8.5
CVE-2026-26334 - Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the sys…
10
CVE-2026-26333 - Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE
Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs (including EndeavorServer.rem and RemoteFileReceiver.rem) and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An…
9.3
CVE-2026-26335 - Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE
Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passe…
5.4
CVE-2026-26269 - Vim has a Netbeans specialKeys Stack Buffer Overflow
Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (…
7.8
CVE-2026-26208 - ADB Explorer Vulnerable to Remote Code Execution via Insecure Deserialization
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allows…
9.8
CVE-2026-26190 - Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System…
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (defau…
8.1
CVE-2026-26187 - lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling direct…
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used strings.Ha…
7.7
CVE-2026-25991 - Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL afte…
4.9
CVE-2026-25964 - Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Ar…
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerab…
7.8
CVE-2026-26264 - BACnet Stack WriteProperty decoding length underflow leads to OOB read and crash
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack, leading to an out‑of‑bounds read and a crash (DoS). The issue is in wp.c within wp_decode_service…