| CVE-2026-49324 |
medium |
4.6 |
4.6 |
|
|
|
7d ago |
Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-veh… |
| CVE-2026-49323 |
medium |
4.3 |
4.3 |
|
|
|
7d ago |
Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with… |
| CVE-2026-45611 |
unknown |
— |
— |
|
|
|
7d ago |
Rejected reason: Further research determined the issue is not a vulnerability. |
| CVE-2026-45551 |
unknown |
— |
— |
|
|
|
7d ago |
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings… |
| CVE-2026-45043 |
unknown |
— |
— |
|
|
|
7d ago |
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create se… |
| CVE-2026-9811 |
medium |
5.4 |
5.4 |
|
|
|
7d ago |
A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application f… |
| CVE-2026-9557 |
medium |
6.4 |
6.4 |
|
|
|
7d ago |
A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests f… |
| CVE-2026-49201 |
unknown |
— |
— |
|
|
|
7d ago |
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating pers… |
| CVE-2026-10078 |
low |
2.7 |
2.7 |
|
|
|
7d ago |
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL que… |
| CVE-2025-12714 |
medium |
5.3 |
5.3 |
|
|
|
7d ago |
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in al… |
