked in=
exos 9300, the whole configuration is sent to the selected Access Manager = via SOAP. The SOAP request is sent without any prior authentication or auth= orization by default. Though authentication and authorization can be config= ured using IPsec for 92xx-K5 devices and mTLS for 92xx-K7 devices, it is no=
t enabled by default and must therefore be activated with additional steps.=
This insecure default allows an attacker with network level access to comp= letely control the whole environment. An attacker is for example easily abl=
e to conduct the following tasks without prior authentication: - Re-configu=
re Access Managers (e.g. remove alarming system requirements) - Freely re-c= onfigure the inputs and outputs - Open all connected doors permanently - Op=
en all doors for a defined time interval - Change the admin password - and = many more Network level access can be gained due to an insufficient network=
segmentation as well as missing LAN firewalls. Devices with an insecure co= nfiguration have been identified to be directly exposed to the internet.</t=

<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59097" target=3D= "_blank" rel=3D"noopener">CVE-2025-59097</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>The Access Manager is offering a trace functionality to debug errors an=
d issues with the device. The trace functionality is implemented as a simpl=
e TCP socket. A tool called TraceClient.exe, provided by dormakaba via the = Access Manager web interface, is used to connect to the socket and receive = debug information. The data is permanently broadcasted on the TCP socket. T=
he socket can be accessed without any authentication or encryption. The tra= nsmitted data is based on the set verbosity level. The verbosity level can =
be set using the http(s) endpoint with the service interface password or wi=
th the guessable identifier of the device via the SOAP interface. The trans= mitted data contains sensitive data like the Card ID as well as all button = presses on Registration units. This allows an attacker with network level a= ccess to retrieve all entered PINs on a registration unit.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59098" target=3D= "_blank" rel=3D"noopener">CVE-2025-59098</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>The Access Manager is using the open source web server CompactWebServer=
written in C#. This web server is affected by a path traversal vulnerabili= ty, which allows an attacker to directly access files via simple GET reques=
ts without prior authentication. Hence, it is possible to retrieve all file=
s stored on the file system, including the SQLite database Database.sq3, co= ntaining badge information and the corresponding PIN codes. Additionally, w= hen trying to access certain files, the web server crashes and becomes unre= achable for about 60 seconds. This can be abused to continuously send the r= equest and cause denial of service.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59099" target=3D= "_blank" rel=3D"noopener">CVE-2025-59099</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>The web interface offers a functionality to export the internal SQLite = database. After executing the database export, an automatic download is sta= rted and the device reboots. After rebooting, the exported database is dele= ted and cannot be accessed anymore. However, it was noticed that sometimes = the device does not reboot and therefore the exported database is not delet= ed, or the device reboots and the export is not deleted for unknown reasons=
. The path where the database export is located can be accessed without pri=
or authentication. This leads to the fact that an attacker might be able to=
get access to the exported database without prior authentication. The data= base includes sensitive data like passwords, card pins, encrypted Mifare si= tekeys and much more.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59100" target=3D= "_blank" rel=3D"noopener">CVE-2025-59100</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>Instead of typical session tokens or cookies, it is verified on a per-r= equest basis if the originating IP address has once successfully logged in.=
As soon as an authentication request from a certain source IP is successfu=
l, the IP address is handled as authenticated. No other session information=
is stored. Therefore, it is possible to spoof the IP address of a logged-i=
n user to gain access to the Access Manager web interface.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59101" target=3D= "_blank" rel=3D"noopener">CVE-2025-59101</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>The web server of the Access Manager offers a functionality to download=
a backup of the local database stored on the device. This database contain=
s the whole configuration. This includes encrypted MIFARE keys, card data, = user PINs and much more. The PINs are even stored unencrypted. Combined wit=
h the fact that an attacker can easily get access to the backup functionali=
ty by abusing the session management issue (CVE-2025-59101), or by exploiti=
ng the weak default password (CVE-2025-59108), or by simply setting a new p= assword without prior authentication via the SOAP API (CVE-2025-59097), it =
is easily possible to access the sensitive data on the device.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59102" target=3D= "_blank" rel=3D"noopener">CVE-2025-59102</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>The Access Manager 92xx in hardware revision K7 is based on Linux inste=
ad of Windows CE embedded in older hardware revisions. In this new hardware=
revision it was noticed that an SSH service is exposed on port 22. By anal= yzing the firmware of the devices, it was noticed that there are two users = with hardcoded and weak passwords that can be used to access the devices vi=
a SSH. The passwords can be also guessed very easily. The password of at le= ast one user is set to a random value after the first deployment, with the = restriction that the password is only randomized if the configured date is = prior to 2022. Therefore, under certain circumstances, the passwords are no=
t randomized. For example, if the clock is never set on the device, the bat= tery of the clock module has been changed, the Access Manager has been fact= ory reset and has not received a time yet.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59103" target=3D= "_blank" rel=3D"noopener">CVE-2025-59103</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>With physical access to the device and enough time an attacker can deso= lder the flash memory, modify it and then reinstall it because of missing e= ncryption. Thus, essential files, such as "/etc/passwd", as well as stored = certificates, cryptographic keys, stored PINs and so on can be modified and=
read, in order to gain SSH root access on the Linux-based K7 model. On the=
Windows CE based K5 model, the password for the Access Manager can additio= nally be read in plain text from the stored SQLite database.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59105" target=3D= "_blank" rel=3D"noopener">CVE-2025-59105</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td> <td>Dormakaba provides the software FWServiceTool to update the firmware ve= rsion of the Access Managers via the network. The firmware in some instance=
s is provided in an encrypted ZIP file. Within this tool, the password used=
to decrypt the ZIP and extract the firmware is set statically and can be e= xtracted. This password was valid for multiple observed firmware versions.<=

<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59107" target=3D= "_blank" rel=3D"noopener">CVE-2025-59107</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k5</td>
<td>By default, the password for the Access Manager's web interface, is set=
to 'admin'. In the tested version changing the password was not enforced.<=

<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59108" target=3D= "_blank" rel=3D"noopener">CVE-2025-59108</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k7</td>
<td>With physical access to the device and enough time an attacker is able =
to solder test leads to the debug footprint (or use the 6-Pin tag-connect c= able). Thus, the attacker gains access to the bootloader, where the kernel = command line can be changed. An attacker is able to gain a root shell throu=
gh this vulnerability.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59104" target=3D= "_blank" rel=3D"noopener">CVE-2025-59104</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Access Manager 92xx-k7</td>
<td>The binary serving the web server and executing basically all actions l= aunched from the Web UI is running with root privileges. This is against th=
e least privilege principle. If an attacker is able to execute code on the = system via other vulnerabilities it is possible to directly execute command=
s with highest privileges.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59106" target=3D= "_blank" rel=3D"noopener">CVE-2025-59106</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--dormakaba registration unit 9002</t=

<td>The dormakaba registration units 9002 (PIN Pad Units) have an exposed U= ART header on the backside. The PIN pad is sending every button press to th=
e UART interface. An attacker can use the interface to exfiltrate PINs. As = the devices are explicitly built as Plug-and-Play to be easily replaced, an=
attacker is easily able to remove the device, install a hardware implant w= hich connects to the UART and exfiltrates the data exposed via UART to anot= her system (e.g. via WiFi).</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59109" target=3D= "_blank" rel=3D"noopener">CVE-2025-59109</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkaccess" target=3D"_blank" rel=3D"noopener">https://r.sec-con= sult.com/dkaccess</a> <a href=3D"https://www.dormakabagroup.com/en/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagro= up.com/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Kaba exos 9300</td>
<td>On the exos 9300 server, a SOAP API is reachable on port 8002. This API=
does not require any authentication prior to sending requests. Therefore, = network access to the exos server allows e.g. the creation of arbitrary acc= ess log events as well as querying the 2FA PINs associated with the enrolle=
d chip cards.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59090" target=3D= "_blank" rel=3D"noopener">CVE-2025-59090</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkexos" target=3D"_blank" rel=3D"noopener">https://r.sec-consu= lt.com/dkexos</a> <a href=3D"https://www.dormakabagroup.com/en/security-= advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagroup.c= om/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Kaba exos 9300</td>
<td>Multiple hardcoded credentials have been identified, which are allowed =
to sign-in to the exos 9300 datapoint server running on port 1004 and 1005.=
This server is used for relaying status information from and to the Access=
Managers. This information, among other things, is used to graphically vis= ualize open doors and alerts. However, controlling the Access Managers via = this interface is also possible. To send and receive status information, au= thentication is necessary. The Kaba exos 9300 application contains hard-cod=
ed credentials for four different users, which are allowed to login to the = datapoint server and receive as well as send information, including command=
s to open arbitrary doors.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59091" target=3D= "_blank" rel=3D"noopener">CVE-2025-59091</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkexos" target=3D"_blank" rel=3D"noopener">https://r.sec-consu= lt.com/dkexos</a> <a href=3D"https://www.dormakabagroup.com/en/security-= advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagroup.c= om/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Kaba exos 9300</td>
<td>An RPC service, which is part of exos 9300, is reachable on port 4000, = run by the process FSMobilePhoneInterface.exe. This service is used for int= erprocess communication between services and the Kaba exos 9300 GUI, contai= ning status information about the Access Managers. Interacting with the ser= vice does not require any authentication. Therefore, it is possible to send=
arbitrary status information about door contacts etc. without prior authen= tication.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59092" target=3D= "_blank" rel=3D"noopener">CVE-2025-59092</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkexos" target=3D"_blank" rel=3D"noopener">https://r.sec-consu= lt.com/dkexos</a> <a href=3D"https://www.dormakabagroup.com/en/security-= advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagroup.c= om/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Kaba exos 9300</td>
<td>Exos 9300 instances are using a randomly generated database password to=
connect to the configured MSSQL server. The password is derived from stati=
c random values, which are concatenated to the hostname and a random string=
that can be read by every user from the registry. This allows an attacker =
to derive the database password and get authenticated access to the central=
exos 9300 database as the user Exos9300Common. The user has the roles Exos= Dialog and ExosDialogDotNet assigned, which are able to read most tables of=
the database as well as update and insert into many tables.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59093" target=3D= "_blank" rel=3D"noopener">CVE-2025-59093</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkexos" target=3D"_blank" rel=3D"noopener">https://r.sec-consu= lt.com/dkexos</a> <a href=3D"https://www.dormakabagroup.com/en/security-= advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagroup.c= om/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Kaba exos 9300</td>
<td>A local privilege escalation vulnerability has been identified in the K= aba exos 9300 System management application (d9sysdef.exe). Within this app= lication it is possible to specify an arbitrary executable as well as the w= eekday and start time, when the specified executable should be run with SYS= TEM privileges.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59094" target=3D= "_blank" rel=3D"noopener">CVE-2025-59094</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkexos" target=3D"_blank" rel=3D"noopener">https://r.sec-consu= lt.com/dkexos</a> <a href=3D"https://www.dormakabagroup.com/en/security-= advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagroup.c= om/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Kaba exos 9300</td>
<td>The program libraries (DLL) and binaries used by exos 9300 contain mult= iple hard-coded secrets. One notable example is the function "EncryptAndDec= rypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR=
encryption technique combined with a cryptographic key (cryptoKey) to tran= sform each character of the input string. However, it's important to note t= hat this implementation does not provide strong encryption and should not b=
e considered secure for sensitive data. It's more of a custom encryption ap= proach rather than a common algorithm used in cryptographic applications. T=
he key itself is static and based on the founder's name of the company. The=
functionality is for example used to encrypt the user PINs before storing = them in the MSSQL database.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59095" target=3D= "_blank" rel=3D"noopener">CVE-2025-59095</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkexos" target=3D"_blank" rel=3D"noopener">https://r.sec-consu= lt.com/dkexos</a> <a href=3D"https://www.dormakabagroup.com/en/security-= advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagroup.c= om/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dormakaba--Kaba exos 9300</td>
<td>The default password for the extended admin user mode in the applicatio=
n U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple lo= cations as well as documented in the locally stored user documentation.</td=

<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59096" target=3D= "_blank" rel=3D"noopener">CVE-2025-59096</a></td>

<a href=3D"https://r.sec-consult.com/dormakaba" target=3D"_blank" rel=3D"no= opener">https://r.sec-consult.com/dormakaba</a> <a href=3D"https://r.sec= -consult.com/dkexos" target=3D"_blank" rel=3D"noopener">https://r.sec-consu= lt.com/dkexos</a> <a href=3D"https://www.dormakabagroup.com/en/security-= advisories" target=3D"_blank" rel=3D"noopener">https://www.dormakabagroup.c= om/en/security-advisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Drupal--Acquia Content Hub</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Conten=
t Hub allows Cross Site Request Forgery. This issue affects Acquia Content = Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14472" target=3D= "_blank" rel=3D"noopener">CVE-2025-14472</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-125" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-125</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--AI (Artificial Intelligence)</td> <td>Improper Neutralization of Input During Web Page Generation ("Cross-sit=
e Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows C= ross-Site Scripting (XSS). This issue affects AI (Artificial Intelligence):=
from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.= </td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13981" target=3D= "_blank" rel=3D"noopener">CVE-2025-13981</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-119" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-119</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--CKEditor 5 Premium Features</td> <td>Authentication Bypass Using an Alternate Path or Channel vulnerability =
in Drupal CKEditor 5 Premium Features allows Functionality Bypass. This iss=
ue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.=
0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.=
0 before 1.6.4.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13980" target=3D= "_blank" rel=3D"noopener">CVE-2025-13980</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-118" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-118</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Disable Login Page</td>
<td>Authentication Bypass Using an Alternate Path or Channel vulnerability =
in Drupal Disable Login Page allows Functionality Bypass. This issue affect=
s Disable Login Page: from 0.0.0 before 1.1.3.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13986" target=3D= "_blank" rel=3D"noopener">CVE-2025-13986</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-124" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-124</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Drupal</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-sit=
e Scripting') vulnerability in Drupal Form Builder allows Cross-Site Script= ing (XSS). This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0749" target=3D"= _blank" rel=3D"noopener">CVE-2026-0749</a></td>

<a href=3D"https://www.herodevs.com/vulnerability-directory/cve-2026-0749" = target=3D"_blank" rel=3D"noopener">https://www.herodevs.com/vulnerability-d= irectory/cve-2026-0749</a> <a href=3D"https://d7es.tag1.com/security-adv= isories/form-builder-less-critical-cross-site-scripting" target=3D"_blank" = rel=3D"noopener">https://d7es.tag1.com/security-advisories/form-builder-les= s-critical-cross-site-scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Drupal--Drupal Commerce Paybox</td>
<td>Improper Verification of Cryptographic Signature vulnerability in Drupa=
l Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authenticatio=
n Bypass. This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7= .X-1.5.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0750" target=3D"= _blank" rel=3D"noopener">CVE-2026-0750</a></td>

<a href=3D"https://www.herodevs.com/vulnerability-directory/cve-2026-0750" = target=3D"_blank" rel=3D"noopener">https://www.herodevs.com/vulnerability-d= irectory/cve-2026-0750</a> <a href=3D"https://d7es.tag1.com/security-adv= isories/commerce-paybox-moderately-critical-payment-bypass-vulnerability" t= arget=3D"_blank" rel=3D"noopener">https://d7es.tag1.com/security-advisories= /commerce-paybox-moderately-critical-payment-bypass-vulnerability</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Drupal--Entity Share</td>
<td>Incorrect Authorization vulnerability in Drupal Entity Share allows For= ceful Browsing. This issue affects Entity Share: from 0.0.0 before 3.13.0.<=

<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13985" target=3D= "_blank" rel=3D"noopener">CVE-2025-13985</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-123" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-123</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--HTTP Client Manager</td>
<td>Improper Check for Unusual or Exceptional Conditions vulnerability in D= rupal HTTP Client Manager allows Forceful Browsing. This issue affects HTTP=
Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from = 11.0.0 before 11.0.1.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14840" target=3D= "_blank" rel=3D"noopener">CVE-2025-14840</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-126" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-126</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Login Time Restriction</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Re= striction allows Cross Site Request Forgery. This issue affects Login Time = Restriction: from 0.0.0 before 1.0.3.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13982" target=3D= "_blank" rel=3D"noopener">CVE-2025-13982</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-120" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-120</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Mini site</td>
<td>Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site=
allows Stored XSS. This issue affects Mini site: from 0.0.0 before 3.0.2.<=

<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13979" target=3D= "_blank" rel=3D"noopener">CVE-2025-13979</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-117" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-117</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Next.js</td>
<td>Permissive Cross-domain Security Policy with Untrusted Domains vulnerab= ility in Drupal Next.Js allows Cross-Site Scripting (XSS). This issue affec=
ts Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13984" target=3D= "_blank" rel=3D"noopener">CVE-2025-13984</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-122" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-122</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Tagify</td>
<td>Improper Neutralization of Input During Web Page Generation ("Cross-sit=
e Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (X= SS). This issue affects Tagify: from 0.0.0 before 1.2.44.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13983" target=3D= "_blank" rel=3D"noopener">CVE-2025-13983</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2025-121" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2025-121</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Eclipse Foundation--Eclipse OMR</td>
<td>In the Eclipse OMR port library component since release 0.2.0, an API f= unction to return the textual names of all supported processor features was=
not accounting for the separator inserted between processor features. If t=
he output buffer supplied to this function was incorrectly sized, failing t=
o account for the separator when determining when a write to the buffer was=
safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR v= ersion 0.8.0.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1188" target=3D"= _blank" rel=3D"noopener">CVE-2026-1188</a></td>

<a href=3D"https://github.com/eclipse-omr/omr/pull/8082" target=3D"_blank" = rel=3D"noopener">https://github.com/eclipse-omr/omr/pull/8082</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">Eclipse Foundation--Eclipse ThreadX - NetX Duo= </td>
<td>A denial-of-service vulnerability exists in the NetX IPv6 component fun= ctionality of Eclipse ThreadX NetX Duo. A specially crafted network packet =
of "Packet Too Big" with more than 15 different source address can lead to = denial of service. An attacker can send a malicious packet to trigger this = vulnerability.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-55102" target=3D= "_blank" rel=3D"noopener">CVE-2025-55102</a></td>

<a href=3D"https://github.com/eclipse-threadx/netxduo/security/advisories/G= HSA-f3rx-xrwm-q2rf" target=3D"_blank" rel=3D"noopener">https://github.com/e= clipse-threadx/netxduo/security/advisories/GHSA-f3rx-xrwm-q2rf</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Edgemo (Danoffice IT)--Local Admin Service</td=

<td>Improper access control in the WCF endpoint in Edgemo (now owned by Dan= office IT) Local Admin Service 1.2.7.23180 on Windows allows a local user t=
o escalate their privileges to local administrator via direct communication=
with the LocalAdminService.exe named pipe, bypassing client-side group mem= bership restrictions.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1680" target=3D"= _blank" rel=3D"noopener">CVE-2026-1680</a></td>

<a href=3D"https://retest.dk/local-privilege-escalation-vulnerability-found= -in-local-admin-service/" target=3D"_blank" rel=3D"noopener">https://retest= .dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/<= /a> <a href=3D"https://www.danofficeit.com/howwedoit/workplace/managemen= t/" target=3D"_blank" rel=3D"noopener">https://www.danofficeit.com/howwedoi= t/workplace/management/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EGroupware--egroupware</td>
<td>EGroupware is a Web based groupware server written in PHP. A SQL Inject= ion vulnerability exists in the core components of EGroupware prior to vers= ions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filte=
r processing. The flaw allows authenticated attackers to inject arbitrary S=
QL commands into the `WHERE` clause of database queries. This is achieved b=
y exploiting a PHP type juggling issue where JSON decoding converts numeric=
strings into integers, bypassing the `is_int()` security check used by the=
application. Versions 23.1.20260113 and 26.0.20260113 patch the vulnerabil= ity.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22243" target=3D= "_blank" rel=3D"noopener">CVE-2026-22243</a></td>

<a href=3D"https://github.com/EGroupware/egroupware/security/advisories/GHS= A-rvxj-7f72-mhrx" target=3D"_blank" rel=3D"noopener">https://github.com/EGr= oupware/egroupware/security/advisories/GHSA-rvxj-7f72-mhrx</a> <a href= =3D"https://github.com/EGroupware/egroupware/releases/tag/23.1.20260113" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/EGroupware/egroupware/r= eleases/tag/23.1.20260113</a> <a href=3D"https://github.com/EGroupware/e= groupware/releases/tag/26.0.20260113" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/EGroupware/egroupware/releases/tag/26.0.20260113</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">ESET, spol. s.r.o--ESET Inspect Connector</td> <td>Planting a custom configuration file in ESET Inspect Connector=C2=A0all= ow=C2=A0load a malicious DLL.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13176" target=3D= "_blank" rel=3D"noopener">CVE-2025-13176</a></td>

<a href=3D"https://support.eset.com/en/ca8910-eset-customer-advisory-local-= privilege-escalation-vulnerability-fixed-in-eset-inspect-connector-for-wind= ows" target=3D"_blank" rel=3D"noopener">https://support.eset.com/en/ca8910-= eset-customer-advisory-local-privilege-escalation-vulnerability-fixed-in-es= et-inspect-connector-for-windows</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eslint--eslint</td>
<td>Stack overflow vulnerability in eslint before 9.26.0 when serializing o= bjects with circular references in eslint/lib/shared/serialization.js. The = exploit is triggered via the RuleTester.run() method, which validates test = cases and checks for duplicates. During validation, the internal function c= heckDuplicateTestCase() is called, which in turn uses the isSerializable() = function for serialization checks. When a circular reference object is pass=
ed in, isSerializable() enters infinite recursion, ultimately causing a sta=
ck overflow.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-50537" target=3D= "_blank" rel=3D"noopener">CVE-2025-50537</a></td>

<a href=3D"https://github.com/eslint/eslint/issues/19646" target=3D"_blank"=
rel=3D"noopener">https://github.com/eslint/eslint/issues/19646</a> <a h= ref=3D"https://gist.github.com/lyyffee/2ee1815e5c2da82c05e9838b9bfefbbc" ta= rget=3D"_blank" rel=3D"noopener">https://gist.github.com/lyyffee/2ee1815e5c= 2da82c05e9838b9bfefbbc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Explorance--Blue</td>
<td>Explorance Blue versions prior to 8.14.9 contain a SQL injection vulner= ability caused by insufficient validation of user input in a web applicatio=
n endpoint. An attacker can supply crafted input that is executed as part o=
f backend database queries. The issue is exploitable without authentication=
, significantly raising the risk.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57792" target=3D= "_blank" rel=3D"noopener">CVE-2025-57792</a></td>

<a href=3D"https://www.explorance.com/products/blue" target=3D"_blank" rel= =3D"noopener">https://www.explorance.com/products/blue</a> <a href=3D"ht= tps://online-help.explorance.com/blue/articles/security-advisories-(january= -2026)" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.c= om/blue/articles/security-advisories-(january-2026)</a> <a href=3D"https= ://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-577= 92" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.com/b= lue/articles/security-advisory:-cve-2025-57792</a> <a href=3D"https://gi= thub.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0001= .md" target=3D"_blank" rel=3D"noopener">https://github.com/mandiant/Vulnera= bility-Disclosures/blob/master/2026/MNDT-2026-0001.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Explorance--Blue</td>
<td>Explorance Blue versions prior to 8.14.9 contain a SQL injection vulner= ability caused by insufficient validation of user-supplied input in a web a= pplication component. Crafted input can be executed as part of backend data= base queries. The issue is exploitable without authentication, significantl=
y elevating the risk.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57793" target=3D= "_blank" rel=3D"noopener">CVE-2025-57793</a></td>

<a href=3D"https://www.explorance.com/products/blue" target=3D"_blank" rel= =3D"noopener">https://www.explorance.com/products/blue</a> <a href=3D"ht= tps://online-help.explorance.com/blue/articles/security-advisories-(january= -2026)" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.c= om/blue/articles/security-advisories-(january-2026)</a> <a href=3D"https= ://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-577= 93" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.com/b= lue/articles/security-advisory:-cve-2025-57793</a> <a href=3D"https://gi= thub.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0002= .md" target=3D"_blank" rel=3D"noopener">https://github.com/mandiant/Vulnera= bility-Disclosures/blob/master/2026/MNDT-2026-0002.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Explorance--Blue</td>
<td>Explorance Blue versions prior to 8.14.9 contain an authenticated unres= tricted file upload vulnerability in the administrative interface. The appl= ication does not adequately restrict uploaded file types, allowing maliciou=
s files to be uploaded and executed by the server. This condition enables r= emote code execution under default configurations.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57794" target=3D= "_blank" rel=3D"noopener">CVE-2025-57794</a></td>

<a href=3D"https://www.explorance.com/products/blue" target=3D"_blank" rel= =3D"noopener">https://www.explorance.com/products/blue</a> <a href=3D"ht= tps://online-help.explorance.com/blue/articles/security-advisories-(january= -2026)" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.c= om/blue/articles/security-advisories-(january-2026)</a> <a href=3D"https= ://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-577= 94" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.com/b= lue/articles/security-advisory:-cve-2025-57794</a> <a href=3D"https://gi= thub.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003= .md" target=3D"_blank" rel=3D"noopener">https://github.com/mandiant/Vulnera= bility-Disclosures/blob/master/2026/MNDT-2026-0003.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Explorance--Blue</td>
<td>Explorance Blue versions prior to 8.14.13 contain an authenticated remo=
te file download vulnerability in a web service component. In default confi= gurations, this flaw can be leveraged to achieve remote code execution.</td=

<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57795" target=3D= "_blank" rel=3D"noopener">CVE-2025-57795</a></td>

<a href=3D"https://www.explorance.com/products/blue" target=3D"_blank" rel= =3D"noopener">https://www.explorance.com/products/blue</a> <a href=3D"ht= tps://online-help.explorance.com/blue/articles/security-advisories-(january= -2026)" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.c= om/blue/articles/security-advisories-(january-2026)</a> <a href=3D"https= ://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-577= 95" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.com/b= lue/articles/security-advisory:-cve-2025-57795</a> <a href=3D"https://gi= thub.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0004= .md" target=3D"_blank" rel=3D"noopener">https://github.com/mandiant/Vulnera= bility-Disclosures/blob/master/2026/MNDT-2026-0004.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Explorance--Blue</td>
<td>Explorance Blue versions prior to 8.14.12 use reversible symmetric encr= yption with a hardcoded static key to protect sensitive data, including use=
r passwords and system configurations. This approach allows stored values t=
o be decrypted offline if the encrypted data are obtained.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57796" target=3D= "_blank" rel=3D"noopener">CVE-2025-57796</a></td>

<a href=3D"https://www.explorance.com/products/blue" target=3D"_blank" rel= =3D"noopener">https://www.explorance.com/products/blue</a> <a href=3D"ht= tps://online-help.explorance.com/blue/articles/security-advisories-(january= -2026)" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.c= om/blue/articles/security-advisories-(january-2026)</a> <a href=3D"https= ://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-577= 96" target=3D"_blank" rel=3D"noopener">https://online-help.explorance.com/b= lue/articles/security-advisory:-cve-2025-57796</a> <a href=3D"https://gi= thub.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0005= .md" target=3D"_blank" rel=3D"noopener">https://github.com/mandiant/Vulnera= bility-Disclosures/blob/master/2026/MNDT-2026-0005.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ExpressionEngine--ExpressionEngine</td>
<td>SQL Injection vulnerability in the Structure for Admin authenticated us= er</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59473" target=3D= "_blank" rel=3D"noopener">CVE-2025-59473</a></td>

<a href=3D"https://hackerone.com/reports/3249794" target=3D"_blank" rel=3D"= noopener">https://hackerone.com/reports/3249794</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EZCast--EZCast Pro II</td> <td>Multiple=C2=A0Buffer Overflows in Admin UI of EZCast Pro II version 1.1= 7478.146 allow attackers to cause a program crash and potential remote code=
execution</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24344" target=3D= "_blank" rel=3D"noopener">CVE-2026-24344</a></td>

<a href=3D"https://hub.ntc.swiss/ntcf-2025-68873" target=3D"_blank" rel=3D"= noopener">https://hub.ntc.swiss/ntcf-2025-68873</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EZCast--EZCast Pro II</td>
<td>Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478= .146 allows attackers to bypass authorization checks and gain full access t=
o the admin UI</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24345" target=3D= "_blank" rel=3D"noopener">CVE-2026-24345</a></td>

<a href=3D"https://hub.ntc.swiss/ntcf-2025-32832" target=3D"_blank" rel=3D"= noopener">https://hub.ntc.swiss/ntcf-2025-32832</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EZCast--EZCast Pro II</td>
<td>Use of well-known default credentials in Admin UI of EZCast Pro II vers= ion 1.17478.146 allows attackers to access protected areas in the web appli= cation</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24346" target=3D= "_blank" rel=3D"noopener">CVE-2026-24346</a></td>

<a href=3D"https://hub.ntc.swiss/ntcf-2025-13993" target=3D"_blank" rel=3D"= noopener">https://hub.ntc.swiss/ntcf-2025-13993</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EZCast--EZCast Pro II</td>
<td>Improper input validation in Admin UI of EZCast Pro II version 1.17478.= 146 allows attackers to manipulate files in the /tmp directory</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24347" target=3D= "_blank" rel=3D"noopener">CVE-2026-24347</a></td>

<a href=3D"https://hub.ntc.swiss/ntcf-2025-32806" target=3D"_blank" rel=3D"= noopener">https://hub.ntc.swiss/ntcf-2025-32806</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EZCast--EZCast Pro II</td>
<td>Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro=
II version 1.17478.146 allow attackers to execute arbitrary JavaScript cod=
e in the browser of other Admin UI users.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24348" target=3D= "_blank" rel=3D"noopener">CVE-2026-24348</a></td>

<a href=3D"https://hub.ntc.swiss/ntcf-2025-145332" target=3D"_blank" rel=3D= "noopener">https://hub.ntc.swiss/ntcf-2025-145332</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">FASTSHIFT--X-TRACK</td>
<td>Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Class=
ic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/U= SER/App/Utils/lv_img_png/PNGdec/src modules). This vulnerability is associa= ted with program files inflate.C. This issue affects X-TRACK: through v2.7.= </td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24823" target=3D= "_blank" rel=3D"noopener">CVE-2026-24823</a></td>

<a href=3D"https://github.com/FASTSHIFT/X-TRACK/pull/120" target=3D"_blank"=
rel=3D"noopener">https://github.com/FASTSHIFT/X-TRACK/pull/120</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterpri=
se Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated use=
r could cause another user to perform unwanted actions within the applicati=
on they are logged into. This vulnerability is possible due to the lack of = proper CSRF token implementation. Among other things, it is possible, using=
a POST request to=C2=A0change a user's password or create users via '/setu= p_login?sid=3D', affecting the 'username', 'password', and 'cpassword' para= meters.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59891" target=3D= "_blank" rel=3D"noopener">CVE-2025-59891</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterpri=
se Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated use=
r could cause another user to perform unwanted actions within the applicati=
on they are logged into. This vulnerability is possible due to the lack of = proper CSRF token implementation. Among other things, it is possible, using=
a POST request to=C2=A0delete commands individually via '/delete_command?s= id=3D', using the 'cid' parameter.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59892" target=3D= "_blank" rel=3D"noopener">CVE-2025-59892</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterpri=
se Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated use=
r could cause another user to perform unwanted actions within the applicati=
on they are logged into. This vulnerability is possible due to the lack of = proper CSRF token implementation. Among other things, it is possible, using=
a POST request to=C2=A0rename commands via '/rename_command?sid=3D', affec= ting the 'command_name' parameter.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59893" target=3D= "_blank" rel=3D"noopener">CVE-2025-59893</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterpri=
se Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated use=
r could cause another user to perform unwanted actions within the applicati=
on they are logged into. This vulnerability is possible due to the lack of = proper CSRF token implementation. Among other things, it is possible, using=
a POST request to delete all commands via '/delete_all_commands?sid=3D'.</=

