8.8
CVE-2026-26194 - Gogs: Release tag option injection in release deletion
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been pβ¦
9.3
CVE-2026-25921 - Gogs: Cross-repository LFS object overwrite via missing content hash verification
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2.
8.7
CVE-2026-26022 - Gogs: Stored XSS via data URI in issue comments
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrarβ¦
8.6
CVE-2026-28287 - FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vulnerabilities exist in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
8.1
CVE-2026-3459 - Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Uβ¦
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upβ¦
8.6
CVE-2026-28284 - FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
8.6
CVE-2026-28210 - FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.
7.5
CVE-2026-28209 - FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech inβ¦
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20β¦
6.9
CVE-2025-7375 - Unauthenticated Denial-of-Service Vulnerability in Omada EAP610
A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the deviceβs HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610β¦
0.0
CVE-2025-13476 - Rakuten Viber uses broken or risky cryptographic Algorithm
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0βv25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (Cβ¦