Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Today's Security Brief
Thursday's disclosures center on developer and collaboration tooling, led by a maximum-severity flaw in Google Cloud's Gemini CLI (CVE-2026-12537, CVSS 10) and a cluster of critical issues in the SiYuan note platform. Analysts logged 24 critical CVEs, down 20% from the prior day's 30, alongside 65 high-priority CVEs, up 14% from 57. Named critical entries include CVE-2026-39948 (CVSS 9.3) in Cacti, CVE-2026-54158 (CVSS 9.9) in SiYuan, and CVE-2026-55454 (CVSS 9.9) in Appsmith. Self-hosted web applications and infrastructure tooling—Cacti, Rocket.Chat, and Appsmith—dominate the critical set, while two Chrome flaws (CVE-2026-13028 and CVE-2026-13032, both CVSS 9.6) extend exposure to browser endpoints. With no vendor patches reflected in the dataset yet and five CVEs under active exploitation, teams should prioritize inventory and compensating controls while awaiting fixes.
Google Cloud Gemini CLI carries a maximum CVSS 10 flaw (CVE-2026-12537), and SiYuan accounts for multiple critical CVEs (CVE-2026-54158, CVE-2026-54067, CVE-2026-50551) all rated 9.9
24 critical CVEs disclosed, a 20% decrease from the prior day's 30
65 high-priority CVEs disclosed, a 14% increase from the prior day's 57
Critical issues concentrate in self-hosted web apps and infrastructure tooling—Cacti (CVE-2026-39948), Rocket.Chat (CVE-2026-55666), and Appsmith (CVE-2026-55454)—plus two Chrome flaws (CVE-2026-13028, CVE-2026-13032) at CVSS 9.6
Patch availability stands at 0% across the dataset, leaving critical web-facing and developer tooling without vendor fixes
Five CVEs show confirmed active exploitation, affecting Splunk, Lantronix EDS5000, and Ubiquiti UniFi OS
Immediate action: Prioritize internet-facing and developer tooling—Gemini CLI, Cacti, SiYuan, Rocket.Chat, and Appsmith—for immediate inventory and access restriction, and update Chrome endpoints as fixes ship. With no patches currently reflected for the critical set, apply network segmentation, restrict exposure, and monitor the actively exploited Splunk, Lantronix, and Ubiquiti products closely until vendor updates are available.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2026-20253
9.5📝
SplunkEnterprise and Cloud Platform
⏰ Federal Deadline:June 20, 2026(-4 days remaining)
Splunk Enterprise and Cloud Platform contain an authentication bypass vulnerability in a PostgreSQL sidecar service, allowing unauthenticated users to create or truncate arbitrary files.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-67038
9.5📝
LantronixEDS5000
⏰ Federal Deadline:June 25, 2026(1 days remaining)
The Lantronix EDS5000 contains a code injection vulnerability that is currently being actively exploited in the wild.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-34910
9.5📝
UbiquitiUniFi OS
⏰ Federal Deadline:June 25, 2026(1 days remaining)
An improper input validation flaw in Ubiquiti UniFi OS enables network-adjacent attackers to execute arbitrary commands on the underlying system.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-34909
9.5📝
UbiquitiUniFi OS
⏰ Federal Deadline:June 25, 2026(1 days remaining)
A path traversal vulnerability in Ubiquiti UniFi OS allows network-adjacent attackers to read sensitive system files and potentially compromise user accounts.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-34908
9.5📝
UbiquitiUniFi OS
⏰ Federal Deadline:June 25, 2026(1 days remaining)
An improper access control vulnerability in Ubiquiti UniFi OS devices allows network-adjacent attackers to modify system configurations without authorization.
CVSS Base9.5
→
CRSSelect profile
🚨
Critical Vulnerabilities
CVE-2026-39948
9.3📝
CactiCacti
An SQL injection vulnerability in Cacti allows unauthenticated attackers to execute arbitrary database commands via the rfilter parameter in graph_view.php.