<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59894" target=3D= "_blank" rel=3D"noopener">CVE-2025-59894</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.=
18 contain a remote denial-of-service (DoS) vulnerability in the configurat= ion restore functionality. The issue is due to insufficient validation of u= ser-supplied data during this process. An attacker could send malicious req= uests to alter the configuration file, causing the application to become un= responsive. In a successful scenario, the service may not recover on its ow=
n and require a complete reinstallation, as the configuration becomes corru= pted and prevents the service from restarting, even manually.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59895" target=3D= "_blank" rel=3D"noopener">CVE-2025-59895</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.=
18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerabil= ity. An attacker could send malicious content to an authenticated user and = steal information from their session due to insufficient validation of user=
input in=C2=A0'/add_command?sid=3D', affecting the 'command_name' paramete= r.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59896" target=3D= "_blank" rel=3D"noopener">CVE-2025-59896</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.=
18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerabil= ity. An attacker could send malicious content to an authenticated user and = steal information from their session due to insufficient validation of user=
input in=C2=A0'/edit_command?sid=3D', affecting the 'source_dir' and 'dest= _dir' parameters.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59897" target=3D= "_blank" rel=3D"noopener">CVE-2025-59897</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.=
18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerabil= ity. An attacker could send malicious content to an authenticated user and = steal information from their session due to insufficient validation of user=
input in=C2=A0'/add_exclude_dir?sid=3D', affecting the 'exclude_dir' param= eter.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59898" target=3D= "_blank" rel=3D"noopener">CVE-2025-59898</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.=
18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerabil= ity. An attacker could send malicious content to an authenticated user and = steal information from their session due to insufficient validation of user=
input in=C2=A0 '/server_options?sid=3D', affecting the 'tasks_logs_dir', '= errors_logs_dir', 'error_notifications_address', 'status_notifications_addr= ess', and 'status_reports_address' parameters.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59899" target=3D= "_blank" rel=3D"noopener">CVE-2025-59899</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.=
18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerabil= ity. An attacker could send malicious content to an authenticated user and = steal information from their session due to insufficient validation of user=
input in=C2=A0 '/server_options?sid=3D', affecting the 'tasks_logs_dir', '= errors_logs_dir', 'error_notifications_address', 'status_notifications_addr= ess', and 'status_reports_address' parameters.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59900" target=3D= "_blank" rel=3D"noopener">CVE-2025-59900</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flexense--Sync Breeze Enterprise Server</td> <td>Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulne= rability in the '/monitor_directory?sid=3D' endpoint, caused by insufficien=
t validation of the 'monitor_directory' parameter sent by POST. An attacker=
could exploit this weakness to send malicious content to an authenticated = user and steal information from their session.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59901" target=3D= "_blank" rel=3D"noopener">CVE-2025-59901</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vuln= erabilities-flexense-products" target=3D"_blank" rel=3D"noopener">https://w= ww.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense= -products</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">FluentCMS--FluentCMS</td>
<td>FluentCMS 2026 contains a stored cross-site scripting vulnerability tha=
t allows authenticated administrators to upload SVG files with embedded Jav= aScript via the File Management module. Attackers can upload malicious SVG = files that execute JavaScript in the browser of any user accessing the uplo= aded file URL.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15549" target=3D= "_blank" rel=3D"noopener">CVE-2025-15549</a></td>

<a href=3D"https://github.com/fluentcms/FluentCMS/issues/2404" target=3D"_b= lank" rel=3D"noopener">GitHub Issue #2404</a> <a href=3D"https://www.vul= ncheck.com/advisories/fluentcms-stored-xss-via-svg-upload-in-file-managemen=
t" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: FluentCMS 2026 St= ored XSS via SVG Upload in File Management</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">foxinmy--weixin4j</td>
<td>Improperly Controlled Sequential Memory Allocation vulnerability in fox= inmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util module= s). This vulnerability is associated with program files CharArrayBuffer.Jav=
a, ClassUtil.Java. This issue affects weixin4j.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24819" target=3D= "_blank" rel=3D"noopener">CVE-2026-24819</a></td>

<a href=3D"https://github.com/foxinmy/weixin4j/pull/229" target=3D"_blank" = rel=3D"noopener">https://github.com/foxinmy/weixin4j/pull/229</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">FUJIFILM Business Innovation Corp.--beat-acces=
s for Windows</td>
<td>beat-access for Windows version 3.0.3 and prior contains an issue with = the DLL search path, which may lead to insecurely loading Dynamic Link Libr= aries. As a result, arbitrary code may be executed with SYSTEM privileges.<=

<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21408" target=3D= "_blank" rel=3D"noopener">CVE-2026-21408</a></td>

<a href=3D"https://www.fujifilm.com/fbglobal/eng/company/news/notice/2026/0= 127_announce.html" target=3D"_blank" rel=3D"noopener">https://www.fujifilm.= com/fbglobal/eng/company/news/notice/2026/0127_announce.html</a> <a href= =3D"https://jvn.jp/en/jp/JVN03776126/" target=3D"_blank" rel=3D"noopener">h= ttps://jvn.jp/en/jp/JVN03776126/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Funambol--Cloud Server</td>
<td>Vulnerability that allows a Padding Oracle Attack to be performed on th=
e Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an att= acker to decrypt and encrypt the parameters used by the application to gene= rate 'self-signed' access URLs.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41351" target=3D= "_blank" rel=3D"noopener">CVE-2025-41351</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/weak-encrypti= on-funambols-cloud-server" target=3D"_blank" rel=3D"noopener">https://www.i= ncibe.es/en/incibe-cert/notices/aviso/weak-encryption-funambols-cloud-serve= r</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">FunJSO--FunJSO</td>
<td>FunJSQ, a third-party module integrated on some NETGEAR routers and Orb=
i WiFi Systems, exposes an HTTP server over the LAN interface of affected d= evices. This interface is vulnerable to unauthenticated arbitrary command i= njection through the funjsq_access_token parameter. This affects R6230 befo=
re 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before = 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 b= efore 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 bef= ore 2.7.4.26.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-40619" target=3D= "_blank" rel=3D"noopener">CVE-2022-40619</a></td>

<a href=3D"https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabi= lities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117" targe= t=3D"_blank" rel=3D"noopener">https://kb.netgear.com/000065132/Security-Adv= isory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-P= SV-2022-0117</a> <a href=3D"https://www.onekey.com/resource/security-adv= isory-netgear-routers-funjsq-vulnerabilities" target=3D"_blank" rel=3D"noop= ener">https://www.onekey.com/resource/security-advisory-netgear-routers-fun= jsq-vulnerabilities</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">FunJSO--FunJSO</td>
<td>FunJSQ, a third-party module integrated on some NETGEAR routers and Orb=
i WiFi Systems, does not properly validate TLS certificates when downloadin=
g update packages through its auto-update mechanism. An attacker (suitably = positioned on the network) could intercept the update request and deliver a=
malicious update package in order to gain arbitrary code execution on affe= cted devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R= 7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and X= R300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26,=
RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-40620" target=3D= "_blank" rel=3D"noopener">CVE-2022-40620</a></td>

<a href=3D"https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabi= lities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117" targe= t=3D"_blank" rel=3D"noopener">https://kb.netgear.com/000065132/Security-Adv= isory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-P= SV-2022-0117</a> <a href=3D"https://www.onekey.com/resource/security-adv= isory-netgear-routers-funjsq-vulnerabilities" target=3D"_blank" rel=3D"noop= ener">https://www.onekey.com/resource/security-advisory-netgear-routers-fun= jsq-vulnerabilities</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">GaijinEntertainment--DagorEngine</td>
<td>Improper Restriction of Operations within the Bounds of a Memory Buffer=
vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniup= npc modules). This vulnerability is associated with program files upnpreply= parse.C. This issue affects DagorEngine: through dagor_2025_01_15.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24798" target=3D= "_blank" rel=3D"noopener">CVE-2026-24798</a></td>

<a href=3D"https://github.com/GaijinEntertainment/DagorEngine/pull/136" tar= get=3D"_blank" rel=3D"noopener">https://github.com/GaijinEntertainment/Dago= rEngine/pull/136</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">geopandas--geopandas</td>
<td>SQL injection vulnerability in geopandas before v.1.1.2 allows an attac= ker to obtain sensitive information via the to_postgis()` function being us=
ed to write GeoDataFrames to a PostgreSQL database.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69662" target=3D= "_blank" rel=3D"noopener">CVE-2025-69662</a></td>

<a href=3D"https://aydinnyunus.github.io/2025/12/27/sql-injection-geopandas=
/" target=3D"_blank" rel=3D"noopener">https://aydinnyunus.github.io/2025/12= /27/sql-injection-geopandas/</a> <a href=3D"https://github.com/geopandas= /geopandas/pull/3681" target=3D"_blank" rel=3D"noopener">https://github.com= /geopandas/geopandas/pull/3681</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gmrtd--gmrtd</td>
<td>gmrtd is a Go library for reading Machine Readable Travel Documents (MR= TDs). Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can = range up to 4GB, which can cause unconstrained resource consumption in both=
memory and cpu cycles. ReadFile can consume an extended TLV with lengths w= ell outside what would be available in ICs. It can accept something all the=
way up to 4GB which would take too many iterations in 256 byte chunks, and=
would also try to allocate memory that might not be available in constrain=
ed environments like phones. Or if an API sends data to ReadFile, the same = problem applies. The very small chunked read also locks the goroutine in ac= cepting data for a very large number of iterations. projects using the gmrt=
d library to read files from NFCs can experience extreme slowdowns or memor=
y consumption. A malicious NFC can just behave like the mock transceiver de= scribed above and by just sending dummy bytes as each chunk to be read, can=
make the receiving thread unresponsive and fill up memory on the host syst= em. Version 0.17.2 patches the issue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24738" target=3D= "_blank" rel=3D"noopener">CVE-2026-24738</a></td>

<a href=3D"https://github.com/gmrtd/gmrtd/security/advisories/GHSA-j49h-657= 7-5xwq" target=3D"_blank" rel=3D"noopener">https://github.com/gmrtd/gmrtd/s= ecurity/advisories/GHSA-j49h-6577-5xwq</a> <a href=3D"https://github.com= /gmrtd/gmrtd/commit/54469a95e5a20a8602ac1457b2110bfeb80c8891" target=3D"_bl= ank" rel=3D"noopener">https://github.com/gmrtd/gmrtd/commit/54469a95e5a20a8= 602ac1457b2110bfeb80c8891</a> <a href=3D"https://github.com/gmrtd/gmrtd/= releases/tag/v0.17.2" target=3D"_blank" rel=3D"noopener">https://github.com= /gmrtd/gmrtd/releases/tag/v0.17.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Go standard library--archive/zip</td> <td>archive/zip uses a super-linear file name indexing algorithm that is in= voked the first time a file in an archive is opened. This can lead to a den= ial of service when consuming a maliciously constructed ZIP archive.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61728" target=3D= "_blank" rel=3D"noopener">CVE-2025-61728</a></td>

<a href=3D"https://go.dev/cl/736713" target=3D"_blank" rel=3D"noopener">htt= ps://go.dev/cl/736713</a> <a href=3D"https://go.dev/issue/77102" target= =3D"_blank" rel=3D"noopener">https://go.dev/issue/77102</a> <a href=3D"h= ttps://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc" target=3D"_blank"=
rel=3D"noopener">https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc= </a> <a href=3D"https://pkg.go.dev/vuln/GO-2026-4342" target=3D"_blank" = rel=3D"noopener">https://pkg.go.dev/vuln/GO-2026-4342</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Go standard library--crypto/tls</td>
<td>During the TLS 1.3 handshake if multiple messages are sent in records t= hat span encryption level boundaries (for instance the Client Hello and Enc= rypted Extensions messages), the subsequent messages may be processed befor=
e the encryption level changes. This can cause some minor information discl= osure if a network-local attacker can inject messages during the handshake.= </td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61730" target=3D= "_blank" rel=3D"noopener">CVE-2025-61730</a></td>

<a href=3D"https://go.dev/cl/724120" target=3D"_blank" rel=3D"noopener">htt= ps://go.dev/cl/724120</a> <a href=3D"https://go.dev/issue/76443" target= =3D"_blank" rel=3D"noopener">https://go.dev/issue/76443</a> <a href=3D"h= ttps://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc" target=3D"_blank"=
rel=3D"noopener">https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc= </a> <a href=3D"https://pkg.go.dev/vuln/GO-2026-4340" target=3D"_blank" = rel=3D"noopener">https://pkg.go.dev/vuln/GO-2026-4340</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Go standard library--net/url</td>
<td>The net/url package does not set a limit on the number of query paramet= ers in a query. While the maximum size of query parameters in URLs is gener= ally limited by the maximum request header size, the net/http.Request.Parse= Form method can parse large URL-encoded forms. Parsing a large form contain= ing many unique query parameters can cause excessive memory consumption.</t=

<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61726" target=3D= "_blank" rel=3D"noopener">CVE-2025-61726</a></td>

<a href=3D"https://go.dev/cl/736712" target=3D"_blank" rel=3D"noopener">htt= ps://go.dev/cl/736712</a> <a href=3D"https://go.dev/issue/77101" target= =3D"_blank" rel=3D"noopener">https://go.dev/issue/77101</a> <a href=3D"h= ttps://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc" target=3D"_blank"=
rel=3D"noopener">https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc= </a> <a href=3D"https://pkg.go.dev/vuln/GO-2026-4341" target=3D"_blank" = rel=3D"noopener">https://pkg.go.dev/vuln/GO-2026-4341</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Go toolchain--cmd/go</td>
<td>Building a malicious file with cmd/go can cause can cause a write to an=
attacker-controlled file with partial control of the file content. The "#c=
go pkg-config:" directive in a Go source file provides command-line argumen=
ts to provide to the Go pkg-config command. An attacker can provide a "--lo= g-file" argument to this directive, causing pkg-config to write to an attac= ker-controlled location.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61731" target=3D= "_blank" rel=3D"noopener">CVE-2025-61731</a></td>

<a href=3D"https://go.dev/cl/736711" target=3D"_blank" rel=3D"noopener">htt= ps://go.dev/cl/736711</a> <a href=3D"https://go.dev/issue/77100" target= =3D"_blank" rel=3D"noopener">https://go.dev/issue/77100</a> <a href=3D"h= ttps://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc" target=3D"_blank"=
rel=3D"noopener">https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc= </a> <a href=3D"https://pkg.go.dev/vuln/GO-2026-4339" target=3D"_blank" = rel=3D"noopener">https://pkg.go.dev/vuln/GO-2026-4339</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Go toolchain--cmd/go</td>
<td>Downloading and building modules with malicious version strings can cau=
se local code execution. On systems with Mercurial (hg) installed, download= ing modules from non-standard sources (e.g., custom domains) can cause unex= pected code execution due to how external VCS commands are constructed. Thi=
s issue can also be triggered by providing a malicious version string to th=
e toolchain. On systems with Git installed, downloading and building module=
s with malicious version strings can allow an attacker to write to arbitrar=
y files on the filesystem. This can only be triggered by explicitly providi=
ng the malicious version strings to the toolchain and does not affect usage=
of @latest or bare module paths.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68119" target=3D= "_blank" rel=3D"noopener">CVE-2025-68119</a></td>

<a href=3D"https://go.dev/cl/736710" target=3D"_blank" rel=3D"noopener">htt= ps://go.dev/cl/736710</a> <a href=3D"https://go.dev/issue/77099" target= =3D"_blank" rel=3D"noopener">https://go.dev/issue/77099</a> <a href=3D"h= ttps://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc" target=3D"_blank"=
rel=3D"noopener">https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc= </a> <a href=3D"https://pkg.go.dev/vuln/GO-2026-4338" target=3D"_blank" = rel=3D"noopener">https://pkg.go.dev/vuln/GO-2026-4338</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Google--Chrome</td>
<td>Inappropriate implementation in Background Fetch API in Google Chrome p= rior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data = via a crafted HTML page. (Chromium security severity: High)</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1504" target=3D"= _blank" rel=3D"noopener">CVE-2026-1504</a></td>

<a href=3D"https://chromereleases.googleblog.com/2026/01/stable-channel-upd= ate-for-desktop_27.html" target=3D"_blank" rel=3D"noopener">https://chromer= eleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html</a= > <a href=3D"https://issues.chromium.org/issues/474435504" target=3D"_bl= ank" rel=3D"noopener">https://issues.chromium.org/issues/474435504</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">gradle--gradle-completion</td> <td>gradle-completion provides Bash and Zsh completion support for Gradle. =
A command injection vulnerability was found in gradle-completion up to and = including 9.3.0 that allows arbitrary code execution when a user triggers B= ash tab completion in a project containing a malicious Gradle build file. T=
he `gradle-completion` script for Bash fails to adequately sanitize Gradle = task names and task descriptions, allowing command injection via a maliciou=
s Gradle build file when the user completes a command in Bash (without them=
explicitly running any task in the build). For example, given a task descr= iption that includes a string between backticks, then that string would be = evaluated as a command when presenting the task description in the completi=
on list. While task execution is the core feature of Gradle, this inherent = execution may lead to unexpected outcomes. The vulnerability does not affec=
t zsh completion. The first patched version is 9.3.1. As a workaround, it i=
s possible and effective to temporarily disable bash completion for Gradle =
by removing `gradle-completion` from `.bashrc` or `.bash_profile`.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25063" target=3D= "_blank" rel=3D"noopener">CVE-2026-25063</a></td>

<a href=3D"https://github.com/gradle/gradle-completion/security/advisories/= GHSA-qggc-44r3-cjgv" target=3D"_blank" rel=3D"noopener">https://github.com/= gradle/gradle-completion/security/advisories/GHSA-qggc-44r3-cjgv</a> <a = href=3D"https://github.com/gradle/gradle-completion/commit/ecacc32bb882210e= 5d37cd79a74de1af0d0ccad7" target=3D"_blank" rel=3D"noopener">https://github= .com/gradle/gradle-completion/commit/ecacc32bb882210e5d37cd79a74de1af0d0cca= d7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Hiawatha--Hiawatha Web server</td>
<td>Improper header parsing may lead to request smuggling has been identifi=
ed in Hiawatha webserver version 11.7 which allows an unauthenticated attac= ker to access restricted resources managed by Hiawatha webserver.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57783" target=3D= "_blank" rel=3D"noopener">CVE-2025-57783</a></td>

<a href=3D"https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/http.c?= ref_type=3Dheads#L205" target=3D"_blank" rel=3D"noopener">https://gitlab.co= m/hsleisink/hiawatha/-/blame/master/src/http.c?ref_type=3Dheads#L205</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">Hiawatha--Hiawatha Web server</td>
<td>Tomahawk auth timing attack due to usage of `strcmp` has been identifie=
d in Hiawatha webserver version 11.7 which allows a local attacker to acces=
s the management client.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57784" target=3D= "_blank" rel=3D"noopener">CVE-2025-57784</a></td>

<a href=3D"https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/tomahaw= k.c?ref_type=3Dheads#L429" target=3D"_blank" rel=3D"noopener">https://gitla= b.com/hsleisink/hiawatha/-/blame/master/src/tomahawk.c?ref_type=3Dheads#L42= 9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Hiawatha--Hiawatha Web server</td>
<td>A Double Free in XSLT `show_index` has been identified in Hiawatha webs= erver version 11.7 which allows an unauthenticated attacker to corrupt data=
which may lead to arbitrary code execution.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57785" target=3D= "_blank" rel=3D"noopener">CVE-2025-57785</a></td>

<a href=3D"https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/xslt.c?= ref_type=3Dheads#L675" target=3D"_blank" rel=3D"noopener">https://gitlab.co= m/hsleisink/hiawatha/-/blame/master/src/xslt.c?ref_type=3Dheads#L675</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">Hitachi Energy--SuprOS</td>
<td>Default credentials vulnerability exists in SuprOS product. If exploite=
d, this could allow an authenticated local attacker to use an admin account=
created during product deployment.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7740" target=3D"= _blank" rel=3D"noopener">CVE-2025-7740</a></td>

<a href=3D"https://publisher.hitachienergy.com/preview?DocumentID=3D8DBD000= 223&LanguageCode=3Den&DocumentPartId=3D&Action=3Dlaunch" target=3D"_blank" = rel=3D"noopener">https://publisher.hitachienergy.com/preview?DocumentID=3D8= DBD000223&LanguageCode=3Den&DocumentPartId=3D&Action=3Dlaunch</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">honojs--hono</td>
<td>Hono is a Web application framework that provides support for any JavaS= cript runtime. Prior to version 4.11.7, Serve static Middleware for the Clo= udflare Workers adapter contains an information disclosure vulnerability th=
at may allow attackers to read arbitrary keys from the Workers environment.=
Improper validation of user-controlled paths can result in unintended acce=
ss to internal asset keys. Version 4.11.7 contains a patch for the issue.</=

<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24473" target=3D= "_blank" rel=3D"noopener">CVE-2026-24473</a></td>

<a href=3D"https://github.com/honojs/hono/security/advisories/GHSA-w332-q67= 9-j88p" target=3D"_blank" rel=3D"noopener">https://github.com/honojs/hono/s= ecurity/advisories/GHSA-w332-q679-j88p</a> <a href=3D"https://github.com= /honojs/hono/commit/cf9a78db4d0a19b117aee399cbe9d3a6d9bfd817" target=3D"_bl= ank" rel=3D"noopener">https://github.com/honojs/hono/commit/cf9a78db4d0a19b= 117aee399cbe9d3a6d9bfd817</a> <a href=3D"https://github.com/honojs/hono/= releases/tag/v4.11.7" target=3D"_blank" rel=3D"noopener">https://github.com= /honojs/hono/releases/tag/v4.11.7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">iba Systems--ibaPDA</td>
<td>A security issue has been identified in ibaPDA that could allow unautho= rized actions on the file system under certain conditions. This may impact = the confidentiality, integrity, or availability of the system.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14988" target=3D= "_blank" rel=3D"noopener">CVE-2025-14988</a></td>

<a href=3D"https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-01" = target=3D"_blank" rel=3D"noopener">https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-027-01</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Icinga--icinga-powershell-framework</td>
<td>The Icinga PowerShell Framework provides configuration and check possib= ilities to ensure integration and monitoring of Windows environments. In ve= rsions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for W= indows `certificate` directory grant every user read access, which results =
in the exposure of private key of the Icinga certificate for the given host=
. All installations are affected. Versions 1.13.4, 1.12.4, and 1.11.2 conta= ins a patch. Please note that upgrading to a fixed version of Icinga for Wi= ndows will also automatically fix a similar issue present in Icinga 2, CVE-= 2026-24413. As a workaround, the permissions can be restricted manually by = updating the ACL for the given folder `C:\Program Files\WindowsPowerShell\m= odules\icinga-powershell-framework\certificate` (and `C:\ProgramData\icinga= 2\var` to fix the issue for the Icinga 2 agent as well) including every sub= -folder and item to restrict access for general users, only allowing the Ic= inga service user and administrators access.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24414" target=3D= "_blank" rel=3D"noopener">CVE-2026-24414</a></td>

<a href=3D"https://github.com/Icinga/icinga-powershell-framework/security/a= dvisories/GHSA-88h5-rrm6-5973" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-= rrm6-5973</a> <a href=3D"https://github.com/Icinga/icinga2/security/advi= sories/GHSA-vfjg-6fpv-4mmr" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/Icinga/icinga2/security/advisories/GHSA-vfjg-6fpv-4mmr</a> <a hre= f=3D"https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-an= d-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2" target=3D"_blank" rel=3D"noop= ener">https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-a= nd-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Icinga--icinga2</td>
<td>Icinga 2 is an open source monitoring system. Starting in version 2.3.0=
and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did no=
t set appropriate permissions for the `%ProgramData%\icinga2\var` folder on=
Windows. This resulted in the its contents - including the private key of = the user and synced configuration - being readable by all local users. All = installations on Windows are affected. Versions 2.13.14, 2.14.8, and 2.15.2=
contains a fix. There are two possibilities to work around the issue witho=
ut upgrading Icinga 2. Upgrade Icinga for Windows to at least version v1.13= .4, v1.12.4, or v1.11.2. These version will automatically fix the ACLs for = the Icinga 2 agent as well. Alternatively, manually update the ACL for the = given folder `C:\ProgramData\icinga2\var` (and `C:\Program Files\WindowsPow= erShell\modules\icinga-powershell-framework\certificate` to fix the issue f=
or the Icinga for Windows as well) including every sub-folder and item to r= estrict access for general users, only allowing the Icinga service user and=
administrators access.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24413" target=3D= "_blank" rel=3D"noopener">CVE-2026-24413</a></td>

<a href=3D"https://github.com/Icinga/icinga2/security/advisories/GHSA-vfjg-= 6fpv-4mmr" target=3D"_blank" rel=3D"noopener">https://github.com/Icinga/ici= nga2/security/advisories/GHSA-vfjg-6fpv-4mmr</a> <a href=3D"https://gith= ub.com/Icinga/icinga-powershell-framework/security/advisories/GHSA-88h5-rrm= 6-5973" target=3D"_blank" rel=3D"noopener">https://github.com/Icinga/icinga= -powershell-framework/security/advisories/GHSA-88h5-rrm6-5973</a> <a hre= f=3D"https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-an= d-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2" target=3D"_blank" rel=3D"noop= ener">https://icinga.com/blog/releasing-icinga-2-v2-15-2-v2-14-8-v2-13-14-a= nd-icinga-for-windows-v1-13-4-v1-12-4-v1-11-2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">inspektor-gadget--inspektor-gadget</td> <td>Inspektor Gadget is a set of tools and framework for data collection an=
d system inspection on Kubernetes clusters and Linux hosts using eBPF. The = `ig` binary provides a subcommand for image building, used to generate cust=
om gadget OCI images. A part of this functionality is implemented in the fi=
le `inspektor-gadget/cmd/common/image/build.go`. The `Makefile.build` file =
is the Makefile template employed during the building process. This file in= cludes user-controlled data in an unsafe fashion, specifically some paramet= ers are embedded without an adequate escaping in the commands inside the Ma= kefile. Prior to version 0.48.1, this implementation is vulnerable to comma=
nd injection: an attacker able to control values in the `buildOptions` stru= cture would be able to execute arbitrary commands during the building proce= ss. An attacker able to exploit this vulnerability would be able to execute=
arbitrary command on the Linux host where the `ig` command is launched, if=
images are built with the `--local` flag or on the build container invoked=
by `ig`, if the `--local` flag is not provided. The `buildOptions` structu=
re is extracted from the YAML gadget manifest passed to the `ig image build=
` command. Therefore, the attacker would need a way to control either the f= ull `build.yml` file passed to the `ig image build` command, or one of its = options. Typically, this could happen in a CI/CD scenario that builds untru= sted gadgets to verify correctness. Version 0.48.1 fixes the issue.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24905" target=3D= "_blank" rel=3D"noopener">CVE-2026-24905</a></td>

<a href=3D"https://github.com/inspektor-gadget/inspektor-gadget/security/ad= visories/GHSA-79qw-g77v-2vfh" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-79qw-g7= 7v-2vfh</a> <a href=3D"https://github.com/inspektor-gadget/inspektor-gad= get/commit/7c83ad84ff7a68565655253e2cf1c5d2da695c1a" target=3D"_blank" rel= =3D"noopener">https://github.com/inspektor-gadget/inspektor-gadget/commit/7= c83ad84ff7a68565655253e2cf1c5d2da695c1a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Internet Information Co., Ltd--DreamMaker</td> <td>A missing authentication for critical function vulnerability in the /se= rvlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22=
allows remote attackers to access exposed administrative functionality wit= hout prior authentication.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24728" target=3D= "_blank" rel=3D"noopener">CVE-2026-24728</a></td>

<a href=3D"https://zuso.ai/advisory/za-2026-01" target=3D"_blank" rel=3D"no= opener">https://zuso.ai/advisory/za-2026-01</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Internet Information Co., Ltd--DreamMaker</td> <td>An unrestricted upload of file with dangerous type vulnerability in the=
file upload function of Interinfo DreamMaker versions before 2025/10/22 al= lows remote attackers to execute arbitrary system commands via a malicious = class file.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24729" target=3D= "_blank" rel=3D"noopener">CVE-2026-24729</a></td>

<a href=3D"https://zuso.ai/advisory/za-2026-02" target=3D"_blank" rel=3D"no= opener">https://zuso.ai/advisory/za-2026-02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jmlepisto--clatter</td>
<td>Clatter is a no_std compatible, pure Rust implementation of the Noise p= rotocol framework with post-quantum support. Versiosn prior to2.2.0 have a = protocol compliance vulnerability. The library allowed post-quantum handsha=
ke patterns that violated the PSK validity rule (Noise Protocol Framework S= ection 9.3). This could allow PSK-derived keys to be used for encryption wi= thout proper randomization by self-chosen ephemeral randomness, weakening s= ecurity guarantees and potentially allowing catastrophic key reuse. Affecte=
d default patterns include `noise_pqkk_psk0`, `noise_pqkn_psk0`, `noise_pqn= k_psk0`, `noise_pqnn_psk0``, and some hybrid variants. Users of these patte= rns may have been using handshakes that do not meet the intended security p= roperties. The issue is fully patched and released in Clatter v2.2.0. The f= ixed version includes runtime checks to detect offending handshake patterns=
. As a workaround, avoid using offending `*_psk0` variants of post-quantum = patterns. Review custom handshake patterns carefully.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24785" target=3D= "_blank" rel=3D"noopener">CVE-2026-24785</a></td>

<a href=3D"https://github.com/jmlepisto/clatter/security/advisories/GHSA-25= 3q-9q78-63x4" target=3D"_blank" rel=3D"noopener">https://github.com/jmlepis= to/clatter/security/advisories/GHSA-253q-9q78-63x4</a> <a href=3D"https:= //github.com/jmlepisto/clatter/commit/b65ae6e9b8019bed5407771e21f89ddff17c5= a71" target=3D"_blank" rel=3D"noopener">https://github.com/jmlepisto/clatte= r/commit/b65ae6e9b8019bed5407771e21f89ddff17c5a71</a> <a href=3D"https:/= /noiseprotocol.org/noise.html#validity-rule" target=3D"_blank" rel=3D"noope= ner">https://noiseprotocol.org/noise.html#validity-rule</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Johnson Controls--iSTAR Configuration Utility = (ICU)</td>
<td>Johnson Controls iSTAR Configuration Utility (ICU) has=C2=A0Stack-based=
Buffer Overflow vulnerability. This issue affects iSTAR Configuration Util= ity (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerab= ility could result in failure within the operating system of the machine ho= sting the ICU tool.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-26386" target=3D= "_blank" rel=3D"noopener">CVE-2025-26386</a></td>

<a href=3D"https://www.johnsoncontrols.com/trust-center/cybersecurity/secur= ity-advisories" target=3D"_blank" rel=3D"noopener">https://www.johnsoncontr= ols.com/trust-center/cybersecurity/security-advisories</a> <a href=3D"ht= tps://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04" target=3D"_bl= ank" rel=3D"noopener">https://www.cisa.gov/news-events/ics-advisories/icsa-= 26-022-04</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Johnson Controls--Metasys</td>
<td>Johnson Controls Metasys component listed below have Improper Neutraliz= ation of Special Elements used in a Command (Command Injection) Vulnerabili=
ty . Successful exploitation of this vulnerability could allow remote SQL e= xecution This issue affects=C2=A0 * Metasys: Application and Data Server (A= DS) installed with SQL Express deployed as part of the Metasys 14.1 and pri=
or installation,=C2=A0 * Extended Application and Data Server (ADX) install=
ed with SQL Express deployed as part of the Metasys 14.1 installation,=C2=
=A0 * LCS8500 or NAE8500 installed with SQL Express deployed as part of the=
Metasys installation Releases 12.0 through 14.1,=C2=A0 * System Configurat= ion Tool (SCT) installed with SQL Express deployed as part of the SCT insta= llation 17.1 and prior,=C2=A0 * Controller Configuration Tool (CCT) install=
ed with SQL Express deployed as part of the CCT installation 17.0 and prior= .</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-26385" target=3D= "_blank" rel=3D"noopener">CVE-2025-26385</a></td>

<a href=3D"https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-04" = target=3D"_blank" rel=3D"noopener">https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-027-04</a> <a href=3D"https://www.johnsoncontrols.com/tr= ust-center/cybersecurity/security-advisories" target=3D"_blank" rel=3D"noop= ener">https://www.johnsoncontrols.com/trust-center/cybersecurity/security-a= dvisories</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">json--json</td>
<td>The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prot= otype Pollution.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61140" target=3D= "_blank" rel=3D"noopener">CVE-2025-61140</a></td>

