5.3
CVE-2026-1213 - Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.
8.8
CVE-2025-15467 - Stack buffer overflow in CMS (Auth)EnvelopedData parsing
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)β¦
2.7
CVE-2025-13881 - Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user β¦
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.
6.9
CVE-2025-12387 - Denial of Service in Pix-Link LV-WR21Q
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes admiβ¦
6.9
CVE-2025-12386 - Missing Authentication for Critical Endpoint in Pix-Link LV-WR21Q
Pix-Link LV-WR21Q does not enforce any form of authentication for endpointΒ /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with β¦
5.3
CVE-2025-41728 - Beckhoff: Information leak via Beckhoff Device Manager
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially cβ¦
7.8
CVE-2025-41727 - Beckhoff: Performing privileged operations and gaining administrator access
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
8.8
CVE-2025-41726 - Beckhoff: Arbitrary code execution within privileged processes
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
7.4
CVE-2026-24348 - Multiple cross-site scripting vulnerabilities in EZCast Pro II Dongle
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.
9.8
CVE-2026-24830 - Integer Overflow or Wraparound in IronOS
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.