| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-36608 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An unauthenticated LAN attacker can expose… | ||
| CVE-2026-36607 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied to the login endpoint (code=7). An attacker on the adjacent network can attempt… | ||
| CVE-2026-36606 | Hig | 0.46 | 7.1 | 0.00 | Jun 3, 2026 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and… | ||
| CVE-2026-36603 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN… | ||
| CVE-2026-20230 | Hig | 0.70 | 8.6 | 0.42 | KEV | Jun 3, 2026 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected… | |
| CVE-2026-44281 | Hig | 0.39 | — | 0.00 | Jun 3, 2026 | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch. | ||
| CVE-2026-42321 | Hig | 0.48 | — | 0.00 | Jun 3, 2026 | GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch. | ||
| CVE-2026-42318 | Hig | 0.39 | — | 0.00 | Jun 3, 2026 | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable… | ||
| CVE-2026-42317 | Hig | 0.39 | — | 0.00 | Jun 3, 2026 | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a… | ||
| CVE-2026-37462 | Hig | 0.42 | 7.5 | 0.00 | Jun 3, 2026 | An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. | ||
| CVE-2026-36574 | Hig | 0.51 | 7.8 | 0.00 | Jun 3, 2026 | A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | ||
| CVE-2026-37460 | Hig | 0.42 | 7.5 | 0.00 | Jun 3, 2026 | Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. | ||
| CVE-2022-49042 | Hig | 0.51 | 7.8 | 0.00 | Jun 3, 2026 | An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors. | ||
| CVE-2022-49036 | Hig | 0.51 | 7.8 | 0.00 | Jun 3, 2026 | An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors. | ||
| CVE-2026-35085 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. | ||
| CVE-2026-35084 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. | ||
| CVE-2026-35083 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. | ||
| CVE-2026-35082 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. | ||
| CVE-2026-35081 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. | ||
| CVE-2026-35080 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||
| CVE-2026-35079 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||
| CVE-2026-35078 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||
| CVE-2026-35077 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||
| CVE-2026-35076 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||
| CVE-2025-41259 | Hig | 0.40 | — | 0.00 | Jun 3, 2026 | SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update. | ||
| CVE-2026-41032 | Hig | 0.49 | 7.5 | 0.00 | Jun 3, 2026 | It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. | ||
| CVE-2025-15656 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. | ||
| CVE-2025-15655 | Hig | 0.49 | 7.6 | 0.00 | Jun 3, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0. | ||
| CVE-2025-14774 | Hig | 0.48 | 7.4 | 0.00 | Jun 3, 2026 | Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||
| CVE-2025-14773 | Hig | 0.52 | 8.0 | 0.00 | Jun 3, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||
| CVE-2025-14772 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||
| CVE-2026-4035 | Hig | 0.43 | 7.7 | 0.00 | Jun 3, 2026 | A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because… | ||
| CVE-2025-15654 | Hig | 0.46 | 7.1 | 0.00 | Jun 3, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8. | ||
| CVE-2026-50031 | Hig | 0.49 | 7.5 | 0.00 | Jun 3, 2026 | ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to… | ||
| CVE-2026-10704 | Hig | 0.47 | 7.3 | 0.00 | Jun 3, 2026 | A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql… | ||
| CVE-2026-9516 | Hig | 0.42 | 7.5 | 0.00 | Jun 3, 2026 | Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode_json() advances the input scalar's string pointer past the mark with SvPV_set() and restores it… | ||
| CVE-2026-9334 | Hig | 0.40 | 7.3 | 0.00 | Jun 3, 2026 | Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array reference under dupkeys_as_arrayref. The branch reached for a duplicate key tests `SvTYPE… | ||
| CVE-2026-10694 | Hig | 0.47 | 7.3 | 0.00 | Jun 3, 2026 | A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public… | ||
| CVE-2026-44654 | Hig | 0.46 | 8.1 | 0.00 | Jun 2, 2026 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally… | ||
| CVE-2026-42504 | Hig | 0.42 | 7.5 | 0.01 | Jun 2, 2026 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. | ||
| CVE-2026-40108 | Hig | 0.46 | — | 0.00 | Jun 2, 2026 | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7. | ||
| CVE-2026-35482 | Hig | 0.52 | 8.0 | 0.00 | Jun 2, 2026 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system… | ||
| CVE-2026-31942 | Hig | 0.39 | 7.1 | 0.00 | Jun 2, 2026 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread… | ||
