4.3
CVE-2025-68658 - Open Source Point of Sale (opensourcepos) Stored XSS in Configuration (Information) โ Company Nameโฆ
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An authenticated user with the permission โConfiguratiโฆ
5.7
CVE-2025-68947 - NSecsoft NSecKrnl process termination privilege escalation
NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.
6.5
CVE-2026-0543 - Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation
Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector acโฆ
6.5
CVE-2026-0531 - Allocation of Resources Without Limits or Throttling in Kibana Fleet
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. This requires an attacker to have low-level privileges equivalent to the viewer role, which grants read access to agent policieโฆ
6.5
CVE-2026-0530 - Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana Fleet can lead to Excessive Allocation (CAPEC-130) via a specially crafted request. This causes the application to perform redundant processing operations that continuously consume system resources until service degradation orโฆ
6.5
CVE-2026-0528 - Improper Input Validation in Metricbeat Leading to Denial of Service
Improper Validation of Array Index (CWE-129) exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation (CAPEC-153) via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Inpuโฆ
8.7
CVE-2026-22871 - GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwritโฆ
7.1
CVE-2026-22870 - GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigaโฆ
5.1
CVE-2025-15056 - Quill 2.0.3 - Lack of data validation in HTML export allowing XSS
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.
8.9
CVE-2026-22869 - Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target trigger combined with checkout of untrusted โฆ