You’ll be exhausted by then because securing Microsoft’s AI helper is not a trivial task Gartner analyst Dennis Xu has
Vulnerabilities
CVE-2025-69809 | p2r3 Bareiron 8e4d40 improper authentication
A vulnerability classified as critical was found in p2r3 Bareiron 8e4d40. This impacts an unknown function. Executing a manipulation can
CVE-2026-32261 | Webhooks Plugin up to 3.1.x on Craftcms That Call renderString special elements used in a template engine (GHSA-8wg7-wm29-2rvg)
A vulnerability, which was classified as problematic, has been found in Webhooks Plugin up to 3.1.x on Craftcms. Affected is
CVE-2025-69727 | Index-Education Pronote prior 2025.2.8 index.js composeUrlImgPhotoIndividu authorization
A vulnerability, which was classified as problematic, was found in Index-Education Pronote. Affected by this vulnerability is the function composeUrlImgPhotoIndividu
CVE-2025-69808 | p2r3 Bareiron 8e4d40 denial of service
A vulnerability has been found in p2r3 Bareiron 8e4d40 and classified as problematic. Affected by this issue is some unknown
CVE-2026-28430 | Chamilo LMS up to 1.11.33 Legacy Password Reset custom_dates sql injection
A vulnerability was found in Chamilo LMS up to 1.11.33 and classified as critical. This affects an unknown part of
CVE-2026-29516 | Buffalo TeraStation NAS TS5400R up to 4.02-0.06 permission assignment
A vulnerability was found in Buffalo TeraStation NAS TS5400R up to 4.02-0.06. It has been classified as problematic. This vulnerability
CVE-2026-30876 | Chamilo LMS up to 1.11.35 response discrepancy
A vulnerability was found in Chamilo LMS up to 1.11.35. It has been declared as problematic. This issue affects some
CVE-2026-30881 | Chamilo LMS up to 1.11.35 AJAX Endpoint Database::escape_string sql injection
A vulnerability was found in Chamilo LMS up to 1.11.35. It has been rated as critical. Impacted is the function
CVE-2026-32264 | Craft CMS up to 4.17.4/5.9.10 externally-controlled input to select classes or code
A vulnerability categorized as problematic has been discovered in Craft CMS up to 4.17.4/5.9.10. The affected element is an unknown
CVE-2026-32267 | Craft CMS up to 4.17.5/5.9.11 authorization
A vulnerability identified as critical has been detected in Craft CMS up to 4.17.5/5.9.11. The impacted element is an unknown
CVE-2026-32262 | Craft CMS up to 4.17.4/5.9.10 replaceFile targetFilename path traversal
A vulnerability labeled as critical has been found in Craft CMS up to 4.17.4/5.9.10. This affects the function replaceFile. Such
CVE-2026-30882 | Chamilo LMS up to 1.11.35 keyword cross site scripting
A vulnerability marked as problematic has been reported in Chamilo LMS up to 1.11.35. This impacts an unknown function. Performing
CVE-2025-50881 | Flow up to 9.x flow/admin/moniteur.php eval Action improper authentication
A vulnerability described as critical has been identified in Flow up to 9.x. Affected is the function eval of the
CVE-2026-26304 | Mattermost up to 11.2.2/11.3.0 Playbook Run API authorization
A vulnerability classified as problematic has been found in Mattermost up to 11.2.2/11.3.0. Affected by this vulnerability is an unknown
CVE-2026-1629 | Mattermost up to 10.11.10/11.3.x Private Channel operation after expiration
A vulnerability classified as problematic was found in Mattermost up to 10.11.10/11.3.x. Affected by this issue is some unknown functionality
CVE-2026-26230 | Mattermost up to 10.11.10/11.3.x API Endpoint authorization
A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.11.10/11.3.x. This affects an unknown part
CVE-2025-69902 | kubectl-mcp-server 1.2.0 minimal_wrapper.py os command injection
A vulnerability, which was classified as critical, was found in kubectl-mcp-server 1.2.0. This vulnerability affects unknown code of the file
CVE-2026-29522 | ZwickRoell Test Data Management up to 3.0.7 node_upgrade_srv.js firmware path traversal
A vulnerability has been found in ZwickRoell Test Data Management up to 3.0.7 and classified as critical. This issue affects
CVE-2026-2454 | Mattermost up to 10.11.10/11.2.2/11.3.0 Websocket Message improper validation of specified type of input
A vulnerability was found in Mattermost up to 10.11.10/11.2.2/11.3.0 and classified as problematic. Impacted is an unknown function of the
CVE-2025-68971 | Forgejo up to 13.0.3 File Attachment denial of service
