7.3
CVE-2025-69720 - ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.
The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.
9.8
CVE-2026-30402 -
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function
8.8
CVE-2026-30711 - Authenticated SQL Injection in Devome GRR Session Handling
Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent.
9.8
CVE-2025-67112 - Hardβcoded AESβ256 Key Enables Remote Decryption, Modification, and Privilege Escalation in Freedomβ¦
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatioβ¦
7.5
CVE-2026-4424 - Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR arcβ¦
9.8
CVE-2026-30694 - Remote Code Execution via array_filter in DedeCMS v5.7.118 and Earlier
An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component
7.5
CVE-2026-30403 -
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server.
9.8
CVE-2025-67114 - Deterministic Credential Generation Exposes Administrative Credentials in Sercomm SCE4255W Small Ceβ¦
Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass aβ¦
7.5
CVE-2026-30404 -
The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.
6.5
CVE-2026-4426 - Libarchive: libarchive: denial of service via malformed iso file processing
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead β¦