<a href=3D"https://github.com/dchester/jsonpath" target=3D"_blank" rel=3D"n= oopener">https://github.com/dchester/jsonpath</a> <a href=3D"https://gis= t.github.com/Dremig/8105c189774217222a8ebea3ed4d341d" target=3D"_blank" rel= =3D"noopener">https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d34= 1d</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">kata-containers--kata-containers</td>
<td>Kata Containers is an open source project focusing on a standard implem= entation of lightweight Virtual Machines (VMs) that perform like containers=
. In versions prior to 3.26.0, when a container image is malformed or conta= ins no layers, containerd falls back to bind-mounting an empty snapshotter = directory for the container rootfs. When the Kata runtime attempts to mount=
the container rootfs, the bind mount causes the rootfs to be detected as a=
block device, leading to the underlying device being hotplugged to the gue= st. This can cause filesystem-level errors on the host due to double inode = allocation, and may lead to the host's block device being mounted as read-o= nly. Version 3.26.0 contains a patch for the issue.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24054" target=3D= "_blank" rel=3D"noopener">CVE-2026-24054</a></td>

<a href=3D"https://github.com/kata-containers/kata-containers/security/advi= sories/GHSA-5fc8-gg7w-3g5c" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/kata-containers/kata-containers/security/advisories/GHSA-5fc8-gg7w-3= g5c</a> <a href=3D"https://github.com/kata-containers/kata-containers/co= mmit/20ca4d2d79aa5bf63aa1254f08915da84f19e92a" target=3D"_blank" rel=3D"noo= pener">https://github.com/kata-containers/kata-containers/commit/20ca4d2d79= aa5bf63aa1254f08915da84f19e92a</a> <a href=3D"https://github.com/contain= erd/containerd/blob/d939b6af5f8536c2cae85e919e7c40070557df0e/plugins/snapsh= ots/overlay/overlay.go#L564-L581" target=3D"_blank" rel=3D"noopener">https:= //github.com/containerd/containerd/blob/d939b6af5f8536c2cae85e919e7c4007055= 7df0e/plugins/snapshots/overlay/overlay.go#L564-L581</a> <a href=3D"http= s://github.com/kata-containers/kata-containers/blob/a164693e1afead84cd01d5b= c3575e2cbfe64ce35/src/runtime/virtcontainers/container.go#L1122-L1126" targ= et=3D"_blank" rel=3D"noopener">https://github.com/kata-containers/kata-cont= ainers/blob/a164693e1afead84cd01d5bc3575e2cbfe64ce35/src/runtime/virtcontai= ners/container.go#L1122-L1126</a> <a href=3D"https://github.com/kata-con= tainers/kata-containers/blob/c7d0c270ee7dfaa6d978e6e07b99dabdaf2b9fda/src/r= untime/virtcontainers/container.go#L1616-L1623" target=3D"_blank" rel=3D"no= opener">https://github.com/kata-containers/kata-containers/blob/c7d0c270ee7= dfaa6d978e6e07b99dabdaf2b9fda/src/runtime/virtcontainers/container.go#L1616= -L1623</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">libpng--libpng</td>
<td>Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local at= tacker to cause a denial of service via the pngimage with AddressSanitizer = (ASan), the program leaks memory in various locations, eventually leading t=
o high memory usage and causing the program to become unresponsive</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-28162" target=3D= "_blank" rel=3D"noopener">CVE-2025-28162</a></td>

<a href=3D"https://github.com/pnggroup/libpng/issues/656" target=3D"_blank"=
rel=3D"noopener">https://github.com/pnggroup/libpng/issues/656</a> <a h= ref=3D"https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60" t= arget=3D"_blank" rel=3D"noopener">https://gist.github.com/kittener/fbfdb9b5= 610c6b3db0d5dea045a07c60</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">libpng--libpng</td>
<td>Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local at= tacker to cause a denial of service via png_create_read_struct() function.<=

<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-28164" target=3D= "_blank" rel=3D"noopener">CVE-2025-28164</a></td>

<a href=3D"https://github.com/pnggroup/libpng/issues/655" target=3D"_blank"=
rel=3D"noopener">https://github.com/pnggroup/libpng/issues/655</a> <a h= ref=3D"https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20" t= arget=3D"_blank" rel=3D"noopener">https://gist.github.com/kittener/506516f8= c22178005b4379c8b2a7de20</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: cou= nter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be = IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warn=
s: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D [ BUG: Invalid wait context ] 6.18.0-rc1+git... #1 --------= --------------------- some-user-space-process/1251 is trying to lock: (&amp= ;counter->events_list_lock){....}-{3:3}, at: counter_push_event [counter=
] other info that might help us debug this: context-{2:2} no locks held by = some-user-space-process/.... stack backtrace: CPU: 0 UID: 0 PID: 1251 Comm:=
some-user-space-process 6.18.0-rc1+git... #1 PREEMPT Call trace: show_stac=
k (C) dump_stack_lvl dump_stack __lock_acquire lock_acquire _raw_spin_lock_= irqsave counter_push_event [counter] interrupt_cnt_isr [interrupt_cnt] __ha= ndle_irq_event_percpu handle_irq_event handle_simple_irq handle_irq_desc ge= neric_handle_domain_irq gpio_irq_handler handle_irq_desc generic_handle_dom= ain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler el0_interrupt=
__el0_irq_handler_common el0t_64_irq_handler el0t_64_irq ... and Sebastian=
correctly points out. Remove IRQF_NO_THREAD as an alternative to switching=
to raw_spinlock_t, because the latter would limit all potential nested loc=
ks to raw_spinlock_t only.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71180" target=3D= "_blank" rel=3D"noopener">CVE-2025-71180</a></td>

<a href=3D"https://git.kernel.org/stable/c/ef668c9a2261ec9287faba6e6ef05a98= b391aa2b" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/ef668c9a2261ec9287faba6e6ef05a98b391aa2b</a> <a href=3D"https://git.ke= rnel.org/stable/c/51d2e5d6491447258cb39ff1deb93df15d3c23cb" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/51d2e5d6491447258cb39ff= 1deb93df15d3c23cb</a> <a href=3D"https://git.kernel.org/stable/c/1c5a317= 5aecf82cd86dfcbef2a23e8b26d8d8e7c" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/1c5a3175aecf82cd86dfcbef2a23e8b26d8d8e7c</a> =
<a href=3D"https://git.kernel.org/stable/c/49a66829dd3653695e60d7cae13521d1= 31362fcd" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/49a66829dd3653695e60d7cae13521d131362fcd</a> <a href=3D"https://git.ke= rnel.org/stable/c/425886b1f8304621b3f16632b274357067d5f13f" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/425886b1f8304621b3f1663= 2b274357067d5f13f</a> <a href=3D"https://git.kernel.org/stable/c/23f9485= 510c338476b9735d516c1d4aacb810d46" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/23f9485510c338476b9735d516c1d4aacb810d46</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: rus= t_binder: remove spin_lock() in rust_shrink_free_page() When forward-portin=
g Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lr=
u: split the lock to per-cgroup scope") into account, and apparently I did = not end up running the shrinker callback when I sanity tested the driver be= fore submission. This leads to crashes like the following: =3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D WARNING: possible recursive lock= ing detected 6.18.0-mainline-maybe-dirty #1 Tainted: G IO -----------------= --------------------------- kswapd0/68 is trying to acquire lock: ffff95600= 0fa18b0 (&l->lock){+.+.}-{2:2}, at: lock_list_lru_of_memcg+0x128/0x2=
30 but task is already holding lock: ffff956000fa18b0 (&l->lock){+.+= .}-{2:2}, at: rust_helper_spin_lock+0xd/0x20 other info that might help us = debug this: Possible unsafe locking scenario: CPU0 ---- lock(&l->loc= k); lock(&l->lock); *** DEADLOCK *** May be due to missing lock nest= ing notation 3 locks held by kswapd0/68: #0: ffffffff90d2e260 (fs_reclaim){= +.+.}-{0:0}, at: kswapd+0x597/0x1160 #1: ffff956000fa18b0 (&l->lock)= {+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20 #2: ffffffff90cf3680 (rcu_= read_lock){....}-{1:2}, at: lock_list_lru_of_memcg+0x2d/0x230 To fix this, = remove the spin_lock() call from rust_shrink_free_page().</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71181" target=3D= "_blank" rel=3D"noopener">CVE-2025-71181</a></td>

<a href=3D"https://git.kernel.org/stable/c/30a98c97f7874031f2e1de19c777ce01= 1143cba4" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/30a98c97f7874031f2e1de19c777ce011143cba4</a> <a href=3D"https://git.ke= rnel.org/stable/c/361e0ff456a8daf9753c18030533256e4133ce7a" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/361e0ff456a8daf9753c180= 30533256e4133ce7a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: j1939: make j1939_session_activate() fail if device is no longer register=
ed syzbot is still reporting unregister_netdevice: waiting for vcan0 to bec= ome free. Usage count =3D 2 even after commit 93a27b5891b8 ("can: j1939: ad=
d missing calls in NETDEV_UNREGISTER notification handler") was added. A de= bug printk() patch found that j1939_session_activate() can succeed even aft=
er j1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER=
) has completed. Since j1939_cancel_active_session() is processed with the = session list lock held, checking ndev->reg_state in j1939_session_activa= te() with the session list lock held can reliably close the race window.</t=

<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71182" target=3D= "_blank" rel=3D"noopener">CVE-2025-71182</a></td>

<a href=3D"https://git.kernel.org/stable/c/ebb0dfd718dd31c8d3600612ca4b7207= ec3d923a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/ebb0dfd718dd31c8d3600612ca4b7207ec3d923a</a> <a href=3D"https://git.ke= rnel.org/stable/c/c3a4316e3c746af415c0fd6c6d489ad13f53714d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/c3a4316e3c746af415c0fd6= c6d489ad13f53714d</a> <a href=3D"https://git.kernel.org/stable/c/46ca9dc= 978923c5e1247a9e9519240ba7ace413c" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/46ca9dc978923c5e1247a9e9519240ba7ace413c</a> =
<a href=3D"https://git.kernel.org/stable/c/78d87b72cebe2a993fd5b017e9f14fb6= 278f2eae" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/78d87b72cebe2a993fd5b017e9f14fb6278f2eae</a> <a href=3D"https://git.ke= rnel.org/stable/c/ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ba6f0d1832eeb5eb3a6dc5c= b30e0f720b3cb3536</a> <a href=3D"https://git.kernel.org/stable/c/79dd3f1= d9dd310c2af89b09c71f34d93973b200f" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/79dd3f1d9dd310c2af89b09c71f34d93973b200f</a> =
<a href=3D"https://git.kernel.org/stable/c/5d5602236f5db19e8b337a2cd87a90ac= e5ea776d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/5d5602236f5db19e8b337a2cd87a90ace5ea776d</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: btr= fs: always detect conflicting inodes when logging inode refs After rename e= xchanging (either with the rename exchange operation or regular renames in = multiple non-atomic steps) two inodes and at least one of them is a directo= ry, we can end up with a log tree that contains only of the inodes and afte=
r a power failure that can result in an attempt to delete the other inode w= hen it should not because it was not deleted before the power failure. In s= ome case that delete attempt fails when the target inode is a directory tha=
t contains a subvolume inside it, since the log replay code is not prepared=
to deal with directory entries that point to root items (only inode items)=
. 1) We have directories "dir1" (inode A) and "dir2" (inode B) under the sa=
me parent directory; 2) We have a file (inode C) under directory "dir1" (in= ode A); 3) We have a subvolume inside directory "dir2" (inode B); 4) All th= ese inodes were persisted in a past transaction and we are currently at tra= nsaction N; 5) We rename the file (inode C), so at btrfs_log_new_name() we = update inode C's last_unlink_trans to N; 6) We get a rename exchange for "d= ir1" (inode A) and "dir2" (inode B), so after the exchange "dir1" is inode =
B and "dir2" is inode A. During the rename exchange we call btrfs_log_new_n= ame() for inodes A and B, but because they are directories, we don't update=
their last_unlink_trans to N; 7) An fsync against the file (inode C) is do= ne, and because its inode has a last_unlink_trans with a value of N we log = its parent directory (inode A) (through btrfs_log_all_parents(), called fro=
m btrfs_log_inode_parent()). 8) So we end up with inode B not logged, which=
now has the old name of inode A. At copy_inode_items_to_log(), when loggin=
g inode A, we did not check if we had any conflicting inode to log because = inode A has a generation lower than the current transaction (created in a p= ast transaction); 9) After a power failure, when replaying the log tree, si= nce we find that inode A has a new name that conflicts with the name of ino=
de B in the fs tree, we attempt to delete inode B... this is wrong since th=
at directory was never deleted before the power failure, and because there =
is a subvolume inside that directory, attempting to delete it will fail sin=
ce replay_dir_deletes() and btrfs_unlink_inode() are not prepared to deal w= ith dir items that point to roots instead of inodes. When that happens the = mount fails and we get a stack trace like the following: [87.2314] BTRFS in=
fo (device dm-0): start tree-log replay [87.2318] BTRFS critical (device dm= -0): failed to delete reference to subvol, root 5 inode 256 parent 259 [87.= 2332] ------------[ cut here ]------------ [87.2338] BTRFS: Transaction abo= rted (error -2) [87.2346] WARNING: CPU: 1 PID: 638968 at fs/btrfs/inode.c:4= 345 __btrfs_unlink_inode+0x416/0x440 [btrfs] [87.2368] Modules linked in: b= trfs loop dm_thin_pool (...) [87.2470] CPU: 1 UID: 0 PID: 638968 Comm: moun=
t Tainted: G W 6.18.0-rc7-btrfs-next-218+ #2 PREEMPT(full) [87.2489] Tainte=
d: [W]=3DWARN [87.2494] Hardware name: QEMU Standard PC (i440FX + PIIX, 199= 6), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [87.2514] = RIP: 0010:__btrfs_unlink_inode+0x416/0x440 [btrfs] [87.2538] Code: c0 89 04=
24 (...) [87.2568] RSP: 0018:ffffc0e741f4b9b8 EFLAGS: 00010286 [87.2574] R= AX: 0000000000000000 RBX: ffff9d3ec8a6cf60 RCX: 0000000000000000 [87.2582] = RDX: 0000000000000002 RSI: ffffffff84ab45a1 RDI: 00000000ffffffff [87.2591]=
RBP: ffff9d3ec8a6ef20 R08: 0000000000000000 R09: ffffc0e741f4b840 [87.2599=
] R10: ffff9d45dc1fffa8 R11: 0000000000000003 R12: ffff9d3ee26d77e0 [87.260=
8] R13: ffffc0e741f4ba98 R14: ffff9d4458040800 R15: ffff9d44b6b7ca10 [87.26= 18] FS: 00007f7b9603a840(0000) GS:ffff9d4658982000(0000) knlGS:000000000000= 0000 [87. ---truncated---</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71183" target=3D= "_blank" rel=3D"noopener">CVE-2025-71183</a></td>

<a href=3D"https://git.kernel.org/stable/c/c7f0207db68d5a1b4af23acbef1a8e8d= dc431ebb" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c7f0207db68d5a1b4af23acbef1a8e8ddc431ebb</a> <a href=3D"https://git.ke= rnel.org/stable/c/a63998cd6687c14b160dccb0bbcf281b2eb0dab3" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/a63998cd6687c14b160dccb= 0bbcf281b2eb0dab3</a> <a href=3D"https://git.kernel.org/stable/c/0c2413c= 69129f6ce60157f7b53d9ba880260400b" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/0c2413c69129f6ce60157f7b53d9ba880260400b</a> =
<a href=3D"https://git.kernel.org/stable/c/d52af58dd463821c5c516aebb031a589= 34f696ea" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d52af58dd463821c5c516aebb031a58934f696ea</a> <a href=3D"https://git.ke= rnel.org/stable/c/7ba0b6461bc4edb3005ea6e00cdae189bcf908a5" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/7ba0b6461bc4edb3005ea6e= 00cdae189bcf908a5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: btr= fs: fix NULL dereference on root when tracing inode eviction When evicting =
an inode the first thing we do is to setup tracing for it, which implies fe= tching the root's id. But in btrfs_evict_inode() the root might be NULL, as=
implied in the next check that we do in btrfs_evict_inode(). Hence, we eit= her should set the ->root_objectid to 0 in case the root is NULL, or we = move tracing setup after checking that the root is not NULL. Setting the ro= otid to 0 at least gives us the possibility to trace this call even in the = case when the root is NULL, so that's the solution taken here.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71184" target=3D= "_blank" rel=3D"noopener">CVE-2025-71184</a></td>

<a href=3D"https://git.kernel.org/stable/c/582ba48e4a4c06fef6bdcf4e57b7b9af= 660bbd0c" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c</a> <a href=3D"https://git.ke= rnel.org/stable/c/99e057f3d3ef24b99a7b1d84e01dd1bd890098da" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/99e057f3d3ef24b99a7b1d8= 4e01dd1bd890098da</a> <a href=3D"https://git.kernel.org/stable/c/f157dd6= 61339fc6f5f2b574fe2429c43bd309534" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/f157dd661339fc6f5f2b574fe2429c43bd309534</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: ti: dma-crossbar: fix device leak on am335x route allocation Make s= ure to drop the reference taken when looking up the crossbar platform devic=
e during am335x route allocation.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71185" target=3D= "_blank" rel=3D"noopener">CVE-2025-71185</a></td>

<a href=3D"https://git.kernel.org/stable/c/6fdf168f57e331e148a1177a9b590a84= 5c21b315" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/6fdf168f57e331e148a1177a9b590a845c21b315</a> <a href=3D"https://git.ke= rnel.org/stable/c/f810132e825588fbad3cba940458c58bb7ec4d84" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/f810132e825588fbad3cba9= 40458c58bb7ec4d84</a> <a href=3D"https://git.kernel.org/stable/c/3035227= 7d8e09c972436f883a5efd1f1b763ac14" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/30352277d8e09c972436f883a5efd1f1b763ac14</a> =
<a href=3D"https://git.kernel.org/stable/c/4fc17b1c6d2e04ad13fd6c21cfbac680= 43ec03f9" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: stm32: dmamux: fix device leak on route allocation Make sure to dro=
p the reference taken when looking up the DMA mux platform device during ro= ute allocation. Note that holding a reference to a device does not prevent = its driver data from going away so there is no point in keeping the referen= ce.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71186" target=3D= "_blank" rel=3D"noopener">CVE-2025-71186</a></td>

<a href=3D"https://git.kernel.org/stable/c/1a179ac01ff3993ab97e33cc77c316ed= 7415cda1" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1a179ac01ff3993ab97e33cc77c316ed7415cda1</a> <a href=3D"https://git.ke= rnel.org/stable/c/2fb10259d4efb4367787b5ae9c94192e8a91c648" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/2fb10259d4efb4367787b5a= e9c94192e8a91c648</a> <a href=3D"https://git.kernel.org/stable/c/3ef52d3= 1cce8ba816739085a61efe07b63c6cf27" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/3ef52d31cce8ba816739085a61efe07b63c6cf27</a> =
<a href=3D"https://git.kernel.org/stable/c/dd6e4943889fb354efa3f700e42739da= 9bddb6ef" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/dd6e4943889fb354efa3f700e42739da9bddb6ef</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the=
reference taken when looking up the ICU device during probe also on probe = failures (e.g. probe deferral).</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71187" target=3D= "_blank" rel=3D"noopener">CVE-2025-71187</a></td>

<a href=3D"https://git.kernel.org/stable/c/926d1666420c227eab50962a8622c1b8= 444720e8" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/926d1666420c227eab50962a8622c1b8444720e8</a> <a href=3D"https://git.ke= rnel.org/stable/c/9fb490323997dcb6f749cd2660a17a39854600cd" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/9fb490323997dcb6f749cd2= 660a17a39854600cd</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: lpc18xx-dmamux: fix device leak on route allocation Make sure to dr=
op the reference taken when looking up the DMA mux platform device during r= oute allocation. Note that holding a reference to a device does not prevent=
its driver data from going away so there is no point in keeping the refere= nce.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71188" target=3D= "_blank" rel=3D"noopener">CVE-2025-71188</a></td>

<a href=3D"https://git.kernel.org/stable/c/9fba97baa520c9446df51a64708daf27= c5a7ed32" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/9fba97baa520c9446df51a64708daf27c5a7ed32</a> <a href=3D"https://git.ke= rnel.org/stable/c/992eb8055a6e5dbb808672d20d68e60d5a89b12b" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/992eb8055a6e5dbb808672d= 20d68e60d5a89b12b</a> <a href=3D"https://git.kernel.org/stable/c/1e47d80= f6720f0224efd19bcf081d39637569c10" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/1e47d80f6720f0224efd19bcf081d39637569c10</a> =
<a href=3D"https://git.kernel.org/stable/c/d4d63059dee7e7cae0c4d9a532ed558b= c90efb55" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d4d63059dee7e7cae0c4d9a532ed558bc90efb55</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: dw: dmamux: fix OF node leak on route allocation failure Make sure =
to drop the reference taken to the DMA master OF node also on late route al= location failures.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71189" target=3D= "_blank" rel=3D"noopener">CVE-2025-71189</a></td>

<a href=3D"https://git.kernel.org/stable/c/db7c79c1bbfb1b0184e78a17ac2bd0f2= bc3134d1" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/db7c79c1bbfb1b0184e78a17ac2bd0f2bc3134d1</a> <a href=3D"https://git.ke= rnel.org/stable/c/8f7a391211381ed2f6802032c78c7820d166bc49" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/8f7a391211381ed2f680203= 2c78c7820d166bc49</a> <a href=3D"https://git.kernel.org/stable/c/eabe40f= 8a53c29f531e92778ea243e379f4f7978" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/eabe40f8a53c29f531e92778ea243e379f4f7978</a> =
<a href=3D"https://git.kernel.org/stable/c/ec25e60f9f95464aa11411db31d0906b= 3fb7b9f2" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/ec25e60f9f95464aa11411db31d0906b3fb7b9f2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: bcm-sba-raid: fix device leak on probe Make sure to drop the refere= nce taken when looking up the mailbox device during probe on probe failures=
and on driver unbind.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71190" target=3D= "_blank" rel=3D"noopener">CVE-2025-71190</a></td>

<a href=3D"https://git.kernel.org/stable/c/c80ca7bdff158401440741bdcf9175bd= 8608580b" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c80ca7bdff158401440741bdcf9175bd8608580b</a> <a href=3D"https://git.ke= rnel.org/stable/c/db6f1d6d31711e73e6a214c73e6a8fb4cda0483d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/db6f1d6d31711e73e6a214c= 73e6a8fb4cda0483d</a> <a href=3D"https://git.kernel.org/stable/c/2ed1a9d= e1f2d727ccae5bc9cc7c63ee3519c0c8b" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/2ed1a9de1f2d727ccae5bc9cc7c63ee3519c0c8b</a> =
<a href=3D"https://git.kernel.org/stable/c/7c3a46ebf15a9796b763a54272407fdb= f945bed8" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/7c3a46ebf15a9796b763a54272407fdbf945bed8</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the r= eference taken when looking up the DMA platform device during of_dma_xlate(=
) when releasing channel resources. Note that commit 3832b78b3ec2 ("dmaengi= ne: at_hdmac: add missing put_device() call in at_dma_xlate()") fixed the l= eak in a couple of error paths but the reference is still leaking on succes= sful allocation.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71191" target=3D= "_blank" rel=3D"noopener">CVE-2025-71191</a></td>

<a href=3D"https://git.kernel.org/stable/c/987c71671367f42460689b78244d7b89= 4c50999a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/987c71671367f42460689b78244d7b894c50999a</a> <a href=3D"https://git.ke= rnel.org/stable/c/6a86cf2c09e149d5718a5b7090545f7566da9334" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/6a86cf2c09e149d5718a5b7= 090545f7566da9334</a> <a href=3D"https://git.kernel.org/stable/c/f3c23b7= e941349505c3d40de2cc0acd93d9ac057" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/f3c23b7e941349505c3d40de2cc0acd93d9ac057</a> =
<a href=3D"https://git.kernel.org/stable/c/b9074b2d7a230b6e28caa23165e9d8bc= 0677d333" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/b9074b2d7a230b6e28caa23165e9d8bc0677d333</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: per=
f: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_= try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for th=
e hrtimer to still be active by the time the event gets freed. Make sure th=
e event does a full hrtimer_cancel() on the free path by installing a perf_= event::destroy handler.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23014" target=3D= "_blank" rel=3D"noopener">CVE-2026-23014</a></td>

<a href=3D"https://git.kernel.org/stable/c/deee9dfb111ab00f9dfd46c0c7e36656= b80f5235" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/deee9dfb111ab00f9dfd46c0c7e36656b80f5235</a> <a href=3D"https://git.ke= rnel.org/stable/c/ff5860f5088e9076ebcccf05a6ca709d5935cfa9" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ff5860f5088e9076ebcccf0= 5a6ca709d5935cfa9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: gpi=
o: mpsse: fix reference leak in gpio_mpsse_probe() error paths The referenc=
e obtained by calling usb_get_dev() is not released in the gpio_mpsse_probe=
() error paths. Fix that by using device managed helper functions. Also rem= ove the usb_put_dev() call in the disconnect function since now it will be = released automatically.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23015" target=3D= "_blank" rel=3D"noopener">CVE-2026-23015</a></td>

<a href=3D"https://git.kernel.org/stable/c/7ea26e6dcabc270433b6ded2a1aee85b= 215d1b28" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/7ea26e6dcabc270433b6ded2a1aee85b215d1b28</a> <a href=3D"https://git.ke= rnel.org/stable/c/1e876e5a0875e71e34148c9feb2eedd3bf6b2b43" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/1e876e5a0875e71e34148c9= feb2eedd3bf6b2b43</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ine=
t: frags: drop fraglist conntrack references Jakub added a warning in nf_co= nntrack_cleanup_net_list() to make debugging leaked skbs/conntrack referenc=
es more obvious. syzbot reports this as triggering, and I can also reproduc=
e this via ip_defrag.sh selftest: conntrack cleanup blocked for 60s WARNING=
: net/netfilter/nf_conntrack_core.c:2512 [..] conntrack clenups gets stuck = because there are skbs with still hold nf_conn references via their frag_li= st. net.core.skb_defer_max=3D0 makes the hang disappear. Eric Dumazet point=
s out that skb_release_head_state() doesn't follow the fraglist. ip_defrag.=
sh can only reproduce this problem since commit 6471658dc66c ("udp: use skb= _attempt_defer_free()"), but AFAICS this problem could happen with TCP as w= ell if pmtu discovery is off. The relevant problem path for udp is: 1. netn=
s emits fragmented packets 2. nf_defrag_v6_hook reassembles them (in output=
hook) 3. reassembled skb is tracked (skb owns nf_conn reference) 4. ip6_ou= tput refragments 5. refragmented packets also own nf_conn reference (ip6_fr= agment calls ip6_copy_metadata()) 6. on input path, nf_defrag_v6_hook skips=
defragmentation: the fragments already have skb->nf_conn attached 7. sk=
bs are reassembled via ipv6_frag_rcv() 8. skb_consume_udp -> skb_attempt= _defer_free() -> skb ends up in pcpu freelist, but still has nf_conn ref= erence. Possible solutions: 1 let defrag engine drop nf_conn entry, OR 2 ex= port kick_defer_list_purge() and call it from the conntrack netns exit call= back, OR 3 add skb_has_frag_list() check to skb_attempt_defer_free() 2 &amp=
; 3 also solve ip_defrag.sh hang but share same drawback: Such reassembled = skbs, queued to socket, can prevent conntrack module removal until userspac=
e has consumed the packet. While both tcp and udp stack do call nf_reset_ct=
() before placing skb on socket queue, that function doesn't iterate frag_l= ist skbs. Therefore drop nf_conn entries when they are placed in defrag que= ue. Keep the nf_conn entry of the first (offset 0) skb so that reassembled = skb retains nf_conn entry for sake of TX path. Note that fixes tag is incor= rect; it points to the commit introducing the 'ip_defrag.sh reproducible pr= oblem': no need to backport this patch to every stable kernel.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23016" target=3D= "_blank" rel=3D"noopener">CVE-2026-23016</a></td>

<a href=3D"https://git.kernel.org/stable/c/088ca99dbb039c444c3ff987c5412a73= f4f0cbf8" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/088ca99dbb039c444c3ff987c5412a73f4f0cbf8</a> <a href=3D"https://git.ke= rnel.org/stable/c/2ef02ac38d3c17f34a00c4b267d961a8d4b45d1a" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/2ef02ac38d3c17f34a00c4b= 267d961a8d4b45d1a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: idp=
f: fix error handling in the init_task on load If the init_task fails durin=
g a driver load, we end up without vports and netdevs, effectively failing = the entire process. In that state a subsequent reset will result in a crash=
as the service task attempts to access uninitialized resources. Following = trace is from an error in the init_task where the CREATE_VPORT (op 501) is = rejected by the FW: [40922.763136] idpf 0000:83:00.0: Device HW Reset initi= ated [40924.449797] idpf 0000:83:00.0: Transaction failed (op 501) [40958.1= 48190] idpf 0000:83:00.0: HW reset detected [40958.161202] BUG: kernel NULL=
pointer dereference, address: 00000000000000a8 ... [40958.168094] Workqueu=
e: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf] [40958.168865] RIP:=
0010:idpf_vc_event_task+0x9b/0x350 [idpf] ... [40958.177932] Call Trace: [= 40958.178491] <TASK> [40958.179040] process_one_work+0x226/0x6d0 [409= 58.179609] worker_thread+0x19e/0x340 [40958.180158] ? __pfx_worker_thread+0= x10/0x10 [40958.180702] kthread+0x10f/0x250 [40958.181238] ? __pfx_kthread+= 0x10/0x10 [40958.181774] ret_from_fork+0x251/0x2b0 [40958.182307] ? __pfx_k= thread+0x10/0x10 [40958.182834] ret_from_fork_asm+0x1a/0x30 [40958.183370] = </TASK> Fix the error handling in the init_task to make sure the serv= ice and mailbox tasks are disabled if the error happens during load. These = are started in idpf_vc_core_init(), which spawns the init_task and has no w=
ay of knowing if it failed. If the error happens on reset, following succes= sful driver load, the tasks can still run, as that will allow the netdevs t=
o attempt recovery through another reset. Stop the PTP callbacks either way=
as those will be restarted by the call to idpf_vc_core_init() during a suc= cessful reset.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23017" target=3D= "_blank" rel=3D"noopener">CVE-2026-23017</a></td>

