5.3
CVE-2026-26226 - beautiful-mermaid < 0.1.3 SVG Attribute Injection
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without prβ¦
5.4
CVE-2026-2026 - Improper Access Control Allows Denial of Service
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
10
CVE-2026-26221 - Hyland OnBase Timer Services Unauthenticated .NET Remoting RCE
Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and Timeβ¦
4.3
CVE-2026-25531 - Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions foβ¦
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into proβ¦
5.1
CVE-2026-1578 - HP App β Potential Cross-Site Scripting
HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.
8.3
CVE-2026-1619 - IDOR in Universal Sotware's FlexCity/Kiosk
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
8.8
CVE-2026-1618 - Admin Account Takeover in Universal Sotware's FlexCity/Kiosk
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
8.8
CVE-2025-14349 - Business Logic Error in Universal Software's FlexCity/Kiosk
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
7.3
CVE-2025-33042 - Apache Avro Java SDK: Code injection on Java generated code
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and versionΒ 1.12.0. Users are recommended to upgrade to version 1.12.1β¦
0.0
CVE-2026-26302 -
Not used