7.5
CVE-2026-35092 - Corosync: corosync: denial of service via integer overflow in join message validation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifβ¦
8.2
CVE-2026-35091 - Corosync: corosync: denial of service and information disclosure via crafted udp packet
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of serviceβ¦
6.4
CVE-2026-25601 - Credential Exposure vulnerability in MEPIS RM
A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user passwordβ¦
0.0
CVE-2026-5307 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
5.3
CVE-2026-24096 - Insufficient permission validation on multiple REST API Quick Setup endpoints
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information
6.9
CVE-2026-0932 -
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.
5.3
CVE-2026-1879 - Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the attaβ¦
5.3
CVE-2024-53828 - Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerβ¦
Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
6.9
CVE-2026-21630 - Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
8.6
CVE-2026-23898 - Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.