Common Vulnerabilities and Exposures (CVE)
CVE-2026-0106
In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita...
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
CVE-2025-15585
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in priv...
CVE-2026-2817
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracte...
CVE-2026-2684
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument...
CVE-2026-24126
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. A...
CVE-2026-26339
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
CVE-2026-25428
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
CVE-2026-26338
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality.
CVE-2026-26337
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
CVE-2026-25441
Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.
CVE-2026-25473
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27066
Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales no...
CVE-2026-27092
Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.2.11.
CVE-2026-26281
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting (XSS) vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management ...