CVE-2026-34388

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

CVE-2026-2251

Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...

EUVD-2026-9015

An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...

CVE-2026-2252

An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...

CVE-2026-2251

Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...

CVE-2026-2252 XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF)

An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...

CVE-2026-2251 Path Traversal leading to Remote Code Execution (RCE)

Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...

CVE-2025-64325

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

CVE-2025-64325 Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. A high privileged attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient ...

CVE-2025-36565

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Argument Delimiters in a...

Linux Distros Unpatched Vulnerability : CVE-2023-22095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. The supported version that is affected is 8.1.0. Easily exploitable...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.uikit:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and outp...

📄 Grokability Snipe-IT 8.0.4 Insecure Direct Object Reference

Grokability Snipe-IT versions 8.0.4 and below suffer from an insecure direct object reference vulnerability. Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage:...

mysql: InnoDB unspecified vulnerability (CPU Oct 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

WordPress ExactMetrics plugin <= 8.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin ExactMetrics versions = 8.1.0...

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Atlassian Confluence Security Vulnerability

Atlassian Confluence is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the presence of a remot...

PT-2022-25940 · Tibco Software · Tibco Jasperreports Server For Microsoft Azure +4

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 8.0.2 and below TIBCO JasperReports Server version 8.1.0 TIBCO JasperReports Server - Community Edition versions 8.1.0 and below TIBCO JasperReports Server - Developer Edition versions 8.1.0 and below TIBCO...

PT-2022-19355 · Parse-Url · Url-Parse

Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 8.1.0 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository ionicabizau/parse-url. SSRF is a type of attack where an attacker can trick a server into making requests to...