| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions. |
| Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. |
| Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. |
| A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string. |
| Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions. |
| Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions. |
| Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
| In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings |
| An unauthenticated
stack-based buffer overflow vulnerability exists in ssvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient bounds checking when parsing RTSP Digest authentication fields. A
remote attacker may exploit this vulnerability by sending a crafted RTSP
request containing overly long authentication data, resulting in memory
corruption, denial of service, or potentially arbitrary code execution. |
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. |
| Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions. |
| Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. |
| Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions. |
| In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags |
| In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack |
| Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions. |
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — including overwriting ~/.ssh/authorized_keys to gain unrestricted shell access. This vulnerability is fixed in 0.38.2. |
| Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions. |
| Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions. |
