5.3
CVE-2026-25436 - WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
4.7
CVE-2026-44407 - Remote Denial of Service Vulnerability Exists in ZTE Cloud PC Client uSmartview
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
6.5
CVE-2026-27421 - WordPress Royal Elementor Addons plugin < 1.7.1053 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
5.3
CVE-2025-2514 - Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage …
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One B…
5.4
CVE-2026-4430 - Heap Buffer Overflow in AgileEngine
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
8.1
CVE-2025-9661 - OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual S…
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
5.7
CVE-2026-44406 - DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview
ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServi…
9.3
CVE-2026-41586 - ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserializa…
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrusted byte arrays with…
8.8
CVE-2026-41143 - YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSav…
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concatenated directly into a raw SQL query without any …
8.8
CVE-2026-41139 - Unsafe array index getter in mathjs
Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.