Vulnerability Notes
- CVE-2025-61972 - AMD Secure Processor ASP Unprivileged SMN Code Execution
- CVE-2025-62624 - VMware ESXi Heap-Based Buffer Overflow Vulnerability
- CVE-2025-62623 - VMware ESXi Heap-Based Buffer Overflow Privilege Escalation
- CVE-2026-8053 - FlatBSON Duplicate Field Index Drift
- CVE-2026-44547 - ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2
- CVE-2026-41901 - Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
- CVE-2026-45227 - Heym < 0.0.21 Sandbox Escape via Python Introspection
- CVE-2026-44304 - Lemur: LDAP Filter Injection enables post-authentication privilege escalation
- CVE-2026-44258 - efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution
- CVE-2026-43948 - wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
- CVE-2026-42196 - django-s3file: Relative path traversal
- CVE-2026-26289 - Subnet Solutions PowerSYSTEM Center Incorrect Authorization
- CVE-2026-44403 - Wing FTP Server 8.1.2 Authenticated Remote Code Execution via Session Serialization