6.9
CVE-2026-1978 - kalyan02 NanoCMS User Information pagesdata.txt direct request
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The exploiโฆ
5.3
CVE-2026-1977 - isaacwasserman mcp-vegalite-server visualize_data eval code injection
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the argument vegalite_specification leads to code injection. Theโฆ
8.8
CVE-2025-15566 - ingress-nginx auth-proxy-set-headers nginx configuration injection
A security issue was discovered in ingress-nginxย where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets acceโฆ
6.9
CVE-2026-1976 - Free5GC SMF SessionDeletionResponse null pointer dereference
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used forโฆ
6.9
CVE-2026-1975 - Free5GC pfcp_reports.go identityTriggerType null pointer dereference
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. โฆ
4.3
CVE-2026-1228 - Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timelโฆ
The Timeline Block โ Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgb_shortcode() function due to missing validation on a user controlled key. Thโฆ
6.9
CVE-2026-1974 - Free5GC SMF datapath.go ResolveNodeIdToIp denial of service
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and mโฆ
6.9
CVE-2026-1973 - Free5GC SMF establishPfcpSession null pointer dereference
A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It โฆ
6.9
CVE-2026-1972 - Edimax BR-6208AC auth_check_userpass2 default credentials
A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be useโฆ
4.8
CVE-2026-1971 - Edimax BR-6288ACL wiz_WISP24gmanual.asp wiz_WISP24gmanual cross site scripting
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the publicโฆ