| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9058 | Cri | 0.60 | — | 0.00 | May 25, 2026 | Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established… | ||
| CVE-2026-9456 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be… | ||
| CVE-2026-9455 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote… | ||
| CVE-2026-9454 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os… | ||
| CVE-2026-9436 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The… | ||
| CVE-2026-9435 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection.… | ||
| CVE-2026-9434 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The… | ||
| CVE-2026-9433 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack… | ||
| CVE-2026-9432 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command… | ||
| CVE-2026-2651 | Cri | 0.52 | 9.0 | 0.00 | May 25, 2026 | A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints,… | ||
| CVE-2026-9408 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection.… | ||
| CVE-2026-9407 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to… | ||
| CVE-2026-9406 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack… | ||
| CVE-2026-9405 | Cri | 0.64 | 9.8 | 0.02 | May 25, 2026 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection.… | ||
| CVE-2026-9404 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2026 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be… | ||
| CVE-2026-9388 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2026 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection.… | ||
| CVE-2026-9387 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2026 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command… | ||
| CVE-2026-9386 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2026 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be… | ||
| CVE-2026-9385 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2026 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack… | ||
| CVE-2026-9384 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2026 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack… | ||
| CVE-2018-25357 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2026 | Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the… | ||
| CVE-2018-25350 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2026 | userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to… | ||
| CVE-2026-47280 | Cri | 0.65 | 10.0 | 0.00 | May 22, 2026 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-42901 | Cri | 0.65 | 10.0 | 0.00 | May 22, 2026 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-41104 | Cri | 0.65 | 10.0 | 0.01 | May 22, 2026 | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-41090 | Cri | 0.60 | 9.3 | 0.00 | May 22, 2026 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-40412 | Cri | 0.65 | 10.0 | 0.01 | May 22, 2026 | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-40411 | Cri | 0.64 | 9.9 | 0.01 | May 22, 2026 | Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | ||
| CVE-2026-33843 | Cri | 0.59 | 9.1 | 0.00 | May 22, 2026 | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-23652 | Cri | 0.65 | 10.0 | 0.01 | May 22, 2026 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-48700 | Cri | 0.60 | — | 0.00 | May 22, 2026 | An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program (based on the file type) without user… | ||
| CVE-2026-33712 | Cri | 0.65 | 10.0 | 0.00 | May 22, 2026 | Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side… | ||
| CVE-2026-32253 | Cri | 0.57 | 9.8 | 0.00 | May 22, 2026 | Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats… | ||
| CVE-2026-39821 | Cri | 0.55 | 9.6 | 0.00 | May 22, 2026 | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in… | ||
| CVE-2026-46670 | cri | 0.52 | — | 0.00 | May 22, 2026 | ### Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an `INSERT` statement and read the full database, including `yeswiki_users.password`… | ||
| CVE-2026-8670 | Cri | 0.62 | 9.6 | 0.00 | May 22, 2026 | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1. | ||
| CVE-2026-44930 | Cri | 0.64 | 9.8 | 0.01 | May 22, 2026 | An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue. | ||
| CVE-2026-9054 | Cri | 0.60 | — | 0.00 | May 22, 2026 | An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic. | ||
| CVE-2026-46595 | Cri | 0.58 | 10.0 | 0.00 | May 22, 2026 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped. | ||
| CVE-2026-42508 | Cri | 0.52 | 9.1 | 0.00 | May 22, 2026 | Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked. | ||
| CVE-2026-39834 | Cri | 0.52 | 9.1 | 0.00 | May 22, 2026 | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent… | ||
| CVE-2026-39833 | Cri | 0.52 | 9.1 | 0.00 | May 22, 2026 | The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns… | ||
| CVE-2026-39832 | Cri | 0.52 | 9.1 | 0.00 | May 22, 2026 | When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client… | ||
| CVE-2026-39831 | Cri | 0.52 | 9.1 | 0.00 | May 22, 2026 | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore… | ||
| CVE-2026-39830 | Cri | 0.52 | 9.1 | 0.01 | May 22, 2026 | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now… | ||
| CVE-2026-9264 | Cri | 0.60 | 9.3 | 0.00 | May 22, 2026 | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window,… | ||
| CVE-2026-34910 | Cri | 0.77 | 10.0 | 0.79 | KEV | May 22, 2026 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |
| CVE-2026-34909 | Cri | 0.77 | 10.0 | 0.02 | KEV | May 22, 2026 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account. | |
| CVE-2026-34908 | Cri | 0.77 | 10.0 | 0.02 | KEV | May 22, 2026 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | |
| CVE-2026-33000 | — | Cri | 0.59 | 9.1 | 0.01 | May 22, 2026 | A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. |
- risk 0.60cvss —epss 0.00
Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be…
- risk 0.64cvss 9.8epss 0.02
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote…
- risk 0.64cvss 9.8epss 0.02
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os…
- risk 0.64cvss 9.8epss 0.02
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection.…
- risk 0.64cvss 9.8epss 0.02
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The…
- risk 0.64cvss 9.8epss 0.02
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack…
- risk 0.64cvss 9.8epss 0.02
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command…
- risk 0.52cvss 9.0epss 0.00
A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints,…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection.…
- risk 0.64cvss 9.8epss 0.02
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to…
- risk 0.64cvss 9.8epss 0.02
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack…
- risk 0.64cvss 9.8epss 0.02
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection.…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be…
- risk 0.64cvss 9.8epss 0.02
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection.…
- risk 0.64cvss 9.8epss 0.02
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack…
- risk 0.64cvss 9.8epss 0.02
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack…
- risk 0.64cvss 9.8epss 0.02
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the…
- risk 0.64cvss 9.8epss 0.00
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to…
- risk 0.65cvss 10.0epss 0.00
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 10.0epss 0.00
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 10.0epss 0.01
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.
- risk 0.60cvss 9.3epss 0.00
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
- risk 0.65cvss 10.0epss 0.01
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.9epss 0.01
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
- risk 0.59cvss 9.1epss 0.00
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 10.0epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
- risk 0.60cvss —epss 0.00
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program (based on the file type) without user…
- risk 0.65cvss 10.0epss 0.00
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side…
- risk 0.57cvss 9.8epss 0.00
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats…
- risk 0.55cvss 9.6epss 0.00
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in…
- risk 0.52cvss —epss 0.00
### Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an `INSERT` statement and read the full database, including `yeswiki_users.password`…
- risk 0.62cvss 9.6epss 0.00
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.
- risk 0.64cvss 9.8epss 0.01
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
- risk 0.60cvss —epss 0.00
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.
- risk 0.58cvss 10.0epss 0.00
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
- risk 0.52cvss 9.1epss 0.00
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
- risk 0.52cvss 9.1epss 0.00
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent…
- risk 0.52cvss 9.1epss 0.00
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns…
- risk 0.52cvss 9.1epss 0.00
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client…
- risk 0.52cvss 9.1epss 0.00
The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore…
- risk 0.52cvss 9.1epss 0.01
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now…
- risk 0.60cvss 9.3epss 0.00
A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window,…
- risk 0.77cvss 10.0epss 0.79
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
- risk 0.77cvss 10.0epss 0.02
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
- risk 0.77cvss 10.0epss 0.02
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
- risk 0.59cvss 9.1epss 0.01
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.