7.3
CVE-2025-33181 -
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
8
CVE-2025-33180 -
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
8
CVE-2025-33179 -
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
8.7
CVE-2026-26342 - Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to auβ¦
9.3
CVE-2026-26341 - Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain adminiβ¦
8.7
CVE-2026-26340 - Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveillβ¦
7.6
CVE-2026-3105 - SQL Injection in Contact Activity API Sorting
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated aβ¦
10
CVE-2026-26222 - DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE
Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,β¦
0.0
CVE-2026-25603 - Path Traversal vulnerability in Linksys MR9600, Linksys MX4200
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows thatΒ contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context oβ¦
4.8
CVE-2026-27468 - Mastodon may allow unconfirmed FASP to make subscriptions
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content dβ¦