9.8
CVE-2026-3224 - Authentication Bypass via Forged JSON Web Token in Devolutions Server
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).
8.8
CVE-2026-1775 - Missing Authentication for Critical Function in Labkotec LID-3300IP
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device.
5.1
CVE-2026-3486 - itsourcecode College Management System student-fee.php sql injection
A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed toβ¦
9.3
CVE-2026-3485 - D-Link DIR-868L SSDP Service sub_1BF84 os command injection
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability onβ¦
7.3
CVE-2026-25906 - Improper Link Resolution in Dell Optimizer Enables Local Privilege Escalation
Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
6.3
CVE-2025-13686 - DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.
6.3
CVE-2025-13687 - DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.
6.3
CVE-2025-13688 - DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.
8.8
CVE-2026-24502 - Local Privilege Escalation via Uncontrolled Search Path Element in Dell Commandβ―|β―Intel vPro Out ofβ¦
Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
5.9
CVE-2025-14456 - IBM MQ Appliance uses weaker than expected cryptographic algorithms
IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1