Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Today's Security Brief
Saturday's vulnerability disclosures center on Microsoft products, with multiple Windows and Office CVEs carrying active exploitation status alongside critical flaws in WordPress plugins, Milvus vector database, and MojoPortal CMS. The day's 5 critical CVEs represent a 72% decrease from the prior day's 18, while 72 high-priority vulnerabilities reflect a 28% drop from 100. CVE-2025-69770 in MojoPortal CMS received the maximum CVSS 10.0 score, and CVE-2026-26190 targeting Milvus vector database and CVE-2026-1306 affecting WordPress both scored 9.8. SmarterTools SmarterMail appears three times among actively exploited vulnerabilities, and Microsoft Windows and Office account for seven KEV entries, indicating sustained attacker focus on enterprise infrastructure. Patch availability stands at 0%, requiring organizations to prioritize compensating controls and monitoring until vendor fixes are released.
MojoPortal CMS CVE-2025-69770 scores maximum CVSS 10.0; Milvus vector database and two WordPress vulnerabilities also rated 9.8
5 critical CVEs disclosed, down 72% from prior day's 18 critical vulnerabilities
72 high-priority CVEs reported, a 28% decrease from the previous day's 100
Microsoft Windows and Office account for 7 actively exploited CVEs, with SmarterTools SmarterMail contributing 3 additional KEV entries
0% patch availability across all disclosed CVEs — no vendor-supplied fixes currently available
21 CVEs flagged as actively exploited, including legacy issues in Linux kernel (2018) and FreePBX (2019)
Immediate action: Prioritize compensating controls for Microsoft Windows, Office, and SmarterTools SmarterMail environments, as these products represent the largest concentration of actively exploited vulnerabilities. With 0% patch availability, deploy network segmentation, enhanced monitoring, and access restrictions for affected systems — particularly MojoPortal CMS, Milvus, and WordPress instances — until vendor patches are released.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2025-40536
9.5
SolarWindsWeb Help Desk
⏰ Federal Deadline:February 14, 2026(1 days remaining)
SolarWinds Web Help Desk Security Control Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-1731
9.5
BeyondTrustRemote Support (RS) and Privileged Remote Access (PRA)
⏰ Federal Deadline:February 15, 2026(2 days remaining)
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2018-14634
9.5📜 Late Disclosure
LinuxKernal
⏰ Federal Deadline:February 15, 2026(2 days remaining)
Linux Kernel Integer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-52691
9.5📝
SmarterToolsSmarterMail
⏰ Federal Deadline:February 15, 2026(2 days remaining)
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-23760
9.5
SmarterToolsSmarterMail
⏰ Federal Deadline:February 15, 2026(2 days remaining)
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-24061
9.5📝
GNUInetUtils
⏰ Federal Deadline:February 15, 2026(2 days remaining)
GNU InetUtils Argument Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-21509
9.5📝
MicrosoftOffice
⏰ Federal Deadline:February 15, 2026(2 days remaining)
Microsoft Office Security Feature Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2021-39935
9.5📜 Late Disclosure
GitLabCommunity and Enterprise Editions
⏰ Federal Deadline:February 23, 2026(10 days remaining)
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-64328
9.5
SangomaFreePBX
⏰ Federal Deadline:February 23, 2026(10 days remaining)
Sangoma FreePBX OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2019-19006
9.5📜 Late Disclosure
SangomaFreePBX
⏰ Federal Deadline:February 23, 2026(10 days remaining)
Sangoma FreePBX Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-11953
9.5📝
React Native CommunityCLI
⏰ Federal Deadline:February 25, 2026(12 days remaining)
React Native Community CLI OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-24423
9.5
SmarterToolsSmarterMail
⏰ Federal Deadline:February 25, 2026(12 days remaining)
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-21513
9.5📝
MicrosoftWindows
⏰ Federal Deadline:March 2, 2026(17 days remaining)
A protection mechanism failure in the MSHTML Framework allows an unauthenticated attacker to bypass security features over a network, potentially leading to unauthorized system access.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-21525
9.5
MicrosoftWindows
⏰ Federal Deadline:March 2, 2026(17 days remaining)
Microsoft Windows NULL Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-21510
9.5📝
MicrosoftWindows
⏰ Federal Deadline:March 2, 2026(17 days remaining)
A protection mechanism failure in the Windows Shell allows an unauthenticated attacker to bypass security features over a network connection.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-21533
9.5📝
MicrosoftWindows
⏰ Federal Deadline:March 2, 2026(17 days remaining)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate their privileges locally on the affected system.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-21519
9.5📝
MicrosoftWindows
⏰ Federal Deadline:March 2, 2026(17 days remaining)
