9.3
CVE-2011-10041 - Uploadify <= 1.0 Unauthenticated Arbitrary File Upload
Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution b…
6.9
CVE-2026-1002 - Eclipse Vert.x Web static handler file access denial
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used …
7.1
CVE-2026-21921 - Junos OS and Junos OS Evolved: When telemetry collectors are frequently subscribing and unsubscribi…
A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors …
8.7
CVE-2026-21920 - Junos OS: SRX Series: If a specific request is processed by the DNS subsystem flowd will crash
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd w…
8.7
CVE-2026-21918 - Junos OS: SRX and MX Series: When TCP packets occur in a specific sequence flowd crashes
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of …
8.7
CVE-2026-21917 - Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifica…
8.7
CVE-2026-21914 - Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request messag…
8.7
CVE-2026-21913 - Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and restart
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high…
6.8
CVE-2026-21912 - Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 line card re…
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to …
7.1
CVE-2026-21911 - Junos OS Evolved: Flapping management interface causes MAC learning on label-switched interfaces to…
An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces (LSI) to stop while g…