CVSS Base9.3
→
CRSSelect profile
CVE-2026-50551
9.9📝
SiYuanSiYuan
A stored cross-site scripting (XSS) vulnerability in the SiYuan Attribute View allows for remote code execution (RCE) within the Electron desktop client.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-13028
9.6📝
GoogleChrome
A use-after-free vulnerability in the WebGL component of Google Chrome on Android allows remote attackers to execute a sandbox escape via a malicious HTML page.
CVSS Base9.6
→
CRSSelect profile
CVE-2026-13032
9.6📝
GoogleChrome
A critical use-after-free vulnerability in Google Chrome's WebGL component on Android allows remote attackers to perform a sandbox escape via crafted HTML content.
CVSS Base9.6
→
CRSSelect profile
CVE-2026-54069
9.2📝
SiYuanSiYuan Note
The SiYuan kernel HTTP server improperly trusts browser extension origins, allowing unauthenticated administrative API access and potential data exfiltration.
CVSS Base9.2
→
CRSSelect profile
CVE-2026-12537
10📝
Google CloudGemini CLI
An OS command injection vulnerability in Google Gemini CLI allows unprivileged attackers to achieve host-level code execution during CI/CD processes.
CVSS Base10
→
CRSSelect profile
CVE-2026-54067
9.9📝
SiYuanSiYuan
A cross-site scripting (XSS) vulnerability in SiYuan's CSS snippet rendering allows attackers to execute arbitrary JavaScript, leading to remote code execution (RCE) on Electron desktop builds.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-54158
9.9📝
SiYuanSiYuan
A critical XSS vulnerability in SiYuan's attribute-view cell renderer allows attackers to inject malicious scripts, leading to remote code execution on Electron desktop clients.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-55666
9.3📝
RocketChatRocket.Chat
Rocket.Chat contains an authentication bypass vulnerability in its Apple OAuth flow, allowing attackers to forge JWTs and perform account takeovers.
CVSS Base9.3
→
CRSSelect profile
CVE-2026-55454
9.9📝
AppsmithAppsmith
The Appsmith platform contains a configuration flaw in the bundled Caddy reverse-proxy, allowing authenticated users to perform SSRF and achieve full reverse-proxy takeover.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-39955
9.8📝
CactiCacti
The Cacti performance management framework is vulnerable to a pre-authentication SQL injection via an improperly validated input parameter in graph_view.php.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-56121
9.8📝
FeastFeast
Feast contains an unsafe deserialization vulnerability that allows remote code execution via crafted gRPC requests to the registry server.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-45689
9.1📝
Rocket.ChatRocket.Chat
An unauthenticated attacker can inject MongoDB operators into the OAuth token endpoint to steal valid access tokens for arbitrary users, including administrators.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-45688
9.1📝
Rocket.ChatRocket.Chat
An unauthenticated attacker can use NoSQL injection in the CAS login handler to bypass authentication and hijack active user sessions, including administrative accounts.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-52813
10📝
GogsGogs
A path traversal vulnerability in Gogs allows attackers to write files to arbitrary locations, enabling remote code execution via malicious Git hook configuration.
CVSS Base10
→
CRSSelect profile
CVE-2026-52806
9.9📝
GogsGogs
An authenticated Remote Code Execution vulnerability in Gogs allows users to inject malicious commands via crafted branch names during the merge rebase operation.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-49980
9.8📝
RcloneRclone
Rclone’s remote control daemon (rcd) allows unauthenticated Remote Code Execution by processing malicious GET/HEAD requests that trigger local command execution during backend initialization.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-56237
9.1📝
CapgoCapgo
A broken authentication vulnerability in Capgo allows attackers to generate arbitrary, unauthorized API keys, leading to unauthorized access to protected endpoints.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-53943
9.6📝
TryGhostGhost
Ghost is vulnerable to cache poisoning via the x-ghost-preview header, allowing unauthenticated attackers to manipulate frontend responses and potentially hijack staff accounts.
CVSS Base9.6
→
CRSSelect profile
CVE-2026-46423
9.3📝
RocketChatRocket.Chat
Rocket.Chat's SAML implementation fails to validate signatures when no IdP certificate is configured, allowing unauthenticated attackers to bypass authentication.
