5.9
CVE-2026-24738 - gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values
gmrtd is a Go library for reading Machine Readable Travel Documents (MRTDs). Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well…
8.7
CVE-2026-24740 - Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `env=prod`) on the sam…
9.1
CVE-2026-24736 - Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration
Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restrict…
9.3
CVE-2025-21589 - Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vuln…
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: * from 5.6.7 before 5.6.17,…
10
CVE-2025-14988 - Incorrect Permission Assignment for Critical Resource vulnerability in iba Systems ibaPDA
A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system.
5.3
CVE-2025-12810 - Failure in Password Rotation and Check-in Mechanism in Secret Server Allows Reuse of Credentials
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password change fails after reach…
5.1
CVE-2026-24688 - pypdf has possible Infinite Loop when processing outlines/bookmarks
pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects ca…
4.7
CVE-2026-24771 - Hono has a Cross-site Scripting vulnerability
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered …
6.3
CVE-2026-24473 - Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment. Im…
5.3
CVE-2026-24472 - Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control heade…