4.9
CVE-2026-0399 - Authenticated StackβBased Buffer Overflow in SonicOS Management API
Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.
5.3
CVE-2026-3102 - exiftool PNG File MacOS.pm SetMacOSTags os command injection
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carrieβ¦
5.3
CVE-2026-3101 - Intelbras TIP 635G Ping os command injection
A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early β¦
0.0
CVE-2026-3126 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.5
CVE-2026-27567 - Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an β¦
6.8
CVE-2025-10010 - Integrity Validation Bypass in CryptoPro Secure Disk for BitLocker
The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple chβ¦
8.8
CVE-2026-27483 - MindsDB has Path Traversal in /api/files Leading to Remote Code Execution
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the "Upβ¦
9.2
CVE-2026-27208 - api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a containβ¦
9.8
CVE-2026-2807 - Memory safety bugs fixed in Firefox 148 and Thunderbird 148
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
9.1
CVE-2026-2806 - Uninitialized memory in the Graphics: Text component
Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.