7.5
CVE-2025-70084 -
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.
6.9
CVE-2026-25872 - JUNG Smart Panel 5.1 KNX Unauthenticated Path Traversal
JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystβ¦
6.9
CVE-2026-25870 - DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF
DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The implemβ¦
3.7
CVE-2026-26013 - LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side β¦
8.2
CVE-2026-26007 - cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do noβ¦
6.5
CVE-2026-26006 - Redos (Regular Expression Denial of Service) at Code Extraction Block in significant-gravitas/autogβ¦
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expression Denial of Service due to the use of regex at Code Extraction Block. The two Regex are used cβ¦
6.7
CVE-2025-12699 - ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible Fileβ¦
The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return loβ¦
8.7
CVE-2026-1507 - Uncaught Exception vulnerability in AVEVA PI Data Archive
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
5.7
CVE-2026-1495 - Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent
The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.
4.6
CVE-2026-1763 - Enervista UR Setup DLL Hijacking
Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.