A type confusion vulnerability in the Desktop Window Manager (DWM) allows an authorized local attacker to elevate their privileges to a higher level.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-21514
9.5📝
MicrosoftOffice
⏰ Federal Deadline:March 2, 2026(17 days remaining)
A security feature bypass vulnerability in Microsoft Office Word exists due to reliance on untrusted inputs, allowing an unauthorized local attacker to circumvent security protections.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-20700
9.5📝
AppleApple OS
⏰ Federal Deadline:March 4, 2026(19 days remaining)
A memory corruption vulnerability in Apple software was addressed through improved state management to prevent potential exploitation.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2024-43468
9.5📜 Late Disclosure
MicrosoftConfiguration Manager
⏰ Federal Deadline:March 4, 2026(19 days remaining)
Microsoft Configuration Manager SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-15556
9.5
Notepad++Notepad++
⏰ Federal Deadline:March 4, 2026(19 days remaining)
Notepad++ Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
🚨
Critical Vulnerabilities
CVE-2026-26190
9.8📝
MilvusMilvus Vector Database
Milvus vector database contains multiple authentication bypass vulnerabilities via exposed TCP ports and unauthenticated REST API endpoints, allowing full data manipulation and credential access.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-1306
9.8📝
WordPressis vulnerable
The midi-Synth WordPress plugin allows unauthenticated arbitrary file uploads via the 'export' AJAX action, potentially leading to remote code execution through exposed nonces.
CVSS Base9.8
→
CRSSelect profile
CVE-2025-8572
9.8📝
WordPressis vulnerable
Truelysell Core plugin for WordPress is vulnerable to unauthenticated privilege escalation, allowing attackers to create administrator accounts by manipulating registration parameters.
CVSS Base9.8
→
CRSSelect profile
CVE-2025-69770
10📝
theMojoPortal CMS
MojoPortal CMS is vulnerable to a "Zip Slip" exploit in the SkinList.aspx endpoint, allowing attackers to execute arbitrary commands via a specially crafted zip file upload.
CVSS Base10
→
CRSSelect profile
CVE-2026-26273
9.8📝
KnownKnown (Social Publishing Platform)
A broken authentication vulnerability in Known allows unauthenticated attackers to retrieve password reset tokens from hidden HTML fields, enabling full account takeover of any user.
CVSS Base9.8
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2026-2005
8.8
PostgreSQLpgcrypto allows
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database
CVSS Base8.8
→
CRSSelect profile
CVE-2026-2007
8.2
PostgreSQLpg
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string
CVSS Base8.2
→
CRSSelect profile
CVE-2026-2004
8.8
PostgreSQLintarray extension
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database
CVSS Base8.8
→
CRSSelect profile
CVE-2026-2006
8.8
PostgreSQLtext manipulation
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun
CVSS Base8.8
→
CRSSelect profile
CVE-2026-26214
7.4
ApacheHttpClient with
Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3
CVSS Base7.4
→
CRSSelect profile
CVE-2025-33042
7.3
Apache Avro Java SDKAvro Java
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas
CVSS Base7.3
→
CRSSelect profile
CVE-2026-2441
8.8📝
GoogleChrome prior
Google Chrome is vulnerable to a "Use After Free" condition in its CSS engine, which could allow a remote attacker to execute arbitrary code via a crafted webpage.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-0692
7.5
WordPressis vulnerable
The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3
CVSS Base7.5
→
CRSSelect profile
CVE-2026-1104
8.8
WordPressMigration
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2
CVSS Base8.8
→
CRSSelect profile
CVE-2026-1988
7.5
WordPressis vulnerable
The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1
CVSS Base7.5
→
CRSSelect profile
CVE-2025-15157
8.8
WordPressplugin for
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function in all versions up to, and including, 3
CVSS Base8.8
→
CRSSelect profile
CVE-2026-1316
7.2
WordPressis vulnerable
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[]
CVSS Base7.2
→
CRSSelect profile
CVE-2026-26217
8.6
DockerAPI deployment
Crawl4AI versions prior to 0
CVSS Base8.6
→
CRSSelect profile
CVE-2026-1841
7.2
WordPressis vulnerable
The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 11
CVSS Base7.2
→
CRSSelect profile
CVE-2026-2144
8.1
WordPressis vulnerable
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2
CVSS Base8.1
→
CRSSelect profile
CVE-2026-26055
7.5
KubernetesAPI Server
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer
CVSS Base7.5
→
CRSSelect profile
CVE-2026-2024
7.5
WordPressis vulnerable
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0
CVSS Base7.5
→
CRSSelect profile
CVE-2025-61880
8.8
NIOSMultiple Products
In Infoblox NIOS through 9
CVSS Base8.8
→
CRSSelect profile
CVE-2026-26056
8.8
Kubernetesresources or
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer
CVSS Base8.8
→
CRSSelect profile
CVE-2026-26208
7.8📝
ADB ExplorerADB Explorer
ADB Explorer, a fluent UI for ADB on Windows, contains a high-severity vulnerability that could lead to unauthorized system access or data manipulation.
