7.5
CVE-2026-24892 - openITCOCKPIT has Unsafe Deserialization in openITCOCKPIT Changelog Handling
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized changelog data derived from β¦
8.1
CVE-2026-27190 - Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.
8.7
CVE-2026-2856 - D-Link DWR-M960 Filter Configuration Endpoint formFilter sub_424AFC stack-based overflow
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launchβ¦
8.7
CVE-2026-2855 - D-Link DWR-M960 DDNS Settings formDdns sub_4648F0 stack-based overflow
A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit hasβ¦
6.1
CVE-2025-62326 - HCL Digital Experience is susceptible to stored cross-site scripting (XSS)
HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.
7.7
CVE-2026-2473 - Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up toΒ (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictablβ¦
8.6
CVE-2026-2472 - Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization
Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab enviβ¦
8.7
CVE-2026-2854 - D-Link DWR-M960 NTP Configuration Endpoint formNtp sub_4611CC stack-based overflow
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploβ¦
8.7
CVE-2026-2853 - D-Link DWR-M960 System Log Configuration Endpoint formSysLog sub_462E14 stack-based overflow
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated rβ¦
5.3
CVE-2026-2852 - yeqifu warehouse Sales Endpoint SalesController.java deleteSales access control
A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The mβ¦