CVE-2025-26474

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios...

CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

CVE-2025-26474 communication_ipc an improper input validation vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios...

CVE-2026-32246 Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...

CVE-2026-32245

CVE-2026-32245 concerns Tinyauth, an authentication/authorization server. The issue, present before 5.0.3, is that the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client to which the code was issued. A malicious OIDC client operator can exchang...

CVE-2025-70044

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3...

CVE-2025-70044

CVE-2025-70044 affects fofolee uTools-quickcommand 5.0.3. The issue is improper certificate validation (CWE-295) and is described as a network-reachable vulnerability with medium severity (CVSS v3.1: 6.5). The Red Hat, NVD, and CVE records concur on the affected software version and the root caus...

CVE-2026-25766 Echo has a Windows path traversal via backslash in middleware.Static default filesystem

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

EUVD-2025-201961

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through = 5.0.3...

CVE-2022-50393

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

CVE-2025-55222

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This...

CVE-2025-54851

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...

CVE-2025-55222

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This...

Observable Response Discrepancy

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Observable Response Discrepancy in the router. An attacker can determine the existence of specific course IDs by analyzing the different responses returned for valid and invalid IDs. Remediation...

CVE-2025-61733

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

EUVD-2025-24116

Malicious code in bioql PyPI...

CVE-2025-59761

Summary: CVE-2025-59761 concerns AndSoft e-TMS v25.03, where a reflected cross-site scripting (XSS) vulnerability exists due to insufficient filtering/escaping of untrusted data. The attack vector involves crafted URLs to the endpoint /clt/LOGINFRM_DLG.ASP and targets the parameters l, demo, demo...

CVE-2022-50309

In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvipgraphdmainit ofgetchildbyname returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

CVE-2025-27577

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...

Adobe Substance3D Sampler 缓冲区错误漏洞

Adobe Substance3D Sampler is a software for rendering 3D scenes from Audobee Adobe USA. A buffer error vulnerability exists in Adobe Substance3D Sampler version 5.0.3 and prior versions, which originates from an out-of-bounds read and could lead to a sensitive memory leak...