7.2
CVE-2026-21856 - Tarkov Data Manager has Authenticated SQL Injection
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the β¦
9.3
CVE-2026-21855 - Tarkov Data Manager has Unauthenticated Reflected XSS
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim's browser session by crafting a malicious β¦
9.8
CVE-2026-21854 - Tarkov Data Manager Authentication Bypass vulnerability
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property accβ¦
6.5
CVE-2026-21680 - iccDEV has Null Pointer Dereference in CIccProfile::CheckTagTypes()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV libraβ¦
7.5
CVE-2026-0669 - Path Traversal vulnerability in CSS extension on certain web servers
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
5.3
CVE-2026-0668 - VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
5.9
CVE-2025-66560 - Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting toβ¦
Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writtβ¦
5.4
CVE-2025-61782 - Open Redirect in OpenCTI's SAML Authentication Flow
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can β¦
6.3
CVE-2025-58441 - Knowage is vulnerable to blind server-side request forgery (SSRF)
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of β¦
5.3
CVE-2026-22539 - INFORMATION DISCLOSURE VIA CURL REQUESTS (OCPP)
As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.