5.5
CVE-2026-25920 - SumatraPDF has a heap out-of-bounds read in MOBI HuffDic decompressor
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read β¦
5.9
CVE-2026-25918 - unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringifβ¦
7.5
CVE-2026-25892 - Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint
Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from anyβ¦
8.1
CVE-2026-25890 - File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashes β¦
5.4
CVE-2026-25889 - File Browser has an Authentication Bypass in User Password Update
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password (or an admin to change β¦
10
CVE-2026-25885 - PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary gβ¦
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any groβ¦
9.1
CVE-2026-25881 - @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference (e.g., Map.prototype, Set.prototyβ¦
7.8
CVE-2026-25880 - Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File β βShow in folderβ. This behavior leads to arbitrary code execution on the victimβs sβ¦
9.3
CVE-2026-25875 - PlaciPy Admin Privilege Escalation via Trusted JWT Claims
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification.
9.3
CVE-2026-25814 - NoSQL Injection Risk via Unsanitized Query Parameters
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.