9.4
CVE-2026-3893 - Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials.
6.3
CVE-2026-7292 - o2oa NodeAgent NodeAgent.java syncFile improper authorization
A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitabiβ¦
5.3
CVE-2026-7291 - o2oa URL Fetching FileAction.java FileAction server-side request forgery
A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has β¦
4.9
CVE-2026-5794 - Vulnerability in Cryptobox allows an authenticated user to trigger an account lockout
A vulnerability affecting the detailed versions ofΒ Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.
6.5
CVE-2026-6238 - Buffer overread in ns_printrrf with corrupted RDATA field
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a tarβ¦
5.3
CVE-2026-7290 - JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection
A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql injectionβ¦
9.8
CVE-2026-41873 - Pony Mail: Admin account takeover via request smuggling
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development β¦
8.7
CVE-2026-7289 - D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow
A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
3.7
CVE-2026-40969 - Spring gRPC AuthenticationException message reflected to remote client
The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0β¦
8.7
CVE-2026-7288 - D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow
A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed toβ¦