7.5
CVE-2026-22153 -
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
6.8
CVE-2026-21743 - Authorization Bypass via Unprotected File Upload Enabling Unauthorized User Modifications
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected β¦
7.9
CVE-2025-52436 -
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attaβ¦
9.8
CVE-2026-1774 - CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.
CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.
4.8
CVE-2025-15572 - wasm3 NewCodePage memory leak
A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at β¦
7.5
CVE-2025-11004 - Reflected XSS vulnerability in Simplicity Device Manager tool
The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack.Β These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device Manaβ¦
8.6
CVE-2026-1603 -
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
6.5
CVE-2026-1602 - SQL Injection in Ivanti Endpoint Manager Enables Remote Authenticated Data Retrieval
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
4.8
CVE-2025-15571 - ckolivas lrzip stream.c ucompthread null pointer dereference
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publiclyβ¦
8.8
CVE-2025-7636 - SQLi in Ergosis Security Systems' ZEUS PDKS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection.This issue affects ZEUS PDKS: from <1.0.5.10 through 10022026. NOTE: The vendor was contacted early about tβ¦