8.6
CVE-2026-24443 - EventSentry < 6.0.1.20 Web Reports Unverified Password Change
EventSentry versions prior to 6.0.1.20Β contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker whβ¦
2.7
CVE-2026-23859 - ClientβSide enforcement bypass in Dell Wyse Management Suite before v5.5
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass.
5.4
CVE-2026-23858 - CrossβSite Scripting Vulnerability in Dell Wyse Management Suite 5.4 and Earlier
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.
7.2
CVE-2026-22766 - Unrestricted File Upload Allowing Remote Execution in Dell Wyse Management Suite before 5.5
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
8.8
CVE-2026-22765 - Missing Authorization in Dell Wyse Management Suite Allows Remote Elevation of Privileges
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.
6.5
CVE-2026-3131 - Improper Access Control Enables ViewβOnly Users to Access Sensitive Connection Data
Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.
4.3
CVE-2026-1768 - Permission Cache Poisoning Allows Bypassing Access Controls in Devolutions Server
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.
4.6
CVE-2026-27477 - Mastodon has SSRF via unvalidated FASP Provider base_url
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen `base_url` that includes or rβ¦
5.8
CVE-2025-1789 -
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
5.8
CVE-2025-1787 -
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege esβ¦