- CVE-2025-71063 - Errands CalDAV TLS Certificate Verification Remote Information Disclosure
- CVE-2025-41078 - Multiple vulnerabilities in Viafirma products
- CVE-2025-41077 - Multiple vulnerabilities in Viafirma products
- CVE-2025-41006 - Multiple vulnerabilities in Imaster products Open configuration options
- CVE-2025-41005 - Multiple vulnerabilities in Imaster products Open configuration options
- CVE-2025-41004 - Multiple vulnerabilities in Imaster products Open configuration options
- CVE-2026-0855 - Merit LILIN|IP Camera - OS Command Injection
- CVE-2026-0854 - Merit LILIN|NVR - OS Command Injection
- CVE-2025-69273 - Spectrum broken authentication
- CVE-2025-69267 - Spectrum directory path traversal
- CVE-2025-52694 - Execution of arbitrary SQL commands
- CVE-2026-0841 - UTT 进取 520W formPictureUrl strcpy buffer overflow
- CVE-2026-0838 - UTT 进取 520W ConfigWirelessBase strcpy buffer overflow
- CVE-2026-0839 - UTT 进取 520W APSecurity strcpy buffer overflow
- CVE-2026-22594 - Ghost has Staff 2FA bypass
- CVE-2026-22595 - Ghost has Staff Token permission bypass
- CVE-2025-61686 - React Router has Path Traversal in File Session Storage
- CVE-2026-21884 - React Router SSR XSS in ScrollRestoration
- CVE-2026-22029 - React Router vulnerable to XSS via Open Redirects
- CVE-2026-21900 - CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern
- CVE-2026-22023 - CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern
- CVE-2026-22026 - CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion
- CVE-2026-21898 - CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity
- CVE-2025-15501 - Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection
- CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper
- CVE-2026-22194 - GestSup <= 3.2.56 CSRF Allows Privileged Actions
- CVE-2025-69425 - Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE
- CVE-2025-69426 - Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE
- CVE-2020-36875 - AccessAlly < 3.3.2 Unauthenticated Arbitrary PHP Code Execution
- CVE-2025-7072 - Hardcoded credentials in KAON CG3000T/CG3000CT routers
- CVE-2026-22082 - Insecure Session ID Management Vulnerability in Tenda Wireless Routers
- CVE-2026-22081 - Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers
- CVE-2026-22080 - Insecure Transmission Vulnerability in Tenda Wireless Routers
- CVE-2026-22079 - Cleartext Transmission Vulnerability in Tenda Wireless Routers
- CVE-2025-70974 - Fastjson JNDI Injection Vulnerability
- CVE-2025-14736 - Frontend Admin by DynamiApps <= 3.28.25 - Unauthenticated Privilege Escalation to Administrator via Role Form Field
- CVE-2026-21409 - RICOH Streamline NX Authorization Bypass
- CVE-2025-68716 - KAYSUS KS-WR3600 Default SSH Root Access Vulnerability
- CVE-2025-68717 - KAYSUS KS-WR3600 Router Authentication Bypass Vulnerability
- CVE-2025-68719 - KAYSUS KS-WR3600 Router Configuration Backup Disclosure Vulnerability
- CVE-2025-66913 - JimuReport H2 JDBC Remote Code Execution Vulnerability
- CVE-2025-66916 - RuoYi-Vue-Plus Snailjob QLExpress File Manipulation Vulnerability
- CVE-2026-22256 - Salvo is vulnerable to reflected XSS in the list_html function
- CVE-2026-22257 - Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names
- CVE-2025-67325 - QloApps Unrestricted File Upload Remote Code Execution
- CVE-2026-22234 - OPEXUS eCasePortal unauthenticated IDOR
- CVE-2026-21638 - Ubiquiti airMAX Wireless Protocol Remote Code Execution Vulnerability
- CVE-2025-59468 - Postgres Backup Remote Code Execution Vulnerability
- CVE-2025-59469 - "HP Data Protector Root Privilege Escalation"
- CVE-2025-59470 - Postgres Remote Code Execution Vulnerability
- CVE-2025-63611 - Phpgurukul Hostel Management System Cross-Site Scripting
- CVE-2025-67089 - GL-iNet GL-AXT1800 Command Injection Vulnerability
- CVE-2026-22034 - Snuffleupagus vulnerable to RCE on instances with upload validation enabled but without the VLD package
