5.1
CVE-2026-22211 - TinyOS <= 2.1.2 Global Buffer Overflow in printfUART
TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s forma…
6.3
CVE-2026-22820 - Outray cli is vulnerable to race conditions in tunnels creation
Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.
10
CVE-2026-22240 - Plaintext Passwords Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaint…
10
CVE-2026-22239 - Email Sending Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the attack…
10
CVE-2026-22238 - Administrator Account Creation Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitat…
10
CVE-2026-22237 - Exposed Internal API Documentation Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability co…
10
CVE-2026-22236 - Improper Authentication Vulnerability in BLUVOYIX
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the atta…
7.5
CVE-2025-9142 - Local privilege escalation in Harmony SASE Windows Agent
A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.
7.1
CVE-2025-14317 - User Enumeration in Crazy Bubble Tea mobile application
In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 (Android) and 7.4.1 (iOS).
5.1
CVE-2025-13175 - Insecure Password Storage in Y Soft SafeQ 6
Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ 6 …