5.3
CVE-2026-6253 - curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies
A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may aβ¦
6.5
CVE-2026-5773 - curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse
A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session)β¦
6.5
CVE-2026-38993 - Cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component
Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.
9.8
CVE-2026-38992 - Cockpit CMS Arbitrary Code Execution via MongoLite $func Operator
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.
7.8
CVE-2026-30769 - Privilege Escalation via Crafted IOCTL in TVicPort64.sys Driver
An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.
6.1
CVE-2025-56537 - Stored XSS Vulnerability in OpenNebula 6.10.0.1 Virtual Network Template
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter.
6.1
CVE-2025-56535 - CrossβSite Scripting via Zone Attribute Parameter in OpenNebula
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.
9.8
CVE-2026-36841 - Command Injection via formMapDelDevice Parameters in TOTOLINK N200RE V5
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
7.1
CVE-2026-42010 - Gnutls: gnutls: authentication bypass via nul character in username
A flaw was found in gnutls. Servers configured with RSA-PSK (RivestβShamirβAdleman β Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. Tβ¦
6.1
CVE-2025-56534 -
A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.