CVSS Base9.3
→
CRSSelect profile
CVE-2026-56111
9.1📝
MarlinFirmwareMarlin
Marlin firmware contains an out-of-bounds write vulnerability in the M421 G-code handler, allowing attackers to corrupt memory and cause a denial of service.
CVSS Base9.1
→
CRSSelect profile
CVE-2026-33543
9.3📝
FOSSBillingFOSSBilling
A flawed administrator existence check in the FOSSBilling guest API allows unauthenticated attackers to create new administrator accounts, leading to full system compromise.
CVSS Base9.3
→
CRSSelect profile
CVE-2026-39938
9.8📝
CactiCacti
Cacti versions 1.2.30 and prior contain an unauthenticated Local File Inclusion (LFI) vulnerability via the graph_theme parameter, potentially allowing unauthorized file access.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-39893
9.8📝
CactiCacti
A SQL injection vulnerability exists in Cacti versions 1.2.30 and prior, where the rfilter parameter is unsafely concatenated into an RLIKE clause, reachable by unauthenticated users.
CVSS Base9.8
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2026-12242
8.8📝
WordPressAdRotate Banner Manager
The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection, potentially allowing remote code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-57296
8.8📝
JenkinsExternal Workspace Manager Plugin
A critical vulnerability exists in the Jenkins External Workspace Manager Plugin, potentially allowing for unauthorized access or system compromise.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13026
8.8📝
GoogleChrome
A use-after-free vulnerability in the Digital Credentials component of Google Chrome on Mac allows for potential memory corruption or arbitrary code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13027
8.8📝
GoogleChrome
A use-after-free vulnerability exists in the FileSystem component of Google Chrome prior to version 149, potentially allowing arbitrary code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13031
8.8📝
GoogleChrome
A use-after-free vulnerability in the Blink rendering engine of Google Chrome prior to version 149 may allow for arbitrary code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13035
8.8📝
GoogleChrome
A use-after-free vulnerability in the Bluetooth component of Google Chrome on macOS prior to version 149 could allow for arbitrary code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13036
8.8📝
GoogleChrome
A use-after-free vulnerability exists in the Blink rendering engine of Google Chrome, potentially allowing for arbitrary code execution or system instability.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13038
8.8📝
GoogleChrome
A use-after-free vulnerability in the Autofill component of Google Chrome on Windows may allow attackers to trigger memory corruption and execute arbitrary code.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13033
8.8📝
GoogleChrome
An out-of-bounds read and write vulnerability in the Blink InterestGroups component of Google Chrome could lead to memory corruption and potential code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13025
8.3📝
GoogleChrome
A race condition vulnerability exists within the DevTools component of Google Chrome, potentially allowing for unauthorized exploitation.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-49269
8.6📝
AppleM1 GPU
Apple M1 GPUs fail to clear register file data between compute shader dispatches, potentially allowing data leakage between processes.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-57280
8.8📝
JenkinsScript Security Plugin
A critical security vulnerability has been identified in the Jenkins Script Security Plugin, potentially allowing for unauthorized script execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-57301
8.8📝
JenkinsOWASP ZAP Plugin
A vulnerability in the Jenkins OWASP ZAP Plugin may allow attackers to exploit security testing configurations to gain unauthorized access or execute code.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-7570
8.8📝
QuestNetVault Backup
A SQL injection vulnerability in the NVBUDashboard component of Quest NetVault Backup allows remote code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9781
8.8📝
QuestNetVault Backup
A SQL injection vulnerability in the NVBURASDevice component of Quest NetVault Backup enables remote code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9782
8.8📝
QuestNetVault Backup
A SQL injection vulnerability in the NVBUDeviceDrive component of Quest NetVault Backup facilitates remote code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9783
8.8📝
QuestNetVault Backup
Quest NetVault Backup is vulnerable to a SQL injection flaw within the NVBURemovableMedia component, potentially allowing for remote code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9784
8.8📝
QuestNetVault Backup
Quest NetVault Backup contains a SQL injection vulnerability in the NVBULibraryPort component, which may enable remote code execution by an attacker.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9785
8.8📝
QuestNetVault Backup
