CVE Brief Security Intelligence

The Custom css-js-php WordPress plugin through 2

Zen is a firefox-based browser

Vaultwarden is a Bitwarden-compatible server written in Rust

A vulnerability in the WordPress Plugin Survey & Poll may allow unauthorized access through manipulation of the cookie parameter.

A security vulnerability has been discovered in e107 CMS 2 that could permit unauthorized access or code execution.

A security vulnerability has been identified in ImpressCMS 1 that requires immediate investigation and patching.

Evolution CMS 3

TextPattern CMS 4

Aero CMS 0

Dell Automation Platform versions prior to 2

WWBN AVideo is an open source video platform

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt

The Open edX Platform contains a high-severity vulnerability that may allow for unauthorized access or system manipulation due to insufficient security controls.

A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands

WWBN AVideo contains a high-severity security vulnerability that could be exploited to gain unauthorized access to the video platform's infrastructure.

SQL injection vulnerability in pgAdmin 4 Maintenance Tool

A vulnerability was detected in OpenClaw up to 2026

WWBN AVideo is an open source video platform

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet

pyLoad is a free and open-source download manager written in Python

pyLoad is a free and open-source download manager written in Python

** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1

A vulnerability was found in D-Link DCS-935L up to 1

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management

Opencart TMD Vendor System 3

A security flaw in the Balbooa Joomla Forms Builder may allow an attacker to exploit form submission processes.

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true

Grav is a file-based Web platform

The Salesforce module before 1

Grav is a file-based Web platform

A vulnerability has been detected in Sentry 8, potentially impacting the monitoring and error-tracking capabilities of the platform.

A vulnerability has been identified in CyberPanel 2 that could permit unauthorized system access.

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more

OpenClaw before 2026

Crabbox before 0

Outline is a service that allows for collaborative documentation

Vaultwarden is a Bitwarden-compatible server written in Rust

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth

In Meari IoT SDK builds embedded in CloudEdge 5

Grav is a file-based Web platform

The Open edx Enterprise Service app provides enterprise features to the Open edX platform

Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager

barebox version prior to 2026

In JetBrains TeamCity before 2026

jotty·page is a self-hosted app for your checklists and notes

Outline is a service that allows for collaborative documentation

exiftool-vendored provides cross-platform Node

Grav is a file-based Web platform

Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager

HireFlow v1

Bitwarden Server prior to v2026

Vaultwarden is a Bitwarden-compatible server written in Rust

A flaw was found in Cockpit

Bitwarden Server prior to v2026

A security vulnerability has been discovered in the Argus Surveillance DVR, potentially allowing unauthorized access to video feeds or system settings.

OpenClaw before 2026

libcaca is a colour ASCII art library

In Meari IoT Cloud MQTT Broker deployments running EMQX 4

Outline is a service that allows for collaborative documentation

A security vulnerability has been identified in memono Notepad 4 that requires investigation and remediation.

XML::LibXML versions through 2

In Meari client applications embedding "com

In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement

A high-severity vulnerability exists within the Meari IoT SDK's image handling library, libmrplayer, potentially leading to memory corruption or arbitrary code execution.

A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers

"Kura Sushi Official App" provided by EPG, Inc

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods

OpenClaw before 2026

A vulnerability was detected in inkeep agents 0

Outline is a service that allows for collaborative documentation

Path traversal vulnerability exists in GROWI v7

A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3

OpenClaw before 2026

Crabbox before 0