4.9
CVE-2026-25772 - Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underβ¦
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logiβ¦
5.3
CVE-2026-25771 - Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Mβ¦
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in the Wazuh API authentication middleware (`middlewares.py`). The application uses an asynchronous eveβ¦
9.1
CVE-2026-25770 - Wazuh has Privilege Escalation to Root via Cluster Protocol File Write
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The `wazuh-clusterd` service allows authenticatedβ¦
8.6
CVE-2026-21570 -
This High severity RCE (Remote Code Execution)Β vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute β¦
9.1
CVE-2026-25769 - Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organβ¦
9.1
CVE-2026-25534 - Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) through the use of careβ¦
8.5
CVE-2026-32298 - Angeet ES3 KVM OS command injection
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
9.3
CVE-2026-32297 - Angeet ES3 KVM unauthenticated arbitrary file write
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.
8.8
CVE-2026-32296 - Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate tβ¦
9.3
CVE-2026-32295 - JetKVM insufficient login rate limiting
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.