Quest NetVault Backup is susceptible to a SQL injection vulnerability within the NVBULibrarySlot component, which could allow an attacker to perform remote code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9786
8.8📝
QuestNetVault Backup
A SQL injection vulnerability in the NVBUDashboard component of Quest NetVault Backup allows remote attackers to potentially execute arbitrary code.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9787
8.8📝
QuestNetVault Backup
A command injection vulnerability in the NVBULogDaemon component of Quest NetVault Backup enables remote attackers to execute arbitrary system commands.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9772
8.8📝
UnraidUnraid Web Server
A file upload command injection vulnerability in the Unraid web server allows remote attackers to execute arbitrary commands by uploading malicious files.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9773
8.8📝
UnraidUnraid Web Server
Unraid Web Server is vulnerable to remote code execution via command injection in the ToggleState function.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12244
8.7📝
NLnet LabsNSD (Name Server Daemon)
NSD is vulnerable to a heap overflow during AXFR zone transfers when processing maliciously crafted SVCB resource records.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-49851
8.7📝
LeptureMistune
The Mistune Python Markdown parser is susceptible to a vulnerability that may allow for remote code execution or cross-site scripting depending on the implementation.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-12490
8.2📝
NLnetNSD
A vulnerability in the NSD name server software fails to properly enforce client certificate authentication when a provide-xfr is configured with a tls-auth-name.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-54904
8.2📝
ruby-concurrencyconcurrent-ruby
A security vulnerability has been identified in the concurrent-ruby library for Ruby, potentially impacting applications relying on these concurrency tools.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-9155
8.8📝
Rapid7InsightConnect Sed Plugin
An OS command injection vulnerability exists in the Rapid7 InsightConnect Sed Plugin, allowing authenticated attackers to execute arbitrary system commands via the expression parameter.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-7569
8.8📝
QuestNetVault Backup
Quest NetVault Backup is vulnerable to a cross-site scripting (XSS) flaw in the viewclient component that facilitates authentication bypass.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-9780
8.8📝
QuestNetVault Backup
Quest NetVault Backup contains a cross-site scripting (XSS) vulnerability in the addclient3 function that permits authentication bypass.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-50189
8.9📝
AppsmithAppsmith
The Appsmith platform, used for building internal tools and admin panels, contains a critical security vulnerability requiring immediate attention.
CVSS Base8.9
→
CRSSelect profile
CVE-2026-52798
8.9📝
GogsGogs
Gogs is vulnerable to a security flaw that could allow for unauthorized actions or system compromise.
CVSS Base8.9
→
CRSSelect profile
CVE-2026-52800
8.8📝
GogsGogs
A security flaw in the Gogs self-hosted Git service may lead to significant operational risks.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-48793
8.8📝
JellyfinJellyfin
Jellyfin is susceptible to a security vulnerability that could impact the integrity of self-hosted media server deployments.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-49247
8.8📝
JellyfinMedia Server
A vulnerability exists in the Jellyfin media server that may allow for unauthorized access or system compromise.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-48704
8.8📝
WarpWarp Development Environment
A high-severity vulnerability has been identified in the Warp agentic development environment that may impact user security.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-48720
8.8📝
WarpWarp Development Environment
An additional high-severity vulnerability has been disclosed in the Warp agentic development environment.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-48732
8.8📝
WarpWarp
Warp, an agentic development environment, contains a high-severity vulnerability that may allow for unauthorized access or system manipulation.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13164
8.8📝
MailerupMailerup
Mailerup contains a missing authentication vulnerability in the RegisterView function, potentially allowing unauthenticated access to critical account registration processes.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-56232
8.8📝
CapgoCapgo
Capgo versions prior to 12 are affected by a high-severity vulnerability that requires immediate attention to maintain system security.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12245
8.7📝
NLnet LabsNSD (Name Server Daemon)
A vulnerability exists in the NLnet Labs NSD software, potentially allowing for significant service disruption or unauthorized control.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-10086
8.7📝
GitLabGitLab EE
