| CVE-2022-49036 |
high |
7.8 |
7.8 |
|
|
|
14h ago |
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users t… |
| CVE-2026-35085 |
high |
8.8 |
8.8 |
|
|
|
15h ago |
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. |
| CVE-2026-35084 |
high |
8.8 |
8.8 |
|
|
|
15h ago |
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. |
| CVE-2026-35083 |
high |
8.8 |
8.8 |
|
|
|
15h ago |
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. |
| CVE-2026-35082 |
high |
8.8 |
8.8 |
|
|
|
15h ago |
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. |
| CVE-2026-35081 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. |
| CVE-2026-35080 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35079 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35078 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35077 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35076 |
high |
8.1 |
8.1 |
|
|
|
15h ago |
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2025-41259 |
unknown |
— |
— |
|
|
|
15h ago |
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using … |
| CVE-2026-41032 |
high |
7.5 |
7.5 |
|
|
|
17h ago |
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. |
| CVE-2025-15656 |
high |
8.8 |
8.8 |
|
|
|
17h ago |
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation.
This issue affects School Management: from n/a through 93.2.0. |
| CVE-2025-15655 |
high |
7.6 |
7.6 |
|
|
|
17h ago |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection.
This issue affects School Management: from n/a … |
| CVE-2025-14774 |
high |
7.4 |
7.4 |
|
|
|
17h ago |
Incorrect Authorization vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24. |
| CVE-2025-14773 |
high |
8.0 |
8.0 |
|
|
|
17h ago |
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24. |
| CVE-2025-14772 |
high |
8.8 |
8.8 |
|
|
|
17h ago |
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24. |
| CVE-2025-15654 |
high |
7.1 |
7.1 |
|
|
|
19h ago |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS.
This issue affects Prague: from n/a through 2.2.8. |
