7.1
CVE-2026-25126 - PolarLearn's unvalidated vote direction allows vote count manipulation
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON bodyβs `direction` value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g.,β¦
5.3
CVE-2026-1625 - D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection
A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. The attack may be initiated remotely. The explβ¦
5.3
CVE-2026-1624 - D-Link DWR-M961 formLtefotaUpgradeFibocom command injection
A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. The attack can be launched remotely. The exploit has been disclosedβ¦
8.3
CVE-2026-25117 - pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as `http[:]//dojo[.]website`. This is a sβ¦
7.6
CVE-2026-25116 - Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote user to overwrite the system's `docker-compose.yml` configuration file. By exploiting insecure URN parβ¦
8.3
CVE-2026-25063 - gradle-completion has a Bash command injection issue
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. The β¦
5.5
CVE-2026-25061 - tcpflow has TIM Element OOB Write in wifipcap
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitβ¦
9.4
CVE-2026-25047 - deepHas vulnerable to Prototype Pollution via constructor.prototype
deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8.
2.9
CVE-2026-25046 - [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js
Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could executeβ¦
5.7
CVE-2026-25040 - Budibase Vulnerable to Privilege Escalation via API Abuse β Creator Can Invite Users with Admin/Anyβ¦
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or App β¦