A vulnerability was found in Forgejo up to 13.0.3. It has been classified as problematic. The affected element is an
CVE-2026-4285 | taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433 Pdf2MdUtil.java recognizeMarkdown fileUrl path traversal
A vulnerability, which was classified as critical, was found in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown
CVE-2026-4284 | taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433 PPT File PPTUtil.java downloadFile url server-side request forgery
A vulnerability, which was classified as critical, has been found in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the
CVE-2026-4287 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint queryResources areaId sql injection
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform 7.17.0 and classified as critical. The affected element is
CVE-2026-4288 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint getDevDetailedInfo ID sql injection
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0 and classified as critical. The impacted element is an
CVE-2026-4289 | Tiandy Easy7 Integrated Management Platform up to 7.17.0 getRecByTemplateId ID sql injection
A vulnerability was found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. It has been classified as critical. This
CVE-2026-23489 | pluginsGLPI fields up to 1.23.2 Custom Fields input validation
A vulnerability was found in pluginsGLPI fields up to 1.23.2. It has been declared as problematic. This impacts an unknown
CVE-2026-4270 | Amazon AWS API MCP Server up to 1.3.8 improper protection of alternate path
A vulnerability was found in Amazon AWS API MCP Server up to 1.3.8. It has been rated as problematic. Affected
CVE-2025-65734 | GUnet Open eClass up to 3.10/3.12 Work Assignments unrestricted upload
A vulnerability categorized as critical has been discovered in GUnet Open eClass up to 3.10/3.12. Affected by this vulnerability is
CVE-2026-29510 | Shenzhen Hereta Hereta ETH-IMC408M up to 1.0.15 System Status Interface Device Name cross site scripting
A vulnerability identified as problematic has been detected in Shenzhen Hereta Hereta ETH-IMC408M up to 1.0.15. Affected by this issue
CVE-2026-29513 | Shenzhen Hereta Hereta ETH-IMC408M up to 1.0.15 System Status Interface Device Location cross site scripting
A vulnerability labeled as problematic has been found in Shenzhen Hereta Hereta ETH-IMC408M up to 1.0.15. This affects an unknown
CVE-2026-29520 | Shenzhen Hereta Hereta ETH-IMC408M up to 1.0.15 ping_ipaddr cross site scripting
A vulnerability marked as problematic has been reported in Shenzhen Hereta Hereta ETH-IMC408M up to 1.0.15. This vulnerability affects unknown
CVE-2026-30405 | GoBGP GoBGPd 4.2.0 NEXT_HOP denial of service (Issue 3305)
A vulnerability described as problematic has been identified in GoBGP GoBGPd 4.2.0. This issue affects some unknown processing. The manipulation
CVE-2026-29521 | Shenzhen Hereta Hereta ETH-IMC408M up to 1.0.15 Setting setup.cgi cross-site request forgery
A vulnerability classified as problematic has been found in Shenzhen Hereta Hereta ETH-IMC408M up to 1.0.15. Impacted is an unknown
CVE-2025-66687 | Doom Launcher 3.8.1.0 Path Validation path traversal
A vulnerability classified as critical was found in Doom Launcher 3.8.1.0. The affected element is an unknown function of the
CVE-2026-28490 | Authlib up to 1.6.8 information exposure (GHSA-7432-952)
A vulnerability, which was classified as problematic, has been found in Authlib up to 1.6.8. The impacted element is an
CVE-2026-28498 | Authlib up to 1.6.8 Header Parameter integrity check
A vulnerability, which was classified as problematic, was found in Authlib up to 1.6.8. This affects an unknown function of
CVE-2026-27962 | Authlib up to 1.6.8 signature verification
A vulnerability has been found in Authlib up to 1.6.8 and classified as critical. This impacts an unknown function. The
CVE-2025-69768 | Chyrp up to 2.5.2 Admin.php sql injection
A vulnerability was found in Chyrp up to 2.5.2 and classified as critical. Affected is an unknown function of the
CVE-2026-4269 | Amazon AWS Bedrock AgentCore Starter Toolkit up to 0.1.12 generation of predictable numbers or identifiers
A vulnerability was found in Amazon AWS Bedrock AgentCore Starter Toolkit up to 0.1.12. It has been classified as critical.