<a href=3D"https://git.kernel.org/stable/c/a514c374edcd33581cdcccf8faa7cc60= 6a600319" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a514c374edcd33581cdcccf8faa7cc606a600319</a> <a href=3D"https://git.ke= rnel.org/stable/c/4d792219fe6f891b5b557a607ac8a0a14eda6e38" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/4d792219fe6f891b5b557a6= 07ac8a0a14eda6e38</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: btr= fs: release path before initializing extent tree in btrfs_read_locked_inode=
() In btrfs_read_locked_inode() we are calling btrfs_init_file_extent_tree(=
) while holding a path with a read locked leaf from a subvolume tree, and b= trfs_init_file_extent_tree() may do a GFP_KERNEL allocation, which can trig= ger reclaim. This can create a circular lock dependency which lockdep warns=
about with the following splat: [6.1433] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [6.1574] WARNING: po= ssible circular locking dependency detected [6.1583] 6.18.0+ #4 Tainted: G =
U [6.1591] ------------------------------------------------------ [6.1599] = kswapd0/117 is trying to acquire lock: [6.1606] ffff8d9b6333c5b8 (&dela= yed_node->mutex){+.+.}-{3:3}, at: __btrfs_release_delayed_node.part.0+0x= 39/0x2f0 [6.1625] but task is already holding lock: [6.1633] ffffffffa4ab8c=
e0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x195/0xc60 [6.1646] which l= ock already depends on the new lock. [6.1657] the existing dependency chain=
(in reverse order) is: [6.1667] -> #2 (fs_reclaim){+.+.}-{0:0}: [6.1677=
] fs_reclaim_acquire+0x9d/0xd0 [6.1685] __kmalloc_cache_noprof+0x59/0x750 [= 6.1694] btrfs_init_file_extent_tree+0x90/0x100 [6.1702] btrfs_read_locked_i= node+0xc3/0x6b0 [6.1710] btrfs_iget+0xbb/0xf0 [6.1716] btrfs_lookup_dentry+= 0x3c5/0x8e0 [6.1724] btrfs_lookup+0x12/0x30 [6.1731] lookup_open.isra.0+0x1= aa/0x6a0 [6.1739] path_openat+0x5f7/0xc60 [6.1746] do_filp_open+0xd6/0x180 = [6.1753] do_sys_openat2+0x8b/0xe0 [6.1760] __x64_sys_openat+0x54/0xa0 [6.17= 68] do_syscall_64+0x97/0x3e0 [6.1776] entry_SYSCALL_64_after_hwframe+0x76/0= x7e [6.1784] -> #1 (btrfs-tree-00){++++}-{3:3}: [6.1794] lock_release+0x= 127/0x2a0 [6.1801] up_read+0x1b/0x30 [6.1808] btrfs_search_slot+0x8e0/0xff0=
[6.1817] btrfs_lookup_inode+0x52/0xd0 [6.1825] __btrfs_update_delayed_inod= e+0x73/0x520 [6.1833] btrfs_commit_inode_delayed_inode+0x11a/0x120 [6.1842]=
btrfs_log_inode+0x608/0x1aa0 [6.1849] btrfs_log_inode_parent+0x249/0xf80 [= 6.1857] btrfs_log_dentry_safe+0x3e/0x60 [6.1865] btrfs_sync_file+0x431/0x69=
0 [6.1872] do_fsync+0x39/0x80 [6.1879] __x64_sys_fsync+0x13/0x20 [6.1887] d= o_syscall_64+0x97/0x3e0 [6.1894] entry_SYSCALL_64_after_hwframe+0x76/0x7e [= 6.1903] -> #0 (&delayed_node->mutex){+.+.}-{3:3}: [6.1913] __lock= _acquire+0x15e9/0x2820 [6.1920] lock_acquire+0xc9/0x2d0 [6.1927] __mutex_lo= ck+0xcc/0x10a0 [6.1934] __btrfs_release_delayed_node.part.0+0x39/0x2f0 [6.1= 944] btrfs_evict_inode+0x20b/0x4b0 [6.1952] evict+0x15a/0x2f0 [6.1958] prun= e_icache_sb+0x91/0xd0 [6.1966] super_cache_scan+0x150/0x1d0 [6.1974] do_shr= ink_slab+0x155/0x6f0 [6.1981] shrink_slab+0x48e/0x890 [6.1988] shrink_one+0= x11a/0x1f0 [6.1995] shrink_node+0xbfd/0x1320 [6.1002] balance_pgdat+0x67f/0= xc60 [6.1321] kswapd+0x1dc/0x3e0 [6.1643] kthread+0xff/0x240 [6.1965] ret_f= rom_fork+0x223/0x280 [6.1287] ret_from_fork_asm+0x1a/0x30 [6.1616] other in=
fo that might help us debug this: [6.1561] Chain exists of: &delayed_no= de->mutex --> btrfs-tree-00 --> fs_reclaim [6.1503] Possible unsaf=
e locking scenario: [6.1110] CPU0 CPU1 [6.1411] ---- ---- [6.1707] lock(fs_= reclaim); [6.1998] lock(btrfs-tree-00); [6.1291] lock(fs_reclaim); [6.1581]=
lock(&del ---truncated---</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23018" target=3D= "_blank" rel=3D"noopener">CVE-2026-23018</a></td>

<a href=3D"https://git.kernel.org/stable/c/92a5590851144f034adc51fee55e6878= ccac716e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/92a5590851144f034adc51fee55e6878ccac716e</a> <a href=3D"https://git.ke= rnel.org/stable/c/8731f2c50b0b1d2b58ed5b9671ef2c4bdc2f8347" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/8731f2c50b0b1d2b58ed5b9= 671ef2c4bdc2f8347</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net=
: marvell: prestera: fix NULL dereference on devlink_alloc() failure devlin= k_alloc() may return NULL on allocation failure, but prestera_devlink_alloc=
() unconditionally calls devlink_priv() on the returned pointer. This leads=
to a NULL pointer dereference if devlink allocation fails. Add a check for=
a NULL devlink pointer and return NULL early to avoid the crash.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23019" target=3D= "_blank" rel=3D"noopener">CVE-2026-23019</a></td>

<a href=3D"https://git.kernel.org/stable/c/8a4333b2818f0d853b43e139936c2065= 9366e4a0" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/8a4333b2818f0d853b43e139936c20659366e4a0</a> <a href=3D"https://git.ke= rnel.org/stable/c/325aea74be7e192b5c947c782da23b0d19a5fda2" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/325aea74be7e192b5c947c7= 82da23b0d19a5fda2</a> <a href=3D"https://git.kernel.org/stable/c/94e070c= d50790317fba7787ae6006934b7edcb6f" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/94e070cd50790317fba7787ae6006934b7edcb6f</a> =
<a href=3D"https://git.kernel.org/stable/c/3950054c9512add0cc79ab7e72b6d2f9= f675e25b" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/3950054c9512add0cc79ab7e72b6d2f9f675e25b</a> <a href=3D"https://git.ke= rnel.org/stable/c/326a4b7e61d01db3507f71c8bb5e85362f607064" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/326a4b7e61d01db3507f71c= 8bb5e85362f607064</a> <a href=3D"https://git.kernel.org/stable/c/a428e0d= a1248c353557970848994f35fd3f005e2" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/a428e0da1248c353557970848994f35fd3f005e2</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net=
: 3com: 3c59x: fix possible null dereference in vortex_probe1() pdev can be=
null and free_ring: can be called in 1297 with a null pdev.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23020" target=3D= "_blank" rel=3D"noopener">CVE-2026-23020</a></td>

<a href=3D"https://git.kernel.org/stable/c/053ac9e37eee435e999277c0f1ef890d= ad6064bf" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/053ac9e37eee435e999277c0f1ef890dad6064bf</a> <a href=3D"https://git.ke= rnel.org/stable/c/6cff14b831dbdb32675b4c7904dcc3eeeaf47e9d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/6cff14b831dbdb32675b4c7= 904dcc3eeeaf47e9d</a> <a href=3D"https://git.kernel.org/stable/c/606872c= 8e8bf96066730f6a2317502c5633c37f1" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/606872c8e8bf96066730f6a2317502c5633c37f1</a> =
<a href=3D"https://git.kernel.org/stable/c/28b2a805609699be7b90020ae7dccfb2= 34be1ceb" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/28b2a805609699be7b90020ae7dccfb234be1ceb</a> <a href=3D"https://git.ke= rnel.org/stable/c/2f05f7737e16d9a40038cc1c38a96a3f7964898b" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/2f05f7737e16d9a40038cc1= c38a96a3f7964898b</a> <a href=3D"https://git.kernel.org/stable/c/d82796a= 57cc0dac1dbef19d913c8f02a8cc7b1a7" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/d82796a57cc0dac1dbef19d913c8f02a8cc7b1a7</a> =
<a href=3D"https://git.kernel.org/stable/c/a4e305ed60f7c41bbf9aabc16dd75267= 194e0de3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a4e305ed60f7c41bbf9aabc16dd75267194e0de3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net=
: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronou= sly writing to the device registers and if usb_submit_urb() fail, the code = fail to release allocated to this point resources.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23021" target=3D= "_blank" rel=3D"noopener">CVE-2026-23021</a></td>

<a href=3D"https://git.kernel.org/stable/c/5397ea6d21c35a17707e201a60761bde= e00bcc4e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/5397ea6d21c35a17707e201a60761bdee00bcc4e</a> <a href=3D"https://git.ke= rnel.org/stable/c/a40af9a2904a1ab8ce61866ebe2a894ef30754ba" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/a40af9a2904a1ab8ce61866= ebe2a894ef30754ba</a> <a href=3D"https://git.kernel.org/stable/c/ac5d92d= 2826dec51e5d4c6854865bc5817277452" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/ac5d92d2826dec51e5d4c6854865bc5817277452</a> =
<a href=3D"https://git.kernel.org/stable/c/93f18eaa190374e0f2d253e3b1a65cee= 19a7abe6" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/93f18eaa190374e0f2d253e3b1a65cee19a7abe6</a> <a href=3D"https://git.ke= rnel.org/stable/c/471dfb97599eec74e0476046b3ef8e7037f27b34" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/471dfb97599eec74e047604= 6b3ef8e7037f27b34</a> <a href=3D"https://git.kernel.org/stable/c/ce6eef7= 31aba23a988decea1df3b08cf978f7b01" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/ce6eef731aba23a988decea1df3b08cf978f7b01</a> =
<a href=3D"https://git.kernel.org/stable/c/afa27621a28af317523e0836dad430be= c551eb54" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/afa27621a28af317523e0836dad430bec551eb54</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: idp=
f: fix memory leak in idpf_vc_core_deinit() Make sure to free hw->lan_re= gs. Reported by kmemleak during reset: unreferenced object 0xff1b913d02a936=
c0 (size 96): comm "kworker/u258:14", pid 2174, jiffies 4294958305 hex dump=
(first 32 bytes): 00 00 00 c0 a8 ba 2d ff 00 00 00 00 00 00 00 00 ......-.= ........ 00 00 40 08 00 00 00 00 00 00 25 b3 a8 ba 2d ff ..@.......%...-. b= acktrace (crc 36063c4f): __kmalloc_noprof+0x48f/0x890 idpf_vc_core_init+0x6= ce/0x9b0 [idpf] idpf_vc_event_task+0x1fb/0x350 [idpf] process_one_work+0x22= 6/0x6d0 worker_thread+0x19e/0x340 kthread+0x10f/0x250 ret_from_fork+0x251/0= x2b0 ret_from_fork_asm+0x1a/0x30</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23022" target=3D= "_blank" rel=3D"noopener">CVE-2026-23022</a></td>

<a href=3D"https://git.kernel.org/stable/c/23391db8a00c23854915b8b72ec1aa10= 080aa540" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/23391db8a00c23854915b8b72ec1aa10080aa540</a> <a href=3D"https://git.ke= rnel.org/stable/c/e111cbc4adf9f9974eed040aeece7e17460f6bff" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/e111cbc4adf9f9974eed040= aeece7e17460f6bff</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: idp=
f: fix memory leak in idpf_vport_rel() Free vport->rx_ptype_lkup in idpf= _vport_rel() to avoid leaking memory during a reset. Reported by kmemleak: = unreferenced object 0xff450acac838a000 (size 4096): comm "kworker/u258:5", = pid 7732, jiffies 4296830044 hex dump (first 32 bytes): 00 00 00 00 00 10 0=
0 00 00 10 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 10=
00 00 00 00 00 00 ................ backtrace (crc 3da81902): __kmalloc_cac= he_noprof+0x469/0x7a0 idpf_send_get_rx_ptype_msg+0x90/0x570 [idpf] idpf_ini= t_task+0x1ec/0x8d0 [idpf] process_one_work+0x226/0x6d0 worker_thread+0x19e/= 0x340 kthread+0x10f/0x250 ret_from_fork+0x251/0x2b0 ret_from_fork_asm+0x1a/= 0x30</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23023" target=3D= "_blank" rel=3D"noopener">CVE-2026-23023</a></td>

<a href=3D"https://git.kernel.org/stable/c/a4212d6732e3f674c6cc7d0b642f276d= 827e8f94" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a4212d6732e3f674c6cc7d0b642f276d827e8f94</a> <a href=3D"https://git.ke= rnel.org/stable/c/ec602a2a4071eb956d656ba968c58fee09f0622d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ec602a2a4071eb956d656ba= 968c58fee09f0622d</a> <a href=3D"https://git.kernel.org/stable/c/f6242b3= 54605faff263ca45882b148200915a3f6" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/f6242b354605faff263ca45882b148200915a3f6</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: idp=
f: fix memory leak of flow steer list on rmmod The flow steering list maint= ains entries that are added and removed as ethtool creates and deletes flow=
steering rules. Module removal with active entries causes memory leak as t=
he list is not properly cleaned up. Prevent this by iterating through the r= emaining entries in the list and freeing the associated memory during modul=
e removal. Add a spinlock (flow_steer_list_lock) to protect the list access=
from multiple threads.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23024" target=3D= "_blank" rel=3D"noopener">CVE-2026-23024</a></td>

<a href=3D"https://git.kernel.org/stable/c/1aedff70a5e97628eaaf17b169774cb6= a45a1dc5" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1aedff70a5e97628eaaf17b169774cb6a45a1dc5</a> <a href=3D"https://git.ke= rnel.org/stable/c/f9841bd28b600526ca4f6713b0ca49bf7bb98452" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/f9841bd28b600526ca4f671= 3b0ca49bf7bb98452</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: mm/= page_alloc: prevent pcp corruption with SMP=3Dn The kernel test robot has r= eported: BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28 lock: = 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0 = CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157= 804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470 Call Trace: <= IRQ> __dump_stack (lib/dump_stack.c:95) dump_stack_lvl (lib/dump_stack.c= :123) dump_stack (lib/dump_stack.c:130) spin_dump (kernel/locking/spinlock_= debug.c:71) do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?) _raw_sp= in_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:1= 38) __free_frozen_pages (mm/page_alloc.c:2973) ___free_pages (mm/page_alloc= .c:5295) __free_pages (mm/page_alloc.c:5334) tlb_remove_table_rcu (include/= linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_g= ather.c:227 mm/mmu_gather.c:290) ? __cfi_tlb_remove_table_rcu (mm/mmu_gathe= r.c:289) ? rcu_core (kernel/rcu/tree.c:?) rcu_core (include/linux/rcupdate.= h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861) rcu_core_si (kernel/rc= u/tree.c:2879) handle_softirqs (arch/x86/include/asm/jump_label.h:36 includ= e/trace/events/irq.h:142 kernel/softirq.c:623) __irq_exit_rcu (arch/x86/inc= lude/asm/jump_label.h:36 kernel/softirq.c:725) irq_exit_rcu (kernel/softirq= .c:741) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052) <= /IRQ> <TASK> RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/inclu= de/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spi= nlock.c:194) free_pcppages_bulk (mm/page_alloc.c:1494) drain_pages_zone (in= clude/linux/spinlock.h:391 mm/page_alloc.c:2632) __drain_all_pages (mm/page= _alloc.c:2731) drain_all_pages (mm/page_alloc.c:2747) kcompactd (mm/compact= ion.c:3115) kthread (kernel/kthread.c:465) ? __cfi_kcompactd (mm/compaction= .c:3166) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork (arch/x86/ker= nel/process.c:164) ? __cfi_kthread (kernel/kthread.c:412) ret_from_fork_asm=
(arch/x86/entry/entry_64.S:255) </TASK> Matthew has analyzed the rep= ort and identified that in drain_page_zone() we are in a section protected =
by spin_lock(&pcp->lock) and then get an interrupt that attempts spi= n_trylock() on the same lock. The code is designed to work this way without=
disabling IRQs and occasionally fail the trylock with a fallback. However,=
the SMP=3Dn spinlock implementation assumes spin_trylock() will always suc= ceed, and thus it's normally a no-op. Here the enabled lock debugging catch=
es the problem, but otherwise it could cause a corruption of the pcp struct= ure. The problem has been introduced by commit 574907741599 ("mm/page_alloc=
: leave IRQs enabled for per-cpu page allocations"). The pcp locking scheme=
recognizes the need for disabling IRQs to prevent nesting spin_trylock() s= ections on SMP=3Dn, but the need to prevent the nesting in spin_lock() has = not been recognized. Fix it by introducing local wrappers that change the s= pin_lock() to spin_lock_iqsave() with SMP=3Dn and use them in all places th=
at do spin_lock(&pcp->lock). [vbabka@suse.cz: add pcp_ prefix to the=
spin_lock_irqsave wrappers, per Steven]</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23025" target=3D= "_blank" rel=3D"noopener">CVE-2026-23025</a></td>

<a href=3D"https://git.kernel.org/stable/c/4a04ff9cd816e7346fcc8126f00ed804= 81f6569d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4a04ff9cd816e7346fcc8126f00ed80481f6569d</a> <a href=3D"https://git.ke= rnel.org/stable/c/df63d31e9ae02e2f6cd96147779e4ed7cd0e75f6" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/df63d31e9ae02e2f6cd9614= 7779e4ed7cd0e75f6</a> <a href=3D"https://git.kernel.org/stable/c/3098f8f= 7c7b0686c74827aec42a2c45e69801ff8" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/3098f8f7c7b0686c74827aec42a2c45e69801ff8</a> =
<a href=3D"https://git.kernel.org/stable/c/038a102535eb49e10e93eafac54352fc= c5d78847" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/038a102535eb49e10e93eafac54352fcc5d78847</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory = leak in gpi_peripheral_config() where the original memory pointed to by gch= an->config could be lost if krealloc() fails. The issue occurs when: 1. = gchan->config points to previously allocated memory 2. krealloc() fails = and returns NULL 3. The function directly assigns NULL to gchan->config,=
losing the reference to the original memory 4. The original memory becomes=
unreachable and cannot be freed Fix this by using a temporary variable to = hold the krealloc() result and only updating gchan->config when the allo= cation succeeds. Found via static analysis and code review.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23026" target=3D= "_blank" rel=3D"noopener">CVE-2026-23026</a></td>

<a href=3D"https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d= 2e0c89af" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/6bf4ef078fd11910988889a6c0b3698d2e0c89af</a> <a href=3D"https://git.ke= rnel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a= 3cd46b17bda842bd8</a> <a href=3D"https://git.kernel.org/stable/c/55a67ba= 5ac4cebfd54cc8305d4d57a0f1dfe6a85" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85</a> =
<a href=3D"https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d= 1e182728" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/3f747004bbd641131d9396d87b5d2d3d1e182728</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: Loo= ngArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy() In kvm_ioctl_crea= te_device(), kvm_device has allocated memory, kvm_device->destroy() seem=
s to be supposed to free its kvm_device struct, but kvm_pch_pic_destroy() i=
s not currently doing this, that would lead to a memory leak. So, fix it.</=

<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23027" target=3D= "_blank" rel=3D"noopener">CVE-2026-23027</a></td>

<a href=3D"https://git.kernel.org/stable/c/fc53a66227af08d868face4b33fa8b2e= 1ba187ed" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/fc53a66227af08d868face4b33fa8b2e1ba187ed</a> <a href=3D"https://git.ke= rnel.org/stable/c/1cf342a7c3adc5877837b53bbceb5cc9eff60bbf" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/1cf342a7c3adc5877837b53= bbceb5cc9eff60bbf</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: Loo= ngArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kvm_ioctl_create_d= evice(), kvm_device has allocated memory, kvm_device->destroy() seems to=
be supposed to free its kvm_device struct, but kvm_ipi_destroy() is not cu= rrently doing this, that would lead to a memory leak. So, fix it.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23028" target=3D= "_blank" rel=3D"noopener">CVE-2026-23028</a></td>

<a href=3D"https://git.kernel.org/stable/c/5defcc2f9c22e6e09b5be68234ad10f4= ba0292b7" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/5defcc2f9c22e6e09b5be68234ad10f4ba0292b7</a> <a href=3D"https://git.ke= rnel.org/stable/c/0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/0bf58cb7288a4d3de6d8ecb= b3a65928a9362bf21</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: Loo= ngArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() In kvm_ioctl_crea= te_device(), kvm_device has allocated memory, kvm_device->destroy() seem=
s to be supposed to free its kvm_device struct, but kvm_eiointc_destroy() i=
s not currently doing this, that would lead to a memory leak. So, fix it.</=

<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23029" target=3D= "_blank" rel=3D"noopener">CVE-2026-23029</a></td>

<a href=3D"https://git.kernel.org/stable/c/e94ec9661c5820d157d2cc4b6cf4a6ab= 656a7b4d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e94ec9661c5820d157d2cc4b6cf4a6ab656a7b4d</a> <a href=3D"https://git.ke= rnel.org/stable/c/7d8553fc75aefa7ec936af0cf8443ff90b51732e" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/7d8553fc75aefa7ec936af0= cf8443ff90b51732e</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: phy=
: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() Th=
e for_each_available_child_of_node() calls of_node_put() to release child_n=
p in each success loop. After breaking from the loop with the child_np has = been released, the code will jump to the put_child label and will call the = of_node_put() again if the devm_request_threaded_irq() fails. These cause a=
double free bug. Fix by returning directly to avoid the duplicate of_node_= put().</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23030" target=3D= "_blank" rel=3D"noopener">CVE-2026-23030</a></td>

<a href=3D"https://git.kernel.org/stable/c/ebae26dd15140b840cf65be5e1c0daee= 949ba70b" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/ebae26dd15140b840cf65be5e1c0daee949ba70b</a> <a href=3D"https://git.ke= rnel.org/stable/c/027d42b97e6eb827c3438ebc09bab7efaee9270d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/027d42b97e6eb827c3438eb= c09bab7efaee9270d</a> <a href=3D"https://git.kernel.org/stable/c/efe92ee= 7a111fe0f4d75f3ed6b7e3f86322279d5" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/efe92ee7a111fe0f4d75f3ed6b7e3f86322279d5</a> =
<a href=3D"https://git.kernel.org/stable/c/e07dea3de508cd6950c937cec42de760= 3190e1ca" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e07dea3de508cd6950c937cec42de7603190e1ca</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_ope= n(), the URBs for USB-in transfers are allocated, added to the parent->r= x_submitted anchor and submitted. In the complete callback gs_usb_receive_b= ulk_callback(), the URB is processed and resubmitted. In gs_can_close() the=
URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted).=
However, this does not take into account that the USB framework unanchors = the URB before the complete function is called. This means that once an in-= URB has been completed, it is no longer anchored and is ultimately not rele= ased in gs_can_close(). Fix the memory leak by anchoring the URB in the gs_= usb_receive_bulk_callback() to the parent->rx_submitted anchor.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23031" target=3D= "_blank" rel=3D"noopener">CVE-2026-23031</a></td>

<a href=3D"https://git.kernel.org/stable/c/f905bcfa971edb89e398c98957838d8c= 6381c0c7" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f905bcfa971edb89e398c98957838d8c6381c0c7</a> <a href=3D"https://git.ke= rnel.org/stable/c/08624b7206ddb9148eeffc2384ebda2c47b6d1e9" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/08624b7206ddb9148eeffc2= 384ebda2c47b6d1e9</a> <a href=3D"https://git.kernel.org/stable/c/9f669a3= 8ca70839229b7ba0f851820850a2fe1f7" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/9f669a38ca70839229b7ba0f851820850a2fe1f7</a> =
<a href=3D"https://git.kernel.org/stable/c/7352e1d5932a0e777e39fa4b61980119= 1f57e603" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/7352e1d5932a0e777e39fa4b619801191f57e603</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: nul= l_blk: fix kmemleak by releasing references to fault configfs items When CO= NFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets =
up fault injection support by creating the timeout_inject, requeue_inject, = and init_hctx_fault_inject configfs items as children of the top-level null=
bX configfs group. However, when the nullbX device is removed, the referenc=
es taken to these fault-config configfs items are not released. As a result=
, kmemleak reports a memory leak, for example: unreferenced object 0xc00000= 021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322121578 hex dump = (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx= _fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... ba= cktrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+0x494/0xbd8 kvas= printf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_group_init_type_nam= e+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 configfs_mkdir+0= x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys_mkdir+0xa0/0xd8=
system_call_exception+0x1b0/0x4f0 system_call_vectored_common+0x15c/0x2ec = Fix this by explicitly releasing the references to the fault-config configf=
s items when dropping the reference to the top-level nullbX configfs group.= </td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23032" target=3D= "_blank" rel=3D"noopener">CVE-2026-23032</a></td>

<a href=3D"https://git.kernel.org/stable/c/1a3286edf4d48ce37f8982ff3c3b6515= 9a5ecbb2" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2</a> <a href=3D"https://git.ke= rnel.org/stable/c/d59ba448ccd595d5d65e197216cf781a87db2b28" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d59ba448ccd595d5d65e197= 216cf781a87db2b28</a> <a href=3D"https://git.kernel.org/stable/c/f1718da= 051282698aa8fa150bebb9724f6389fda" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/f1718da051282698aa8fa150bebb9724f6389fda</a> =
<a href=3D"https://git.kernel.org/stable/c/40b94ec7edbbb867c4e26a1a43d2b898= f04b93c5" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/40b94ec7edbbb867c4e26a1a43d2b898f04b93c5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: omap-dma: fix dma_pool resource leak in error paths The dma_pool cr= eated by dma_pool_create() is not destroyed when dma_async_device_register(=
) or of_dma_controller_register() fails, causing a resource leak in the pro=
be error paths. Add dma_pool_destroy() in both error paths to properly rele= ase the allocated dma_pool resource.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23033" target=3D= "_blank" rel=3D"noopener">CVE-2026-23033</a></td>

<a href=3D"https://git.kernel.org/stable/c/88a9483f093bbb9263dcf21bc7fdb513= 2e5de88d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/88a9483f093bbb9263dcf21bc7fdb5132e5de88d</a> <a href=3D"https://git.ke= rnel.org/stable/c/4b93712e96be17029bd22787f2e39feb0e73272c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/4b93712e96be17029bd2278= 7f2e39feb0e73272c</a> <a href=3D"https://git.kernel.org/stable/c/829b004= 81734dd54e72f755fd6584bce6fbffbb0" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/829b00481734dd54e72f755fd6584bce6fbffbb0</a> =
<a href=3D"https://git.kernel.org/stable/c/2e1136acf8a8887c29f52e35a77b5373= 09af321f" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/2e1136acf8a8887c29f52e35a77b537309af321f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: drm= /amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode = queue keeps a pointer to the most recent fence in userq->last_fence. Thi=
s pointer holds an extra dma_fence reference. When the queue is destroyed, =
we free the fence driver and its xarray, but we forgot to drop the last_fen=
ce reference. Because of the missing dma_fence_put(), the last fence object=
can stay alive when the driver unloads. This leaves an allocated object in=
the amdgpu_userq_fence slab cache and triggers This is visible during driv=
er unload as: BUG amdgpu_userq_fence: Objects remaining on __kmem_cache_shu= tdown() kmem_cache_destroy amdgpu_userq_fence: Slab cache still has objects=
Call Trace: kmem_cache_destroy amdgpu_userq_fence_slab_fini amdgpu_exit __= do_sys_delete_module Fix this by putting userq->last_fence and clearing = the pointer during amdgpu_userq_fence_driver_free(). This makes sure the fe= nce reference is released and the slab cache is empty when the module exits=
. v2: Update to only release userq->last_fence with dma_fence_put() (Chr= istian) (cherry picked from commit 8e051e38a8d45caf6a866d4ff842105b577953bb= )</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23034" target=3D= "_blank" rel=3D"noopener">CVE-2026-23034</a></td>

<a href=3D"https://git.kernel.org/stable/c/e1a30e1ab33fc522785d04bbf7e1b13a= 5c5c9175" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e1a30e1ab33fc522785d04bbf7e1b13a5c5c9175</a> <a href=3D"https://git.ke= rnel.org/stable/c/b2426a211dba6432e32a2e70e9183c6e134475c6" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/b2426a211dba6432e32a2e7= 0e9183c6e134475c6</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net= /mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is a=
n unstable structure that can be memset(0) if profile attaching fails. Pass=
netdev to mlx5e_destroy_netdev() to guarantee it will work on a valid netd= ev. On mlx5e_remove: Check validity of priv->profile, before attempting =
to cleanup any resources that might be not there. This fixes a kernel oops =
in mlx5e_remove when switchdev mode fails due to change profile failure. $ = devlink dev eswitch set pci/0000:00:03.0 mode switchdev Error: mlx5_core: F= ailed setting eswitch to offloads. dmesg: workqueue: Failed to create a res= cuer kthread for wq "mlx5e": -EINTR mlx5_core 0012:03:00.1: mlx5e_netdev_in= it_profile:6214:(pid 37199): mlx5e_priv_init failed, err=3D-12 mlx5_core 00= 12:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed,=
-12 workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR m= lx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_pr= iv_init failed, err=3D-12 mlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_ch= ange_profile: failed to rollback to orig profile, -12 $ devlink dev reload = pci/0000:00:03.0 =3D=3D> oops BUG: kernel NULL pointer dereference, addr= ess: 0000000000000370 PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 15 U= ID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc5+ #115 PREEMPT(voluntary=
) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04= /01/2014 RIP: 0010:mlx5e_dcbnl_dscp_app+0x23/0x100 RSP: 0018:ffffc9000083f8=
b8 EFLAGS: 00010286 RAX: ffff8881126fc380 RBX: ffff8881015ac400 RCX: ffffff= ff826ffc45 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881035109c=
0 RBP: ffff8881035109c0 R08: ffff888101e3e838 R09: ffff888100264e10 R10: ff= ffc9000083f898 R11: ffffc9000083f8a0 R12: ffff888101b921a0 R13: ffff888101b= 921a0 R14: ffff8881015ac9a0 R15: ffff8881015ac400 FS: 00007f789a3c8740(0000=
) GS:ffff88856aa59000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 00=
00 CR0: 0000000080050033 CR2: 0000000000000370 CR3: 000000010b6c0001 CR4: 0= 000000000370ef0 Call Trace: <TASK> mlx5e_remove+0x57/0x110 device_rel= ease_driver_internal+0x19c/0x200 bus_remove_device+0xc6/0x130 device_del+0x= 160/0x3d0 ? devl_param_driverinit_value_get+0x2d/0x90 mlx5_detach_device+0x= 89/0xe0 mlx5_unload_one_devl_locked+0x3a/0x70 mlx5_devlink_reload_down+0xc8= /0x220 devlink_reload+0x7d/0x260 devlink_nl_reload_doit+0x45b/0x5a0 genl_fa= mily_rcv_msg_doit+0xe8/0x140</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23035" target=3D= "_blank" rel=3D"noopener">CVE-2026-23035</a></td>

