- CVE-2025-13374 - Kalrav AI Agent <= 2.3.3 - Unauthenticated Arbitrary File Upload via kalrav_upload_file AJAX Action
- CVE-2026-24412 - iccDEV has Heap Buffer Overflow in icCurvesFromXml()
- CVE-2026-24406 - iccDEV ICC Color Management Profile Heap Buffer Overflow
- CVE-2026-24405 - iccDEV ICC Color Management Profile Heap Buffer Overflow Vulnerability
- CVE-2026-24423 - SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API
- CVE-2021-47904 - PhreeBooks 5.2.3 - Remote Code Execution
- CVE-2021-47903 - LiteSpeed Web Server Enterprise 5.4.11 - Command Injection
- CVE-2021-47898 - Epson USB Display 1.6.0.0 Unquoted Service Path Vulnerability
- CVE-2021-47896 - PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path
- CVE-2021-47889 - Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path
- CVE-2021-47890 - LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path
- CVE-2021-47891 - Unified Remote 3.9.0.2463 - Remote Code Execution
- CVE-2021-47888 - Textpattern 4.8.3 - Remote code execution
- CVE-2021-47881 - dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow
- CVE-2025-66719 - Free5gc Unauthorized Access Token Generation Vulnerability
- CVE-2026-24572 - WordPress Nelio Content plugin <= 4.1.0 - SQL Injection vulnerability
- CVE-2026-0994 - Denial of Service in Python Protobuf
- CVE-2026-1364 - JNC|IAQS and I6 - Missing Authentication
- CVE-2026-1363 - JNC|IAQS and I6 - Client-Side Enforcement of Server-Side Security
- CVE-2026-22273 - Dell ECS Default Credentials Elevation of Privileges
- CVE-2026-0603 - Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection
- CVE-2025-67847 - Moodle Remote Code Execution Vulnerability
- CVE-2025-3839 - Epiphany: insecure external protocol invocation in epiphany
- CVE-2026-0770 - Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
- CVE-2026-0765 - Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
- CVE-2026-0766 - Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability
- CVE-2026-0769 - Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability
- CVE-2026-0763 - GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability
- CVE-2026-0768 - Langflow code Code Injection Remote Code Execution Vulnerability
- CVE-2026-0764 - GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability
- CVE-2026-0756 - github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability
- CVE-2026-0755 - gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
- CVE-2026-0757 - MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability
- CVE-2026-0759 - Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability
- CVE-2026-0760 - Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability
- CVE-2026-0761 - Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability
- CVE-2026-0762 - GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability
- CVE-2026-0710 - Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability
- CVE-2026-0794 - ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability
- CVE-2026-0793 - ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-0792 - ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-0791 - ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-0787 - ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability
- CVE-2025-15063 - Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
- CVE-2026-24307 - M365 Copilot Information Disclosure Vulnerability
- CVE-2026-24306 - Azure Front Door Elevation of Privilege Vulnerability
- CVE-2026-24129 - Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution
- CVE-2026-24305 - Azure Entra ID Elevation of Privilege Vulnerability
- CVE-2026-21227 - Azure Logic Apps Elevation of Privilege Vulnerability
- CVE-2026-21264 - Microsoft Account Spoofing Vulnerability
- CVE-2025-54816 - EVMAPA Missing Authentication for Critical Function
- CVE-2026-1260 - Invalid Memory Access in Sentencepiece,
- CVE-2025-69828 - TMS Management Console Remote Code Execution
- CVE-2023-7335 - EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics
- CVE-2025-64097 - NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force
- CVE-2026-1331 - AMASTAR Technology|MeetingHub - Arbitrary File Upload
- CVE-2025-4764 - SQLi in Aida Computer's Hotspot
- CVE-2026-0920 - LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
- CVE-2025-27378 - SQL Injection in AES Due to Inactive SQL Parsing Configuration
- CVE-2026-22793 - 5ire vulnerable to Remote Code Execution (RCE) via ECharts
- CVE-2026-22792 - 5ire vulnerable to Remote Code Execution (RCE)
- CVE-2021-47854 - DD-WRT 45723 - UPNP Buffer Overflow
- CVE-2021-47851 - Mini Mouse 9.2.0 - Remote Code Execution
- CVE-2021-47852 - Rockstar Service - Insecure File Permissions
- CVE-2021-47853 - phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution
- CVE-2021-47848 - Blitar Tourism 1.0 - Authentication Bypass SQLi
- CVE-2021-47770 - OpenPLC 3 - Remote Code Execution
- CVE-2021-47778 - GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection
- CVE-2021-47846 - Digital Crime Report Management System 1.0 - SQL Injection
- CVE-2021-47748 - Hasura GraphQL 1.3.3 - Remote Code Execution
- CVE-2026-24061 - GNU Inetutils telnetd Remote Authentication Bypass Vulnerability
- CVE-2026-21962 - Vulnerability in the Oracle HTTP Server, Oracle We
- CVE-2026-21955 - Vulnerability in the Oracle VM VirtualBox product
- CVE-2026-21956 - Vulnerability in the Oracle VM VirtualBox product
- CVE-2025-58741 - Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture
- CVE-2025-58742 - Insufficient Configuration Protections Enable Database Credential Interception in Milner ImageDirector Capture
- CVE-2025-58740 - Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture
- CVE-2025-56005 - PLY Python Lex-Yacc Remote Code Execution (RCE) via Unvalidated Pickle File
- CVE-2025-53912 - MedDream PACS Premium HTTP Arbitrary File Read Vulnerability
- CVE-2025-14115 - IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.
- CVE-2025-12985 - License Service: Privilege escalation vulnerability
- CVE-2025-14977 - "Dokan WooCommerce Multivendor Marketplace Insecure Direct Object Reference"
- CVE-2026-23876 - Heap buffer overflow with attacker-controlled data in XBM parser
- CVE-2026-23949 - jaraco.context Has a Path Traversal Vulnerability
- CVE-2026-23947 - Orval MCP client is vulnerable to code injection via unsanitized x-enum-descriptions in enum generation
- CVE-2026-23950 - node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS
- CVE-2026-22219 - Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element
- CVE-2026-23837 - MyTube has an Authorization Bypass vulnerability
- CVE-2026-21696 - Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered
- CVE-2026-23846 - Tugtainer vulnerable to Password Exposure via URL Query Parameter
- CVE-2026-23850 - SiYuan vulnerable to arbitrary file read
- CVE-2026-23851 - SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality
- CVE-2026-23841 - Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param
- CVE-2026-23839 - Movary vulnerable to Cross-site Scripting with `?categoryUpdated=` param
- CVE-2026-23840 - Movary vulnerable to Cross-site Scripting with `?categoryDeleted=` param
- CVE-2026-23838 - Tandoor Recipes module allows SQLite database to be externally accessible with the default settings
- CVE-2026-23836 - HotCRP vulnerable to remote code execution through formulas
- CVE-2026-23625 - OpenProject has stored XSS regression using attachments and script-src self
- CVE-2026-22797 - OpenStack Keystone Middleware OAuth 2.0 Token Forgery Privilege Escalation
- CVE-2026-1162 - UTT HiPER 810 setSysAdm strcpy buffer overflow
Franck Ridel
