6.9
CVE-2026-22543 - WEEK ENCODING FOR PASSWORDS
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials
9.2
CVE-2026-22542 - DENIAL OF SERVICE FOR CONCURRENT CONNECTIONS ON TELNET
An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
4.9
CVE-2025-62327 - HCL DevOps Deploy is susceptible to insufficiently protected credentials
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
8.2
CVE-2026-22541 - DENIAL OF SERVICE VIA ICMP PACKETS
The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
9.2
CVE-2026-22540 - DENIAL OF SERVICE VIA ARP PACKETS
The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
4.9
CVE-2025-49335 - WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media external-media allows Server Side Request Forgery.This issue affects External Media: from n/a through <= 1.0.36.
5.1
CVE-2025-15479 - NGSurvey Enterprise 3.6.4 incorrect authorization exposes other usersβ API keys and personal data
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execβ¦
6.9
CVE-2025-6225 - Command injection in Kieback&Peter Neutrino-GLT
Kieback&Peter Neutrino-GLT product is used for building management. It's web componentΒ "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
9.8
CVE-2025-47552 - WordPress DZS Video Gallery plugin <= 12.37 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
7.1
CVE-2025-46494 - WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.