8.8
CVE-2026-3845 - Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.
4.6
CVE-2026-3862 - Cross-Site Scripting Vulnerability in SiteMinder Administrative UI
Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
7.8
CVE-2026-3483 - Local Privilege Escalation via Exposed Method in Ivanti Desktop and Server Management
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.
7.5
CVE-2026-2339 - RCE in TUBITAK BILGEM's Liderahenk
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before 3.5.1.
8.5
CVE-2025-11739 -
CWEβ502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
7.5
CVE-2025-13957 -
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
5.3
CVE-2026-2742 - Unauthorized session creation via reserved framework path access
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1,Β applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without aβ¦
2.3
CVE-2026-2741 - Zip Slip Path Traversal on Node Unpack
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadinβs build process can automatically download and extract Node.js if itβ¦
9.3
CVE-2026-3843 - SQL Injection in Nefteprodukttekhnika BUK TS-G Allows Remote Code Execution
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-β¦
6.1
CVE-2026-22614 - Insecure Encryption in Eaton EasySoft Project Files Leading to Brute Force Attack Vulnerability
The encryption mechanism used in Eaton's EasySoft project file wasΒ insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been β¦