6.9
CVE-2026-1171 - birkir prime GraphQL Field graphql denial of service
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The proβ¦
9.3
CVE-2026-23839 - Movary vulnerable to Cross-site Scripting with `?categoryUpdated=` param
Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryUpdated=`. Version 0.70.0 fixes the issue.
8.7
CVE-2026-23838 - Tandoor Recipes module allows SQLite database to be externally accessible with the default settings
Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may be externally accessiβ¦
3.1
CVE-2025-55252 - HCL AION is affected by a Weak Password Policy vulnerability
HCL AIONΒ version 2 is affected by a Weak Password Policy vulnerability. This can Β allow the use of easily guessable passwords, potentially resulting in unauthorized access
1.8
CVE-2025-55250 - HCL AION is affected by a Technical Error Disclosure vulnerability
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.
6.5
CVE-2026-23878 - HotCRP vulnerable to exposure of submitted documents
HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated wβ¦
10
CVE-2026-23836 - HotCRP vulnerable to remote code execution through formulas
HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2.
2.4
CVE-2025-52661 -
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
6.9
CVE-2026-1170 - birkir prime GraphQL API graphql information disclosure
A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be usedβ¦
3.5
CVE-2025-55249 - HCL AION is affected by a Missing Security Response Headers vulnerability.
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the applicationβs overall security posture and increase its susceptibility to common web-based attacks.