8.8
CVE-2026-0796 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flawβ¦
7.8
CVE-2025-15059 - GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or β¦
9.8
CVE-2025-15063 - Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the β¦
7.8
CVE-2025-11002 - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on tβ¦
9.9
CVE-2026-24304 - Azure Resource Manager Elevation of Privilege Vulnerability
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
7.5
CVE-2026-24138 - FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and β¦
5.8
CVE-2026-24137 - sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from sigβ¦
5.5
CVE-2025-71147 - KEYS: trusted: Fix a memory leak in tpm2_load_cmd
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper.
7.8
CVE-2025-71156 - gve: defer interrupt enabling until NAPI registration
In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause failuβ¦
7.8
CVE-2026-22980 - nfsd: provide locking for v4_end_grace
In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsdβ¦