6.8
CVE-2025-13154 -
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
5.1
CVE-2026-0601 - Nexus Repository 3 - Cross-Site Scripting
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.
8.4
CVE-2026-0861 - Integer overflow in memalign leads to heap corruption
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the sizβ¦
8.6
CVE-2026-23512 - SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows eβ¦
5.5
CVE-2026-0961 - Out-of-bounds Write in Wireshark
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
5.3
CVE-2026-0962 - Out-of-bounds Write in Wireshark
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
4.7
CVE-2026-0960 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service
5.3
CVE-2026-0959 - Out-of-bounds Write in Wireshark
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
5.9
CVE-2026-22036 - Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoβ¦
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerabiliβ¦
7.7
CVE-2025-11224 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.