<a href=3D"https://git.kernel.org/stable/c/a7625bacaa8c8c2bfcde6dd6d1397bd6= 3ad82b02" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a7625bacaa8c8c2bfcde6dd6d1397bd63ad82b02</a> <a href=3D"https://git.ke= rnel.org/stable/c/66a25f6b7c0bfd84e6d27b536f5d24116dbd52da" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/66a25f6b7c0bfd84e6d27b5= 36f5d24116dbd52da</a> <a href=3D"https://git.kernel.org/stable/c/4ef8512= e1427111f7ba92b4a847d181ff0aeec42" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/4ef8512e1427111f7ba92b4a847d181ff0aeec42</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: btr= fs: release path before iget_failed() in btrfs_read_locked_inode() In btrfs= _read_locked_inode() if we fail to lookup the inode, we jump to the 'out' l= abel with a path that has a read locked leaf and then we call iget_failed()=
. This can result in a ABBA deadlock, since iget_failed() triggers inode ev= iction and that causes the release of the delayed inode, which must lock th=
e delayed inode's mutex, and a task updating a delayed inode starts by taki=
ng the node's mutex and then modifying the inode's subvolume btree. Syzbot = reported the following lockdep splat for this: =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D WARNING: possi= ble circular locking dependency detected syzkaller #0 Not tainted ---------= --------------------------------------------- btrfs-cleaner/8725 is trying =
to acquire lock: ffff0000d6826a48 (&delayed_node->mutex){+.+.}-{4:4}=
, at: __btrfs_release_delayed_node+0xa0/0x9b0 fs/btrfs/delayed-inode.c:290 = but task is already holding lock: ffff0000dbeba878 (btrfs-tree-00){++++}-{4= :4}, at: btrfs_tree_read_lock_nested+0x44/0x2ec fs/btrfs/locking.c:145 whic=
h lock already depends on the new lock. the existing dependency chain (in r= everse order) is: -> #1 (btrfs-tree-00){++++}-{4:4}: __lock_release kern= el/locking/lockdep.c:5574 [inline] lock_release+0x198/0x39c kernel/locking/= lockdep.c:5889 up_read+0x24/0x3c kernel/locking/rwsem.c:1632 btrfs_tree_rea= d_unlock+0xdc/0x298 fs/btrfs/locking.c:169 btrfs_tree_unlock_rw fs/btrfs/lo= cking.h:218 [inline] btrfs_search_slot+0xa6c/0x223c fs/btrfs/ctree.c:2133 b= trfs_lookup_inode+0xd8/0x38c fs/btrfs/inode-item.c:395 __btrfs_update_delay= ed_inode+0x124/0xed0 fs/btrfs/delayed-inode.c:1032 btrfs_update_delayed_ino=
de fs/btrfs/delayed-inode.c:1118 [inline] __btrfs_commit_inode_delayed_item= s+0x15f8/0x1748 fs/btrfs/delayed-inode.c:1141 __btrfs_run_delayed_items+0x1= ac/0x514 fs/btrfs/delayed-inode.c:1176 btrfs_run_delayed_items_nr+0x28/0x38=
fs/btrfs/delayed-inode.c:1219 flush_space+0x26c/0xb68 fs/btrfs/space-info.= c:828 do_async_reclaim_metadata_space+0x110/0x364 fs/btrfs/space-info.c:115=
8 btrfs_async_reclaim_metadata_space+0x90/0xd8 fs/btrfs/space-info.c:1226 p= rocess_one_work+0x7e8/0x155c kernel/workqueue.c:3263 process_scheduled_work=
s kernel/workqueue.c:3346 [inline] worker_thread+0x958/0xed8 kernel/workque= ue.c:3427 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 = arch/arm64/kernel/entry.S:844 -> #0 (&delayed_node->mutex){+.+.}-= {4:4}: check_prev_add kernel/locking/lockdep.c:3165 [inline] check_prevs_ad=
d kernel/locking/lockdep.c:3284 [inline] validate_chain kernel/locking/lock= dep.c:3908 [inline] __lock_acquire+0x1774/0x30a4 kernel/locking/lockdep.c:5= 237 lock_acquire+0x14c/0x2e0 kernel/locking/lockdep.c:5868 __mutex_lock_com= mon+0x1d0/0x2678 kernel/locking/mutex.c:598 __mutex_lock kernel/locking/mut= ex.c:760 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:812 __= btrfs_release_delayed_node+0xa0/0x9b0 fs/btrfs/delayed-inode.c:290 btrfs_re= lease_delayed_node fs/btrfs/delayed-inode.c:315 [inline] btrfs_remove_delay= ed_node+0x68/0x84 fs/btrfs/delayed-inode.c:1326 btrfs_evict_inode+0x578/0xe=
28 fs/btrfs/inode.c:5587 evict+0x414/0x928 fs/inode.c:810 iput_final fs/ino= de.c:1914 [inline] iput+0x95c/0xad4 fs/inode.c:1966 iget_failed+0xec/0x134 = fs/bad_inode.c:248 btrfs_read_locked_inode+0xe1c/0x1234 fs/btrfs/inode.c:41=
01 btrfs_iget+0x1b0/0x264 fs/btrfs/inode.c:5837 btrfs_run_defrag_inode fs/b= trfs/defrag.c:237 [inline] btrfs_run_defrag_inodes+0x520/0xdc4 fs/btrf ---t= runcated---</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23036" target=3D= "_blank" rel=3D"noopener">CVE-2026-23036</a></td>

<a href=3D"https://git.kernel.org/stable/c/65241e3ddda60b53a4ee3ae12721fc9e= e21d5827" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/65241e3ddda60b53a4ee3ae12721fc9ee21d5827</a> <a href=3D"https://git.ke= rnel.org/stable/c/1e1f2055ad5a7a5d548789b334a4473a7665c418" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/1e1f2055ad5a7a5d548789b= 334a4473a7665c418</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_r= x_urbs() fails to allocate the requested number of URBs but succeeds in all= ocating some, it returns an error code. This causes es58x_open() to return = early, skipping the cleanup label 'free_urbs', which leads to the anchored = URBs being leaked. As pointed out by maintainer Vincent Mailhol, the driver=
is designed to handle partial URB allocation gracefully. Therefore, partia=
l allocation should not be treated as a fatal error. Modify es58x_alloc_rx_= urbs() to return 0 if at least one URB has been allocated, restoring the in= tended behavior and preventing the leak in es58x_open().</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23037" target=3D= "_blank" rel=3D"noopener">CVE-2026-23037</a></td>

<a href=3D"https://git.kernel.org/stable/c/611e839d2d552416b498ed5593e10670= f61fcd4d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/611e839d2d552416b498ed5593e10670f61fcd4d</a> <a href=3D"https://git.ke= rnel.org/stable/c/ba45e3d6b02c97dbb4578fbae7027fd66f3caa10" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ba45e3d6b02c97dbb4578fb= ae7027fd66f3caa10</a> <a href=3D"https://git.kernel.org/stable/c/6c5124a= 60989051799037834f0a1a4b428718157" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/6c5124a60989051799037834f0a1a4b428718157</a> =
<a href=3D"https://git.kernel.org/stable/c/b1979778e98569c1e78c2c7f16bb24d7= 6541ab00" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/b1979778e98569c1e78c2c7f16bb24d76541ab00</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: pnf= s/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_al= loc_deviceid_node(), if the allocation for ds_versions fails, the function = jumps to the out_scratch label without freeing the already allocated dsaddr=
s list, leading to a memory leak. Fix this by jumping to the out_err_drain_= dsaddrs label, which properly frees the dsaddrs list before cleaning up oth=
er resources.</td>
<td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23038" target=3D= "_blank" rel=3D"noopener">CVE-2026-23038</a></td>

<a href=3D"https://git.kernel.org/stable/c/869862056e100973e76ce9f5f1b01837= 771b7722" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/869862056e100973e76ce9f5f1b01837771b7722</a> <a href=3D"https://git.ke= rnel.org/stable/c/86da7efd12295a7e2b4abde5e5984c821edd938f" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/86da7efd12295a7e2b4abde= 5e5984c821edd938f</a> <a href=3D"https://git.kernel.org/stable/c/ed5d3f2= f6885eb99f729e6ffd946e3aa058bd3eb" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/ed5d3f2f6885eb99f729e6ffd946e3aa058bd3eb</a> =
<a href=3D"https://git.kernel.org/stable/c/0c728083654f0066f5e10a1d2b0bd090= 7af19a58" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/0c728083654f0066f5e10a1d2b0bd0907af19a58</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: drm= /gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm= _atomic_helper_disable_all() is called which sets both the fb and crtc for =
a plane to NULL before invoking a commit. This causes a kernel oops on ever=
y display disconnect. Add guards for those dereferences.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23039" target=3D= "_blank" rel=3D"noopener">CVE-2026-23039</a></td>

<a href=3D"https://git.kernel.org/stable/c/a255ec07f91d4c73a361a28b7a3d82f5= 710245f1" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a255ec07f91d4c73a361a28b7a3d82f5710245f1</a> <a href=3D"https://git.ke= rnel.org/stable/c/dc2d5ddb193e363187bae2ad358245642d2721fb" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/dc2d5ddb193e363187bae2a= d358245642d2721fb</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">liuyueyi--quick-media</td>
<td>Improper Control of Generation of Code ('Code Injection') vulnerability=
in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/= org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is as= sociated with program files PNGImageEncoder.Java. This issue affects quick-= media: before v1.0.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24806" target=3D= "_blank" rel=3D"noopener">CVE-2026-24806</a></td>

<a href=3D"https://github.com/liuyueyi/quick-media/pull/122" target=3D"_bla= nk" rel=3D"noopener">https://github.com/liuyueyi/quick-media/pull/122</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">liuyueyi--quick-media</td>
<td>Improper Verification of Cryptographic Signature vulnerability in liuyu= eyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apach= e/batik/ext/awt/image/codec/util modules). This vulnerability is associated=
with program files SeekableOutputStream.Java. This issue affects quick-med= ia: before v1.0.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24807" target=3D= "_blank" rel=3D"noopener">CVE-2026-24807</a></td>

<a href=3D"https://github.com/liuyueyi/quick-media/pull/123" target=3D"_bla= nk" rel=3D"noopener">https://github.com/liuyueyi/quick-media/pull/123</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">LiveHelperChat--LiveHelperChat</td>
<td>Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload = functionality of Live Helper Chat, versions prior to 4.72. An attacker can = upload a malicious PDF file containing an XSS payload, which will be execut=
ed in the user's context when they download and open the file via the link = generated by the application. The vulnerability allows arbitrary JavaScript=
code to be executed in the user's local context.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0483" target=3D"= _blank" rel=3D"noopener">CVE-2026-0483</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-= site-scripting-xss-vulnerability-livehelperchat" target=3D"_blank" rel=3D"n= oopener">https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-si= te-scripting-xss-vulnerability-livehelperchat</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lobehub--lobe-chat</td>
<td>LobeHub is an open source human-and-AI-agent network. Prior to version = 1.143.3, the file upload feature in `Knowledge Base > File Upload` does = not validate the integrity of the upload request, allowing users to interce=
pt and modify the request parameters. As a result, it is possible to create=
arbitrary files in abnormal or unintended paths. In addition, since `lobec= hat.com` relies on the size parameter from the request to calculate file us= age, an attacker can manipulate this value to misrepresent the actual file = size, such as uploading a `1 GB` file while reporting it as `10 MB`, or fal= sely declaring a `10 MB` file as a `1 GB` file. By manipulating the size va= lue provided in the client upload request, it is possible to bypass the mon= thly upload quota enforced by the server and continuously upload files beyo=
nd the intended storage and traffic limits. This abuse can result in a disc= repancy between actual resource consumption and billing calculations, causi=
ng direct financial impact to the service operator. Additionally, exhaustio=
n of storage or related resources may lead to degraded service availability=
, including failed uploads, delayed content delivery, or temporary suspensi=
on of upload functionality for legitimate users. A single malicious user ca=
n also negatively affect other users or projects sharing the same subscript= ion plan, effectively causing an indirect denial of service (DoS). Furtherm= ore, excessive and unaccounted-for uploads can distort monitoring metrics a=
nd overload downstream systems such as backup processes, malware scanning, = and media processing pipelines, ultimately undermining overall operational = stability and service reliability. Version 1.143.3 contains a patch for the=
issue.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23835" target=3D= "_blank" rel=3D"noopener">CVE-2026-23835</a></td>

<a href=3D"https://github.com/lobehub/lobehub/security/advisories/GHSA-wrrr= -8jcv-wjf5" target=3D"_blank" rel=3D"noopener">https://github.com/lobehub/l= obehub/security/advisories/GHSA-wrrr-8jcv-wjf5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Meta--react-server-dom-webpack</td>
<td>Multiple denial of service vulnerabilities exist in React Server Compon= ents, affecting the following packages: react-server-dom-parcel, react-serv= er-dom-turbopack, react-server-dom-webpack. The vulnerabilities are trigger=
ed by sending specially crafted HTTP requests to Server Function endpoints,=
and could lead to server crashes, out-of-memory exceptions or excessive CP=
U usage; depending on the vulnerable code path being exercised, the applica= tion configuration and application code. Strongly consider upgrading to the=
latest package versions to reduce risk and prevent availability issues in = applications using React Server Components.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23864" target=3D= "_blank" rel=3D"noopener">CVE-2026-23864</a></td>

<a href=3D"https://www.facebook.com/security/advisories/cve-2026-23864" tar= get=3D"_blank" rel=3D"noopener">https://www.facebook.com/security/advisorie= s/cve-2026-23864</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Micron Technology, Inc.--Crucial Storage Execu= tive</td>
<td>Crucial Storage Executive installer versions prior to 11.08.082025.00 c= ontain a DLL preloading vulnerability. During installation, the installer r= uns with elevated privileges and loads Windows DLLs using an uncontrolled s= earch path, which can cause a malicious DLL placed alongside the installer =
to be loaded instead of the intended system library. A local attacker who c=
an convince a victim to run the installer from a directory containing the a= ttacker-supplied DLL can achieve arbitrary code execution with administrato=
r privileges.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71178" target=3D= "_blank" rel=3D"noopener">CVE-2025-71178</a></td>

<a href=3D"https://eu.crucial.com/support/storage-executive" target=3D"_bla= nk" rel=3D"noopener">https://eu.crucial.com/support/storage-executive</a><b= r><a href=3D"https://www.vulncheck.com/advisories/crucial-storage-executive= -installer-dll-preloading-lpe" target=3D"_blank" rel=3D"noopener">https://w= ww.vulncheck.com/advisories/crucial-storage-executive-installer-dll-preload= ing-lpe</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mintplex-Labs--anything-llm</td>
<td>AnythingLLM is an application that turns pieces of content into context=
that any LLM can use as references during chatting. If AnythingLLM prior t=
o version 1.10.0 is configured to use Qdrant as the vector database with an=
API key, this QdrantApiKey could be exposed in plain text to unauthenticat=
ed users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey al= lows an unauthenticated attacker full read/write access to the Qdrant vecto=
r database instance used by AnythingLLM. Since Qdrant often stores the core=
knowledge base for RAG in AnythingLLM, this can lead to complete compromis=
e of the semantic search / retrieval functionality and indirect leakage of = confidential uploaded documents. Version 1.10.0 patches the issue.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24477" target=3D= "_blank" rel=3D"noopener">CVE-2026-24477</a></td>

<a href=3D"https://github.com/Mintplex-Labs/anything-llm/security/advisorie= s/GHSA-gm94-qc2p-xcwf" target=3D"_blank" rel=3D"noopener">https://github.co= m/Mintplex-Labs/anything-llm/security/advisories/GHSA-gm94-qc2p-xcwf</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>An out-of-bounds read in the http_parser_transfer_encoding_chunked func= tion (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers=
to cause a Denial of Service (DoS) via sending a crafted POST request to t=
he server.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63649" target=3D= "_blank" rel=3D"noopener">CVE-2025-63649</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/426" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/426</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memo= ry.c) of monkey commit f37e984 allows attackers to cause a Denial of Servic=
e (DoS) via sending a crafted HTTP request to the server.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63650" target=3D= "_blank" rel=3D"noopener">CVE-2025-63650</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/426" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/426</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>A use-after-free in the mk_string_char_search function (mk_core/mk_stri= ng.c) of monkey commit f37e984 allows attackers to cause a Denial of Servic=
e (DoS) via sending a crafted HTTP request to the server.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63651" target=3D= "_blank" rel=3D"noopener">CVE-2025-63651</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/426" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/426</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>A use-after-free in the mk_http_request_end function (mk_server/mk_http= .c) of monkey commit f37e984 allows attackers to cause a Denial of Service = (DoS) via sending a crafted HTTP request to the server.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63652" target=3D= "_blank" rel=3D"noopener">CVE-2025-63652</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/426" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/426</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_= vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Ser= vice (DoS) via sending a crafted HTTP request to the server.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63653" target=3D= "_blank" rel=3D"noopener">CVE-2025-63653</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/426" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/426</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>A NULL pointer dereference in the mk_http_range_parse function (mk_serv= er/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial o=
f Service (DoS) via sending a crafted HTTP request to the server.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63655" target=3D= "_blank" rel=3D"noopener">CVE-2025-63655</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/427" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/427</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>An out-of-bounds read in the header_cmp function (mk_server/mk_http_par= ser.c) of monkey commit f37e984 allows attackers to cause a Denial of Servi=
ce (DoS) via sending a crafted HTTP request to the server.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63656" target=3D= "_blank" rel=3D"noopener">CVE-2025-63656</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/426" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/426</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mi= metype.c) of monkey commit f37e984 allows attackers to cause a Denial of Se= rvice (DoS) via sending a crafted HTTP request to the server.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63657" target=3D= "_blank" rel=3D"noopener">CVE-2025-63657</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/426" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/426</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">monkey--monkey</td>
<td>A stack overflow in the mk_http_index_lookup function (mk_server/mk_htt= p.c) of monkey commit f37e984 allows attackers to cause a Denial of Service=
(DoS) via sending a crafted HTTP request to the server.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63658" target=3D= "_blank" rel=3D"noopener">CVE-2025-63658</a></td>

<a href=3D"https://github.com/monkey/monkey/issues/427" target=3D"_blank" r= el=3D"noopener">https://github.com/monkey/monkey/issues/427</a> <a href= =3D"https://github.com/archersec/security-advisories/blob/master/monkey/mon= key-advisory-2025.md" target=3D"_blank" rel=3D"noopener">https://github.com= /archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mozilla--Firefox</td>
<td>Mitigation bypass in the Privacy: Anti-Tracking component. This vulnera= bility affects Firefox < 147.0.2.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24868" target=3D= "_blank" rel=3D"noopener">CVE-2026-24868</a></td>

<a href=3D"https://bugzilla.mozilla.org/show_bug.cgi?id=3D2007302" target= =3D"_blank" rel=3D"noopener">https://bugzilla.mozilla.org/show_bug.cgi?id= =3D2007302</a> <a href=3D"https://www.mozilla.org/security/advisories/mf= sa2026-06/" target=3D"_blank" rel=3D"noopener">https://www.mozilla.org/secu= rity/advisories/mfsa2026-06/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mozilla--Firefox</td>
<td>Use-after-free in the Layout: Scrolling and Overflow component. This vu= lnerability affects Firefox < 147.0.2.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24869" target=3D= "_blank" rel=3D"noopener">CVE-2026-24869</a></td>

<a href=3D"https://bugzilla.mozilla.org/show_bug.cgi?id=3D2008698" target= =3D"_blank" rel=3D"noopener">https://bugzilla.mozilla.org/show_bug.cgi?id= =3D2008698</a> <a href=3D"https://www.mozilla.org/security/advisories/mf= sa2026-06/" target=3D"_blank" rel=3D"noopener">https://www.mozilla.org/secu= rity/advisories/mfsa2026-06/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mozilla--Thunderbird</td>
<td>When a user explicitly requested Thunderbird to decrypt an inline OpenP=
GP message that was embedded in a text section of an email that was formatt=
ed and styled with HTML and CSS, then the decrypted contents were rendered =
in a context in which the CSS styles from the outer messages were active. I=
f the user had additionally allowed loading of the remote content reference=
d by the outer email message, and the email was crafted by the sender using=
a combination of CSS rules and fonts and animations, then it was possible =
to extract the secret contents of the email. This vulnerability affects Thu= nderbird < 147.0.1 and Thunderbird < 140.7.1.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0818" target=3D"= _blank" rel=3D"noopener">CVE-2026-0818</a></td>

<a href=3D"https://bugzilla.mozilla.org/show_bug.cgi?id=3D1881530" target= =3D"_blank" rel=3D"noopener">https://bugzilla.mozilla.org/show_bug.cgi?id= =3D1881530</a> <a href=3D"https://www.mozilla.org/security/advisories/mf= sa2026-07/" target=3D"_blank" rel=3D"noopener">https://www.mozilla.org/secu= rity/advisories/mfsa2026-07/</a> <a href=3D"https://www.mozilla.org/secu= rity/advisories/mfsa2026-08/" target=3D"_blank" rel=3D"noopener">https://ww= w.mozilla.org/security/advisories/mfsa2026-08/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MuntashirAkon--AppManager</td>
<td>Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManage=
r (app/src/main/java/org/apache/commons/compress/archivers/tar modules). Th=
is vulnerability is associated with program files TarUtils.Java. This issue=
affects AppManager: before 4.0.4.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1464" target=3D"= _blank" rel=3D"noopener">CVE-2026-1464</a></td>

<a href=3D"https://github.com/MuntashirAkon/AppManager/pull/1598" target=3D= "_blank" rel=3D"noopener">https://github.com/MuntashirAkon/AppManager/pull/= 1598</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">N3uron--N3uron</td>
<td>An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a rem= ote attacker to escalate privileges via the password hashing on the client = side using the MD5 algorithm over a predictable string format</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69929" target=3D= "_blank" rel=3D"noopener">CVE-2025-69929</a></td>

<a href=3D"http://n3uron.com" target=3D"_blank" rel=3D"noopener">http://n3u= ron.com</a> <a href=3D"https://www.linkedin.com/in/joselabreu" target=3D= "_blank" rel=3D"noopener">https://www.linkedin.com/in/joselabreu</a> <a = href=3D"https://gist.github.com/JoseAbreu28/67f5d8bfc7ba1def526efeda5771a24=
4" target=3D"_blank" rel=3D"noopener">https://gist.github.com/JoseAbreu28/6= 7f5d8bfc7ba1def526efeda5771a244</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NAVER--billboard.js</td>
<td>billboard.js before 3.18.0 allows an attacker to execute malicious Java= Script due to improper sanitization during chart option binding.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1513" target=3D"= _blank" rel=3D"noopener">CVE-2026-1513</a></td>

<a href=3D"https://cve.naver.com/detail/cve-2026-1513.html" target=3D"_blan=
k" rel=3D"noopener">https://cve.naver.com/detail/cve-2026-1513.html</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">neka-nat--cupoch</td>
<td>Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjp= eg-turbo/libjpeg-turbo modules). This vulnerability is associated with prog= ram files tjbench.C. This issue affects cupoch.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24797" target=3D= "_blank" rel=3D"noopener">CVE-2026-24797</a></td>

<a href=3D"https://github.com/neka-nat/cupoch/pull/138" target=3D"_blank" r= el=3D"noopener">https://github.com/neka-nat/cupoch/pull/138</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">NETGEAR--NETGEAR products</td>
<td>Some end of service NETGEAR products provide "TelnetEnable" functionali= ty, which allows a magic packet to activate telnet service on the box.</td> <td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24714" target=3D= "_blank" rel=3D"noopener">CVE-2026-24714</a></td>

<a href=3D"https://www.netgear.com/about/eos/" target=3D"_blank" rel=3D"noo= pener">https://www.netgear.com/about/eos/</a> <a href=3D"https://jvn.jp/= en/jp/JVN46722282/" target=3D"_blank" rel=3D"noopener">https://jvn.jp/en/jp= /JVN46722282/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nocodb--nocodb</td>
<td>NocoDB is software for building databases as spreadsheets. Prior to ver= sion 0.301.0, an unvalidated redirect (open redirect) vulnerability exists =
in NocoDB's login flow due to missing validation of the `continueAfterSignI=
n` parameter. During authentication, NocoDB processes a user-controlled red= irect value and conditionally performs client-side navigation without enfor= cing any restrictions on the destination's origin, domain or protocol. This=
allows attackers to redirect authenticated users to arbitrary external web= sites after login. This vulnerability enables phishing attacks by leveragin=
g user trust in the legitimate NocoDB login flow. While it does not directl=
y expose credentials or bypass authentication, it increases the likelihood =
of credential theft through social engineering. The issue does not allow ar= bitrary code execution or privilege escalation, but it undermines authentic= ation integrity. Version 0.301.0 fixes the issue.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24768" target=3D= "_blank" rel=3D"noopener">CVE-2026-24768</a></td>

<a href=3D"https://github.com/nocodb/nocodb/security/advisories/GHSA-3hmw-8= mw3-rmpj" target=3D"_blank" rel=3D"noopener">https://github.com/nocodb/noco= db/security/advisories/GHSA-3hmw-8mw3-rmpj</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nocodb--nocodb</td>
<td>NocoDB is software for building databases as spreadsheets. Prior to ver= sion 0.301.0, a stored cross-site scripting (XSS) vulnerability exists in N= ocoDB's attachment handling mechanism. Authenticated users can upload malic= ious SVG files containing embedded JavaScript, which are later rendered inl= ine and executed in the browsers of other users who view the attachment. Be= cause the malicious payload is stored server-side and executed under the ap= plication's origin, successful exploitation can lead to account compromise,=
data exfiltration and unauthorized actions performed on behalf of affected=
users. Version 0.301.0 patches the issue.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24769" target=3D= "_blank" rel=3D"noopener">CVE-2026-24769</a></td>

<a href=3D"https://github.com/nocodb/nocodb/security/advisories/GHSA-q5c6-h= 22r-qpwr" target=3D"_blank" rel=3D"noopener">https://github.com/nocodb/noco= db/security/advisories/GHSA-q5c6-h22r-qpwr</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Node.js--Node.js</td>
<td>The Node.js package browserstack-local 1.5.8 contains a command injecti=
on vulnerability. This occurs because the logfile variable is not properly = sanitized in lib/Local.js.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57283" target=3D= "_blank" rel=3D"noopener">CVE-2025-57283</a></td>

<a href=3D"https://www.npmjs.com" target=3D"_blank" rel=3D"noopener">https:= //www.npmjs.com</a> <a href=3D"https://gist.github.com/Dremig/b639c61541= dd1482007dc7a5cd7fefb1" target=3D"_blank" rel=3D"noopener">https://gist.git= hub.com/Dremig/b639c61541dd1482007dc7a5cd7fefb1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nvm-sh--nvm</td>
<td>A command injection vulnerability exists in nvm (Node Version Manager) = versions 0.40.3 and below. The nvm_download() function uses eval to execute=
wget commands, and the NVM_AUTH_HEADER environment variable was not saniti= zed in the wget code path (though it was sanitized in the curl code path). =
An attacker who can set environment variables in a victim's shell environme=
nt (e.g., via malicious CI/CD configurations, compromised dotfiles, or Dock=
er images) can inject arbitrary shell commands that execute when the victim=
runs nvm commands that trigger downloads, such as 'nvm install' or 'nvm ls= -remote'.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1665" target=3D"= _blank" rel=3D"noopener">CVE-2026-1665</a></td>

<a href=3D"https://github.com/nvm-sh/nvm/commit/44e2590cdf257faf7d885e4470b= e8dc66cec9506" target=3D"_blank" rel=3D"noopener">Fix commit</a> <a href= =3D"https://github.com/nvm-sh/nvm/releases/tag/v0.40.4" target=3D"_blank" r= el=3D"noopener">Release v0.40.4</a> <a href=3D"https://github.com/nvm-sh= /nvm" target=3D"_blank" rel=3D"noopener">nvm GitHub repository</a> <a hr= ef=3D"https://github.com/nvm-sh/nvm/pull/3380" target=3D"_blank" rel=3D"noo= pener">https://github.com/nvm-sh/nvm/pull/3380</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OctoPrint--OctoPrint</td>
<td>OctoPrint provides a web interface for controlling consumer 3D printers=
. OctoPrint versions up to and including 1.11.5 are affected by a (theoreti= cal) timing attack vulnerability that allows API key extraction over the ne= twork. Due to using character based comparison that short-circuits on the f= irst mismatched character during API key validation, rather than a cryptogr= aphical method with static runtime regardless of the point of mismatch, an = attacker with network based access to an affected OctoPrint could extract A=
PI keys valid on the instance by measuring the response times of the denied=
access responses and guess an API key character by character. The vulnerab= ility is patched in version 1.11.6. The likelihood of this attack actually = working is highly dependent on the network's latency, noise and similar par= ameters. An actual proof of concept was not achieved so far. Still, as alwa=
ys administrators are advised to not expose their OctoPrint instance on hos= tile networks, especially not on the public Internet.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23892" target=3D= "_blank" rel=3D"noopener">CVE-2026-23892</a></td>

<a href=3D"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-= xg4x-w2j3-57h6" target=3D"_blank" rel=3D"noopener">https://github.com/OctoP= rint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6</a> <a href=3D"ht= tps://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0= fb5d01a8c" target=3D"_blank" rel=3D"noopener">https://github.com/OctoPrint/= OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c</a> <a href=3D= "https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6" target=3D"_bla= nk" rel=3D"noopener">https://github.com/OctoPrint/OctoPrint/releases/tag/1.= 11.6</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to ca= use a Denial of Service (DoS) via supplying crafted tensor shapes.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65886" target=3D= "_blank" rel=3D"noopener">CVE-2025-65886</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/Oneflow-Inc/oneflow</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10666" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10666</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A division-by-zero vulnerability in the flow.floor_divide() component o=
f OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a = crafted input tensor with zero.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65887" target=3D= "_blank" rel=3D"noopener">CVE-2025-65887</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/Oneflow-Inc/oneflow</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10665" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10665</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A dimension validation flaw in the flow.empty() component of OneFlow 0.= 9.0 allows attackers to cause a Denial of Service (DoS) via a negative or e= xcessively large dimension value.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65888" target=3D= "_blank" rel=3D"noopener">CVE-2025-65888</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/Oneflow-Inc/oneflow</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10664" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10664</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A type validation flaw in the flow.dstack() component of OneFlow v0.9.0=
allows attackers to cause a Denial of Service (DoS) via a crafted input.</=

<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65889" target=3D= "_blank" rel=3D"noopener">CVE-2025-65889</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/Oneflow-Inc/oneflow</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10663" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10663</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause=
a Denial of Service (DoS) by calling flow.cuda.synchronize() with an inval=
id or out-of-range GPU device index.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65890" target=3D= "_blank" rel=3D"noopener">CVE-2025-65890</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/Oneflow-Inc/oneflow</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10662" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10662</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to t= rigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_propertie= s() with an invalid or negative device index.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65891" target=3D= "_blank" rel=3D"noopener">CVE-2025-65891</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/Oneflow-Inc/oneflow</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10661" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10661</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A GPU device-ID validation flaw in the flow.cuda.get_device_capability(=
) component of OneFlow v0.9.0 allows attackers to cause a Denial of Service=
(DoS) via a crafted device ID.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70999" target=3D= "_blank" rel=3D"noopener">CVE-2025-70999</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow/issues/10660" target=3D"_blank" rel=3D"noopen= er">https://github.com/Oneflow-Inc/oneflow/issues/10660</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows=
attackers to cause a Denial of Service (DoS) via a crafted input.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71000" target=3D= "_blank" rel=3D"noopener">CVE-2025-71000</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow/issues/10659" target=3D"_blank" rel=3D"noopen= er">https://github.com/Oneflow-Inc/oneflow/issues/10659</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A segmentation violation in the flow.column_stack component of OneFlow = v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted in= put.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71001" target=3D= "_blank" rel=3D"noopener">CVE-2025-71001</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"http://oneflow.com" target= =3D"_blank" rel=3D"noopener">http://oneflow.com</a> <a href=3D"https://g= ithub.com/Oneflow-Inc/oneflow/issues/10658" target=3D"_blank" rel=3D"noopen= er">https://github.com/Oneflow-Inc/oneflow/issues/10658</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A floating-point exception (FPE) in the flow.column_stack component of = OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a cr= afted input.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71002" target=3D= "_blank" rel=3D"noopener">CVE-2025-71002</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10657" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10657</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>An input validation vulnerability in the flow.arange() component of One= Flow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a craft=
ed input.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71003" target=3D= "_blank" rel=3D"noopener">CVE-2025-71003</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10656" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10656</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A segmentation violation in the oneflow.logical_or component of OneFlow=
v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted i= nput.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71004" target=3D= "_blank" rel=3D"noopener">CVE-2025-71004</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10655" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10655</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A floating point exception (FPE) in the oneflow.view component of OneFl=
ow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted=
input.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71005" target=3D= "_blank" rel=3D"noopener">CVE-2025-71005</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10654" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10654</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A floating point exception (FPE) in the oneflow.reshape component of On= eFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a craf= ted input.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71006" target=3D= "_blank" rel=3D"noopener">CVE-2025-71006</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10653" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10653</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>An input validation vulnerability in the oneflow.index_add component of=
OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a c= rafted input.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71007" target=3D= "_blank" rel=3D"noopener">CVE-2025-71007</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10652" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10652</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>A segmentation violation in the oneflow._oneflow_internal.autograd.Func= tion.FunctionCtx.mark_non_differentiable component of OneFlow v0.9.0 allows=
attackers to cause a Denial of Service (DoS) via a crafted input.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71008" target=3D= "_blank" rel=3D"noopener">CVE-2025-71008</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10651" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10651</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>An input validation vulnerability in the flow.scatter/flow.scatter_add = component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (= DoS) via a crafted indices.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71009" target=3D= "_blank" rel=3D"noopener">CVE-2025-71009</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10649" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10649</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OneFlow--OneFlow</td>
<td>An input validation vulnerability in the flow.Tensor.new_empty/flow.Ten= sor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attac= kers to cause a Denial of Service (DoS) via a crafted input.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71011" target=3D= "_blank" rel=3D"noopener">CVE-2025-71011</a></td>

<a href=3D"https://github.com/Daisy2ang" target=3D"_blank" rel=3D"noopener"= >https://github.com/Daisy2ang</a> <a href=3D"https://github.com/Oneflow-= Inc/oneflow/issues/10648" target=3D"_blank" rel=3D"noopener">https://github= .com/Oneflow-Inc/oneflow/issues/10648</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">openemr--openemr</td>
<td>OpenEMR is a free and open source electronic health records and medical=
practice management application. Versions prior to 7.0.4 have a vulnerabil= ity where sensitive data is unintentionally revealed to unauthorized partie=
s. Contents of Clinical Notes and Care Plan, where an encounter has Sensiti= vity=3Dhigh, can be viewed and changed by users who do not have Sensitiviti= es=3Dhigh privilege. Version 7.0.4 fixes the issue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-54373" target=3D= "_blank" rel=3D"noopener">CVE-2025-54373</a></td>

