8.2
CVE-2026-0805 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
9.9
CVE-2026-0963 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
7.1
CVE-2026-1680 - Local Privilege Escalation in Local Admin Service
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group memberβ¦
6.5
CVE-2025-12899 - net: icmp: Out of bound memory read
A flaw in Zephyrβs network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem.
8.7
CVE-2026-24714 - Unintended Telnet Activation via Magic Packet on EndβofβLife NETGEAR Devices
Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.
10
CVE-2026-24729 - Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file.
9.3
CVE-2026-24728 - Interinfo DreamMaker - Missing Authentication for Critical Function
A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication.
4.3
CVE-2025-15322 - Tanium addressed an improper access controls vulnerability in Tanium Server.
Tanium addressed an improper access controls vulnerability in Tanium Server.
8.6
CVE-2025-69662 - Unauthorized SQL Injection via geopandas to_postgis()
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
9.8
CVE-2025-51958 -
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php.