| CVE-2026-1974 | A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue. | high |
| CVE-2026-1973 | A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It is best practice to apply a patch to resolve this issue. | high |
| CVE-2026-1972 | A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer. | medium |
| CVE-2026-1971 | A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer. | medium |
| CVE-2026-23623 | Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download privileges can obtain a local copy of a shared file. Although there are no corresponding buttons in the interface, pressing Ctrl+Shift+S initiates the file download process. This allows the user to bypass the access restrictions and leads to unauthorized data retrieval. This issue has been patched in Collabora Online Development Edition version 25.04.08.2 and Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5. | medium |
| CVE-2026-24302 | Azure Arc Elevation of Privilege Vulnerability | high |
| CVE-2026-24300 | Azure Front Door Elevation of Privilege Vulnerability | critical |
| CVE-2026-21532 | Azure Function Information Disclosure Vulnerability | high |
| CVE-2026-0391 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | medium |
| CVE-2025-68458 | Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). If allowedUris enforcement relies on a raw string prefix check (e.g., uri.startsWith(allowed)), a URL that looks allow-listed can pass validation while the actual network request is sent to a different authority/host after URL parsing. This is a policy/allow-list bypass that enables build-time SSRF behavior (outbound requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion (the fetched response is treated as module source and bundled). This issue has been patched in version 5.104.1. | low |
| CVE-2025-68157 | Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to HTTP(S) URLs outside the allow-list. This is a policy/allow-list bypass that enables build-time SSRF behavior (requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion in build outputs (redirected content is treated as module source and bundled). This issue has been patched in version 5.104.0. | low |
| CVE-2025-32393 | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. In RSSBlock, feedparser.parser is called to obtain the XML file according to the URL input by the user, parse the XML, and finally obtain the parsed result. However, during the parsing process, there is no limit on the parsing time and the resources that can be allocated for parsing. When a malicious user lets RSSBlock parse a carefully constructed, deep XML, it will cause memory resources to be exhausted, eventually causing DoS. This issue has been patched in autogpt-platform-beta-v0.6.32. | high |
| CVE-2026-25815 | Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the "Managing FortiGates with private data encryption" document, and is therefore intentionally not a default option. | low |
| CVE-2026-1970 | A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer. | medium |
| CVE-2026-1964 | A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component. | medium |
| CVE-2026-24851 | OpenFGA Improper Policy Enforcement | medium |
| CVE-2026-25641 | @nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses | critical |
| CVE-2026-25628 | qdrant has arbitrary file write via `/logger` endpoint | high |
| CVE-2026-1963 | A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The patch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d. Upgrading the affected component is advised. | medium |
| CVE-2026-1962 | A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufficient to resolve this issue. The identifier of the patch is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected component. | medium |
| CVE-2026-0106 | In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | critical |
| CVE-2026-25732 | NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write | high |
| CVE-2026-25587 | @nyariv/sandboxjs has a Sandbox Escape vulnerability | critical |
| CVE-2026-25586 | @nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution | critical |
| CVE-2026-25574 | payload-preferences has Cross-Collection IDOR in Access Control (Multi-Auth Environments) | medium |
| CVE-2026-25544 | @payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters | critical |
| CVE-2026-25520 | @nyariv/sandboxjs has a Sandbox Escape issue | critical |
| CVE-2026-23989 | OpenCloud Reva has a Public Link Exploit | high |
| CVE-2025-12131 | A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. | medium |
| CVE-2026-25630 | Rejected reason: Reason: This candidate was issued in error. | critical |
| CVE-2026-1301 | In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory. | medium |
| CVE-2025-15343 | Tanium addressed an incorrect default permissions vulnerability in Enforce. | medium |
| CVE-2025-15342 | Tanium addressed an improper access controls vulnerability in Reputation. | medium |
| CVE-2025-15341 | Tanium addressed an incorrect default permissions vulnerability in Benchmark. | medium |
| CVE-2025-15340 | Tanium addressed an incorrect default permissions vulnerability in Comply. | medium |
| CVE-2025-15339 | Tanium addressed an incorrect default permissions vulnerability in Discover. | medium |
| CVE-2025-15338 | Tanium addressed an incorrect default permissions vulnerability in Partner Integration. | medium |
| CVE-2025-15337 | Tanium addressed an incorrect default permissions vulnerability in Patch. | medium |
| CVE-2025-15336 | Tanium addressed an incorrect default permissions vulnerability in Performance. | medium |
| CVE-2025-15335 | Tanium addressed an information disclosure vulnerability in Threat Response. | medium |
| CVE-2025-15334 | Tanium addressed an information disclosure vulnerability in Threat Response. | medium |
| CVE-2025-15333 | Tanium addressed an information disclosure vulnerability in Threat Response. | medium |
| CVE-2025-15332 | Tanium addressed an information disclosure vulnerability in Threat Response. | medium |
| CVE-2025-15331 | Tanium addressed an uncontrolled resource consumption vulnerability in Connect. | medium |
| CVE-2025-15330 | Tanium addressed an improper input validation vulnerability in Deploy. | high |
| CVE-2025-15329 | Tanium addressed an information disclosure vulnerability in Threat Response. | medium |
| CVE-2025-15328 | Tanium addressed an improper link resolution before file access vulnerability in Enforce. | medium |
| CVE-2025-15327 | Tanium addressed an improper access controls vulnerability in Deploy. | medium |
| CVE-2025-15326 | Tanium addressed an improper access controls vulnerability in Patch. | medium |
| CVE-2025-15325 | Tanium addressed an improper input validation vulnerability in Discover. | medium |
