CVE-2025-52921 — CVSS 9.9 (critical): In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution…
CVE-2025-13315 — CVSS 9.8 (critical): Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API…
CVE-2025-54351 — CVSS 8.9 (high): In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
CVE-2026-40217 — CVSS 8.8 (high): LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.
CVE-2025-62001 — CVSS 8.8 (high): BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and…
CVE-2025-8557 — CVSS 8.8 (high): An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a…
CVE-2025-1095 — CVSS 8.8 (high): IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability…
CVE-2023-4570 — CVSS 8.8 (high): An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services…
CVE-2023-31241 — CVSS 8.6 (high): Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
CVE-2025-53967 — CVSS 8.0 (high): Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a…
CVE-2024-8038 — CVSS 7.9 (high): Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available…
CVE-2025-41727 — CVSS 7.8 (high): A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged…
CVE-2025-67303 — CVSS 7.5 (high): An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data…
CVE-2023-7266 — CVSS 7.5 (high): Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or…
CVE-2025-59033 — CVSS 7.4 (high): The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only…
CVE-2024-6242: A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in a…
CVE-2026-43505 — CVSS 6.5 (medium): An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65…
CVE-2023-52718 — CVSS 6.4 (medium): A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or…
CVE-2020-8558 — CVSS 5.4 (medium): The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue…
CVE-2026-40435 — CVSS 5.3 (medium): When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses…
CVE-2024-6099 — CVSS 5.3 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up…
CVE-2024-4444 — CVSS 5.3 (medium): The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including…
CVE-2025-66432 — CVSS 5.0 (medium): In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.
CVE-2025-62820 — CVSS 4.9 (medium): Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
CVE-2023-0317 — CVSS 4.9 (medium): Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.
CVE-2022-25786 — CVSS 4.9 (medium): Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information…
CVE-2022-28693 — CVSS 4.7 (medium): Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially…
CVE-2026-25916 — CVSS 4.3 (medium): Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.
CVE-2025-56558 — CVSS 3.0 (low): The Dyson MQTT server (2022 and possibly later) allows publications and subscriptions by a client that has the correct values of…
CVE-2025-52968 — CVSS 2.7 (low): xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open…
CVE-2026-35388 — CVSS 2.5 (low): OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.