7.5
CVE-2025-62349 - Salt Master authentication protocol downgrade may enable minion impersonation
Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.
7.3
CVE-2025-62348 - Salt junos module uses an unsafe YAML loader which may allow unintended code execution
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.
6.9
CVE-2024-9432 - Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenTextβ’ Vertica.
Cleartext Storage of Sensitive Information vulnerability in OpenTextβ’ Vertica allows Retrieve Embedded Sensitive Data.Β Β The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.
3.8
CVE-2025-15497 -
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service
5.3
CVE-2026-1702 - SourceCodester Pet Grooming Management Software User Management user.php improper authorization
A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiaβ¦
6.9
CVE-2026-1701 - itsourcecode School Management System index.php sql injection
A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been discβ¦
5.1
CVE-2026-1700 - projectworlds House Rental and Property Listing sms.php cross site scripting
A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made aβ¦
5.3
CVE-2026-1691 - bolo-solo SnakeYAML BackupService.java importMarkdownsSync deserialization
A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has bβ¦
5.1
CVE-2026-1690 - Tenda HG10 formSysCmd system command injection
A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used.
6.9
CVE-2026-1689 - Tenda HG10 Login formLogin checkUserFromLanOrWan command injection
A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be lauβ¦