8.6
CVE-2025-62599 - eprosima Fast DDS affected by Out-of-Memory in readPropertySeq via Manipulated DATA Submessage whenโฆ
eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-โฆ
3.7
CVE-2025-52629 - HCL AION is susceptible to Missing Content-Security-Policy
HCL AION is susceptible to Missing Content-Security-Policy.ย An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.
4.5
CVE-2025-52626 - HCL AION is susceptible to Potential Command Injection vulnerability
A Potential Command Injection vulnerability in HCL AION.ย An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
5.5
CVE-2025-52627 - HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
6.8
CVE-2026-22228 - Improper Input Validation Leading to DoS on TP-Link Archer BE230
An authenticated user with high privileges may trigger a denialโofโservice condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normโฆ
6.8
CVE-2026-22220 - Improper Input Validation Leading to DoS on TP-Link Archer BE230
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the deviceโs web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause theโฆ
7.8
CVE-2026-24669 - Open eClass Insecure Password Reset Token Reuse Enables Account Takeover
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and potentโฆ
6.5
CVE-2026-24668 - Open eClass Broken Access Control Allows Students to Add Content to Course Units
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue hโฆ
5
CVE-2026-24667 - Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user accouโฆ
6.5
CVE-2026-24666 - Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such asโฆ