| CVE-2026-10729 |
unknown |
— |
— |
|
|
|
14h ago |
An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross… |
| CVE-2022-49042 |
high |
7.8 |
7.8 |
|
|
|
14h ago |
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via u… |
| CVE-2022-49036 |
high |
7.8 |
7.8 |
|
|
|
14h ago |
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users t… |
| CVE-2026-35085 |
high |
8.8 |
8.8 |
|
|
|
15h ago |
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. |
| CVE-2026-35084 |
high |
8.8 |
8.8 |
|
|
|
15h ago |
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. |
| CVE-2026-35083 |
high |
8.8 |
8.8 |
|
|
|
15h ago |
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. |
| CVE-2026-35082 |
high |
8.8 |
8.8 |
|
|
|
15h ago |
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. |
| CVE-2026-35081 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. |
| CVE-2026-35080 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35079 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35078 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35077 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35076 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35075 |
critical |
9.8 |
9.8 |
|
|
|
15h ago |
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. |
| CVE-2025-41259 |
unknown |
— |
— |
|
|
|
15h ago |
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using … |
| CVE-2026-47065 |
critical |
9.8 |
9.8 |
|
|
|
17h ago |
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy
Assessment: Fully addressed.
When the serialised stream contains a TC_PROXYCLASSDESC (the ma… |
| CVE-2026-41032 |
high |
7.5 |
7.5 |
|
|
|
17h ago |
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. |
| CVE-2025-15656 |
high |
8.8 |
8.8 |
|
|
|
17h ago |
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation.
This issue affects School Management: from n/a through 93.2.0. |
| CVE-2025-15655 |
high |
7.6 |
7.6 |
|
|
|
17h ago |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection.
This issue affects School Management: from n/a … |
| CVE-2025-14774 |
high |
7.4 |
7.4 |
|
|
|
17h ago |
Incorrect Authorization vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24. |
| CVE-2025-14773 |
high |
8.0 |
8.0 |
|
|
|
17h ago |
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24. |
| CVE-2025-14772 |
high |
8.8 |
8.8 |
|
|
|
17h ago |
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24. |
| CVE-2025-14771 |
critical |
9.9 |
9.9 |
|
|
|
17h ago |
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24. |
| CVE-2026-4035 |
critical |
9.1 |
9.1 |
|
|
|
19h ago |
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environm… |
| CVE-2025-15654 |
high |
7.1 |
7.1 |
|
|
|
19h ago |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS.
This issue affects Prague: from n/a through 2.2.8. |
