7.4
CVE-2026-21524 - Azure Data Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.
9.8
CVE-2026-24306 - Azure Front Door Elevation of Privilege Vulnerability
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
7.5
CVE-2026-21520 - Copilot Studio Information Disclosure Vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
8.1
CVE-2026-24129 - Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager β¦
9.4
CVE-2025-54816 - EVMAPA Missing Authentication for Critical Function
This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given thatβ¦
7.5
CVE-2025-53968 - EVMAPA Improper Restriction of Excessive Authentication Attempts
This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service (DoS) condition. This can overwhelm the authentication systeβ¦
7.3
CVE-2025-55705 - EVMAPA Insufficient Session Expiration
This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expirationβ¦
6.1
CVE-2025-25051 - AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password
An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.
8.9
CVE-2026-24124 - Dragonfly Manager Job API Allows Unauthenticated Access
Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acceβ¦
6.1
CVE-2025-67652 - AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password
An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaβ¦