CVSS Base7.8
→
CRSSelect profile
CVE-2025-61879
7.7
NIOSMultiple Products
In Infoblox NIOS through 9
CVSS Base7.7
→
CRSSelect profile
CVE-2019-25341
7.5📜 Late Disclosure
forMultiple Products
iNetTools for iOS 8
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25325
8.2📜 Late Disclosure
HPendpoint that
Thrive Smart Home 1
CVSS Base8.2
→
CRSSelect profile
CVE-2026-1320
7.2
WordPressis vulnerable
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4
CVSS Base7.2
→
CRSSelect profile
CVE-2026-1844
7.2
WordPressis vulnerable
The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 12
CVSS Base7.2
→
CRSSelect profile
CVE-2026-0745
7.2
WordPressis vulnerable
The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1
CVSS Base7.2
→
CRSSelect profile
CVE-2026-0753
7.2
WordPressis vulnerable
The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscf_name' parameter in all versions up to, and including, 1
CVSS Base7.2
→
CRSSelect profile
CVE-2026-1843
7.2
WordPressis vulnerable
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5
CVSS Base7.2
→
CRSSelect profile
CVE-2026-2469
7.6
HPdue to
Versions of the package directorytree/imapengine before 1
CVSS Base7.6
→
CRSSelect profile
CVE-2019-25342
7.5📜 Late Disclosure
HPendpoint with
Centova Cast 3
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25345
7.8📜 Late Disclosure
CodecIIS Codec
Realtek IIS Codec Service 6
CVSS Base7.8
→
CRSSelect profile
CVE-2023-31313
7.2📝📜 Late Disclosure
AMDpower management
A flaw in the AMD power management firmware allows a privileged attacker to send malformed messages to the system management unit, potentially resulting in arbitrary code execution.
CVSS Base7.2
→
CRSSelect profile
CVE-2025-69807
7.5
theMultiple Products
p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server
CVSS Base7.5
→
CRSSelect profile
CVE-2026-1618
8.8
Universal SoftwareMultiple Products
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc
CVSS Base8.8
→
CRSSelect profile
CVE-2019-25343
7.8📜 Late Disclosure
NextVPNMultiple Products
NextVPN 4
CVSS Base7.8
→
CRSSelect profile
CVE-2026-25949
7.5
TraefikMultiple Products
Traefik is an HTTP reverse proxy and load balancer
CVSS Base7.5
→
CRSSelect profile
CVE-2025-70122
7.5
UPF component ofMultiple Products
A heap buffer overflow vulnerability in the UPF component of free5GC v4
CVSS Base7.5
→
CRSSelect profile
CVE-2026-25922
8.8📝
AuthentikAuthentik
Authentik, an open-source identity provider, is affected by a high-severity vulnerability that could compromise authentication processes or user identity data.
CVSS Base8.8
→
CRSSelect profile
CVE-2019-25318
8.8📜 Late Disclosure
AudioMultiple Products
AVS Audio Converter 9
CVSS Base8.8
→
CRSSelect profile
CVE-2026-25108
8.8📝
Soliton SystemsFileZen
FileZen is affected by a high-severity OS command injection vulnerability that allows a threat actor to execute arbitrary commands on the underlying operating system.
