4.1
CVE-2025-43883 - Improper Check Enables Denial of Service in Dell PowerScale OneFS
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
8.7
CVE-2026-33083 - DataEase has SQL Injection in Order By Clause
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj โฆ
8.7
CVE-2026-33082 - DataEase: SQL Injection in v2 Dataset Export
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2Sโฆ
7.3
CVE-2026-41082 -
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
1.7
CVE-2026-27820 - zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output butโฆ
5.3
CVE-2026-24749 - Silverstripe Assets Module has a DBFile::getURL() permission bypass
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() incorrectly add an access grant to the current session, which bโฆ
8.7
CVE-2026-2336 - Weak webstax_auth Cookie Authentication Allows Privilege Escalation
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.
2.9
CVE-2026-41080 - libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
5.1
CVE-2025-36579 - Weak Password Recovery Mechanism in Dell Client Platform BIOS Allows Physical Access Attack
Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.
0.0
CVE-2026-5426 - KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks