VulDB Recent Entries

A vulnerability was found in Cisco IOS XR. It has been rated as critical. This impacts an unknown function of the component Multi-Instance Intermediate System-to-Intermediate. Performing a manipulation results in improper validation of specified type of input. This vulnerability is cataloged as CVE-2026-20074. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Cisco IOS XR. It has been declared as critical. This affects an unknown function of the component Egress Packet Network Interface Aligner. Such manipulation leads to improper cleanup on thrown exception. This vulnerability is listed as CVE-2026-20118. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in neo4j Enterprise Edition up to 5.26.21/2026.1. It has been classified as problematic. The impacted element is an unknown function of the component SSO. This manipulation causes incorrect authorization. This vulnerability is tracked as CVE-2026-1524. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Array Networks MotionPro. This vulnerability affects unknown code of the component ArrayInstallManager. Performing a manipulation results in permission issues. This vulnerability is known as CVE-2026-26364. Attacking locally is a requirement. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Unraid 6.8.0/7.0.0/7.0.1. This affects an unknown part. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2026-3839. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Unraid 6.8.0/7.0.0/7.0.1. Affected by this issue is some unknown functionality of the component Request Path Handler. This manipulation causes path traversal. This vulnerability appears as CVE-2026-3838. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Craft Commerce up to 4.10.2/5.5.3. Affected by this vulnerability is an unknown functionality of the component Order Details Handler. The manipulation of the argument Shipping Method Name/Order Reference/Site Name results in cross site scripting. This vulnerability is reported as CVE-2026-29177. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in parse-community parse-server up to 8.6.16/9.0.0 9.5.2-alpha.3. Affected is an unknown function of the component SVG File Parser. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-30948. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Craft Commerce up to 5.5.2. This impacts an unknown function of the component Inventory Locations Page. Executing a manipulation of the argument Name can lead to cross site scripting. This vulnerability is registered as CVE-2026-29176. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Google Android. It has been rated as critical. This affects an unknown function. Performing a manipulation results in out-of-bounds write. This vulnerability is cataloged as CVE-2026-0124. It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Intel Reference Platform. It has been declared as critical. The impacted element is an unknown function of the component UEFI FlashUcAcmSmm Module. Such manipulation leads to improper input validation. This vulnerability is listed as CVE-2025-20064. The attack must be carried out locally. There is no available exploit.

A vulnerability was found in Google Android. It has been classified as critical. The affected element is the function EfwApTransport::ProcessRxRing of the file efw_ap_transport.cc. This manipulation causes out-of-bounds write. This vulnerability is tracked as CVE-2026-0123. The attack is restricted to local execution. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability was found in Craft Commerce up to 5.5.2 and classified as problematic. Impacted is an unknown function of the component Commerce Inventory Page. The manipulation of the argument Product Title/Variant Title/Variant SKU results in cross site scripting. This vulnerability is identified as CVE-2026-29175. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Google Android and classified as critical. This issue affects the function usim_SendMCCMNCIndMsg of the file usim_Registration.c. The manipulation leads to out-of-bounds write. This vulnerability is referenced as CVE-2026-0119. It is possible to launch the attack on the physical device. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Android. This vulnerability affects unknown code of the component oobconfig. Executing a manipulation can lead to out-of-bounds read. The identification of this vulnerability is CVE-2026-0118. The attack can only be executed locally. There is no exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability, which was classified as critical, has been found in Google Android. This affects the function mfc_dec_dqbuf of the file mfc_dec_v4l2.c. Performing a manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-0117. The attack needs to be approached locally. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical was found in Intel Reference Platform. Affected by this issue is some unknown functionality of the component UEFI Firmware. Such manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-20096. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as critical has been found in Intel Reference Platform See references. Affected by this vulnerability is an unknown functionality of the component UEFI Firmware. This manipulation causes memory corruption. This vulnerability is handled as CVE-2025-20005. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability described as critical has been identified in Intel Reference Platform See references. Affected is an unknown function of the component WheaERST SMM Module. The manipulation results in time-of-check time-of-use. This vulnerability is known as CVE-2025-20028. Attacking locally is a requirement. No exploit is available.

A vulnerability marked as problematic has been reported in Google Android. This impacts an unknown function of the component VPU. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2026-0121. An attack has to be approached locally. There is no exploit available. It is suggested to install a patch to address this issue.