5.3
CVE-2024-34438 - WordPress Shared Files plugin <= 1.7.19 - Broken Access Control vulnerability
Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19.
3.7
CVE-2026-22885 - EnOcean SmartServer IoT Out-of-bounds Read
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory.
8.1
CVE-2026-20761 - EnOcean SmartServer IoT Command Injection
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device.
8.6
CVE-2026-2847 - UTT HiPER 520 Web Management formReleaseConnect sub_44EFB4 os command injection
A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument Isp_Name results in os command injection. The attack can be launched remotely. The exploβ¦
8.6
CVE-2026-2846 - UTT HiPER 520 Web Management formPdbUpConfig sub_44D264 os command injection
A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated remotβ¦
3.5
CVE-2025-52603 - HCL Connections is vulnerable to information disclosure
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.
2.4
CVE-2025-14055 - Integer underflow in Secure NCP host
An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.
9.5
CVE-2026-21627 - Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4β¦
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomlaβs com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.
2.3
CVE-2025-14547 - ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs
An integer underflow vulnerability is present in Silicon Labβs implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.
9.8
CVE-2025-10970 - SQLi in Kolay Software's Talentics
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.