1.7
CVE-2026-27820 - zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but…
5.3
CVE-2026-24749 - Silverstripe Assets Module has a DBFile::getURL() permission bypass
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() incorrectly add an access grant to the current session, which b…
8.7
CVE-2026-2336 - Weak webstax_auth Cookie Authentication Allows Privilege Escalation
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.
2.9
CVE-2026-41080 - libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
5.1
CVE-2025-36579 - Weak Password Recovery Mechanism in Dell Client Platform BIOS Allows Physical Access Attack
Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.
0.0
CVE-2026-5426 - KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks
8.2
CVE-2026-3324 - Authentication Bypass
Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.
7.1
CVE-2026-6409 - Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untr…
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
6.4
CVE-2026-2840 - Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) S…
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authentic…
7.4
CVE-2026-33804 - @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option
@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicate …