6.5
CVE-2026-34531 - Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verific…
6.9
CVE-2026-34530 - File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting (XSS) via admin-controlled branding fields. An admin who …
5.3
CVE-2026-2862 - Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Acce…
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive infor…
8.1
CVE-2026-34528 - File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Apply(user), then strips only Admin. The Execu…
7.3
CVE-2026-1345 - Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Acce…
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower …
7.6
CVE-2026-34529 - File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting (XSS). JavaScript embedded in a crafted EPUB file …
8.1
CVE-2026-4101 - Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Acce…
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to bypass authenticat…
5.4
CVE-2026-4364 - Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Acce…
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser session to return a JSO…
6.9
CVE-2026-5312 - D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the f…
6.3
CVE-2026-34525 - AIOHTTP: Duplicate Host header accepted
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.