7.3
CVE-2025-12690 - Local Privilege Escalation in NGFW Engine
Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19,Β through 7.3.0, through 7.2.4, through 7.1.10.
10
CVE-2026-27897 - Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF)
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI diaβ¦
8.1
CVE-2026-22248 - GLPI affected by Remote Code Execution via malicious upload
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP instantiationβ¦
7.5
CVE-2026-21888 - MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.
6.8
CVE-2026-32229 - Authentication Bypass via Account Mismatch in JetBrains Hub
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
5.1
CVE-2026-3946 - PHPEMS index.php cross site scripting
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be β¦
8.7
CVE-2026-3013 - Path Traversal in Coppermine Photo Gallery
Coppermine Photo Gallery in versions 1.6.09 through 1.6.27Β is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in versionβ¦
9.6
CVE-2026-30903 - External Control of File Name or Path in Zoom Workplace Mail Feature Leads to Privilege Escalation
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
7.8
CVE-2026-30902 - Zoom Clients for Windows - Improper Privilege Management
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
7
CVE-2026-30901 - Zoom Rooms for Windows - Improper Input Validation
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.