Common Vulnerabilities and Exposures (CVE)

CVE-2024-27199

Apr 21, 2026 03:55:31 UTC

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

CVE-2026-5965

Apr 21, 2026 03:32:55 UTC

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

CVE-2026-28463

Apr 21, 2026 02:43:28 UTC

OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks pre-expansion argv tokens but executes using real shell expansion. Attackers with authorization or thro...

CVE-2025-40931

Apr 21, 2026 02:42:43 UTC

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() ...

CVE-2025-40926

Apr 21, 2026 02:42:17 UTC

Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come...

CVE-2025-70995

Apr 21, 2026 02:41:54 UTC

An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a...

CVE-2025-48645

Apr 21, 2026 02:41:36 UTC

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne...

CVE-2025-48613

Apr 21, 2026 02:41:16 UTC

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges n...

CVE-2026-2791

Apr 21, 2026 02:40:55 UTC

Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2788

Apr 21, 2026 02:40:29 UTC

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-0924

Apr 21, 2026 02:40:06 UTC

BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.

CVE-2026-6674

Apr 21, 2026 02:25:40 UTC

The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of suf...

CVE-2026-6675

Apr 21, 2026 02:25:39 UTC

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing serv...

CVE-2026-6058

Apr 21, 2026 01:48:13 UTC

** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition...

CVE-2026-40497

Apr 21, 2026 01:45:55 UTC

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes `<script>`, `<form>`, `<iframe>`, `<object>` but does NOT strip `<style>` tags. The mailbox signature...