<a href=3D"https://github.com/openemr/openemr/security/advisories/GHSA-739g= -6m63-p7fr" target=3D"_blank" rel=3D"noopener">https://github.com/openemr/o= penemr/security/advisories/GHSA-739g-6m63-p7fr</a> <a href=3D"https://gi= thub.com/openemr/openemr/commit/aef3d1c85d9ff2f28d3d361d2818aee79b6dcd33" t= arget=3D"_blank" rel=3D"noopener">https://github.com/openemr/openemr/commit= /aef3d1c85d9ff2f28d3d361d2818aee79b6dcd33</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: PBMAC1 parameters in PKCS#12 files are missing validatio=
n which can trigger a stack-based buffer overflow, invalid pointer or NULL = pointer dereference during MAC verification. Impact summary: The stack buff=
er overflow or NULL pointer dereference may cause a crash leading to Denial=
of Service for an application that parses untrusted PKCS#12 files. The buf= fer overflow may also potentially enable code execution depending on platfo=
rm mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC,=
the PBKDF2 salt and keylength parameters from the file are used without va= lidation. If the value of keylength exceeds the size of the fixed stack buf= fer used for the derived key (64 bytes), the key derivation will overflow t=
he buffer. The overflow length is attacker-controlled. Also, if the salt pa= rameter is not an OCTET STRING type this can lead to invalid or NULL pointe=
r dereference. Exploiting this issue requires a user or application to proc= ess a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted = PKCS#12 files in applications as they are usually used to store private key=
s which are trusted by definition. For this reason the issue was assessed a=
s Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected =
by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module bou= ndary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, = 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support = PBMAC1 in PKCS#12.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11187" target=3D= "_blank" rel=3D"noopener">CVE-2025-11187</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: Parsing CMS AuthEnvelopedData message with maliciously c= rafted AEAD parameters can trigger a stack buffer overflow. Impact summary:=
A stack buffer overflow may lead to a crash, causing Denial of Service, or=
potentially remote code execution. When parsing CMS AuthEnvelopedData stru= ctures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector=
) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer = without verifying that its length fits the destination. An attacker can sup= ply a crafted CMS message with an oversized IV, causing a stack-based out-o= f-bounds write before any authentication or tag verification occurs. Applic= ations and services that parse untrusted CMS or PKCS#7 content using AEAD c= iphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Becaus=
e the overflow occurs prior to authentication, no valid key material is req= uired to trigger it. While exploitability to remote code execution depends =
on platform and toolchain mitigations, the stack-based write primitive repr= esents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are no=
t affected by this issue, as the CMS implementation is outside the OpenSSL = FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to = this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15467" target=3D= "_blank" rel=3D"noopener">CVE-2025-15467</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026b= a9a9" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> <a href=3D= "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b5= 6344429e" target=3D"_blank" rel=3D"noopener">3.0.19 git commit</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: If an application using the SSL_CIPHER_find() function i=
n a QUIC protocol client or server receives an unknown cipher suite from th=
e peer, a NULL dereference occurs. Impact summary: A NULL pointer dereferen=
ce leads to abnormal termination of the running process causing Denial of S= ervice. Some applications call SSL_CIPHER_find() from the client_hello_cb c= allback on the cipher ID received from the peer. If this is done with an SS=
L object implementing the QUIC protocol, NULL pointer dereference will happ=
en if the examined cipher ID is unknown or unsupported. As it is not very c= ommon to call this function in applications using the QUIC protocol and the=
worst outcome is Denial of Service, the issue was assessed as Low severity=
. The vulnerable code was introduced in the 3.2 version with the addition o=
f the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are = not affected by this issue, as the QUIC implementation is outside the OpenS=
SL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to th=
is issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15468" target=3D= "_blank" rel=3D"noopener">CVE-2025-15468</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c6= 4ac7" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: The 'openssl dgst' command-line tool silently truncates = input data to 16MB when using one-shot signing algorithms and reports succe=
ss instead of an error. Impact summary: A user signing or verifying files l= arger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA=
) may believe the entire file is authenticated while trailing data beyond 1= 6MB remains unauthenticated. When the 'openssl dgst' command is used with a= lgorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML= -DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input = exceeds this limit, the tool silently truncates to the first 16MB and conti= nues without signaling an error, contrary to what the documentation states.=
This creates an integrity gap where trailing bytes can be modified without=
detection if both signing and verification are performed using the same af= fected codepath. The issue affects only the command-line tool behavior. Ver= ifiers that process the full message using library APIs will reject the sig= nature, so the risk primarily affects workflows that both sign and verify w= ith the affected 'openssl dgst' command. Streaming digest algorithms for 'o= penssl dgst' and library users are unaffected. The FIPS modules in 3.5 and = 3.6 are not affected by this issue, as the command-line tools are outside t=
he OpenSSL FIPS module boundary. OpenSSL 3.5 and 3.6 are vulnerable to this=
issue. OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this iss= ue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15469" target=3D= "_blank" rel=3D"noopener">CVE-2025-15469</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: A TLS 1.3 connection using certificate compression can b=
e forced to allocate a large buffer before decompression without checking a= gainst the configured certificate size limit. Impact summary: An attacker c=
an cause per-connection memory allocations of up to approximately 22 MiB an=
d extra CPU work, potentially leading to service degradation or resource ex= haustion (Denial of Service). In affected configurations, the peer-supplied=
uncompressed certificate length from a CompressedCertificate message is us=
ed to grow a heap buffer prior to decompression. This length is not bounded=
by the max_cert_list setting, which otherwise constrains certificate messa=
ge sizes. An attacker can exploit this to cause large per-connection alloca= tions followed by handshake failure. No memory corruption or information di= sclosure occurs. This issue only affects builds where TLS 1.3 certificate c= ompression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one = compression algorithm (brotli, zlib, or zstd) is available, and where the c= ompression extension is negotiated. Both clients receiving a server Compres= sedCertificate and servers in mutual TLS scenarios receiving a client Compr= essedCertificate are affected. Servers that do not request client certifica= tes are not vulnerable to client-initiated attacks. Users can mitigate this=
issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving=
compressed certificates. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not=
affected by this issue, as the TLS implementation is outside the OpenSSL F= IPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this i= ssue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-66199" target=3D= "_blank" rel=3D"noopener">CVE-2025-66199</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98b= fef4" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: Writing large, newline-free data into a BIO chain using = the line-buffering filter where the next BIO performs short writes can trig= ger a heap-based out-of-bounds write. Impact summary: This out-of-bounds wr= ite can cause memory corruption which typically results in a crash, leading=
to Denial of Service for an application. The line-buffering BIO filter (BI= O_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL co= mmand-line applications, it is typically only pushed onto stdout/stderr on = VMS systems. Third-party applications that explicitly use this filter with =
a BIO chain that can short-write and that write large, newline-free data in= fluenced by an attacker would be affected. However, the circumstances where=
this could happen are unlikely to be under attacker control, and BIO_f_lin= ebuffer is unlikely to be handling non-curated data controlled by an attack= er. For that reason the issue was assessed as Low severity. The FIPS module=
s in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO = implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.=
5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68160" target=3D= "_blank" rel=3D"noopener">CVE-2025-68160</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d1= 62ad" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> <a href=3D= "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c8= 13fc8ff6" target=3D"_blank" rel=3D"noopener">3.0.19 git commit</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: When using the low-level OCB API directly with AES-NI or= other hardware-accelerated code paths, inputs whose length is not=
a multiple of 16 bytes can leave the final partial block unencryp= ted and unauthenticated. Impact summary: The trailing 1-=
15 bytes of a message may be exposed in cleartext on encryption an=
d are not covered by the authentication tag, allowing an attacker =
to read or tamper with those bytes without detection. Th=
e low-level OCB encrypt and decrypt routines in the hardware-accelerated&lt= ;br>stream path process full 16-byte blocks but do not advance the input= /output pointers. The subsequent tail-handling code then operates =
on the original base pointers, effectively reprocessing the beginn= ing of the buffer while leaving the actual trailing bytes unproces= sed. The authentication checksum also excludes the true tail bytes= . However, typical OpenSSL consumers using EVP are not a= ffected because the higher-level EVP and provider OCB implementati= ons split inputs so that full blocks and trailing partial blocks a=
re processed in separate calls, avoiding the problematic code path=
. Additionally, TLS does not use OCB ciphersuites. The vulnerabili=
ty only affects applications that call the low-level CRYPTO_ocb128= _encrypt() or CRYPTO_ocb128_decrypt() functions directly with non-= block-aligned lengths in a single call on hardware-accelerated builds.<b= r>For these reasons the issue was assessed as Low severity. &lt= ;br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not aff= ected by this issue, as OCB mode is not a FIPS-approved algorithm.= OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerabl=
e to this issue. OpenSSL 1.0.2 is not affected by this i= ssue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69418" target=3D= "_blank" rel=3D"noopener">CVE-2025-69418</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4= f5ae" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> <a href=3D= "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52= c4cc2347" target=3D"_blank" rel=3D"noopener">3.0.19 git commit</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: Calling PKCS12_get_friendlyname() function on a maliciou= sly crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containi=
ng non-ASCII BMP code point can trigger a one byte write before the allocat=
ed buffer. Impact summary: The out-of-bounds write can cause a memory corru= ption which can have various consequences including a Denial of Service. Th=
e OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 B= MPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes=
, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-=
16 source byte count as the destination buffer capacity to UTF8_putc(). For=
BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarde=
d capacity can be just two bytes. UTF8_putc() then returns -1, and this neg= ative value is added to the output length without validation, causing the l= ength to become negative. The subsequent trailing NUL byte is then written =
at a negative offset, causing write outside of heap allocated buffer. The v= ulnerability is reachable via the public PKCS12_get_friendlyname() API when=
parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a dif= ferent code path that avoids this issue, PKCS12_get_friendlyname() directly=
invokes the vulnerable function. Exploitation requires an attacker to prov= ide a malicious PKCS#12 file to be parsed by the application and the attack=
er can just trigger a one zero byte write before the allocated buffer. For = that reason the issue was assessed as Low severity according to our Securit=
y Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected b=
y this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS mod= ule boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to t= his issue. OpenSSL 1.0.2 is not affected by this issue.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69419" target=3D= "_blank" rel=3D"noopener">CVE-2025-69419</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54be= e2e2" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> <a href=3D= "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba= 60b49296" target=3D"_blank" rel=3D"noopener">3.0.19 git commit</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: A type confusion vulnerability exists in the TimeStamp R= esponse verification code where an ASN1_TYPE union member is accessed witho=
ut first validating the type, causing an invalid or NULL pointer dereferenc=
e when processing a malformed TimeStamp Response file. Impact summary: An a= pplication calling TS_RESP_verify_response() with a malformed TimeStamp Res= ponse can be caused to dereference an invalid or NULL pointer when reading,=
resulting in a Denial of Service. The functions ossl_ess_get_signing_cert(=
) and ossl_ess_get_signing_cert_v2() access the signing cert attribute valu=
e without validating its type. When the type is not V_ASN1_SEQUENCE, this r= esults in accessing invalid memory through the ASN1_TYPE union, causing a c= rash. Exploiting this vulnerability requires an attacker to provide a malfo= rmed TimeStamp Response to an application that verifies timestamp responses=
. The TimeStamp protocol (RFC 3161) is not widely used and the impact of th=
e exploit is just a Denial of Service. For these reasons the issue was asse= ssed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not aff= ected by this issue, as the TimeStamp Response implementation is outside th=
e OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 a=
re vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.</=

<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69420" target=3D= "_blank" rel=3D"noopener">CVE-2025-69420</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e5= 4f1b" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> <a href=3D= "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f3= 3f73133a" target=3D"_blank" rel=3D"noopener">3.0.19 git commit</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: Processing a malformed PKCS#12 file can trigger a NULL p= ointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact sum= mary: A NULL pointer dereference can trigger a crash which leads to Denial =
of Service for an application processing PKCS#12 files. The PKCS12_item_dec= rypt_d2i_ex() function does not check whether the oct parameter is NULL bef= ore dereferencing it. When called from PKCS12_unpack_p7encdata() with a mal= formed PKCS#12 file, this parameter can be NULL, causing a crash. The vulne= rability is limited to Denial of Service and cannot be escalated to achieve=
code execution or memory disclosure. Exploiting this issue requires an att= acker to provide a malformed PKCS#12 file to an application that processes = it. For that reason the issue was assessed as Low severity according to our=
Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not af= fected by this issue, as the PKCS#12 implementation is outside the OpenSSL = FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are = vulnerable to this issue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69421" target=3D= "_blank" rel=3D"noopener">CVE-2025-69421</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf= 74bd" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> <a href=3D= "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d7= 5ec0c0c7" target=3D"_blank" rel=3D"noopener">3.0.19 git commit</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: An invalid or NULL pointer dereference can happen in an = application processing a malformed PKCS#12 file. Impact summary: An applica= tion processing a malformed PKCS#12 file can be caused to dereference an in= valid or NULL pointer on memory read, resulting in a Denial of Service. A t= ype confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TY=
PE union member is accessed without first validating the type, causing an i= nvalid pointer read. The location is constrained to a 1-byte address space,=
meaning any attempted pointer manipulation can only target addresses betwe=
en 0x00 and 0xFF. This range corresponds to the zero page, which is unmappe=
d on most modern operating systems and will reliably result in a crash, lea= ding only to a Denial of Service. Exploiting this issue also requires a use=
r or application to process a maliciously crafted PKCS#12 file. It is uncom= mon to accept untrusted PKCS#12 files in applications as they are usually u= sed to store private keys which are trusted by definition. For these reason=
s, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.=
3 and 3.0 are not affected by this issue, as the PKCS12 implementation is o= utside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 an=
d 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this=
issue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22795" target=3D= "_blank" rel=3D"noopener">CVE-2026-22795</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596= 373e" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> <a href=3D= "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a49= 0f831a49" target=3D"_blank" rel=3D"noopener">3.0.19 git commit</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenSSL--OpenSSL</td>
<td>Issue summary: A type confusion vulnerability exists in the signature v= erification of signed PKCS#7 data where an ASN1_TYPE union member is access=
ed without first validating the type, causing an invalid or NULL pointer de= reference when processing malformed PKCS#7 data. Impact summary: An applica= tion performing signature verification of PKCS#7 data or calling directly t=
he PKCS7_digest_from_attributes() function can be caused to dereference an = invalid or NULL pointer when reading, resulting in a Denial of Service. The=
function PKCS7_digest_from_attributes() accesses the message digest attrib= ute value without validating its type. When the type is not V_ASN1_OCTET_ST= RING, this results in accessing invalid memory through the ASN1_TYPE union,=
causing a crash. Exploiting this vulnerability requires an attacker to pro= vide a malformed signed PKCS#7 to an application that verifies it. The impa=
ct of the exploit is just a Denial of Service, the PKCS7 API is legacy and = applications should be using the CMS API instead. For these reasons the iss=
ue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 = are not affected by this issue, as the PKCS#7 parsing implementation is out= side the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1=
.1 and 1.0.2 are vulnerable to this issue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22796" target=3D= "_blank" rel=3D"noopener">CVE-2026-22796</a></td>

<a href=3D"https://openssl-library.org/news/secadv/20260127.txt" target=3D"= _blank" rel=3D"noopener">OpenSSL Advisory</a> <a href=3D"https://github.= com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2" target= =3D"_blank" rel=3D"noopener">3.6.1 git commit</a> <a href=3D"https://git= hub.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4" ta= rget=3D"_blank" rel=3D"noopener">3.5.5 git commit</a> <a href=3D"https:/= /github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12=
" target=3D"_blank" rel=3D"noopener">3.4.4 git commit</a> <a href=3D"htt= ps://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596= 373e" target=3D"_blank" rel=3D"noopener">3.3.6 git commit</a> <a href=3D= "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a49= 0f831a49" target=3D"_blank" rel=3D"noopener">3.0.19 git commit</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">OpenText--Vertica</td>
<td>Cleartext Storage of Sensitive Information vulnerability in OpenText=C3= =A2=E2=80=9E=C2=A2 Vertica allows Retrieve Embedded Sensitive Data.=C2=A0= =C2=A0 The vulnerability could read Vertica agent plaintext apikey. This is= sue affects Vertica versions: 23.X, 24.X, 25.X.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-9432" target=3D"= _blank" rel=3D"noopener">CVE-2024-9432</a></td>

<a href=3D"https://portal.microfocus.com/s/article/KM000044937?language=3De= n_US" target=3D"_blank" rel=3D"noopener">https://portal.microfocus.com/s/ar= ticle/KM000044937?language=3Den_US</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenVPN--OpenVPN</td>
<td>Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.= 7_rc5 allows remote authenticated users to trigger an assert resulting in a=
denial of service</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15497" target=3D= "_blank" rel=3D"noopener">CVE-2025-15497</a></td>

<a href=3D"https://community.openvpn.net/Security%20Announcements/CVE-2025-= 15497" target=3D"_blank" rel=3D"noopener">https://community.openvpn.net/Sec= urity%20Announcements/CVE-2025-15497</a> <a href=3D"https://www.mail-arc= hive.com/openvpn-announce@lists.sourceforge.net/msg00156.html" target=3D"_b= lank" rel=3D"noopener">https://www.mail-archive.com/openvpn-announce@lists.= sourceforge.net/msg00156.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">opf--openproject</td>
<td>OpenProject is an open-source, web-based project management software. V= ersions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerabili=
ty in OpenProject's repository diff download endpoint (`/projects/:project_= id/repository/diff.diff`) when rendering a single revision via git show. By=
supplying a specially crafted rev value (for example, `rev=3D--output=3D/t= mp/poc.txt)`, an attacker can inject git show command-line options. When Op= enProject executes the SCM command, Git interprets the attacker-controlled = rev as an option and writes the output to an attacker-chosen path. As a res= ult, any user with the `:browse_repository` permission on the project can c= reate or overwrite arbitrary files that the OpenProject process user is per= mitted to write. The written contents consist of git show output (commit me= tadata and patch), but overwriting application or configuration files still=
leads to data loss and denial of service, impacting integrity and availabi= lity. The issue has been fixed in OpenProject 17.0.2 and 16.6.6.</td> <td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24685" target=3D= "_blank" rel=3D"noopener">CVE-2026-24685</a></td>

<a href=3D"https://github.com/opf/openproject/security/advisories/GHSA-74p5= -9pr3-r6pw" target=3D"_blank" rel=3D"noopener">https://github.com/opf/openp= roject/security/advisories/GHSA-74p5-9pr3-r6pw</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">orval-labs--orval</td>
<td>Orval generates type-safe JS clients (TypeScript) from any valid OpenAP=
I v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior t=
o 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsS= tringEscape function properly handles single quotes ('), double quotes (") = and so on, it is still possible to achieve code injection using only a limi= ted set of characters that are currently not escaped. The vulnerability lie=
s in the fact that the application can be forced to execute arbitrary JavaS= cript using characters such as []()!+. By using a technique known as JSFuck=
, an attacker can bypass the current sanitization logic and run arbitrary c= ode without needing any alphanumeric characters or quotes. Version 7.21.0 a=
nd 8.2.0 contain an updated fix.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25141" target=3D= "_blank" rel=3D"noopener">CVE-2026-25141</a></td>

<a href=3D"https://github.com/orval-labs/orval/security/advisories/GHSA-gch= 2-phqh-fg9q" target=3D"_blank" rel=3D"noopener">https://github.com/orval-la= bs/orval/security/advisories/GHSA-gch2-phqh-fg9q</a> <a href=3D"https://= github.com/orval-labs/orval/security/advisories/GHSA-h526-wf6g-67jv" target= =3D"_blank" rel=3D"noopener">https://github.com/orval-labs/orval/security/a= dvisories/GHSA-h526-wf6g-67jv</a> <a href=3D"https://github.com/orval-la= bs/orval/blob/02211fc413524be340ba9ace866a2ef68845ca7c/packages/core/src/ut= ils/string.ts#L227" target=3D"_blank" rel=3D"noopener">https://github.com/o= rval-labs/orval/blob/02211fc413524be340ba9ace866a2ef68845ca7c/packages/core= /src/utils/string.ts#L227</a> <a href=3D"https://github.com/orval-labs/o= rval/releases/tag/v7.21.0" target=3D"_blank" rel=3D"noopener">https://githu= b.com/orval-labs/orval/releases/tag/v7.21.0</a> <a href=3D"https://githu= b.com/orval-labs/orval/releases/tag/v8.2.0" target=3D"_blank" rel=3D"noopen= er">https://github.com/orval-labs/orval/releases/tag/v8.2.0</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Phala-Network--dcap-qvl</td>
<td>dcap-qvl implements the quote verification logic for DCAP (Data Center = Attestation Primitives). A vulnerability present in versions prior to 0.3.9=
involves a critical gap in the cryptographic verification process within t=
he dcap-qvl. The library fetches QE Identity collateral (including qe_ident= ity, qe_identity_signature, and qe_identity_issuer_chain) from the PCCS. Ho= wever, it skips to verify the QE Identity signature against its certificate=
chain and does not enforce policy constraints on the QE Report. An attacke=
r can forge the QE Identity data to whitelist a malicious or non-Intel Quot= ing Enclave. This allows the attacker to forge the QE and sign untrusted qu= otes that the verifier will accept as valid. Effectively, this bypasses the=
entire remote attestation security model, as the verifier can no longer tr= ust the entity responsible for signing the quotes. All deployments utilizin=
g the dcap-qvl library for SGX or TDX quote verification are affected. The = vulnerability has been patched in dcap-qvl version 0.3.9. The fix implement=
s the missing cryptographic verification for the QE Identity signature and = enforces the required checks for MRSIGNER, ISVPRODID, and ISVSVN against th=
e QE Report. Users of the `@phala/dcap-qvl-node` and `@phala/dcap-qvl-web` = packages should switch to the pure JavaScript implementation, `@phala/dcap-= qvl`. There are no known workarounds for this vulnerability. Users must upg= rade to the patched version to ensure that QE Identity collateral is proper=
ly verified.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22696" target=3D= "_blank" rel=3D"noopener">CVE-2026-22696</a></td>

<a href=3D"https://github.com/Phala-Network/dcap-qvl/security/advisories/GH= SA-796p-j2gh-9m2q" target=3D"_blank" rel=3D"noopener">https://github.com/Ph= ala-Network/dcap-qvl/security/advisories/GHSA-796p-j2gh-9m2q</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">pilgrimage233--Minecraft-Rcon-Manage</td> <td>Improper Control of Generation of Code ('Code Injection') vulnerability=
in pilgrimage233 Minecraft-Rcon-Manage. This issue affects Minecraft-Rcon-= Manage: before 3.0.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24871" target=3D= "_blank" rel=3D"noopener">CVE-2026-24871</a></td>

<a href=3D"https://github.com/pilgrimage233/Minecraft-Rcon-Manage/pull/13" = target=3D"_blank" rel=3D"noopener">https://github.com/pilgrimage233/Minecra= ft-Rcon-Manage/pull/13</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Pix-Link--LV-WR21Q</td>
<td>Pix-Link LV-WR21Q does not enforce any form of authentication for endpo= int=C2=A0/goform/getHomePageInfo. Remote unauthenticated attacker is able t=
o use this endpoint to e.g: retrieve cleartext password to the access point=
. The vendor was notified early about this vulnerability, but didn't respon=
d with the details of vulnerability or vulnerable version range. Only versi=
on V108_108 was tested and confirmed as vulnerable, other versions were not=
tested and might also be vulnerable.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12386" target=3D= "_blank" rel=3D"noopener">CVE-2025-12386</a></td>

<a href=3D"https://cert.pl/en/posts/2026/01/CVE-2025-12386" target=3D"_blan=
k" rel=3D"noopener">https://cert.pl/en/posts/2026/01/CVE-2025-12386</a> =
<a href=3D"https://www.pix-link.com/lv-wr21q" target=3D"_blank" rel=3D"noop= ener">https://www.pix-link.com/lv-wr21q</a> <a href=3D"https://github.co= m/wcyb/security_research" target=3D"_blank" rel=3D"noopener">https://github= .com/wcyb/security_research</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Pix-Link--LV-WR21Q</td>
<td>A vulnerability in the Pix-Link LV-WR21Q router's language module allow=
s remote attackers to trigger a denial of service (DoS) by sending a specia= lly crafted HTTP POST request containing non-existing language parameter. T= his renders the server unable to serve correct lang.js file, which causes a= dministrator panel to not work, resulting in DoS until the language setting=
s is reverted to a correct value. The Denial of Service affects only the ad= ministrator panel and does not affect other router functionalities. The ven= dor was notified early about this vulnerability, but didn't respond with th=
e details of vulnerability or vulnerable version range. Only version V108_1=
08 was tested and confirmed as vulnerable, other versions were not tested a=
nd might also be vulnerable.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12387" target=3D= "_blank" rel=3D"noopener">CVE-2025-12387</a></td>

<a href=3D"https://cert.pl/en/posts/2026/01/CVE-2025-12386" target=3D"_blan=
k" rel=3D"noopener">https://cert.pl/en/posts/2026/01/CVE-2025-12386</a> =
<a href=3D"https://www.pix-link.com/lv-wr21q" target=3D"_blank" rel=3D"noop= ener">https://www.pix-link.com/lv-wr21q</a> <a href=3D"https://github.co= m/wcyb/security_research" target=3D"_blank" rel=3D"noopener">https://github= .com/wcyb/security_research</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pnpm--pnpm</td>
<td>pnpm is a package manager. Prior to version 10.28.2, when pnpm installs=
a `file:` (directory) or `git:` dependency, it follows symlinks and reads = their target contents without constraining them to the package root. A mali= cious package containing a symlink to an absolute path (e.g., `/etc/passwd`=
, `~/.ssh/id_rsa`) causes pnpm to copy that file's contents into `node_modu= les`, leaking local data. The vulnerability only affects `file:` and `git:`=
dependencies. Registry packages (npm) have symlinks stripped during publis=
h and are NOT affected. The issue impacts developers installing local/file = dependencies andCI/CD pipelines installing git dependencies. It can lead to=
credential theft via symlinks to `~/.aws/credentials`, `~/.npmrc`, `~/.ssh= /id_rsa`. Version 10.28.2 contains a patch.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24056" target=3D= "_blank" rel=3D"noopener">CVE-2026-24056</a></td>

<a href=3D"https://github.com/pnpm/pnpm/security/advisories/GHSA-m733-5w8f-= 5ggw" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnpm/secur= ity/advisories/GHSA-m733-5w8f-5ggw</a> <a href=3D"https://github.com/pnp= m/pnpm/commit/b277b45bc35ae77ca72d7634d144bbd58a48b70f" target=3D"_blank" r= el=3D"noopener">https://github.com/pnpm/pnpm/commit/b277b45bc35ae77ca72d763= 4d144bbd58a48b70f</a> <a href=3D"https://github.com/pnpm/pnpm/releases/t= ag/v10.28.2" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnp= m/releases/tag/v10.28.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pnpm--pnpm</td>
<td>pnpm is a package manager. Prior to version 10.28.2, when pnpm processe=
s a package's `directories.bin` field, it uses `path.join()` without valida= ting the result stays within the package root. A malicious npm package can = specify `"directories": {"bin": "../../../../tmp"}` to escape the package d= irectory, causing pnpm to chmod 755 files at arbitrary locations. This issu=
e only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by=
`EXECUTABLE_SHEBANG_SUPPORTED`). Version 10.28.2 contains a patch.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24131" target=3D= "_blank" rel=3D"noopener">CVE-2026-24131</a></td>

<a href=3D"https://github.com/pnpm/pnpm/security/advisories/GHSA-v253-rj99-= jwpq" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnpm/secur= ity/advisories/GHSA-v253-rj99-jwpq</a> <a href=3D"https://github.com/pnp= m/pnpm/commit/17432ad5bbed5c2e77255ca6d56a1449bbcfd943" target=3D"_blank" r= el=3D"noopener">https://github.com/pnpm/pnpm/commit/17432ad5bbed5c2e77255ca= 6d56a1449bbcfd943</a> <a href=3D"https://github.com/pnpm/pnpm/releases/t= ag/v10.28.2" target=3D"_blank" rel=3D"noopener">https://github.com/pnpm/pnp= m/releases/tag/v10.28.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PodcastGenerator--PodcastGenerator</td>
<td>A Stored cross-site scripting (XSS) vulnerability in 'Create New Live I= tem' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary = script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' = parameters. The saved payload gets executed on 'View All Live Items' and 'L= ive Stream' pages.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70336" target=3D= "_blank" rel=3D"noopener">CVE-2025-70336</a></td>

<a href=3D"https://github.com/PodcastGenerator/PodcastGenerator" target=3D"= _blank" rel=3D"noopener">https://github.com/PodcastGenerator/PodcastGenerat= or</a> <a href=3D"https://github.com/aryasahil96-manu/CVE-Disclosures/bl= ob/main/CVE-2025-70336" target=3D"_blank" rel=3D"noopener">https://github.c= om/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">podman-desktop--podman-desktop</td>
<td>Podman Desktop is a graphical tool for developing on containers and Kub= ernetes. A critical authentication bypass vulnerability in Podman Desktop p= rior to version 1.25.1 allows any extension to completely circumvent permis= sion checks and gain unauthorized access to all authentication sessions. Th=
e `isAccessAllowed()` function unconditionally returns `true`, enabling mal= icious extensions to impersonate any user, hijack authentication sessions, = and access sensitive resources without authorization. This vulnerability af= fects all versions of Podman Desktop. Version 1.25.1 contains a patch for t=
he issue.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24835" target=3D= "_blank" rel=3D"noopener">CVE-2026-24835</a></td>

<a href=3D"https://github.com/podman-desktop/podman-desktop/security/adviso= ries/GHSA-v3fx-qg34-6g9m" target=3D"_blank" rel=3D"noopener">https://github= .com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m<= /a> <a href=3D"https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5= rEDxuDM5/view?usp=3Dsharing" target=3D"_blank" rel=3D"noopener">https://dri= ve.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=3Dsharing</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">praydog--REFramework</td>
<td>An issue from the component luaG_runerror in dependencies/lua/src/ldebu= g.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer over= flow when a recursive error occurs.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24809" target=3D= "_blank" rel=3D"noopener">CVE-2026-24809</a></td>

<a href=3D"https://github.com/praydog/REFramework/pull/1320" target=3D"_bla= nk" rel=3D"noopener">https://github.com/praydog/REFramework/pull/1320</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">praydog--UEVR</td>
<td>Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src=
modules). This vulnerability is associated with program files ldebug.C, lv= m.C. This issue affects UEVR: before 1.05.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24817" target=3D= "_blank" rel=3D"noopener">CVE-2026-24817</a></td>

<a href=3D"https://github.com/praydog/UEVR/pull/336" target=3D"_blank" rel= =3D"noopener">https://github.com/praydog/UEVR/pull/336</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">praydog--UEVR</td>
<td>Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src = modules). This vulnerability is associated with program files lparser.C. Th=
is issue affects UEVR: before 1.05.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24818" target=3D= "_blank" rel=3D"noopener">CVE-2026-24818</a></td>

<a href=3D"https://github.com/praydog/UEVR/pull/337" target=3D"_blank" rel= =3D"noopener">https://github.com/praydog/UEVR/pull/337</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Progress Software--Chef Inspec</td>
<td>Chef InSpec up to version 5.23 creates named pipes with overly permissi=
ve default Windows access controls. A local attacker may interfere with the=
pipe connection process and exploit the insufficient access restrictions t=
o assume the InSpec execution context, potentially resulting in elevated pr= ivileges or operational disruption. This issue affects Chef Inspec: through=
5.23.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6723" target=3D"= _blank" rel=3D"noopener">CVE-2025-6723</a></td>

