CVE-2026-24770 - RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading... read CVE-2026-24770
Published: January 27, 2026; 5:15:56 PM -0500

CVE-2026-24747 - PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., w... read CVE-2026-24747
Published: January 27, 2026; 5:15:56 PM -0500

CVE-2026-1505 - A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The ex... read CVE-2026-1505
Published: January 27, 2026; 9:16:00 PM -0500

V3.1: 7.2 HIGH

CVE-2026-1506 - A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is poss... read CVE-2026-1506
Published: January 27, 2026; 10:15:50 PM -0500

V3.1: 7.2 HIGH

CVE-2025-41375 - SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint.
Published: August 01, 2025; 9:15:27 AM -0400

V3.1: 9.8 CRITICAL

CVE-2025-41376 - CRLF Injection vulnerability in Limesurvey v2.65.1+170522.  This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCooki... read CVE-2025-41376
Published: August 01, 2025; 9:15:27 AM -0400

V3.1: 5.3 MEDIUM

CVE-2024-6933 - A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Sur... read CVE-2024-6933
Published: July 20, 2024; 9:15:10 PM -0400

V3.1: 9.8 CRITICAL

CVE-2020-36993 - LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to e... read CVE-2020-36993
Published: January 28, 2026; 8:15:52 AM -0500

V3.1: 5.4 MEDIUM

CVE-2026-23755 - D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL ... read CVE-2026-23755
Published: January 21, 2026; 1:16:26 PM -0500

V3.1: 7.3 HIGH

CVE-2026-23754 - D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, in... read CVE-2026-23754
Published: January 21, 2026; 1:16:25 PM -0500

V3.1: 8.8 HIGH

CVE-2024-55930 - Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
Published: January 23, 2025; 1:15:32 PM -0500

V3.1: 9.8 CRITICAL

CVE-2024-55931 - Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.  The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be... read CVE-2024-55931
Published: January 27, 2025; 7:15:27 AM -0500

V3.1: 6.5 MEDIUM

CVE-2024-55929 - A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.
Published: January 23, 2025; 1:15:32 PM -0500

V3.1: 5.3 MEDIUM

CVE-2025-70985 - Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope.
Published: January 23, 2026; 2:15:53 PM -0500

CVE-2025-70986 - Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.
Published: January 23, 2026; 2:15:54 PM -0500

CVE-2024-7517 - A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This sp... read CVE-2024-7517
Published: November 21, 2024; 6:15:35 AM -0500

V3.1: 7.8 HIGH

CVE-2025-48753 - In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock.
Published: May 23, 2025; 11:15:23 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-48752 - In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.
Published: May 23, 2025; 11:15:23 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-48751 - The process_lock crate 0.1.0 for Rust allows data races in unlock.
Published: May 23, 2025; 11:15:23 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-20966 - Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
Published: May 07, 2025; 5:15:16 AM -0400