5.5
CVE-2026-21316 - Audition | Access of Memory Location After End of Buffer (CWE-788)
Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requiโฆ
7.8
CVE-2026-21312 - Audition | Out-of-bounds Write (CWE-787)
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2026-21315 - Audition | Out-of-bounds Read (CWE-125)
Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open โฆ
5.5
CVE-2026-21313 - Audition | Out-of-bounds Read (CWE-125)
Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must opeโฆ
5.5
CVE-2026-21317 - Audition | Out-of-bounds Read (CWE-125)
Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must opeโฆ
5.5
CVE-2026-21314 - Audition | Out-of-bounds Read (CWE-125)
Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must opeโฆ
9.3
CVE-2026-25993 - EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / request_path valuesโderived from the url_key stored in the databaseโinto SQL statements via string concatenation and passes them to execute(). As a result, if a malicโฆ
6.1
CVE-2026-25956 - Frappe Affected by XSS and Open Redirect in Sign Up
Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect (or reflected XSS, depending on the crafted payload) when a user signs up. This vulnerability is fixed in 14.99.14 aโฆ
6.9
CVE-2026-1996 - Certain HP OfficeJet Pro Printers โ Denial of Service
Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.
8.8
CVE-2026-25947 - Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation โฆ