<a href=3D"https://docs.chef.io/inspec/" target=3D"_blank" rel=3D"noopener"= >https://docs.chef.io/inspec/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pwncollege--dojo</td>
<td>pwn.college DOJO is an education platform for learning cybersecurity. P= rior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing=
on `/workspace/*` routes allows challenge authors to inject arbitrary java= script which runs on the same origin as `http[:]//dojo[.]website`. This is =
a sandbox escape leading to arbitrary javascript execution as the dojo's or= igin. A challenge author can craft a page that executes any dangerous actio=
ns that the user could. Version e33da14449a5abcff507e554f66e2141d6683b0a pa= tches the issue.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25117" target=3D= "_blank" rel=3D"noopener">CVE-2026-25117</a></td>

<a href=3D"https://github.com/pwncollege/dojo/security/advisories/GHSA-wvcf= -9xm8-7mrg" target=3D"_blank" rel=3D"noopener">https://github.com/pwncolleg= e/dojo/security/advisories/GHSA-wvcf-9xm8-7mrg</a> <a href=3D"https://gi= thub.com/pwncollege/dojo/commit/e33da14449a5abcff507e554f66e2141d6683b0a" t= arget=3D"_blank" rel=3D"noopener">https://github.com/pwncollege/dojo/commit= /e33da14449a5abcff507e554f66e2141d6683b0a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">py-pdf--pypdf</td>
<td>pypdf is a free and open-source pure-python PDF library. An attacker wh=
o uses an infinite loop vulnerability that is present in versions prior to = 6.6.2 can craft a PDF which leads to an infinite loop. This requires access= ing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects=
cannot upgrade yet, consider applying the changes from PR #3610 manually.<=

<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24688" target=3D= "_blank" rel=3D"noopener">CVE-2026-24688</a></td>

<a href=3D"https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m2= 9v-hq73" target=3D"_blank" rel=3D"noopener">https://github.com/py-pdf/pypdf= /security/advisories/GHSA-2q4j-m29v-hq73</a> <a href=3D"https://github.c= om/py-pdf/pypdf/pull/3610" target=3D"_blank" rel=3D"noopener">https://githu= b.com/py-pdf/pypdf/pull/3610</a> <a href=3D"https://github.com/py-pdf/py= pdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1" target=3D"_blank" rel= =3D"noopener">https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6= 740ffddfdf31b1fec1</a> <a href=3D"https://github.com/py-pdf/pypdf/releas= es/tag/6.6.2" target=3D"_blank" rel=3D"noopener">https://github.com/py-pdf/= pypdf/releases/tag/6.6.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">qgis--QGIS</td>
<td>QGIS is a free, open source, cross platform geographical information sy= stem (GIS) The repository contains a GitHub Actions workflow called "pre-co= mmit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, = was vulnerable to remote code execution and repository compromise because i=
t used the `pull_request_target` trigger and then checked out and executed = untrusted pull request code in a privileged context. Workflows triggered by=
`pull_request_target` ran with the base repository's credentials and acces=
s to secrets. If these workflows then checked out and executed code from th=
e head of an external pull request (which could have been attacker controll= ed), the attacker could have executed arbitrary commands with elevated priv= ileges. This insecure pattern has been documented as a security risk by Git= Hub and security researchers. Commit 76a693cd91650f9b4e83edac525e5e4f90d954=
e9 removed the vulnerable code.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24480" target=3D= "_blank" rel=3D"noopener">CVE-2026-24480</a></td>

<a href=3D"https://github.com/qgis/QGIS/security/advisories/GHSA-7h99-4f97-= h6rw" target=3D"_blank" rel=3D"noopener">https://github.com/qgis/QGIS/secur= ity/advisories/GHSA-7h99-4f97-h6rw</a> <a href=3D"https://github.com/qgi= s/QGIS/commit/76a693cd91650f9b4e83edac525e5e4f90d954e9" target=3D"_blank" r= el=3D"noopener">https://github.com/qgis/QGIS/commit/76a693cd91650f9b4e83eda= c525e5e4f90d954e9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'txAny' in '/evaluacion_competencias_autoeval_list.aspx', co= uld allow an attacker to extract sensitive information from the database th= rough external channels, without the affected application returning the dat=
a directly, compromising the confidentiality of the stored information.</td=

<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1472" target=3D"= _blank" rel=3D"noopener">CVE-2026-1472</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' in '/evaluacion_competencias_evalua.aspx', coul=
d allow an attacker to extract sensitive information from the database thro= ugh external channels, without the affected application returning the data = directly, compromising the confidentiality of the stored information.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1473" target=3D"= _blank" rel=3D"noopener">CVE-2026-1473</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' and 'Id_evaluacion' en '/evaluacion_inicio.aspx=
', could allow an attacker to extract sensitive information from the databa=
se through external channels, without the affected application returning th=
e data directly, compromising the confidentiality of the stored information= .</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1474" target=3D"= _blank" rel=3D"noopener">CVE-2026-1474</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' in '/evaluacion_acciones_evalua.aspx', could al= low an attacker to extract sensitive information from the database through = external channels, without the affected application returning the data dire= ctly, compromising the confidentiality of the stored information.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1475" target=3D"= _blank" rel=3D"noopener">CVE-2026-1475</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' in '/evaluacion_acciones_ver_auto.aspx', could = allow an attacker to extract sensitive information from the database throug=
h external channels, without the affected application returning the data di= rectly, compromising the confidentiality of the stored information.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1476" target=3D"= _blank" rel=3D"noopener">CVE-2026-1476</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' and 'Id_evaluacion' in '/evaluacion_competencia= s_evalua_old.aspx', could allow an attacker to extract sensitive informatio=
n from the database through external channels, without the affected applica= tion returning the data directly, compromising the confidentiality of the s= tored information.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1477" target=3D"= _blank" rel=3D"noopener">CVE-2026-1477</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' and 'Id_evaluacion' in '/evaluacion_hca_evalua.= aspx', could allow an attacker to extract sensitive information from the da= tabase through external channels, without the affected application returnin=
g the data directly, compromising the confidentiality of the stored informa= tion.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1478" target=3D"= _blank" rel=3D"noopener">CVE-2026-1478</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameters 'Id_usuario' and 'Id_evaluacion' in '/evaluacion_hca_ver_au= to.asp', could allow an attacker to extract sensitive information from the = database through external channels, without the affected application return= ing the data directly, compromising the confidentiality of the stored infor= mation.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1479" target=3D"= _blank" rel=3D"noopener">CVE-2026-1479</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' in '/evaluacion_objetivos_anyo_sig_evalua.aspx'=
, could allow an attacker to extract sensitive information from the databas=
e through external channels, without the affected application returning the=
data directly, compromising the confidentiality of the stored information.= </td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1480" target=3D"= _blank" rel=3D"noopener">CVE-2026-1480</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' in '/evaluacion_objetivos_anyo_sig_ver_auto.asp= x', could allow an attacker to extract sensitive information from the datab= ase through external channels, without the affected application returning t=
he data directly, compromising the confidentiality of the stored informatio= n.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1481" target=3D"= _blank" rel=3D"noopener">CVE-2026-1481</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_evaluacion' in '/evaluacion_objetivos_evalua_definido.as= px', could allow an attacker to extract sensitive information from the data= base through external channels, without the affected application returning = the data directly, compromising the confidentiality of the stored informati= on.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1482" target=3D"= _blank" rel=3D"noopener">CVE-2026-1482</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Quatuor--Evaluacin de Desempeo (EDD)</td>
<td>An out-of-band SQL injection vulnerability (OOB SQLi) has been detected=
in the Performance Evaluation (EDD) application developed by Gabinete T=C3= =83=C2=A9cnico de Programaci=C3=83=C2=B3n. Exploiting this vulnerability in=
the parameter 'Id_usuario' in '/evaluacion_objetivos_ver_auto.aspx', could=
allow an attacker to extract sensitive information from the database throu=
gh external channels, without the affected application returning the data d= irectly, compromising the confidentiality of the stored information.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1483" target=3D"= _blank" rel=3D"noopener">CVE-2026-1483</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-= injection-quatuor-performance-evaluation" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/out-band-sql-injection= -quatuor-performance-evaluation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Rails--activestorage</td>
<td># Active Storage allowed transformation methods potentially unsafe Acti=
ve Storage attempts to prevent the use of potentially unsafe image transfor= mation methods and parameters by default. The default allowed list contains=
three methods allow for the circumvention of the safe defaults which enabl=
es potential command injection vulnerabilities in cases where arbitrary use=
r supplied input is accepted as valid transformation methods or parameters.=
Impact ------ This vulnerability impacts applications that use Active Stor= age with the image_processing processing gem in addition to mini_magick as = the image processor. Vulnerable code will look something similar to this: `=
`` <%=3D image_tag blob.variant(params[:t] =3D> params[:v]) %> ```=
Where the transformation method or its arguments are untrusted arbitrary i= nput. All users running an affected release should either upgrade or use on=
e of the workarounds immediately. Workarounds ----------- Consuming user su= pplied input for image transformation methods or their parameters is unsupp= orted behavior and should be considered dangerous. Strict validation of use=
r supplied methods and parameters should be performed as well as having a s= trong [ImageMagick security policy](https://imagemagick.org/script/security= -policy.php) deployed. Credits ------- Thank you [lio346](https://hackerone= .com/lio346) for reporting this!</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-24293" target=3D= "_blank" rel=3D"noopener">CVE-2025-24293</a></td>

<a href=3D"https://github.com/advisories/GHSA-r4mg-4433-c7g3" target=3D"_bl= ank" rel=3D"noopener">https://github.com/advisories/GHSA-r4mg-4433-c7g3</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ralim--IronOS</td>
<td>Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/com= ponents/ble/ble_stack/common/tinycrypt/source modules). This vulnerability =
is associated with program files ecc_dsa.C. This issue affects IronOS: befo=
re v2.23-rc3.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24801" target=3D= "_blank" rel=3D"noopener">CVE-2026-24801</a></td>

<a href=3D"https://github.com/Ralim/IronOS/pull/2087" target=3D"_blank" rel= =3D"noopener">https://github.com/Ralim/IronOS/pull/2087</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">RawTherapee--RawTherapee</td>
<td>Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine m= odules). This vulnerability is associated with program files dcraw.Cc. This=
issue affects RawTherapee: through 5.11.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24808" target=3D= "_blank" rel=3D"noopener">CVE-2026-24808</a></td>

<a href=3D"https://github.com/RawTherapee/RawTherapee/pull/7359" target=3D"= _blank" rel=3D"noopener">https://github.com/RawTherapee/RawTherapee/pull/73= 59</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in NetworkManager. The NetworkManager package allows a= ccess to files that may belong to other users. NetworkManager allows non-ro=
ot users to configure the system's network. The daemon runs with root privi= leges and can access files owned by users different from the one who added = the connection.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9615" target=3D"= _blank" rel=3D"noopener">CVE-2025-9615</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-9615" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-96= 15</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2391503"=
target=3D"_blank" rel=3D"noopener">RHBZ#2391503</a> <a href=3D"https://= gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809" target= =3D"_blank" rel=3D"noopener">https://gitlab.freedesktop.org/NetworkManager/= NetworkManager/-/issues/1809</a> <a href=3D"https://gitlab.freedesktop.o= rg/NetworkManager/NetworkManager/-/merge_requests/2324" target=3D"_blank" r= el=3D"noopener">https://gitlab.freedesktop.org/NetworkManager/NetworkManage= r/-/merge_requests/2324</a> <a href=3D"https://gitlab.freedesktop.org/Ne= tworkManager/NetworkManager/-/merge_requests/2327" target=3D"_blank" rel=3D= "noopener">https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/m= erge_requests/2327</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">rethinkdb--rethinkdb</td>
<td>Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') = vulnerability in rethinkdb (src/cjson modules). This vulnerability is assoc= iated with program files cJSON.Cc. This issue affects rethinkdb: through v2= .4.4.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24810" target=3D= "_blank" rel=3D"noopener">CVE-2026-24810</a></td>

<a href=3D"https://github.com/rethinkdb/rethinkdb/pull/7163" target=3D"_bla= nk" rel=3D"noopener">https://github.com/rethinkdb/rethinkdb/pull/7163</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">RLE NOVA--PlanManager</td>
<td>Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vulne= rability allows an attacker to execute JavaScript code in the victim's brow= ser by injecting malicious payload through the 'comment' and 'brand' parame= ters in '/index.php'. The payload is stored by the application and subseque= ntly displayed without proper sanitization when other users access it. This=
vulnerability can be exploited to steal sensitive user data, such as sessi=
on cookies, or to perform actions on behalf of the user.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1469" target=3D"= _blank" rel=3D"noopener">CVE-2026-1469</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-= site-scripting-xss-rle-novas-planmanager" target=3D"_blank" rel=3D"noopener= ">https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scri= pting-xss-rle-novas-planmanager</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">root-project--root</td>
<td>Vulnerability in root-project root (builtins/zlib modules). This vulner= ability is associated with program files inffast.C. This issue affects root= .</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24811" target=3D= "_blank" rel=3D"noopener">CVE-2026-24811</a></td>

<a href=3D"https://github.com/root-project/root/pull/18526" target=3D"_blan=
k" rel=3D"noopener">https://github.com/root-project/root/pull/18526</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">root-project--root</td>
<td>Vulnerability in root-project root (builtins/zlib modules). This vulner= ability is associated with program files inftrees.C. This issue affects roo=
t: through 6.36.00-rc1.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24812" target=3D= "_blank" rel=3D"noopener">CVE-2026-24812</a></td>

<a href=3D"https://github.com/root-project/root/pull/18527" target=3D"_blan=
k" rel=3D"noopener">https://github.com/root-project/root/pull/18527</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Schneider Electric--EcoStruxure Process Expert= </td>
<td>CWE-276: Incorrect Default Permissions vulnerability exists that could = cause privilege escalation through the reverse shell when one or more execu= table service binaries are modified in the installation folder by a local u= ser with normal privilege upon service restart.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13905" target=3D= "_blank" rel=3D"noopener">CVE-2025-13905</a></td>

<a href=3D"https://download.schneider-electric.com/files?p_Doc_Ref=3DSEVD-2= 026-013-02&p_enDocType=3DSecurity+and+Safety+Notice&p_File_Name=3DSEVD-2026= -013-02.pdf" target=3D"_blank" rel=3D"noopener">https://download.schneider-= electric.com/files?p_Doc_Ref=3DSEVD-2026-013-02&p_enDocType=3DSecurity+and+= Safety+Notice&p_File_Name=3DSEVD-2026-013-02.pdf</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">shaarli--Shaarli</td>
<td>Shaarli is a personal bookmarking service. Prior to version 0.16.0, cra= fting a malicious tag which starting with `"` prematurely ends the `<inp= ut>` tag on the start page and allows an attacker to add arbitrary html = leading to a possible XSS attack. Version 0.16.0 fixes the issue.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24476" target=3D= "_blank" rel=3D"noopener">CVE-2026-24476</a></td>

<a href=3D"https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq= -mj52-f8pg" target=3D"_blank" rel=3D"noopener">https://github.com/shaarli/S= haarli/security/advisories/GHSA-g3xq-mj52-f8pg</a> <a href=3D"https://gi= thub.com/shaarli/Shaarli/commit/b854c789289c4b0dfbb7c1e5793bae7d8f94e063" t= arget=3D"_blank" rel=3D"noopener">https://github.com/shaarli/Shaarli/commit= /b854c789289c4b0dfbb7c1e5793bae7d8f94e063</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">sharpred--deepHas</td>
<td>deepHas provides a test for the existence of a nested object key and op= tionally returns that key. A prototype pollution vulnerability exists in ve= rsion 1.0.7 of the deephas npm package that allows an attacker to modify gl= obal object behavior. This issue was fixed in version 1.0.8.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25047" target=3D= "_blank" rel=3D"noopener">CVE-2026-25047</a></td>

<a href=3D"https://github.com/sharpred/deepHas/security/advisories/GHSA-273= 3-6c58-pf27" target=3D"_blank" rel=3D"noopener">https://github.com/sharpred= /deepHas/security/advisories/GHSA-2733-6c58-pf27</a> <a href=3D"https://= github.com/sharpred/deepHas/commit/8097fafd3776c613d8066546653e0d2c7b5fc465=
" target=3D"_blank" rel=3D"noopener">https://github.com/sharpred/deepHas/co= mmit/8097fafd3776c613d8066546653e0d2c7b5fc465</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) contain an authorization flaw in the user management API that allow=
s a low-privileged authenticated user to change the administrator account p= assword. By sending a crafted request directly to the backend endpoint, an = attacker can bypass role-based restrictions enforced by the web interface a=
nd obtain full administrative privileges.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24428" target=3D= "_blank" rel=3D"noopener">CVE-2026-24428</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-incorrect-authorization-allows-admi= nistrator-password-change" target=3D"_blank" rel=3D"noopener">https://www.v= ulncheck.com/advisories/tenda-w30e-v2-incorrect-authorization-allows-admini= strator-password-change</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) ship with a predefined default password for a built-in authenticati=
on account that is not required to be changed during initial configuration.=
An attacker can leverage these default credentials to gain authenticated a= ccess to the management interface.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24429" target=3D= "_blank" rel=3D"noopener">CVE-2026-24429</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-hardcoded-default-password-for-buil= t-in-account" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/= advisories/tenda-w30e-v2-hardcoded-default-password-for-built-in-account</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) disclose sensitive account credentials in cleartext within HTTP res= ponses generated by the maintenance interface. Because the management inter= face is accessible over unencrypted HTTP by default, credentials may be exp= osed to network-based interception.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24430" target=3D= "_blank" rel=3D"noopener">CVE-2026-24430</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-http-responses-expose-plaintext-cre= dentials" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/advi= sories/tenda-w30e-v2-http-responses-expose-plaintext-credentials</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) display stored user account passwords in plaintext within the admin= istrative web interface. Any user with access to the affected management pa= ges can directly view credentials.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24431" target=3D= "_blank" rel=3D"noopener">CVE-2026-24431</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-missing-csrf-protections-for-admini= strative-actions" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.= com/advisories/tenda-w30e-v2-missing-csrf-protections-for-administrative-ac= tions</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) lack cross-site request forgery (CSRF) protections on administrativ=
e endpoints, including those used to change administrator account credentia= ls. As a result, an attacker can craft malicious requests that, when trigge= red by an authenticated user's browser, modify administrative passwords and=
other configuration settings.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24432" target=3D= "_blank" rel=3D"noopener">CVE-2026-24432</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-missing-csrf-protections-for-admini= strative-actions" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.= com/advisories/tenda-w30e-v2-missing-csrf-protections-for-administrative-ac= tions</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) contain a stored cross-site scripting vulnerability in the user cre= ation functionality. Insufficient input validation allows attacker-controll=
ed script content to be stored and later executed when administrative users=
access the affected management pages.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24433" target=3D= "_blank" rel=3D"noopener">CVE-2026-24433</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-stored-xss-via-user-name-field" tar= get=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/advisories/tenda-= w30e-v2-stored-xss-via-user-name-field</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy o=
n authenticated administrative endpoints. The device sets Access-Control-Al= low-Origin: * in combination with Access-Control-Allow-Credentials: true, a= llowing attacker-controlled origins to issue credentialed cross-origin requ= ests.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24435" target=3D= "_blank" rel=3D"noopener">CVE-2026-24435</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-permissive-cors-allows-cross-origin= -data-access" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/= advisories/tenda-w30e-v2-permissive-cors-allows-cross-origin-data-access</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) do not enforce rate limiting or account lockout mechanisms on authe= ntication endpoints. This allows attackers to perform unrestricted brute-fo= rce attempts against administrative credentials.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24436" target=3D= "_blank" rel=3D"noopener">CVE-2026-24436</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-lacks-rate-limiting-on-authenticati= on" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/advisories= /tenda-w30e-v2-lacks-rate-limiting-on-authentication</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) serve sensitive administrative content without appropriate cache-co= ntrol directives. As a result, browsers may store credential-bearing respon= ses locally, exposing them to subsequent unauthorized access.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24437" target=3D= "_blank" rel=3D"noopener">CVE-2026-24437</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-missing-cache-controls-for-credenti= al-bearing-pages" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.= com/advisories/tenda-w30e-v2-missing-cache-controls-for-credential-bearing-= pages</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) fail to include the X-Content-Type-Options: nosniff response header=
on web management interfaces. As a result, browsers that perform MIME snif= fing may incorrectly interpret attacker-influenced responses as executable = script.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24439" target=3D= "_blank" rel=3D"noopener">CVE-2026-24439</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-lacks-x-content-type-options-header=
" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/advisories/t= enda-w30e-v2-lacks-x-content-type-options-header</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--W30E V2</=

<td>Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.1= 9(5037) allow account passwords to be changed through the maintenance inter= face without requiring verification of the existing password. This enables = unauthorized password changes when access to the affected endpoint is obtai= ned.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24440" target=3D= "_blank" rel=3D"noopener">CVE-2026-24440</a></td>

<a href=3D"https://www.tendacn.com/product/W30E" target=3D"_blank" rel=3D"n= oopener">https://www.tendacn.com/product/W30E</a> <a href=3D"https://www= .vulncheck.com/advisories/tenda-w30e-v2-allows-password-change-without-veri= fying-current-password" target=3D"_blank" rel=3D"noopener">https://www.vuln= check.com/advisories/tenda-w30e-v2-allows-password-change-without-verifying= -current-password</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Significant-Gravitas--AutoGPT</td>
<td>AutoGPT is a platform that allows users to create, deploy, and manage c= ontinuous artificial intelligence agents that automate complex workflows. P= rior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution e= ndpoints (both main web API and external API) allow executing blocks by UUI=
D without checking the `disabled` flag. Any authenticated user can execute = the disabled `BlockInstallationBlock`, which writes arbitrary Python code t=
o the server filesystem and executes it via `__import__()`, achieving Remot=
e Code Execution. In default self-hosted deployments where Supabase signup =
is enabled, an attacker can self-register; if signup is disabled (e.g., hos= ted), the attacker needs an existing account. autogpt-platform-beta-v0.6.44=
contains a fix.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24780" target=3D= "_blank" rel=3D"noopener">CVE-2026-24780</a></td>

<a href=3D"https://github.com/Significant-Gravitas/AutoGPT/security/advisor= ies/GHSA-r277-3xc5-c79v" target=3D"_blank" rel=3D"noopener">https://github.= com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r277-3xc5-c79v</a= > <a href=3D"https://github.com/Significant-Gravitas/AutoGPT/blob/master= /autogpt_platform/backend/backend/api/external/v1/routes.py#L79-L93" target= =3D"_blank" rel=3D"noopener">https://github.com/Significant-Gravitas/AutoGP= T/blob/master/autogpt_platform/backend/backend/api/external/v1/routes.py#L7= 9-L93</a> <a href=3D"https://github.com/Significant-Gravitas/AutoGPT/blo= b/master/autogpt_platform/backend/backend/api/features/v1.py#L1408-L1424" t= arget=3D"_blank" rel=3D"noopener">https://github.com/Significant-Gravitas/A= utoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py#L140= 8-L1424</a> <a href=3D"https://github.com/Significant-Gravitas/AutoGPT/b= lob/master/autogpt_platform/backend/backend/api/features/v1.py#L355-L395" t= arget=3D"_blank" rel=3D"noopener">https://github.com/Significant-Gravitas/A= utoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py#L355= -L395</a> <a href=3D"https://github.com/Significant-Gravitas/AutoGPT/blo= b/master/autogpt_platform/backend/backend/blocks/block.py#L15-L78" target= =3D"_blank" rel=3D"noopener">https://github.com/Significant-Gravitas/AutoGP= T/blob/master/autogpt_platform/backend/backend/blocks/block.py#L15-L78</a><= br><a href=3D"https://github.com/Significant-Gravitas/AutoGPT/blob/master/a= utogpt_platform/backend/backend/data/block.py#L459" target=3D"_blank" rel= =3D"noopener">https://github.com/Significant-Gravitas/AutoGPT/blob/master/a= utogpt_platform/backend/backend/data/block.py#L459</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">sigstore--sigstore-python</td>
<td>sigstore-python is a Python tool for generating and verifying Sigstore = signatures. Prior to version 4.2.0, the sigstore-python OAuth authenticatio=
n flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` create=
s a unique "state" and sends it as a parameter in the authentication reques=
t but the "state" in the server response seems not not be cross-checked wit=
h this value. Version 4.2.0 contains a patch for the issue.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24408" target=3D= "_blank" rel=3D"noopener">CVE-2026-24408</a></td>

<a href=3D"https://github.com/sigstore/sigstore-python/security/advisories/= GHSA-hm8f-75xx-w2vr" target=3D"_blank" rel=3D"noopener">https://github.com/= sigstore/sigstore-python/security/advisories/GHSA-hm8f-75xx-w2vr</a> <a = href=3D"https://github.com/sigstore/sigstore-python/commit/5e77497fe8f0b202= bdd118949074ec2f20da69aa" target=3D"_blank" rel=3D"noopener">https://github= .com/sigstore/sigstore-python/commit/5e77497fe8f0b202bdd118949074ec2f20da69= aa</a> <a href=3D"https://github.com/sigstore/sigstore-python/releases/t= ag/v4.2.0" target=3D"_blank" rel=3D"noopener">https://github.com/sigstore/s= igstore-python/releases/tag/v4.2.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">silabs.com--Silicon Labs Zigbee Stack</td> <td>After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordi= nator sends a 'network leave' request to Zigbee router resulting in the Zig= bee Router getting stuck in a non-rejoinable state. If a suitable parent is=
not available, the end devices will be unable to rejoin.=C2=A0A manual rec= ommissioning is required to recover the Zigbee Router.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7964" target=3D"= _blank" rel=3D"noopener">CVE-2025-7964</a></td>

<a href=3D"https://community.silabs.com/068Vm00000dspiL" target=3D"_blank" = rel=3D"noopener">https://community.silabs.com/068Vm00000dspiL</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">simsong--bulk_extractor</td>
<td>`bulk_extractor` is a digital forensics exploitation tool. Starting in = version 1.4, `bulk_extractor`'s embedded unrar code has a heap buffer overf= low in the RAR PPM LZ decoding path. A crafted RAR inside a disk image caus=
es an out of bounds write in `Unpack::CopyString`, leading to a crash under=
ASAN (and likely a crash or memory corruption in production builds). There=
's potential for using this for RCE. As of time of publication, no known pa= tches are available.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24857" target=3D= "_blank" rel=3D"noopener">CVE-2026-24857</a></td>

<a href=3D"https://github.com/simsong/bulk_extractor/security/advisories/GH= SA-rh8m-9xrx-q64q" target=3D"_blank" rel=3D"noopener">https://github.com/si= msong/bulk_extractor/security/advisories/GHSA-rh8m-9xrx-q64q</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">simsong--tcpflow</td>
<td>tcpflow is a TCP/IP packet demultiplexer. In versions up to and includi=
ng 1.61, wifipcap parses 802.11 management frame elements and performs a le= ngth check on the wrong field when handling the TIM element. A crafted fram=
e with a large TIM length can cause a 1-byte out-of-bounds write past `tim.= bitmap[251]`. The overflow is small and DoS is the likely impact; code exec= ution is potential, but still up in the air. The affected structure is stac= k-allocated in `handle_beacon()` and related handlers. As of time of public= ation, no known patches are available.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25061" target=3D= "_blank" rel=3D"noopener">CVE-2026-25061</a></td>

<a href=3D"https://github.com/simsong/tcpflow/security/advisories/GHSA-q5q6= -frrv-9rj6" target=3D"_blank" rel=3D"noopener">https://github.com/simsong/t= cpflow/security/advisories/GHSA-q5q6-frrv-9rj6</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SmarterTools--SmarterMail</td>
<td>SmarterTools SmarterMail versions prior to build 9518 contain=C2=A0an u= nauthenticated path coercion vulnerability in the background-of-the-day pre= view endpoint. The application base64-decodes attacker-supplied input and u= ses it as a filesystem path without validation. On Windows systems, this al= lows UNC paths to be resolved, causing the SmarterMail service to initiate = outbound SMB authentication attempts to attacker-controlled hosts. This can=
be abused for credential coercion, NTLM relay attacks, and unauthorized ne= twork authentication.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25067" target=3D= "_blank" rel=3D"noopener">CVE-2026-25067</a></td>

<a href=3D"https://www.smartertools.com/smartermail/release-notes/current" = target=3D"_blank" rel=3D"noopener">https://www.smartertools.com/smartermail= /release-notes/current</a> <a href=3D"https://www.vulncheck.com/advisori= es/smartertools-smartermail-unauthenticated-background-of-the-day-path-coer= cion" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/advisori= es/smartertools-smartermail-unauthenticated-background-of-the-day-path-coer= cion</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SpringBlade--SpringBlade</td>
<td>Incorrect access control in the importUser function of SpringBlade v4.5=
.0 allows attackers with low-level privileges to arbitrarily import sensiti=
ve user data.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70982" target=3D= "_blank" rel=3D"noopener">CVE-2025-70982</a></td>

<a href=3D"https://github.com/chillzhuang/SpringBlade" target=3D"_blank" re= l=3D"noopener">https://github.com/chillzhuang/SpringBlade</a> <a href=3D= "https://github.com/chillzhuang/SpringBlade/issues/34" target=3D"_blank" re= l=3D"noopener">https://github.com/chillzhuang/SpringBlade/issues/34</a> =
<a href=3D"https://gist.github.com/old6ma/ea60151aa40ddc1cfb51fbaa0c173117"=
target=3D"_blank" rel=3D"noopener">https://gist.github.com/old6ma/ea60151a= a40ddc1cfb51fbaa0c173117</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SunFounder--Pironman Dashboard (pm_dashboard)<=

<td>SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior c= ontain a path traversal vulnerability in the log file API endpoints. An una= uthenticated remote attacker can supply traversal sequences via the filenam=
e parameter to read and delete arbitrary files. Successful exploitation can=
disclose sensitive information and delete critical system files, resulting=
in data loss and potential system compromise or denial of service.</td> <td>2026-01-31</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25069" target=3D= "_blank" rel=3D"noopener">CVE-2026-25069</a></td>

<a href=3D"https://github.com/sunfounder/pm_dashboard" target=3D"_blank" re= l=3D"noopener">https://github.com/sunfounder/pm_dashboard</a> <a href=3D= "https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashb= oard.py#L62" target=3D"_blank" rel=3D"noopener">https://github.com/sunfound= er/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L62</a> <a href= =3D"https://github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_da= shboard.py#L440" target=3D"_blank" rel=3D"noopener">https://github.com/sunf= ounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.py#L440</a> <a h= ref=3D"https://www.vulncheck.com/advisories/sunfounder-pironman-dashboard-p= ath-traversal-arbitrary-file-read-deletion" target=3D"_blank" rel=3D"noopen= er">https://www.vulncheck.com/advisories/sunfounder-pironman-dashboard-path= -traversal-arbitrary-file-read-deletion</a> <a href=3D"https://gist.gith= ub.com/chapochapo/5db8702ede862af5c59a28b5d5a0aba3" target=3D"_blank" rel= =3D"noopener">https://gist.github.com/chapochapo/5db8702ede862af5c59a28b5d5= a0aba3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SuperDuper!--Super-Duper!</td>
<td>An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local a= ttacker to modify the default task template to install an arbitrary package=
that can run shell scripts with root privileges and Full Disk Access, thus=
bypassing macOS privacy controls.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69604" target=3D= "_blank" rel=3D"noopener">CVE-2025-69604</a></td>

<a href=3D"http://shirt.com" target=3D"_blank" rel=3D"noopener">http://shir= t.com</a> <a href=3D"https://shirt-pocket.com/SuperDuper/SuperDuperDescr= iption.html" target=3D"_blank" rel=3D"noopener">https://shirt-pocket.com/Su= perDuper/SuperDuperDescription.html</a> <a href=3D"https://www.shirtpock= et.com/blog/index.php/shadedgrey/comments/superduper_v312_now_available" ta= rget=3D"_blank" rel=3D"noopener">https://www.shirtpocket.com/blog/index.php= /shadedgrey/comments/superduper_v312_now_available</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">swoole--swoole-src</td>
<td>Integer Overflow or Wraparound vulnerability in swoole swoole-src (thir= dparty/hiredis modules). This vulnerability is associated with program file=
s sds.C. This issue affects swoole-src: before 6.0.2.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24814" target=3D= "_blank" rel=3D"noopener">CVE-2026-24814</a></td>

