| CVE-2026-36748 |
critical |
9.0 |
9.0 |
|
|
|
8h ago |
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. |
| CVE-2026-36576 |
critical |
9.8 |
9.8 |
|
|
|
8h ago |
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request. |
| CVE-2026-35075 |
critical |
9.8 |
9.8 |
|
|
|
11h ago |
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. |
| CVE-2026-47065 |
critical |
9.8 |
9.8 |
|
|
|
13h ago |
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy
Assessment: Fully addressed.
When the serialised stream contains a TC_PROXYCLASSDESC (the ma… |
| CVE-2025-14771 |
critical |
9.9 |
9.9 |
|
|
|
13h ago |
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24. |
| CVE-2026-4035 |
critical |
9.1 |
9.1 |
|
|
|
15h ago |
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environm… |
