Vulnerability Notes
- CVE-2026-26011 - Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution
- CVE-2026-24894 - FrankenPHP leaks session data between requests in worker mode
- CVE-2026-24044 - ESS Community Helm Chart has a weak server key generation method
- CVE-2025-70314 - Webfsd Buffer Overflow Vulnerability
- CVE-2026-26218 - newbee-mall Default Seeded Administrator Credentials Allow Account Takeover
- CVE-2025-52533 - Xilinx Spartan Debug Interface Privilege Escalation
- CVE-2023-31323 - AMD Secure Processor ASP Type Confusion Vulnerability
- CVE-2025-61880 - Infoblox NIOS Deserialization Remote Code Execution
- CVE-2025-54756 - BrightSign Players Use of Default Credentials
- CVE-2026-26216 - Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Parameter
- CVE-2025-69634 - Dolibarr ERP & CRM CSRF Privilege Escalation
- CVE-2026-1104 - FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download
- CVE-2025-14014 - Insecure File Upload in NTN Informatics' Smart Panel
- CVE-2026-2005 - PostgreSQL pgcrypto heap buffer overflow executes arbitrary code