6.7
CVE-2020-37107 - Core FTP LE 2.2 - Denial of Service
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unrβ¦
5.1
CVE-2020-37106 - Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administβ¦
8.4
CVE-2020-37095 - Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell oβ¦
8
CVE-2026-25804 - Antrea has invalid enforcement order for network policy rules caused by integer overflow
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies withβ¦
7.6
CVE-2026-25793 - Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability
Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of thβ¦
9.8
CVE-2026-25803 - 3DP-MANAGER Uses Hard-coded Credentials
3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login interface can gain full admβ¦
7.5
CVE-2026-25762 - AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler durβ¦
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memβ¦
7.2
CVE-2026-25754 - AdonisJS multipart body parsing has Prototype Pollution issue
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-nexβ¦
6.6
CVE-2026-25749 - Heap Overflow in Vim
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags,β¦
7.5
CVE-2026-25644 - DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade
DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.