3.1
CVE-2025-15289 - Tanium addressed an improper access controls vulnerability in Interact.
Tanium addressed an improper access controls vulnerability in Interact.
5.3
CVE-2025-58190 - Infinite parsing loop in golang.org/x/net
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7.4
CVE-2025-68121 - Unexpected session resumption in crypto/tls
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returne…
5.3
CVE-2025-47911 - Quadratic parsing complexity in golang.org/x/net/html
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7.5
CVE-2025-15557 - Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, en…
7.4
CVE-2026-1707 - Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the…
5.9
CVE-2025-15551 - LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N
The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code o…
7
CVE-2026-0715 - Bootloader Password Disclosure Allows Physical Device Denial-of-Service
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu doe…
7
CVE-2026-0714 -
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attachin…
5.1
CVE-2020-37148 - P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser sessi…