CVE-2026-9003

CVE-2026-9003 concerns TONNET’s E-LAN Hybrid Recording System, which is reported to have an unauthenticated SQL Injection vulnerability that lets an attacker inject arbitrary SQL commands to read database contents. The connected documents do not specify affected product versions, exact vulnerable...

JLSEC-2026-287

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

CVE-2025-14758 Initialization of a Resource with an Insecure Default in YAOOK

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials...

Design/Logic Flaw

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...