9.8
CVE-2026-24300 - Azure Front Door Elevation of Privilege Vulnerability
Azure Front Door Elevation of Privilege Vulnerability
8.2
CVE-2026-21532 - Azure Function Information Disclosure Vulnerability
Azure Function Information Disclosure Vulnerability
8.6
CVE-2026-24302 - Azure Arc Elevation of Privilege Vulnerability
Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network.
5.1
CVE-2026-1970 - Edimax BR-6258n formStaDrvSetup redirect
A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendβ¦
5.3
CVE-2026-1964 - WeKan REST Endpoint boards.js BoardTitleRESTBleed access control
A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch naβ¦
3.2
CVE-2026-25815 - LDAP Credentials Decryption via Default Encryption Key in FortiOS 7.6.6
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instancβ¦
5.3
CVE-2026-1963 - WeKan Attachment Storage attachments.js MoveStorageBleed access control
A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The patchβ¦
5.3
CVE-2026-1962 - WeKan Attachment Migration attachmentMigration.js AttachmentMigrationBleed access control
A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufβ¦
9.3
CVE-2026-0106 - Local Privilege Escalation via Arbitrary mmap in Android vpu_ioctl
In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
5.3
CVE-2025-12131 - Truncated 802.15.4 packet leads to denial of service
A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.