0.0
CVE-2026-4114 - Unicode Handling Enables MFA Bypass on SonicWall SMA1000
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.
7.2
CVE-2026-4113 -
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
0.0
CVE-2026-4112 - SQL Injection Enables Privilege Escalation in SonicWall SMA1000 Appliances
Improper neutralization of special elements used in an SQL command (โSQL Injectionโ) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
7.5
CVE-2026-4660 - Go-getter may allow to arbitrary filesystem reads through git operations
HashiCorpโs go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package.
5.3
CVE-2026-2519 - Online Scheduling and Appointment Booking System โ Bookly <= 27.0 - Unauthenticated Price Manipulatโฆ
The Online Scheduling and Appointment Booking System โ Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configured โฆ
6.4
CVE-2026-3005 - List category posts <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Sโฆ
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticateโฆ
9.1
CVE-2025-57735 - Apache Airflow: Airflow Logout Not Invalidating JWT
When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario aโฆ
0.0
CVE-2026-5968 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
7.2
CVE-2024-1490 - Wago: Vulnerability in WBM through Open VPN
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on theโฆ
3.7
CVE-2026-24661 - Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint
Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611