<a href=3D"https://github.com/swoole/swoole-src/pull/5698" target=3D"_blank=
" rel=3D"noopener">https://github.com/swoole/swoole-src/pull/5698</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">tale--tale</td>
<td>Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker t=
o execute arbitrary code.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69749" target=3D= "_blank" rel=3D"noopener">CVE-2025-69749</a></td>

<a href=3D"https://github.com/otale/tale" target=3D"_blank" rel=3D"noopener= ">https://github.com/otale/tale</a> <a href=3D"https://github.com/milant= gh/otalexss" target=3D"_blank" rel=3D"noopener">https://github.com/milantgh= /otalexss</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">The Wikimedia Foundation--Mediawiki - Discussi= onTools Extension</td>
<td>Improper Neutralization of Special Elements used in an Expression Langu= age Statement ('Expression Language Injection') vulnerability in The Wikime= dia Foundation Mediawiki - DiscussionTools Extension allows Regular Express= ion Exponential Blowup. This issue affects Mediawiki - DiscussionTools Exte= nsion: 1.44, 1.43.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11175" target=3D= "_blank" rel=3D"noopener">CVE-2025-11175</a></td>

<a href=3D"https://phabricator.wikimedia.org/T396248" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T396248</a> <a href=3D"h= ttps://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7" = target=3D"_blank" rel=3D"noopener">https://gerrit.wikimedia.org/r/q/I563219= f3298a8740e158d130492bf3d2897784d7</a> <a href=3D"https://phabricator.wi= kimedia.org/T364910" target=3D"_blank" rel=3D"noopener">https://phabricator= .wikimedia.org/T364910</a> <a href=3D"https://gerrit.wikimedia.org/r/q/I= 126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d" target=3D"_blank" rel=3D"noopener= ">https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6= d</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">tildearrow--furnace</td>
<td>Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Class=
ic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modul= es). This vulnerability is associated with program files inflate.C.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24800" target=3D= "_blank" rel=3D"noopener">CVE-2026-24800</a></td>

<a href=3D"https://github.com/tildearrow/furnace/pull/2471" target=3D"_blan=
k" rel=3D"noopener">https://github.com/tildearrow/furnace/pull/2471</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">TOTOLINK--X6000R</td>
<td>Improper Neutralization of Special Elements used in an OS Command ('OS = Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Inje= ction. This issue affects X6000R: through V9.4.0cu.1498_B20250826.</td> <td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1723" target=3D"= _blank" rel=3D"noopener">CVE-2026-1723</a></td>

<a href=3D"https://www.totolink.net/home/menu/detail/menu_listtpl/download/= id/247/ids/36.html" target=3D"_blank" rel=3D"noopener">https://www.totolink= .net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html</a> <a hr= ef=3D"https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blo= b/main/2025/PANW-2026-0001/PANW-2026-0001.md" target=3D"_blank" rel=3D"noop= ener">https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blo= b/main/2025/PANW-2026-0001/PANW-2026-0001.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer MR600 v5.0</td> <td>Command injection vulnerability was found in the admin interface compon= ent of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers t=
o execute system commands with a limited character length via crafted input=
in the browser developer console, possibly leading to service disruption o=
r full compromise.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14756" target=3D= "_blank" rel=3D"noopener">CVE-2025-14756</a></td>

<a href=3D"https://www.tp-link.com/jp/support/download/archer-mr600/#Firmwa= re" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/jp/support/d= ownload/archer-mr600/#Firmware</a> <a href=3D"https://www.tp-link.com/en= /support/download/archer-mr600/#Firmware" target=3D"_blank" rel=3D"noopener= ">https://www.tp-link.com/en/support/download/archer-mr600/#Firmware</a><br= ><a href=3D"https://www.tp-link.com/us/support/faq/4916/" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/us/support/faq/4916/</a> <a hr= ef=3D"https://jvn.jp/en/vu/JVNVU94651499/" target=3D"_blank" rel=3D"noopene= r">https://jvn.jp/en/vu/JVNVU94651499/</a> <a href=3D"https://jvn.jp/vu/= JVNVU94651499/" target=3D"_blank" rel=3D"noopener">https://jvn.jp/vu/JVNVU9= 4651499/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer RE605X</td>
<td>The backup restore function does not properly validate unexpected or un= recognized tags within the backup file. When such a crafted file is restore=
d, the injected tag is interpreted by a shell, allowing execution of arbitr= ary commands with root privileges. Successful exploitation allows the attac= ker to gain root-level command execution, compromising confidentiality, int= egrity and availability.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15545" target=3D= "_blank" rel=3D"noopener">CVE-2025-15545</a></td>

<a href=3D"https://www.tp-link.com/en/support/download/re605x/v3/#Firmware"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/en/support/down= load/re605x/v3/#Firmware</a> <a href=3D"https://www.tp-link.com/us/suppo= rt/download/re605x/v3/#Firmware" target=3D"_blank" rel=3D"noopener">https:/= /www.tp-link.com/us/support/download/re605x/v3/#Firmware</a> <a href=3D"= https://www.tp-link.com/us/support/faq/4929/" target=3D"_blank" rel=3D"noop= ener">https://www.tp-link.com/us/support/faq/4929/</a> <a href=3D"https:= //nico-security.com/posts/cve-2025-15545" target=3D"_blank" rel=3D"noopener= ">https://nico-security.com/posts/cve-2025-15545</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Omada Controller</td>
<td>An IDOR vulnerability exists in Omada Controllers that allows an attack=
er with Administrator permissions to manipulate requests and potentially hi= jack the Owner account.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9520" target=3D"= _blank" rel=3D"noopener">CVE-2025-9520</a></td>

<a href=3D"https://support.omadanetworks.com/us/document/115200/" target=3D= "_blank" rel=3D"noopener">https://support.omadanetworks.com/us/document/115= 200/</a> <a href=3D"https://support.omadanetworks.com/us/download/softwa= re/omada-controller/" target=3D"_blank" rel=3D"noopener">https://support.om= adanetworks.com/us/download/software/omada-controller/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Omada Controller</td> <td>Password Confirmation Bypass vulnerability in Omada Controllers, allowi=
ng an attacker with a valid session token to bypass secondary verification,= =C2=A0and change the user's password without proper confirmation, leading t=
o weakened account security.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9521" target=3D"= _blank" rel=3D"noopener">CVE-2025-9521</a></td>

<a href=3D"https://support.omadanetworks.com/us/document/115200/" target=3D= "_blank" rel=3D"noopener">https://support.omadanetworks.com/us/document/115= 200/</a> <a href=3D"https://support.omadanetworks.com/us/download/softwa= re/omada-controller/" target=3D"_blank" rel=3D"noopener">https://support.om= adanetworks.com/us/download/software/omada-controller/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Omada Controller</td> <td>Blind Server-Side Request Forgery (SSRF) in Omada Controllers through w= ebhook functionality, enabling crafted requests to internal services, which=
may lead to enumeration of information.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9522" target=3D"= _blank" rel=3D"noopener">CVE-2025-9522</a></td>

<a href=3D"https://support.omadanetworks.com/us/document/115200/" target=3D= "_blank" rel=3D"noopener">https://support.omadanetworks.com/us/document/115= 200/</a> <a href=3D"https://https://support.omadanetworks.com/us/downloa= d/software/omada-controller/" target=3D"_blank" rel=3D"noopener">https://ht= tps://support.omadanetworks.com/us/download/software/omada-controller/</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Tapo C220 v1</td>
<td>The Tapo C220 v1 and C520WS v2 cameras' HTTP service does not safely ha= ndle POST requests containing an excessively large Content-Length header. T=
he resulting failed memory allocation triggers a NULL pointer dereference, = causing the main service process to crash.=C2=A0An unauthenticated attacker=
can repeatedly crash the service, causing temporary denial of service. The=
device restarts automatically, and repeated requests can keep it unavailab= le.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0918" target=3D"= _blank" rel=3D"noopener">CVE-2026-0918</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/tapo-c220/v1.60/" ta= rget=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/downloa= d/tapo-c220/v1.60/</a> <a href=3D"https://www.tp-link.com/en/support/dow= nload/tapo-c220/v1/" target=3D"_blank" rel=3D"noopener">https://www.tp-link= .com/en/support/download/tapo-c220/v1/</a> <a href=3D"https://www.tp-lin= k.com/us/support/download/tapo-c520ws/v2/" target=3D"_blank" rel=3D"noopene= r">https://www.tp-link.com/us/support/download/tapo-c520ws/v2/</a> <a hr= ef=3D"https://www.tp-link.com/en/support/download/tapo-c520ws/v2/" target= =3D"_blank" rel=3D"noopener">https://www.tp-link.com/en/support/download/ta= po-c520ws/v2/</a> <a href=3D"https://www.tp-link.com/us/support/faq/4923=
/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/fa= q/4923/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Tapo C220 v1</td>
<td>The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handle=
s requests containing an excessively long URL path. An invalid URL error pa=
th continues into cleanup code that assumes allocated buffers exist, leadin=
g to a crash and service restart.=C2=A0An unauthenticated attacker can forc=
e repeated service crashes or device reboots, causing denial of service.</t=

<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0919" target=3D"= _blank" rel=3D"noopener">CVE-2026-0919</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/tapo-c220/v1.60/" ta= rget=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/downloa= d/tapo-c220/v1.60/</a> <a href=3D"https://www.tp-link.com/en/support/dow= nload/tapo-c220/v1/" target=3D"_blank" rel=3D"noopener">https://www.tp-link= .com/en/support/download/tapo-c220/v1/</a> <a href=3D"https://www.tp-lin= k.com/us/support/download/tapo-c520ws/v2/" target=3D"_blank" rel=3D"noopene= r">https://www.tp-link.com/us/support/download/tapo-c520ws/v2/</a> <a hr= ef=3D"https://www.tp-link.com/en/support/download/tapo-c520ws/v2/" target= =3D"_blank" rel=3D"noopener">https://www.tp-link.com/en/support/download/ta= po-c520ws/v2/</a> <a href=3D"https://www.tp-link.com/us/support/faq/4923=
/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/fa= q/4923/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Tapo C220 v1</td>
<td>By sending crafted files to the firmware update endpoint=C2=A0of Tapo C= 220 v1 and C520WS v2, the device terminates core system services before ver= ifying authentication or firmware integrity.=C2=A0An unauthenticated attack=
er can trigger a persistent denial of service, requiring a manual reboot or=
application initiated restart to restore normal device operation.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1315" target=3D"= _blank" rel=3D"noopener">CVE-2026-1315</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/tapo-c220/v1.60/" ta= rget=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/downloa= d/tapo-c220/v1.60/</a> <a href=3D"https://www.tp-link.com/en/support/dow= nload/tapo-c220/v1/" target=3D"_blank" rel=3D"noopener">https://www.tp-link= .com/en/support/download/tapo-c220/v1/</a> <a href=3D"https://www.tp-lin= k.com/us/support/download/tapo-c520ws/v2/" target=3D"_blank" rel=3D"noopene= r">https://www.tp-link.com/us/support/download/tapo-c520ws/v2/</a> <a hr= ef=3D"https://www.tp-link.com/en/support/download/tapo-c520ws/v2/" target= =3D"_blank" rel=3D"noopener">https://www.tp-link.com/en/support/download/ta= po-c520ws/v2/</a> <a href=3D"https://www.tp-link.com/us/support/faq/4923=
/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/fa= q/4923/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--VIGI C485 V1</td>
<td>An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API l= acking input sanitization, may allow memory corruption leading to remote co=
de execution.=C2=A0Authenticated attackers may trigger buffer overflow and = potentially execute arbitrary code with elevated privileges.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1457" target=3D"= _blank" rel=3D"noopener">CVE-2026-1457</a></td>

<a href=3D"https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmwa= re" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/en/support/d= ownload/vigi-c385/v1/#Firmware</a> <a href=3D"https://www.tp-link.com/kr= /support/download/vigi-c385/v1/#Firmware" target=3D"_blank" rel=3D"noopener= ">https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware</a><br= ><a href=3D"https://www.tp-link.com/us/support/faq/4931/" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/us/support/faq/4931/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--VX800v v1.0</td>
<td>A weakness in the web interface's application layer encryption in VX800=
v v1.0 allows an adjacent attacker to brute force the weak AES key and decr= ypt intercepted traffic. Successful exploitation requires network proximity=
but no authentication, and may result in high impact to confidentiality, i= ntegrity, and availability of transmitted data.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13399" target=3D= "_blank" rel=3D"noopener">CVE-2025-13399</a></td>

<a href=3D"https://www.tp-link.com/de/support/download/vx800v/#Firmware" ta= rget=3D"_blank" rel=3D"noopener">https://www.tp-link.com/de/support/downloa= d/vx800v/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq= /4930/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/suppo= rt/faq/4930/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--VX800v v1.0</td> <td>Improper link resolution in the VX800v v1.0 SFTP service allows authent= icated adjacent attackers to use crafted symbolic links to access system fi= les, resulting in high confidentiality impact and limited integrity risk.</=

<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15541" target=3D= "_blank" rel=3D"noopener">CVE-2025-15541</a></td>

<a href=3D"https://www.tp-link.com/de/support/download/vx800v/#Firmware" ta= rget=3D"_blank" rel=3D"noopener">https://www.tp-link.com/de/support/downloa= d/vx800v/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq= /4930/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/suppo= rt/faq/4930/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--VX800v v1.0</td> <td>Improper handling of exceptional conditions in VX800v v1.0 in SIP proce= ssing allows an attacker to flood the device with crafted INVITE messages, = blocking all voice lines and causing a denial of service on incoming calls.= </td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15542" target=3D= "_blank" rel=3D"noopener">CVE-2025-15542</a></td>

<a href=3D"https://www.tp-link.com/de/support/download/vx800v/#Firmware" ta= rget=3D"_blank" rel=3D"noopener">https://www.tp-link.com/de/support/downloa= d/vx800v/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq= /4930/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/suppo= rt/faq/4930/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--VX800v v1.0</td> <td>Improper link resolution in USB HTTP access path in VX800v v1.0 allows =
a crafted USB device to expose root filesystem contents, giving an attacker=
with physical access read only access to system files.</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15543" target=3D= "_blank" rel=3D"noopener">CVE-2025-15543</a></td>

<a href=3D"https://www.tp-link.com/de/support/download/vx800v/#Firmware" ta= rget=3D"_blank" rel=3D"noopener">https://www.tp-link.com/de/support/downloa= d/vx800v/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq= /4930/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/suppo= rt/faq/4930/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--VX800v v1.0</td>
<td>Some VX800v v1.0 web interface endpoints transmit sensitive information=
over unencrypted HTTP due to missing application layer encryption, allowin=
g a network adjacent attacker to intercept this traffic and compromise its = confidentiality.</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15548" target=3D= "_blank" rel=3D"noopener">CVE-2025-15548</a></td>

<a href=3D"https://www.tp-link.com/de/support/download/vx800v/#Firmware" ta= rget=3D"_blank" rel=3D"noopener">https://www.tp-link.com/de/support/downloa= d/vx800v/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq= /4930/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/suppo= rt/faq/4930/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ttttupup--wxhelper</td>
<td>Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttup=
up wxhelper (src modules). This vulnerability is associated with program fi= les mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24822" target=3D= "_blank" rel=3D"noopener">CVE-2026-24822</a></td>

<a href=3D"https://github.com/ttttupup/wxhelper/pull/515" target=3D"_blank"=
rel=3D"noopener">https://github.com/ttttupup/wxhelper/pull/515</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">turanszkij--WickedEngine</td>
<td>Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngi= ne/LUA modules). This vulnerability is associated with program files ldebug= .C. This issue affects WickedEngine: before 0.71.705.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24820" target=3D= "_blank" rel=3D"noopener">CVE-2026-24820</a></td>

<a href=3D"https://github.com/turanszkij/WickedEngine/pull/1054" target=3D"= _blank" rel=3D"noopener">https://github.com/turanszkij/WickedEngine/pull/10= 54</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">turanszkij--WickedEngine</td>
<td>Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngi= ne/LUA modules). This vulnerability is associated with program files lparse= r.C. This issue affects WickedEngine: through 0.71.727.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24821" target=3D= "_blank" rel=3D"noopener">CVE-2026-24821</a></td>

<a href=3D"https://github.com/turanszkij/WickedEngine/pull/1095" target=3D"= _blank" rel=3D"noopener">https://github.com/turanszkij/WickedEngine/pull/10= 95</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">umbraco--Umbraco.Forms.Issues</td>
<td>Umbraco Forms is a form builder that integrates with the Umbraco conten=
t management system. It's possible for an authenticated backoffice-user to = enumerate and traverse paths/files on the systems filesystem and read their=
contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud=
runs in a Windows environment, Cloud users aren't affected. This issue aff= ects versions 16 and 17 of Umbraco Forms and is patched in 16.4.1 and 17.1.=
1. If upgrading is not immediately possible, users can mitigate this vulner= ability by configuring a WAF or reverse proxy to block requests containing = path traversal sequences (`../`, `..
You are subscribed to Vulnerability Bulletins for Cybersecurity and Infr= astructure Security Agency. This information has recently been updated and =
is now available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilitie=
s that have been recorded in the past week. In some cases, the vulnerabilit= ies in the bulletin may not yet have assigned CVSS scores. Vulnerabilities are based on the=C2=A0<a href=3D"https://www.cve.org/" t= arget=3D"_blank" class=3D"ext" data-extlink=3D"" rel=3D"noopener">Common Vu= lnerabilities and Exposures</a>=C2=A0(CVE) vulnerability naming standard an=
d are organized according to severity, determined by the=C2=A0<a href=3D"ht= tps://www.cve.org/about/relatedefforts" target=3D"_blank" rel=3D"noopener">= Common Vulnerability Scoring System</a>=C2=A0(CVSS) standard. The division =
of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0=E2=80= =9310.0</li>

Medium: vulnerabilities with a CVSS base score of 4.0=E2= =80=936.9</li>

Low: vulnerabilities with a CVSS base score of 0.0=E2=80= =933.9</li>
</ul>
Entries may include additional information provided by organizations and=
efforts sponsored by CISA. This information may include identifying inform= ation, values, definitions, and related links. Patch information is provide=
d when available. Please note that some of the information in the bulletin =
is compiled from external, open-source reports and is not a direct result o=
f CISA analysis.
) in the `fileName` parameter of the export endpoint, restricting networ=
k access to the Umbraco backoffice to trusted IP ranges, and/or blocking th=
e `/umbraco/forms/api/v1/export` endpoint entirely if the export feature is=
not required. However, upgrading to the patched version is strongly recomm= ended.
</td>
<td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24687" target=3D= "_blank" rel=3D"noopener">CVE-2026-24687</a></td>

<a href=3D"https://github.com/umbraco/Umbraco.Forms.Issues/security/advisor= ies/GHSA-hm5p-82g6-m3xh" target=3D"_blank" rel=3D"noopener">https://github.= com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-hm5p-82g6-m3xh</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">vendurehq--vendure</td>
<td>Vendure is an open-source headless commerce platform. Prior to version = 3.5.3, the `NativeAuthenticationStrategy.authenticate()` method is vulnerab=
le to a timing attack that allows attackers to enumerate valid usernames (e= mail addresses). In `packages/core/src/config/auth/native-authentication-st= rategy.ts`, the authenticate method returns immediately if a user is not fo= und. The significant timing difference (~200-400ms for bcrypt vs ~1-5ms for=
DB miss) allows attackers to reliably distinguish between existing and non= -existing accounts. Version 3.5.3 fixes the issue.</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25050" target=3D= "_blank" rel=3D"noopener">CVE-2026-25050</a></td>

<a href=3D"https://github.com/vendurehq/vendure/security/advisories/GHSA-6f= 65-4fv2-wwch" target=3D"_blank" rel=3D"noopener">https://github.com/vendure= hq/vendure/security/advisories/GHSA-6f65-4fv2-wwch</a> <a href=3D"https:= //github.com/vendurehq/vendure/releases/tag/v3.5.3" target=3D"_blank" rel= =3D"noopener">https://github.com/vendurehq/vendure/releases/tag/v3.5.3</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">visualfc--liteide</td>
<td>NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/sr= c/3rdparty/libvterm/src modules). This vulnerability is associated with pro= gram files screen.C, state.C, vterm.C. This issue affects liteide: before x= 38.4.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24805" target=3D= "_blank" rel=3D"noopener">CVE-2026-24805</a></td>

<a href=3D"https://github.com/visualfc/liteide/pull/1326" target=3D"_blank"=
rel=3D"noopener">https://github.com/visualfc/liteide/pull/1326</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">WatchGuard--Fireware OS</td>
<td>An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a r= emote unauthenticated attacker to retrieve sensitive information from a con= nected LDAP authentication server through an exposed authentication or mana= gement web interface. This vulnerability may also allow a remote attacker t=
o authenticate as an LDAP user with a partial identifier if they additional=
ly have that user's valid passphrase. This issue affects Fireware OS: from = 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0= .</td>
<td>2026-01-30</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1498" target=3D"= _blank" rel=3D"noopener">CVE-2026-1498</a></td>

<a href=3D"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001" = target=3D"_blank" rel=3D"noopener">https://www.watchguard.com/wgrd-psirt/ad= visory/wgsa-2026-00001</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Western Digital--WD Discovery</td>
<td>DLL hijacking in the WD Discovery Installer in Western Digital WD Disco= very 5.2.730 on Windows allows a local attacker to execute arbitrary code v=
ia placement of a crafted dll in the installer's search path.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-30248" target=3D= "_blank" rel=3D"noopener">CVE-2025-30248</a></td>

<a href=3D"https://www.westerndigital.com/support/product-security/wdc-2500= 8-wd-discovery-desktop-app-version-5-3" target=3D"_blank" rel=3D"noopener">= https://www.westerndigital.com/support/product-security/wdc-25008-wd-discov= ery-desktop-app-version-5-3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WordPress--Custom Login Page Customizer</td> <td>The Custom Login Page Customizer WordPress plugin before 2.5.4 does not=
have a proper password reset process, allowing a few unauthenticated reque= sts to reset the password of any user by knowing their username, such as ad= ministrator ones, and therefore gain access to their account</td> <td>2026-01-29</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14975" target=3D= "_blank" rel=3D"noopener">CVE-2025-14975</a></td>

<a href=3D"https://wpscan.com/vulnerability/a1403186-51aa-4eae-a3fe-0c55957= 0eb93/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /a1403186-51aa-4eae-a3fe-0c559570eb93/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WordPress--Recipe Card Blocks Lite</td>
<td>The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not san= itize and escape a parameter before using it in a SQL statement, allowing c= ontributors and above to perform SQL injection attacks.</td> <td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14973" target=3D= "_blank" rel=3D"noopener">CVE-2025-14973</a></td>

<a href=3D"https://wpscan.com/vulnerability/76f7d5d4-ba45-4bfd-bda9-ab0769e= 81107/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /76f7d5d4-ba45-4bfd-bda9-ab0769e81107/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WordPress--User Activity Log</td>
<td>The User Activity Log WordPress plugin through 2.2 does not properly ha= ndle failed login attempts in some cases, allowing unauthenticated users to=
set arbitrary options to 1 (for example to enable User Registration when i=
t has been turned off)</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13471" target=3D= "_blank" rel=3D"noopener">CVE-2025-13471</a></td>

<a href=3D"https://wpscan.com/vulnerability/cc8743f5-b1b9-4f88-b440-db04403= 4bbfc/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /cc8743f5-b1b9-4f88-b440-db044034bbfc/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Worklenz--Worklenz</td>
<td>Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vul= nerability in the Project Updates feature. An attacker can submit a malicio=
us payload in the Updates text field which is then rendered in the reportin=
g view without proper sanitization. Malicious JavaScript may be executed in=
a victim's browser when they browse to the page containing the vulnerable = field.</td>
<td>2026-01-26</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70368" target=3D= "_blank" rel=3D"noopener">CVE-2025-70368</a></td>

<a href=3D"https://github.com/Worklenz/worklenz" target=3D"_blank" rel=3D"n= oopener">https://github.com/Worklenz/worklenz</a> <a href=3D"https://git= hub.com/Stolichnayer/CVE-2025-70368" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/Stolichnayer/CVE-2025-70368</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Xen--Xen</td>
<td>Shadow mode tracing code uses a set of per-CPU variables to avoid cumbe= rsome parameter passing. Some of these variables are written to with guest = controlled data, of guest controllable size. That size can be larger than t=
he variable, and bounding of the writes was missing.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58150" target=3D= "_blank" rel=3D"noopener">CVE-2025-58150</a></td>

<a href=3D"https://xenbits.xenproject.org/xsa/advisory-477.html" target=3D"= _blank" rel=3D"noopener">https://xenbits.xenproject.org/xsa/advisory-477.ht= ml</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Xen--Xen</td>
<td>In the context switch logic Xen attempts to skip an IBPB in the case of=
a vCPU returning to a CPU on which it was the previous vCPU to run. While = safe for Xen's isolation between vCPUs, this prevents the guest kernel corr= ectly isolating between tasks. Consider: 1) vCPU runs on CPU A, running tas=
k 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB. 3) O=
n CPU B, guest kernel switches from task 1 to 2, issuing IBPB. 4) vCPU move=
s back to CPU A. Xen skips IBPB again. Now, task 2 is running on CPU A with=
task 1's training still in the BTB.</td>
<td>2026-01-28</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23553" target=3D= "_blank" rel=3D"noopener">CVE-2026-23553</a></td>

<a href=3D"https://xenbits.xenproject.org/xsa/advisory-479.html" target=3D"= _blank" rel=3D"noopener">https://xenbits.xenproject.org/xsa/advisory-479.ht= ml</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yacy--yacy_search_server</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in yacy yacy_search_server (source/net/y= acy/http/servlets modules). This vulnerability is associated with program f= iles YaCyDefaultServlet.Java. This issue affects yacy_search_server.</td> <td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24824" target=3D= "_blank" rel=3D"noopener">CVE-2026-24824</a></td>

<a href=3D"https://github.com/yacy/yacy_search_server/pull/722" target=3D"_= blank" rel=3D"noopener">https://github.com/yacy/yacy_search_server/pull/722= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ydb-platform--ydb</td>
<td>Missing Release of Memory after Effective Lifetime vulnerability in ydb= -platform ydb (contrib/libs/yajl modules). This vulnerability is associated=
with program files yail_tree.C. This issue affects ydb: through 24.4.4.2.<=

<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24825" target=3D= "_blank" rel=3D"noopener">CVE-2026-24825</a></td>

<a href=3D"https://github.com/ydb-platform/ydb/pull/17570" target=3D"_blank=
" rel=3D"noopener">https://github.com/ydb-platform/ydb/pull/17570</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">zhblue--hustoj</td>
<td>HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for = ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_q= duoj.php and problem_import_hoj.php modules fail to properly sanitize filen= ames within uploaded ZIP archives. Attackers can craft a malicious ZIP file=
containing files with path traversal sequences (e.g., ../../shell.php). Wh=
en extracted by the server, this allows writing files to arbitrary location=
s in the web root, leading to Remote Code Execution (RCE). Version 26.01.24=
contains a fix for the issue.</td>
<td>2026-01-27</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24479" target=3D= "_blank" rel=3D"noopener">CVE-2026-24479</a></td>

<a href=3D"https://github.com/zhblue/hustoj/security/advisories/GHSA-xmgg-2= rw4-7fxj" target=3D"_blank" rel=3D"noopener">https://github.com/zhblue/hust= oj/security/advisories/GHSA-xmgg-2rw4-7fxj</a> <a href=3D"https://github= .com/zhblue/hustoj/commit/902bd09e6d0011fe89cd84d4236899314b33101f" target= =3D"_blank" rel=3D"noopener">https://github.com/zhblue/hustoj/commit/902bd0= 9e6d0011fe89cd84d4236899314b33101f</a> =C2=A0</td>
</tr>
</tbody>
</table>
<a href=3D"#top">Back to top</a>
</div>
</div>
</div>
<style>body {
font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: norma=
l; font-style: normal; color: #333333;
}
</style>
=20

<div id=3D"mail_footer">
Having trouble viewing this message?=C2=A0<a href=3D"ht= tps://content.govdelivery.com/accounts/USDHSCISA/bulletins/4074aad" target= =3D"_blank" rel=3D"noopener">View it as a webpage</a>.=C2=A0<a href=3D"http= s://content.govdelivery.com/accounts/USDHS/bulletins/292141e" target=3D"_bl= ank" rel=3D"noopener"></a>
You are subscribed to updates from the <a href=3D"https://w= ww.cisa.gov">Cybersecurity and Infrastru= cture Security Agency</a> (CISA) <a href=3D"https://public.govdelivery.com/account= s/USDHSCISA/subscriber/edit?preferences=3Dtrue#tab1" target=3D"_blank" rel= =3D"noopener">Manage Sub= scriptions</a>=C2=A0=C2=A0|=C2=A0=C2=A0<a href=3D"https://www.cisa.gov/privacy-policy=
" target=3D"_blank" rel=3D"noopener">Privacy Policy</a>=C2=A0=C2=A0|=C2=A0 <a href=3D"https://subscriberhelp.granicu= s.com/s/article/Subscriber-Help-Center" target=3D"_blank" rel=3D"noopener">= Help</a><a href=3D"https://insights.govdelivery.com/Communications/Subscrib= er_Help_Center" target=3D"_blank" rel=3D"noopener"></a>
Connect with CISA: <a href=3D"https://www.facebook.com/= CISA" target=3D"_blank" rel=3D"noopener">Facebook</a>=C2=A0 |=C2=A0 <a href=3D"https://twitter.com/CISAgov" t= arget=3D"_blank" rel=3D"noopener">Twitter</a>=C2=A0 |=C2=A0 <a href=3D"https://Instagram.com/cisagov" target= =3D"_blank" rel=3D"noopener">Instagram</a>=C2=A0 |=C2=A0 <a href=3D"https://www.linkedin.com/company/cybersec= urity-and-infrastructure-security-agency" target=3D"_blank" rel=3D"noopener= ">LinkedIn</a><sp=
an style=3D"font-size: 10.0pt; color: #757575;">=C2=A0 |=C2=A0=C2=A0 </span= ><a href=3D"https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A" targe= t=3D"_self">YouTube</spa= n></a>

</div>
<div id=3D"tagline">
<hr>
<table style=3D"width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D=

<tbody>

<td style=3D"color: #757575; font-size: 10px; font-family: Arial;" width=3D= "89%">This email was sent to cisa@toolazy.synchro.net using GovDelivery Com= munications Cloud, on behalf of: Cybersecurity and Infrastructure Security = Agency =C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202</td>
<td align=3D"right" width=3D"11%"><a href=3D"https://subscriberhelp.granicu= s.com/" target=3D"_blank" rel=3D"noopener"><img src=3D"https://content.govd= elivery.com/images/govd-logo-dark.png" border=3D"0" alt=3D"GovDelivery logo=
" width=3D"115"></a></td>
</tr>
</tbody>
</table>
<style type=3D"text/css">body .abe-column-block { min-height: 5px; } table.= gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_ta= ble div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell=
img {margin-left:0px; margin-right:0px;}</style>

</div>
</td>
</tr>
</table>

<img alt=3D"" src=3D"https://links-2.govdelivery.com/CI0/0101019c23e0402e-3= 34e6a90-08e3-4fa6-8468-1b914c5ba59c-000000/sq1jfj_m0B9sd_3XZAcZXUQjgEP3aenU= qgbt65XlLe8=3D442" style=3D"display: none; width: 1px; height: 1px;">
</body>
</html>

--===============4973927651967773066==--

--===============2353049322333075115==--

Who's Online
Recent Visitors
- Geek2
  Wed Mar 4 21:24:21 2026
  from Euclid, Oh via Telnet
- Geek2
  Wed Mar 4 18:27:09 2026
  from Euclid, Oh via Telnet
- Geek2
  Tue Mar 3 10:26:12 2026
  from Euclid, Oh via Telnet
- Geek2
  Mon Mar 2 11:22:09 2026
  from Euclid, Oh via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	59
Nodes:	6 (0 / 6)
Uptime:	28:10:14
Calls:	812
Files:	1,288
D/L today:	2 files (20K bytes)
Messages:	213,278

Vulnerability Summary for the Week of January 26, 2026

Who's Online

Recent Visitors

System Info