5.3
CVE-2026-2617 - Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publicβ¦
6.5
CVE-2024-31118 - WordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerability
Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.
8.7
CVE-2026-2616 - Beetel 777VR1 Web Management hard-coded credentials
A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the pβ¦
8.2
CVE-2026-24708 - openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling inβ¦
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an β¦
6.5
CVE-2022-41650 - WordPress Custom Content by Country plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.
9.4
CVE-2026-22208 - OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such β¦
5.4
CVE-2026-23861 - CrossβSite Scripting in Dell Unisphere for PowerMax vApp
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTβ¦
6.1
CVE-2025-7706 - Improper Access Control in TUBITAK BILGEM's Liderahenk
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.
7
CVE-2026-25087 - Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with variadic buffers (such as Binary View and Striβ¦
8.6
CVE-2026-2615 - Wavlink WL-NU516U1 firewall.cgi singlePortForwardDelete command injection
A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been publβ¦