CVE-2025-30028

A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files...

CVE-2025-65087

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

CVE-2025-65088

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

CVE-2025-48520

An improper input validation vulnerability within the AMD Platform Management Framework PMF driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash...

CVE-2025-0044

An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability...

CVE-2026-25206

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-25209

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-25690

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

CVE-2026-7050

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...

CVE-2026-7423

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...

CVE-2026-7214

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

CVE-2026-34864

Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-34307

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Workflow. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools...

CVE-2026-34323

Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications component: IDM Authentication. Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2026-34664

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...

CVE-2026-34277

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2026-34296

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2026-34663

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a vict...