5.3
CVE-2025-12810 - Failure in Password Rotation and Check-in Mechanism in Secret Server Allows Reuse of Credentials
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reachβ¦
5.1
CVE-2026-24688 - pypdf has possible Infinite Loop when processing outlines/bookmarks
pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects caβ¦
4.7
CVE-2026-24771 - Hono has a Cross-site Scripting vulnerability
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered β¦
6.3
CVE-2026-24473 - Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment. Imβ¦
5.3
CVE-2026-24472 - Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headeβ¦
9.4
CVE-2026-24858 -
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager β¦
4.8
CVE-2026-24398 - Hono's IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts` do not properly valβ¦
4.1
CVE-2026-24116 - Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64
Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are β¦
8.5
CVE-2020-36983 - Quick 'n Easy FTP Service 3.2 - Unquoted Service Path
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system β¦
8.5
CVE-2020-36982 - Motorola Device Manager 2.5.4 - 'MotoHelperService.exe' Unquoted Service Path
Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privilβ¦