4.6
CVE-2026-0519 - Information Disclosure in Secure Access Between 12.70 and 14.20
In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.
4.8
CVE-2026-0518 - XSS in Secure Access Consoles prior to 14.20
CVE-2026-0518 is a cross-site scripting vulnerability in versions of Secure Access prior to 14.20. An attacker with administrative privileges can interfere with another administrator’s use of the console.
6
CVE-2026-0517 - Denial of Service in Secure Access Servers Prior to 14.20.
CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure Access Server prior to 14.20. An attacker can send a specially crafted packet to a server and cause the server to crash
8.6
CVE-2026-22865 - Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these excepti…
8.6
CVE-2026-22816 - Gradle fails to disable repositories which can expose builds to malicious artifacts
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these excepti…
6.9
CVE-2025-15529 - Open5GS s5c-handler.c sgwc_s5c_handle_create_session_response denial of service
A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made publi…
6.9
CVE-2025-15528 - Open5GS GTPv2 Bearer Response denial of service
A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may b…
8.2
CVE-2026-23745 - node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitiz…
node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Ov…
5.1
CVE-2026-21223 - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged up…
8
CVE-2026-20960 - Microsoft Power Apps Remote Code Execution Vulnerability
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.