7.5
CVE-2026-23664 - Azure IoT Explorer Information Disclosure Vulnerability
Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
7.8
CVE-2026-23660 - Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
8.8
CVE-2026-21262 - SQL Server Elevation of Privilege Vulnerability
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
6.9
CVE-2025-13901 -
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
7.2
CVE-2026-30958 - OneUptime: Path Traversal โ Arbitrary File Read (No Auth)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file paโฆ
10
CVE-2026-30957 - OneUptime Synthetic Monitor RCE via exposed Playwright browser object
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is exeโฆ
10
CVE-2026-30956 - OneUptime has authorization bypass via clientโcontrolled is-multi-tenant-query header
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a lowโprivileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the servโฆ
7.1
CVE-2026-30945 - StudioCMS: IDOR โ Arbitrary API Token Revocation Leading to Denial of Service
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner acโฆ
8.8
CVE-2026-30944 - StudioCMS Affected by Privilege Escalation via Insecure API Token Generation
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, including owner and admin accounts. The endpoint fails tโฆ
6.7
CVE-2025-66178 -
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated aโฆ