| CVE-2026-8936 | Hig | 0.53 | — | 0.00 | Jun 2, 2026 | Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0. | ||
| CVE-2024-14036 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the… | ||
| CVE-2022-4992 | Hig | 0.56 | 8.6 | 0.00 | Jun 2, 2026 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause… | ||
| CVE-2021-4481 | Hig | 0.53 | 8.2 | 0.00 | Jun 2, 2026 | Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the… | ||
| CVE-2021-4480 | Hig | 0.53 | 8.2 | 0.00 | Jun 2, 2026 | Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the… | ||
| CVE-2026-49443 | Hig | 0.50 | 8.8 | 0.00 | Jun 2, 2026 | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions… | ||
| CVE-2026-49143 | Hig | 0.57 | 8.8 | 0.00 | Jun 2, 2026 | BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data… |
- risk 0.57cvss 8.8epss 0.00
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An unauthenticated LAN attacker can expose…
- risk 0.57cvss 8.8epss 0.00
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied to the login endpoint (code=7). An attacker on the adjacent network can attempt…
- risk 0.46cvss 7.1epss 0.00
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and…
- risk 0.53cvss 8.1epss 0.00
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN…
- risk 0.70cvss 8.6epss 0.42
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected…
- risk 0.39cvss —epss 0.00
GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch.
- risk 0.48cvss —epss 0.00
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch.
- risk 0.39cvss —epss 0.00
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable…
- risk 0.39cvss —epss 0.00
GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a…
- risk 0.42cvss 7.5epss 0.00
An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
- risk 0.51cvss 7.8epss 0.00
A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.
- risk 0.42cvss 7.5epss 0.00
Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
- risk 0.51cvss 7.8epss 0.00
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.
- risk 0.57cvss 8.8epss 0.00
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
- risk 0.57cvss 8.8epss 0.00
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
- risk 0.57cvss 8.8epss 0.00
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
- risk 0.57cvss 8.8epss 0.00
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
- risk 0.53cvss 8.1epss 0.00
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
- risk 0.53cvss 8.1epss 0.00
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- risk 0.53cvss 8.1epss 0.00
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- risk 0.53cvss 8.1epss 0.00
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- risk 0.53cvss 8.1epss 0.00
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- risk 0.53cvss 8.1epss 0.00
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- risk 0.40cvss —epss 0.00
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.
- risk 0.49cvss 7.5epss 0.00
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0.
- risk 0.48cvss 7.4epss 0.00
Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
- risk 0.52cvss 8.0epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
- risk 0.57cvss 8.8epss 0.00
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
- risk 0.43cvss 7.7epss 0.00
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8.
- risk 0.49cvss 7.5epss 0.00
ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql…
- risk 0.42cvss 7.5epss 0.00
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode_json() advances the input scalar's string pointer past the mark with SvPV_set() and restores it…
- risk 0.40cvss 7.3epss 0.00
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array reference under dupkeys_as_arrayref. The branch reached for a duplicate key tests `SvTYPE…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public…
- risk 0.46cvss 8.1epss 0.00
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally…
- risk 0.42cvss 7.5epss 0.01
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.
- risk 0.46cvss —epss 0.00
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.
- risk 0.52cvss 8.0epss 0.00
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system…
- risk 0.39cvss 7.1epss 0.00
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread…
- risk 0.53cvss —epss 0.00
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.
- risk 0.49cvss 7.5epss 0.00
Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the…
- risk 0.56cvss 8.6epss 0.00
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause…
- risk 0.53cvss 8.2epss 0.00
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the…
- risk 0.53cvss 8.2epss 0.00
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the…
- risk 0.50cvss 8.8epss 0.00
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions…
- risk 0.57cvss 8.8epss 0.00
BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data…