Common Vulnerabilities and Exposures (CVE)

CVE-2026-21657

Feb 27, 2026 08:54:28 UTC

Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could i...

CVE-2026-21656

Feb 27, 2026 08:47:21 UTC

Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could i...

CVE-2026-1627

Feb 27, 2026 08:43:30 UTC

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the netw...

CVE-2026-1626

Feb 27, 2026 08:40:53 UTC

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.

CVE-2025-59459

Feb 27, 2026 08:33:45 UTC

An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.

CVE-2026-2362

Feb 27, 2026 08:24:19 UTC

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to th...

CVE-2026-2383

Feb 27, 2026 08:24:19 UTC

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2026-2251

Feb 27, 2026 08:18:56 UTC

Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7....

CVE-2026-2252

Feb 27, 2026 08:18:38 UTC

An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and...

CVE-2025-12150

Feb 27, 2026 08:10:15 UTC

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with f...

CVE-2026-27776

Feb 27, 2026 07:50:42 UTC

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a...

CVE-2026-0980

Feb 27, 2026 07:30:42 UTC

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a maliciou...

CVE-2026-0871

Feb 27, 2026 07:30:26 UTC

A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to...

CVE-2025-13327

Feb 27, 2026 07:30:20 UTC

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring ...

CVE-2025-9909

Feb 27, 2026 07:30:00 UTC

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious...