9.3
CVE-2025-13605 - Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway
3onedata modbus gateway device modelΒ GW1101-1D(RS-485)-TB-P (hardware version V2.2.0)Β allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware vβ¦
7.5
CVE-2026-29169 - Apache HTTP Server: mod_dav_lock indirect lock crash
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earliβ¦
8.8
CVE-2026-23918 - Apache HTTP Server: http2: double free and possible RCE on early reset
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
4.8
CVE-2026-33006 - Apache HTTP Server: mod_auth_digest timing attack
A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.
5.3
CVE-2026-33007 - Apache HTTP Server: mod_authn_socache crash
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.
6.5
CVE-2026-33523 - Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
5.3
CVE-2026-6501 - Improper Restriction of XML External Entity in jOpenDocument Leads to Data Serialization Blowup
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5.
4.8
CVE-2026-6500 - Plaintext Password Storage in OpenConcerto Enabling Sensitive Data Retrieval
Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5.
2.4
CVE-2026-6499 - Incorrect Permission Assignment Allows Replacement of Critical Binaries in OpenConcerto
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.
8.3
CVE-2026-6266 - Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a β¦