GitLab EE is affected by a security vulnerability requiring immediate remediation to prevent unauthorized system access.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-54759
8.7📝
SiYuanSiYuan Note
A high-severity vulnerability has been identified in the SiYuan personal knowledge management system that may compromise user data integrity.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-45677
8.7📝
Rocket.ChatRocket.Chat
A high-severity security vulnerability has been identified in the Rocket.Chat communication platform, necessitating immediate administrative review.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-52805
8.7📝
GogsGogs
A security vulnerability has been identified in the Gogs self-hosted Git service that requires immediate administrative attention to prevent potential system compromise.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-46348
8.7📝
MastodonMastodon
A critical security vulnerability has been identified in the Mastodon social network server, necessitating prompt remediation to protect instance integrity.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-56223
8.7📝
CapgoCapgo
A security vulnerability has been identified in Capgo prior to version 12, requiring immediate updates to secure the platform.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-12053
8.6📝
GitLabGitLab EE
GitLab EE contains a security vulnerability in versions 19 and later that necessitates an immediate update.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-40079
8.6📝
CactiCacti
A security vulnerability has been identified in the Cacti performance and fault management framework that requires immediate attention from system administrators.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-47389
8.6📝
MastodonMastodon
A security vulnerability has been identified in Mastodon, a social network server based on ActivityPub, which could potentially expose the platform to unauthorized manipulation.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-48721
8.6📝
WarpWarp
A security vulnerability has been identified in the Warp agentic development environment, requiring swift action to protect developer workstations and environments.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-45687
8.5📝
Rocket.ChatRocket.Chat
A security vulnerability exists in Rocket.Chat that could potentially allow for unauthorized access or system compromise.
CVSS Base8.5
→
CRSSelect profile
CVE-2026-52797
8.5📝
GogsGogs
A security vulnerability in the Gogs self-hosted Git service may allow for unauthorized access or manipulation of repository data.
CVSS Base8.5
→
CRSSelect profile
CVE-2026-42450
8.4📝
Academy Software FoundationOpenColorIO
A vulnerability in the OpenColorIO framework may allow for unauthorized actions during the processing of color management data.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-47267
8.3📝
GogsGogs
Gogs, an open-source self-hosted Git service, contains a high-severity vulnerability that may allow for unauthorized access or system compromise.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-44016
8.2📝
Docling-projectDocling
Docling, a tool for document processing and AI integration, contains a high-severity vulnerability that could be leveraged to compromise document parsing workflows.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-11878
8.2📝
OpenTextAccess Manager
OpenText Access Manager is vulnerable to a reflected Cross-Site Scripting (XSS) attack due to improper neutralization of user-supplied input during web page generation.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-56245
8.2📝
SupabaseCapgo
A vulnerability exists in Supabase Capgo prior to version 12 that may allow for unauthorized system impact.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-56351
8.2📝
n8nn8n
A security vulnerability in n8n versions before 2 allows for potential unauthorized access or system compromise.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-55762
8.1📝
Rocket.ChatRocket.Chat
A security vulnerability has been identified in Rocket.Chat that may permit unauthorized access or impact the integrity of the communication platform.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-52801
8.1📝
GogsGogs
A security vulnerability exists in the Gogs self-hosted Git service that may allow for unauthorized access or system compromise.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-48725
8.1📝
WarpWarp
A security vulnerability has been identified in the Warp agentic development environment that may impact user security and system integrity.
CVSS Base8.1
→
CRSSelect profile
CVE-2026-35025
8.1📝
ProFTPDProFTPD
A security vulnerability in ProFTPD allows for potential unauthorized actions, necessitating immediate review and patching.
CVSS Base8.1
→
CRSSelect profile
CVE-2025-71354
8.1📝
PicklescanPicklescan
A security vulnerability exists in Picklescan before version 0, potentially allowing for malicious code execution during the scanning of untrusted pickle files.
CVSS Base8.1
→
CRSSelect profile
CVE-2025-71361
8.1📝
PicklescanPicklescan
A security vulnerability exists in Picklescan before version 0, which may lead to arbitrary code execution when processing crafted input files.