CVE Vulnerabilities - 26 May 2026

A previous version of the Lumiverse AI chat application allowed any user to run malicious code on the server. This could happen if a user logged in and sent a special request to the server. The vulner...

The Twenty CRM's API allows an attacker to inject malicious code if they know the CRM's database password. This can give them control over the database server. To protect your database, update Twenty ...

The Vowpal Wabbit workflow on GitHub Actions allows an attacker to run arbitrary system commands when a pull request is made. This can happen when a malicious user creates a pull request with a specia...

FreeRDP, a remote desktop protocol software, has a security flaw that could allow hackers to take control of your computer or make it crash. This is a serious issue because it could be exploited by ma...

An authenticated OpenShift user with edit permissions in a single namespace can access the host's Unix sockets and potentially gain full control of the node and the entire cluster. This is a serious i...

An attacker can access your databases without a password. This is a risk because it could allow unauthorized access to sensitive information. Update to the latest version of DIAView to fix this issue.

A security issue affects the dynamic binary buffer handling in FastNetMon Community Edition versions up to 1.2.9. An attacker can potentially execute arbitrary code by sending malicious network traffi...

IBM Engineering Lifecycle Management versions 7.0.3 to 7.2.0 are affected. An attacker could potentially access your application without a password. Update to the latest interim fix to fix this issue.

IBM's Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty are at risk of crashing or being exploited by hackers. This is due to a failure to properly check user input, which cou...

IBM HTTP Server versions 8.5 and 9.0 are at risk of attackers taking control of the server or making it unavailable. This is particularly concerning when clients are authenticated, as it can be exploi...

IBM WebSphere Application Server and WebSphere Liberty plug-ins have a security weakness that allows hackers to potentially run unauthorized code on your server. This could lead to data theft, disrupt...

Eppendorf's BioFlo 320 bioreactor's remote access feature has a hardcoded password, allowing an attacker with network access to control the device. This poses a significant risk to sensitive bioproces...

FACTION's PenTesting Report Generation and Collaboration Framework allows an unauthorized user to read, modify, or delete sensitive data. This is a serious security risk because it can be exploited by...

The Apache HTTP Server may generate unencrypted links for password and username reset features if the 'Force SSL' setting isn't enabled. This could allow attackers to intercept sensitive information. ...

The FastNetMon Community Edition software has a bug that can cause it to overflow when handling large BGP data. This can lead to data corruption or crashes. Update to the latest version to fix this is...

A vulnerability in WordPress allows attackers to access files on the server by tricking the system into thinking they are legitimate URLs. This could lead to sensitive data exposure or malicious code ...

An issue in Joomla's com_config webservice endpoints allows attackers to access and potentially modify configuration settings without proper authorization. This could lead to unauthorized changes to t...

The Drupal com_tags module is vulnerable to SQL injection attacks if it doesn't properly validate user input. This means that an attacker could potentially inject malicious SQL code into the system, a...

The com_finder module in Joomla has a search query vulnerability. This means that an attacker could manipulate the search query to access sensitive data or perform unauthorized actions. To protect you...

The NVIDIA Isaac Launchable for Linux sends sensitive information without encryption, which could allow attackers to intercept and misuse this data. This could lead to serious security issues, such as...

FastNetMon Community Edition's Juniper router integration plugin has a security flaw that could allow hackers to execute malicious system commands. This issue affects users who run the plugin, especia...

FastNetMon Community Edition, a network monitoring tool, contains a bug in its BGP (Border Gateway Protocol) decoder. This bug can allow an attacker to execute malicious code on a vulnerable system. T...

An outdated version of the Mirasvit Full Page Cache Warmer for Magento 2 makes it possible for attackers to execute malicious code on the server without needing a password. This is a significant risk ...

A security flaw in the Totolink N300RH router's web interface allows hackers to execute commands remotely. This means an attacker could potentially take control of the router. To stay safe, update you...

A vulnerability in the Apache Tomcat web server allows an attacker to access sensitive data without permission. This affects users who run Apache Tomcat, and it's essential to update the software to a...