3.3
CVE-2026-21786 - HCL Sametime for iOS is affected by sensitive information disclosure
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
5.1
CVE-2026-28537 - Double free in HarmonyOS window module may cause denial of service
Double free vulnerability in the window module.Β Impact: Successful exploitation of this vulnerability may affect availability.
9.6
CVE-2026-28536 - Authentication Bypass in HarmonyOS Device Module
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
7.3
CVE-2026-25702 - nftables disabled due to incorrect kernel backport
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb9165β¦
10
CVE-2026-2743 - SEPPmail User Web Interface Arbitrary File Write to RCE
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
9.4
CVE-2026-1678 - dns: memoryβsafety issue in the DNS name parser
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-boundsβ¦
9.1
CVE-2026-2418 - Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email
7.1
CVE-2026-28137 - WordPress MediCenter - Health Medical Clinic WordPress Theme theme <= 14.9 - Reflected Cross Site Sβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects MediCenter - Health Medical Clinic: from n/a through <= 14.9.
8.2
CVE-2026-28135 - WordPress Royal Elementor Addons plugin <= 1.7.1052 - Other vulnerability Type vulnerability
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1052.
8.5
CVE-2026-28134 - WordPress JetEngine plugin <= 3.7.2 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2.