4
CVE-2026-32777 -
libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
4
CVE-2026-32776 -
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
8.7
CVE-2026-25083 -
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.
5.1
CVE-2026-4222 - SSCMS download PathUtils.RemoveParentPath path traversal
A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit hβ¦
6.9
CVE-2026-4221 - Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has bβ¦
7.4
CVE-2026-32775 -
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.
3.7
CVE-2025-71264 -
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
6.9
CVE-2026-4220 - Technologies Integrated Management Platform SetWebpagePic.jsp unrestricted upload
A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The exploβ¦
4.8
CVE-2026-4219 - INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App ae.index.apgcs BuildConfig.java harβ¦
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument ACCESS_Kβ¦
2
CVE-2026-4218 - myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible β¦