CVE-2024-38886 — CVSS 9.8 (critical): An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker…
CVE-2024-40515 — CVSS 9.8 (critical): An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the…
CVE-2023-41355 — CVSS 9.8 (critical): Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated…
CVE-2026-48745 — CVSS 9.3 (critical): Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In…
CVE-2026-33875 — CVSS 9.3 (critical): Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to…
CVE-2026-35643 — CVSS 8.8 (high): OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary…
CVE-2024-40516 — CVSS 8.8 (high): An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the…
CVE-2023-48387 — CVSS 8.8 (high): TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions…
CVE-2023-3663 — CVSS 8.8 (high): In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote…
CVE-2025-23222 — CVSS 8.4 (high): An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically…
CVE-2026-40434 — CVSS 8.1 (high): Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same…
CVE-2024-49579 — CVSS 8.1 (high): In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
CVE-2025-9999: Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving…
CVE-2026-44894 — CVSS 7.5 (high): Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when…
CVE-2019-25613 — CVSS 7.5 (high): Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized…
CVE-2025-40820 — CVSS 7.5 (high): Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This…
CVE-2025-13086 — CVSS 7.5 (high): Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to…
CVE-2024-1621 — CVSS 7.5 (high): The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email…
CVE-2023-51440 — CVSS 7.5 (high): A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0)…
CVE-2025-25305 — CVSS 7.0 (high): Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a…
CVE-2024-40503 — CVSS 6.5 (medium): An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP…
CVE-2023-7004 — CVSS 6.5 (medium): The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for…
CVE-2022-4800 — CVSS 6.5 (medium): Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2024-37662 — CVSS 6.3 (medium): TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or…
CVE-2021-41038 — CVSS 6.1 (medium): In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().
CVE-2024-7322 — CVSS 5.8 (medium): A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change…
CVE-2022-4848 — CVSS 5.7 (medium): Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2025-23019 — CVSS 5.4 (medium): IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.
CVE-2025-23018 — CVSS 5.4 (medium): IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet…
CVE-2026-43880 — CVSS 5.3 (medium): WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches…
CVE-2024-20390 — CVSS 5.3 (medium): A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a…
CVE-2024-37664 — CVSS 5.2 (medium): Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or…
CVE-2026-54106 — CVSS 4.7 (medium): The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA)…
CVE-2026-22269 — CVSS 4.7 (medium): Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel…
CVE-2025-43280 — CVSS 4.7 (medium): The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display…
CVE-2026-23866 — CVSS 4.3 (medium): Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for…
CVE-2025-20365 — CVSS 4.3 (medium): A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated…
CVE-2025-62439 — CVSS 4.2 (medium): An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through…
CVE-2024-37663 — CVSS 4.1 (medium): Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the…
CVE-2026-2967 — CVSS 3.7 (low): A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c…
CVE-2024-36506 — CVSS 3.7 (low): An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all…
CVE-2025-42978 — CVSS 3.5 (low): The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the…