7.5
CVE-2026-34874 - NULL Pointer Dereference Allowing Arbitrary Memory Write in Mbed TLS
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
3.7
CVE-2025-67806 - Account Enumeration via Distinct Login Responses in Sage DPW
The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.
7.7
CVE-2026-25835 - Seed Misuse in PseudoβRandom Number Generator
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
9.8
CVE-2024-43028 - Command Injection in JEECG Boot /jmreport/show Allows Arbitrary Code Execution
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.
8.4
CVE-2026-30292 -
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
8.4
CVE-2026-30291 - Arbitrary File Overwrite in Ora Tools PDF Reader Leading to Code Execution
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
6.1
CVE-2026-30526 - Reflected XSS in SourceCodester Zoo Management System Login
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The application reflects the content of the msg parameter back to the user without proper HTML encoding orβ¦
0.0
CVE-2026-23409 - apparmor: fix differential encoding verification
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encoβ¦
0.0
CVE-2026-23405 - apparmor: fix: limit the number of levels of policy namespaces
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying on the user namespace limit. However policy namespaces aren't strictly tied to user namespaces and itβ¦
0.0
CVE-2026-23404 - apparmor: replace recursive profile removal with iterative approach
In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; forβ¦