7.2
CVE-2026-6973 -
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
8.8
CVE-2026-5786 - Improper Access Control Enables Remote Authenticated Attacker to Gain Administrative Access in Ivan…
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.
6.8
CVE-2025-4397 - Medtronic MyCareLink Patient Monitor Data Encryption Weakness
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.
6.8
CVE-2025-4386 - Medtronic MyCareLink Patient Monitor Hardware Debug Port
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.
6.9
CVE-2026-32686 - Unbounded exponent in decimal enables unauthenticated DoS
Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent (e.g. Decimal.new("1e1000000000")) is accepted without error. Subsequent …
7.1
CVE-2026-44349 - Daptin fuzzy search injects unvalidated column name into raw SQL
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resource_findallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.L(fmt.Sprintf("LOWER(%s) LIKE ?", prefix+col)) raw SQL with…
8.3
CVE-2026-41422 - Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed auth…
6
CVE-2026-41689 - Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlis…
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use Wallo…
7.7
CVE-2026-41688 - Incomplete fix for CVE-2026-33399: SSRF in Wallos
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the original hostname to cURL without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DN…
4.3
CVE-2026-41687 - Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Chec…
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40) uses an inline IP validation check (FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) that does…