8.8
CVE-2026-0796 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flawβ¦
7.8
CVE-2025-15059 - GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or β¦
9.8
CVE-2025-15063 - Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the β¦
7.8
CVE-2025-11002 - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on tβ¦
9.9
CVE-2026-24304 - Azure Resource Manager Elevation of Privilege Vulnerability
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
7.5
CVE-2026-24138 - FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and β¦
5.8
CVE-2026-24137 - sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from sigβ¦
5.5
CVE-2026-22983 - net: do not write to msg_get_inq in callee
In the Linux kernel, the following vulnerability has been resolved: net: do not write to msg_get_inq in callee NULL pointer dereference fix. msg_get_inq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internalβ¦
5.5
CVE-2026-22990 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declareβ¦
9.8
CVE-2025-70457 -
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save proβ¦