- CVE-2026-27475 - SPIP < 4.4.9 Insecure Deserialization
- CVE-2026-26339 - Hyland Alfresco Transformation Service Argument Injection RCE
- CVE-2026-26337 - Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF
- CVE-2026-2274 - Arbitrary File Read and SSRF in Google AppSheet
- CVE-2025-71250 - SPIP < 4.4.9 Insecure Deserialization
- CVE-2025-71243 - SPIP Saisies Plugin < 5.11.1 Remote Code Execution
- CVE-2025-9953 - SQLi in Database Software's Databank Accreditation Software
- CVE-2025-8350 - Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS
- CVE-2026-22267 - Dell PowerProtect Data Manager Privilege Escalation Vulnerability
- CVE-2026-26358 - Dell Unisphere for PowerMax Missing Authorization Vulnerability
- CVE-2026-26362 - Dell Unisphere for PowerMax Remote File Traversal Vulnerability
- CVE-2026-1994 - s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover
- CVE-2026-2731 - Unauthenticated RCE in Dynamicweb 9 and Dynamicweb 8
- CVE-2025-4521 - IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function
- CVE-2026-0912 - Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions
- CVE-2026-1405 - Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
- CVE-2025-12821 - NewsBlogger <= 0.2.5.6 - 0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation
- CVE-2025-12882 - Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation
- CVE-2019-25364 - Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow
- CVE-2019-25365 - ChaosPro 2.0 - Buffer Overflow
- CVE-2019-25359 - SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
- CVE-2019-25360 - Aida64 6.10.5200 - Buffer Overflow
- CVE-2019-25362 - WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow
- CVE-2019-25357 - Control Center PRO 6.2.9 - Local Stack Based BufferOverflow
- CVE-2019-25361 - Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
- CVE-2019-25351 - Centova Cast 3.2.11 - Arbitrary File Download
- CVE-2026-27180 - MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning
- CVE-2026-27181 - MajorDoMo Unauthenticated Module Uninstall via Market Endpoint
- CVE-2026-27179 - MajorDoMo Unauthenticated SQL Injection in Commands Module
- CVE-2026-27174 - MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
- CVE-2026-27175 - MajorDoMo Command Injection in rc/index.php via Race Condition
- CVE-2026-27182 - Saturn Remote Mouse Server UDP Command Injection RCE
- CVE-2025-70064 - PHPGurukul Hospital Management System Privilege Escalation
- CVE-2026-2507 - BIG-IP TMM Vulnerability
- CVE-2026-2329 - Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
- CVE-2025-15579 - An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
- CVE-2025-33245 - NVIDIA NeMo Framework Remote Code Execution Vulnerability
- CVE-2025-59920 - SQL injection in time@work from systems@work
- CVE-2026-1435 - Incorrect management of session invalidation vulnerability in Graylog Web Interface
- CVE-2026-1937 - YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action
- CVE-2026-1714 - ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action
- CVE-2026-26119 - Windows Admin Center Elevation of Privilege Vulnerability
- CVE-2026-1670 - Honeywell CCTV Products Missing Authentication for Critical Function
- CVE-2026-23595 - Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation
- CVE-2026-22769 - Dell RecoverPoint for Virtual Machines Hardcoded Credential Remote Authentication Bypass
- CVE-2026-23647 - Glory RBG-100 Recycler System Hard-coded OS Credentials
- CVE-2026-23648 - Glory RBG-100 Recycler System Local Privilege Escalation via Insecure File Permissions
- CVE-2026-2616 - Beetel 777VR1 Web Management hard-coded credentials
- CVE-2026-2615 - Wavlink WL-NU516U1 firewall.cgi singlePortForwardDelete command injection
- CVE-2025-7631 - Time-Based Blind SQLi in Tumeva Internet Technologies' Tumeva News Software
- CVE-2026-2247 - SQL Injection in Clickedu's SaaS platform
- CVE-2026-2101 - Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19
- CVE-2026-2564 - Intelbras VIP 3260 Z IA OutsideCmd password recovery
- CVE-2026-26369 - JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup
- CVE-2026-26368 - JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword
- CVE-2026-26366 - JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials
- CVE-2026-2540 - Micca KE700 Acceptance of previously used rolling codes
- CVE-2025-32061 - Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
- CVE-2025-32062 - Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
- CVE-2025-32059 - Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
- CVE-2025-32058 - Stack Overflow in processing requests over INC interface on RH850 side of Infotainment ECU
- CVE-2026-1306 - midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action
- CVE-2026-2144 - Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage
- CVE-2026-24853 - Caido has an insufficient patch for DNS rebind leading to RCE
- CVE-2026-26335 - Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE
- CVE-2026-26333 - Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE
- CVE-2026-26334 - Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials
- CVE-2026-26190 - Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
- CVE-2026-26187 - lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
- CVE-2025-69770 - MojoPortal CMS Zip Slip Remote Command Execution Vulnerability
- CVE-2026-26268 - Cursor sandbox escape via Git hooks
- CVE-2026-26221 - Hyland OnBase Timer Services Unauthenticated .NET Remoting RCE
- CVE-2026-1619 - IDOR in Universal Sotware's FlexCity/Kiosk
- CVE-2026-1618 - Admin Account Takeover in Universal Sotware's FlexCity/Kiosk
- CVE-2025-14349 - Business Logic Error in Universal Software's FlexCity/Kiosk
- CVE-2020-37167 - ClamAV ClamBC <= 0.102.0 - 'ClamBC' Executable Regular Expression Error
- CVE-2019-25336 - SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)
- CVE-2019-25337 - OwnCloud 8.1.8 - Username Disclosure
- CVE-2019-25332 - FTP Commander Pro 8.03 - Local Stack Overflow
- CVE-2019-25333 - Bullwark Momentum Series JAWS 1.0 - 'Momentum Series JAWS' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE-2019-25335 - PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass
- CVE-2019-25331 - AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow
- CVE-2019-25325 - Thrive Smart Home 1.1 - 'Smart Home' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE-2019-25327 - Prime95 Version 29.8 build 6 - Buffer Overflow (SEH)
- CVE-2019-25320 - elearning-script 1.0 - Authentication Bypass
- CVE-2019-25321 - FTP Navigator 8.03 - Stack Overflow (SEH)
- CVE-2019-25322 - Heatmiser Netmonitor 3.03 - Hardcoded Credentials
- CVE-2019-25319 - Domain Quester Pro 6.02 - Stack Overflow (SEH)
- CVE-2019-25318 - AVS Audio Converter 9.1.2.600 - Stack Overflow
- CVE-2026-1358 - Airleader Master Unrestricted Upload of File with Dangerous Type
- CVE-2026-26011 - Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution
- CVE-2026-26020 - AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)
- CVE-2025-70314 - Webfsd Buffer Overflow Vulnerability
- CVE-2026-26218 - newbee-mall Default Seeded Administrator Credentials Allow Account Takeover
- CVE-2026-26219 - newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking
- CVE-2019-25344 - MobileGo 8.5.0 - Insecure File Permissions
- CVE-2019-25345 - RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path
- CVE-2019-25343 - NextVPN 4.10 - Insecure File Permissions
- CVE-2025-70981 - CordysCRM SQL Injection Vulnerability
- CVE-2025-54756 - BrightSign Players Use of Default Credentials
Franck Ridel
