7.5
CVE-2025-69428 - Unauthenticated Directory Exposure in Pro-Bit Prior to v1.77.4
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
6.1
CVE-2026-38935 - Reflected XSS Vulnerability in diskoverβcommunity Public View Page
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
6.2
CVE-2026-35902 - Denial of Service via Persistent Digest Authentication Failure in MERCURY MIPC252W RTSP Service
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failβ¦
7.5
CVE-2026-30351 - Path Traversal Allows Read of Arbitrary Files in Autocoder UI Static Component
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
7.0
CVE-2026-31686 - mm/kasan: fix double free for kasan pXds
In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct page aligned. But that's not always the case for all architectures. E.g. In case of powerpc with 64K pagesize, PUD table (of sizβ¦
5.5
CVE-2026-31691 - igb: remove napi_synchronize() in igb_down()
In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK buffer pool is destroyed but NAPI polling continues. igb_clean_rx_irq_zc() repeatedly returns the fullβ¦
9.4
CVE-2024-46636 -
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
5.4
CVE-2026-31255 - Command Injection in Tenda AC18 Firmware Allowing System Command Execution
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.
4.3
CVE-2026-30462 - Directory Traversal in Daylight Studio FuelCMS Blocks Module 1.5.2
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.
4.4
CVE-2026-35901 - Repeated RTSP SETUP Request Causing Session Termination in Mercury MIPC252W
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection,β¦