6.9
CVE-2025-15528 - Open5GS GTPv2 Bearer Response denial of service
A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may bβ¦
8.2
CVE-2026-23745 - node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitizβ¦
node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Ovβ¦
7.1
CVE-2026-21223 - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
8
CVE-2026-20960 - PowerApps Desktop Client Remote Code Execution Vulnerability
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
10
CVE-2026-23800 - WordPress Modular DS plugin <= 2.5.2 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.
5.4
CVE-2026-23643 - CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.
5.1
CVE-2019-25297 - Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.6.25 Stored XSS
Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior toΒ 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated attacker can inject arbitrary script into conteβ¦
9.8
CVE-2026-23744 - REC in MCPJam inspector due to HTTP Endpoint exposes
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam insβ¦
9.3
CVE-2012-10064 - Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enaβ¦
8.8
CVE-2026-23742 - Skipper arbitrary code execution through lua filters
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The coβ¦