CVE-2025-59868

HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...

CVE-2026-11356

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-13422

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

CVE-2026-13335

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-13333

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-13331

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2023-37524

HCL Traveler for Microsoft Outlook HTMO is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerabl...

CVE-2026-56414

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...

CVE-2026-55975

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

CVE-2026-31928

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...

CVE-2026-33560

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

CVE-2026-28701

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths...

CVE-2026-49869

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath.endsWith"/configs" to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match...

CVE-2026-45807

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard onl...

CVE-2026-49984

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...

CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

CVE-2026-53577

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint GET /api/v1/tenant/executions/executionId/file/preview contains an access control bypass that allows any authenticated user to read output files from any other executio...

CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

CVE-2026-54351

Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the interna...

CVE-2026-54353

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

CVE-2026-54350

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

CVE-2026-50137

Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...

CVE-2024-23581

The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application...

CVE-2026-50136

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...

CVE-2026-50132

Budibase is an open-source low-code platform. Prior to 3.39.0, GET /api/chat-links/:instance/:token/handoff is a public endpoint no auth required that performs a permanent, state-changing operation: it binds an external chat identity Slack/Discord/MS Teams to an authenticated Budibase user accoun...

CVE-2026-54352

Budibase is an open-source low-code platform. Prior to 3.39.9, POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, open...

CVE-2026-46604

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

CVE-2026-48770

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

CVE-2026-48778

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

CVE-2026-46710

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the...

CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

CVE-2026-52884

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory does NOT canonicalize the path before checking. It uses a prefix-based check PathIsPrefix or equivalent that matches paths starting with trusted directory strings. A path traversal using ....\ after a truste...

CVE-2026-55188

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist...

CVE-2026-49991

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

CVE-2026-55189

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM authorization function that the FTP write/list handlers and t...

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

CVE-2026-32833

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface...

CVE-2026-44733

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements. A password validation flaw in the change password behavior allows attackers to chan...

CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

CVE-2026-53322

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...

CVE-2026-53321

In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...

CVE-2026-53320

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...

CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

CVE-2026-53318

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...

CVE-2026-53317

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This situation occurred in our testing using an AP interface on 7922 hardware, with a modified hostapd,...

CVE-2026-53316

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascorerasinterruptdetected Fixes a NULL pointer dereference when rascore is NULL and rascore-dev is accessed in the error path. Reported by: Dan Carpenter...

CVE-2026-53315

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascoregetutcsecondtimestamp rascoregetutcsecondtimestamp retrieves the current UTC timestamp in seconds since the Unix epoch through a platform-specific RAS system callback and is used for...