8.8
CVE-2026-35520 - Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.leaseTime Newline Injection
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP lease time configuration parameter (dhcp.leaseTime). This vulnerability allows aβ¦
8.8
CVE-2026-35519 - Pi-hole FTL affected by Remote Code Execution (RCE) via dns.hostRecord Newline Injection
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DNS host record configuration parameter (dns.hostRecord). This vulnerability allows aβ¦
6
CVE-2026-1079 - A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versionsβ¦
A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigatβ¦
8.8
CVE-2026-35518 - Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DNS CNAME records configuration parameter (dns.cnameRecords). This vulnerability alloβ¦
8.8
CVE-2026-35517 - Pi-hole FTL affected by Remote Code Execution (RCE) via dns.upstreams Newline Injection
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the upstream DNS servers configuration parameter (dns.upstreams). This vulnerability alloβ¦
5
CVE-2026-35516 - LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a publβ¦
5.7
CVE-2025-24819 - A Relative Path Traversal vulnerability in Nokia MantaRay NM
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.
8
CVE-2025-24818 - An OS Command Injection vulnerability in Nokia MantaRay NM
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.
8
CVE-2025-24817 - An OS Command Injection vulnerability in Nokia MantaRay NM
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.
6.3
CVE-2026-35515 - @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injβ¦
Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream._transform() interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters (\r, \n). Since the SSE protocol treats both \r aβ¦