8.1
CVE-2026-25060 - OpenList Insecure TLS Default Configuration
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This vulnerability enables Man-iβ¦
8.8
CVE-2026-25059 - OpenList affected by Path Traversal in file copy and remove handlers
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. This β¦
2.8
CVE-2025-36194 - This Power System update is being released to address
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations.
6
CVE-2025-36238 - Power System Exposure of Sensitive System Information
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.
8.8
CVE-2026-24763 - Authenticated Command Injection in OpenClaw Docker Execution via PATH Environment Variable
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClawβs Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticβ¦
5.9
CVE-2025-36253 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
6.4
CVE-2025-36436 - Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes fβ¦
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007Β is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web β¦
7.1
CVE-2025-12679 - Plain text pbe key visible in audit log during Brocade SANnav migration from 2.4.0a to 3.0.0
A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered β¦
9.8
CVE-2025-66480 - Wildfire has Arbitrary File Upload via Directory Traversal in UploadFileAction
Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an endpoint (/fs) that handlesβ¦
5.4
CVE-2025-69207 - Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiateβ¦