8.7
CVE-2026-3207 - TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability
Configuration issueย in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.
4.9
CVE-2026-25772 - Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underโฆ
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logiโฆ
5.3
CVE-2026-25771 - Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Mโฆ
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in the Wazuh API authentication middleware (`middlewares.py`). The application uses an asynchronous eveโฆ
9.1
CVE-2026-25770 - Wazuh has Privilege Escalation to Root via Cluster Protocol File Write
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The `wazuh-clusterd` service allows authenticatedโฆ
8.6
CVE-2026-21570 -
This High severity RCE (Remote Code Execution)ย vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute โฆ
9.1
CVE-2026-25769 - Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organโฆ
9.1
CVE-2026-25534 - Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) through the use of careโฆ
8.5
CVE-2026-32298 - Angeet ES3 KVM OS command injection
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
9.3
CVE-2026-32297 - Angeet ES3 KVM unauthenticated arbitrary file write
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.
8.8
CVE-2026-32296 - Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate tโฆ