4.3
CVE-2026-28506 - Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no coβ¦
8.1
CVE-2026-24901 - Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, includβ¦
6.5
CVE-2026-21886 - OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this mutatβ¦
8.6
CVE-2026-23759 - Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invoβ¦
8.7
CVE-2026-4318 - UTT HiPER 810G formApLbConfig strcpy buffer overflow
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and mayβ¦
9
CVE-2026-3564 - ScreenConnect Instance Level Cryptographic Material Exposure
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
6.8
CVE-2025-13406 - Scanning for higher HART revision device leads into NULL pointer dereference in live list
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
7.8
CVE-2026-3888 - Local Privilege Escalation in snapd
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.
5.4
CVE-2026-4324 - Rubygem-katello: katello: denial of service and potential information disclosure via sql injection
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Seβ¦
4.7
CVE-2025-62320 - HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platβ¦
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resoβ¦