6.9
CVE-2025-68663 - Outline has a suspended user authentication bypass via WebSocket connections
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates afterโฆ
7.6
CVE-2025-64487 - Outline is vulnerable to privilege escalation vulnerability in document sharing
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1โฆ
5.5
CVE-2026-25062 - Outline Affected an Arbitrary File Read via Path Traversal in JSON Import
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile without validation. By embedding path traversalโฆ
6.6
CVE-2026-0229 - PAN-OS: Denial of Service in Advanced DNS Security Feature
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OSยฎ software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenanโฆ
1.3
CVE-2026-0228 - PAN-OS: Improper Validation of Terminal Server Agent Certificate
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
8
CVE-2026-2361 - Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user with create privilege โฆ
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privโฆ
8
CVE-2026-2360 - Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user to gain superuser privโฆ
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is highโฆ
5.8
CVE-2025-13391 - Product Options and Price Calculation Formulas for WooCommerce โ Uni CPO (Premium) <= 4.9.60 - Missโฆ
The Product Options and Price Calculation Formulas for WooCommerce โ Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and including, 4.9.60. This makes it possible for unaโฆ
9.3
CVE-2026-24789 - ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
9.3
CVE-2026-25084 - ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.