4.9
CVE-2026-22626 - Insufficient Input Validation Leads to Device Abnormal Behavior on HIKSEMI NAS
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.
4.6
CVE-2026-22625 - Exposing Sensitive System Files via Improper Filename Handling
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
4.3
CVE-2026-22624 - Inadequate Access Control Enables Authenticated Users to Modify Files on HIKSEMI NAS
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.
7.2
CVE-2026-22623 - Authenticated Command Injection Vulnerability in HIKSEMI NAS Interface
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.
7.2
CVE-2026-0709 - Authenticated Command Execution in Hikvision Wireless Access Points
Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
10
CVE-2026-1699 - Unprotected GitHub Actions Allows Arbitrary Code Execution with Repository Secrets
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to β¦
7.8
CVE-2026-21418 - OS Command Injection in Dell Unity Operating Environment
Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root β¦
8.2
CVE-2025-1395 - Sensitive Data Exposure in CoDeriApp's HeyGarson
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing processβ¦
7.8
CVE-2026-22277 - Root Privilege Command Injection in Dell UnityVSA 5.4 and Earlier
Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with rootβ¦
6.9
CVE-2026-25210 - libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in bufβ¦
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.