CVSS Base8.8
→
CRSSelect profile
CVE-2025-14349
8.8
Universal SoftwareMultiple Products
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54519
7.3
Doc Nav could allow aMultiple Products
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution
CVSS Base7.3
→
CRSSelect profile
CVE-2026-25748
8.6📝
Authentik Securityauthentik
A high-severity security vulnerability has been identified in authentik, an open-source identity provider, potentially impacting authentication integrity.
CVSS Base8.6
→
CRSSelect profile
CVE-2025-54756
8.4
InforMultiple Products
BrightSign players running BrightSign OS series 4 prior to v8
CVSS Base8.4
→
CRSSelect profile
CVE-2019-25331
8.4📜 Late Disclosure
AudioMultiple Products
AVS Audio Converter 9
CVSS Base8.4
→
CRSSelect profile
CVE-2019-25332
8.4📜 Late Disclosure
CommanderMultiple Products
FTP Commander Pro 8
CVSS Base8.4
→
CRSSelect profile
CVE-2019-25336
8.4📜 Late Disclosure
Base64Multiple Products
SpotAuditor 5
CVSS Base8.4
→
CRSSelect profile
CVE-2026-1619
8.3
Universal SoftwareMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc
CVSS Base8.3
→
CRSSelect profile
CVE-2025-13002
8.2
Farktor SoftwareMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc
CVSS Base8.2
→
CRSSelect profile
CVE-2026-26187
8.1📝
TreeverselakeFS
lakeFS, an open-source data versioning tool for object storage, contains a high-severity vulnerability that may affect repository security.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-24853
8.1📝
CaidoCaido
The Caido web security auditing toolkit is affected by a high-severity vulnerability that could compromise the security of the auditing environment.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-26268
8📝
AnysphereCursor
The Cursor AI-powered code editor is affected by a high-severity vulnerability that could impact the security of the developer's environment and source code.
CVSS Base8
→
CRSSelect profile
CVE-2025-63421
7.8
UnknownMultiple Products
An issue in filosoft Comerc
CVSS Base7.8
→
CRSSelect profile
CVE-2019-25344
7.8📜 Late Disclosure
WondershareMultiple Products
Wondershare MobileGo 8
CVSS Base7.8
→
CRSSelect profile
CVE-2026-25991
7.7📝
AWSTandoor Recipes
Tandoor Recipes, a meal management application, contains a high-severity vulnerability that could lead to unauthorized access or data compromise.
CVSS Base7.7
→
CRSSelect profile
CVE-2025-70886
7.5
UnknownMultiple Products
An issue in halo v
CVSS Base7.5
→
CRSSelect profile
CVE-2025-67432
7.5
UnknownMultiple Products
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25322
7.5📜 Late Disclosure
HeatmiserMultiple Products
Heatmiser Netmonitor 3
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25328
7.5📜 Late Disclosure
registrationMultiple Products
XnConvert 1
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25329
7.5📜 Late Disclosure
FTPMultiple Products
FTP Navigator 8
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25330
7.5📜 Late Disclosure
SurfOfflineMultiple Products
SurfOffline Professional 2
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25333
7.5📜 Late Disclosure
SeriesMultiple Products
Bullwark Momentum Series JAWS 1
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25335
7.5📜 Late Disclosure
SitesiMultiple Products
PRO-7070 Hazır Profesyonel Web Sitesi version 1
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25338
7.5📜 Late Disclosure
its password resetMultiple Products
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25339
7.5📜 Late Disclosure
GHIAMultiple Products
GHIA CamIP 1
CVSS Base7.5
→
CRSSelect profile
CVE-2019-25340
7.5📜 Late Disclosure
itsMultiple Products
SpotAuditor 5
CVSS Base7.5
→
CRSSelect profile
CVE-2025-70121
7.5
AMF component ofMultiple Products
An array index out of bounds vulnerability in the AMF component of free5GC v4
CVSS Base7.5
→
CRSSelect profile
CVE-2025-70123
7.5
free5GCMultiple Products
An improper input validation and protocol compliance vulnerability in free5GC v4
CVSS Base7.5
→
CRSSelect profile
CVE-2026-21878
7.5
UnknownMultiple Products
BACnet Stack is a BACnet open source protocol stack C library for embedded systems