8.2
CVE-2025-68402 - FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch]
FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. password_verify() is currently being called with a constructed string (SHA-256 nonce + part of a bcrypt hash) instead of the raw user password. Due to bcryptβs 72-byteβ¦
7.5
CVE-2025-62166 - FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This vuβ¦
7.5
CVE-2026-0846 - Arbitrary File Read via Absolute Path Input in nltk.util.filestring()
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files byβ¦
5.9
CVE-2026-3638 - LowβPrivileged Users Can Restore Deleted Accounts via Improper Access Control
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests.
6.9
CVE-2026-29023 - Keygraph Shannon Hard-coded Router API Key
Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instance β¦
8.5
CVE-2025-15568 - Command Injection Vulnerability on TP-Link Archer AXE75
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-levβ¦
7.5
CVE-2026-3588 - Server-Side Request Forgery (SSRF) in ikea dirigera
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
8.5
CVE-2026-25866 - MobaXterm < 26.1 Notepad++ Unquoted Service Path
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlβ¦
5.3
CVE-2026-3089 - Actual Sync Server 26.2.1 - Authenticated Path Traversal
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments (../) can escape the intended directory and write files outside userFiles.β¦
4.3
CVE-2026-2919 - Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation andβ¦
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for β¦