8.2
CVE-2026-24708 - openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling inβ¦
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an β¦
6.5
CVE-2022-41650 - WordPress Custom Content by Country plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.
9.4
CVE-2026-22208 - OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such β¦
5.4
CVE-2026-23861 -
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTβ¦
6.1
CVE-2025-7706 - Improper Access Control in TUBITAK BILGEM's Liderahenk
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.
7
CVE-2026-25087 - Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with variadic buffers (such as Binary View and Striβ¦
8.6
CVE-2026-2615 - Wavlink WL-NU516U1 firewall.cgi singlePortForwardDelete command injection
A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been publβ¦
4
CVE-2026-2625 - Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verificβ¦
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditioβ¦
6.5
CVE-2025-8303 - XSS in EKA Software's Real Estate Script V5 (With Doping Module β Store Module β New Language Systeβ¦
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Doping Module β Store Module β New Language System) allows Cross-Site Scripting (XSS).This issue affecβ¦
8.6
CVE-2025-7631 - Time-Based Blind SQLi in Tumeva Internet Technologies' Tumeva Prime News Software
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software allows SQL Injection.This issue affects Tumeva Prime News Software: fβ¦