CVE Vulnerabilities - 27 May 2026

LiquidJS templates can be used to execute arbitrary code, which means an attacker could potentially run their own code on a website or application that uses LiquidJS. This is a serious issue because i...

Unauthenticated attackers can access, modify, or delete sensitive database content in dotCMS Core versions 25.11.04-1 through 26.04.28-02. This is a serious security risk because it allows unauthorize...

OneUptime's monitoring and observability platform has a security issue that could allow an attacker to gain elevated access. This issue affects versions prior to 10.0.98 and is resolved in the latest ...

Prior to version 3.38.2 of Budibase, any authenticated user had the ability to view and modify all user and group information within the platform. This was due to a lack of proper role checks. To fix ...

A security issue in WebinarIgnition allows attackers to access files outside of the intended area. This could lead to sensitive information being exposed or modified. Users should update to the latest...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allo...

A security issue in WPify Woo Czech's file upload feature allows attackers to upload malicious files, potentially gaining access to the web server. This could lead to unauthorized changes or data thef...

A vulnerability in Yamcs's Mission Database allows an attacker with ChangeMissionDatabase privilege to execute arbitrary code on the server. This could lead to unauthorized access or data tampering. T...

The Gladinet Triofox service listens on a public port and accepts HTTP requests with specific paths, potentially allowing unauthorized access to sensitive data. This could lead to information disclosu...

A Windows component can crash or behave unexpectedly if it encounters a very long URL path. This can happen if a user or application sends a specially crafted URL to the affected component. To mitigat...

A security issue affects WOSDefaultHttpModule.dll when handling long URLs. This could potentially allow an attacker to execute malicious code on the affected system. To mitigate this risk, update the ...

An attacker can inject malicious code into Pi.Alert's configuration file, potentially allowing them to execute commands on the device. This is particularly concerning because some Pi.Alert installatio...

Pi.Alert's web-based configuration editor allows malicious code to be injected into its configuration file. This can be exploited by attackers to execute code on the system, potentially leading to una...

A vulnerability in the Linux kernel's rxgk module has been fixed. This issue could allow an attacker to cause a program to behave unexpectedly, potentially leading to a denial of service. To ensure yo...

A fix has been made in the Linux kernel to prevent temporary packets from being re-used. This prevents potential security risks and data corruption. Linux kernel users should ensure they have the late...

A Linux kernel vulnerability has been fixed that could cause memory leaks and crashes when using SMB2 file sharing. This issue has been resolved, but it's essential to update your Linux kernel to ensu...

A vulnerability in the Linux kernel's RDMA/iwcm module has been resolved, which could cause workqueue list corruption. This could lead to unexpected crashes or system instability. The fix is included ...

WebinarIgnition users may gain unauthorized access to sensitive data. This vulnerability affects versions of WebinarIgnition prior to 4.08.253. To protect your data, update to the latest version of We...

A vulnerability in miniOrange OTP Verification software allows attackers to gain access to sensitive data or functions they shouldn't have. This affects versions up to 5.4.9. To stay secure, update to...

A security issue in Synology BeeStation Manager and OS allows hackers to run unauthorized code on your system if they send the right information to the AdminCenter. This could allow them to take contr...

The Joomla com_users group editing web service endpoint does not properly check user permissions. This can allow an attacker to gain elevated privileges. To fix this, update to the latest Joomla versi...

A security issue affects the Joomla com_users component, allowing unauthorized users to gain elevated privileges. This could enable them to access sensitive information or perform actions they shouldn...

A bug in Joomla's com_users batch task allows an attacker to gain higher levels of access to the website. This could enable them to make changes or access sensitive data they shouldn't be able to. Upd...

The WordPress Login with OTP plugin is vulnerable to unauthorized access, which could allow hackers to gain control of your website. This affects all versions up to 1.6. To protect your site, update t...

A malicious version of Nx Console was briefly published and available for download. This version could potentially allow attackers to run malicious code on your system. To protect yourself, upgrade to...