- CVE-2025-69258 - Trend Micro Apex Central LoadLibraryEX Remote Code Execution Vulnerability
- CVE-2025-62877 - Harvest may expose OS default ssh login password via SUSE Virtualization Interactive Installer
- CVE-2025-66001 - NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)
- CVE-2025-67921 - WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability
- CVE-2025-67924 - WordPress Corpkit theme <= 2.0 - Arbitrary File Upload vulnerability
- CVE-2025-67926 - WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability
- CVE-2025-67928 - WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability
- CVE-2025-67917 - WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability
- CVE-2025-67919 - WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability
- CVE-2025-67920 - WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability
- CVE-2025-67913 - WordPress Aruba HiSpeed Cache plugin < 3.0.3 - Broken Access Control vulnerability
- CVE-2025-67915 - WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability
- CVE-2025-67911 - WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability
- CVE-2019-25296 - WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete
- CVE-2026-21877 - n8n is vulnerable to Remote Code Execution via Arbitrary File Write
- CVE-2026-21697 - axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
- CVE-2026-21857 - Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read
- CVE-2019-25291 - INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability
- CVE-2019-25289 - INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution
- CVE-2019-25282 - V-SOL GPON/EPON OLT Platform V2.03.62R_IPv6 v2.03 Open Redirect via bindProfile.html
- CVE-2019-25279 - FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability
- CVE-2019-25278 - FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure
- CVE-2019-25268 - NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution
- CVE-2019-25231 - devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
- CVE-2017-20215 - FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 Authenticated OS Command Injection
- CVE-2017-20216 - FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Unauthenticated Remote Command Injection
- CVE-2017-20214 - FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 Hard-Coded SSH Credentials Vulnerability
- CVE-2017-20213 - FLIR Thermal Camera F/FC/PT/D Stream 8.0.0.64 Unauthenticated Stream Disclosure
- CVE-2017-20212 - FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading
- CVE-2026-21683 - iccDEV has Type Confusion in icStatusCMM::CIccEvalCompare::EvaluateProfile()
- CVE-2026-21682 - iccDEV has heap-buffer-overflow in CIccXmlArrayType::ParseText()
- CVE-2026-22184 - zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()
- CVE-2025-68705 - RustFS Path Traversal Vulnerability
- CVE-2026-21854 - Tarkov Data Manager Authentication Bypass vulnerability
- CVE-2026-21855 - Tarkov Data Manager has Unauthenticated Reflected XSS
- CVE-2026-21679 - iccDEV has heap-buffer-overflow vulnerability in CIccLocalizedUnicode::GetText()
- CVE-2025-61492 - Terminal-Controller-MCP Command Injection Vulnerability
- CVE-2026-22544 - EXCHANGE OF CREDENTIALS IN CLEAR TEXT
- CVE-2026-22536 - PRIVILEGE ESCALATION VIA SUDO COMMAND
- CVE-2026-22535 - FRAIL SECURITY IN MQTT PROTOCOL ALLOWS AN ATTACKER MODIFY CRITICAL PARAMETERS
- CVE-2025-4676 - Authentication bypass by brute forcing Authentication Headers
- CVE-2025-12543 - Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
- CVE-2026-22540 - DENIAL OF SERVICE VIA ARP PACKETS
- CVE-2026-22541 - DENIAL OF SERVICE VIA ICMP PACKETS
- CVE-2025-47552 - WordPress DZS Video Gallery plugin <= 12.37 - PHP Object Injection Vulnerability
- CVE-2025-32303 - WordPress WPCHURCH plugin <= 2.7.0 - SQL Injection Vulnerability
- CVE-2025-69081 - WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability
Franck Ridel