CVE-2026-3644 | Python CPython up to 3.14.x http.cookies.Morsel input validation
A vulnerability was found in Python CPython up to 3.14.x. It has been declared as critical. Affected by this issue
CVE-2026-23862 | Dell ThinOS 10 2602_10.0573 command injection (dsa-2026-122)
A vulnerability was found in Dell ThinOS 10 2602_10.0573. It has been rated as critical. This affects an unknown part.
CVE-2026-4224 | Python CPython up to 3.14.x Expat Parser ElementDeclHandler stack-based overflow
A vulnerability categorized as critical has been discovered in Python CPython up to 3.14.x. This vulnerability affects the function ElementDeclHandler
CVE-2026-28500 | onnx onnx.hub.load data authenticity
A vulnerability identified as problematic has been detected in onnx. This issue affects the function onnx.hub.load. The manipulation leads to
CVE-2025-62319 | HCL Unica sql injection (KB0129410)
A vulnerability was found in HCL Unica. It has been rated as critical. The impacted element is an unknown function.
CVE-2026-4276 | LibreChat RAG API 0.7.0 neutralization for logs
A vulnerability categorized as problematic has been discovered in LibreChat RAG API 0.7.0. This affects an unknown function. The manipulation
CVE-2026-32583 | Webnus Modern Events Calendar Plugin up to 7.29.0 on WordPress authorization
A vulnerability identified as critical has been detected in Webnus Modern Events Calendar Plugin up to 7.29.0 on WordPress. This
CVE-2026-32587 | Saad Iqbal WP EasyPay Plugin up to 4.2.11 on WordPress authorization
A vulnerability labeled as critical has been found in Saad Iqbal WP EasyPay Plugin up to 4.2.11 on WordPress. Affected
CVE-2025-57543 | NetBox 4.3.5 Comment cross site scripting
A vulnerability marked as problematic has been reported in NetBox 4.3.5. Affected by this vulnerability is an unknown functionality. Performing
CVE-2025-69784 | OpenEDR 2.5.1.0 IOCTL Interface injection
A vulnerability described as critical has been identified in OpenEDR 2.5.1.0. Affected by this issue is some unknown functionality of
CVE-2025-69783 | OpenEDR 2.5.1.0 Kernel Driver csrss.exe improper authorization
A vulnerability classified as critical has been found in OpenEDR 2.5.1.0. This affects an unknown part of the file csrss.exe
CVE-2026-25534 | Spinnaker URL Validation server-side request forgery
A vulnerability classified as critical was found in Spinnaker. This vulnerability affects unknown code of the component URL Validation Handler.
CVE-2026-2456 | Mattermost service up to 10.11.10/11.2.2/11.3.0 Interactive Message memory allocation
A vulnerability was found in Mattermost service up to 10.11.10/11.2.2/11.3.0. It has been declared as problematic. This affects an unknown
CVE-2026-2463 | Mattermost up to 10.11.10/11.2.2/11.3.0 User Permission authorization
A vulnerability was found in Mattermost up to 10.11.10/11.2.2/11.3.0. It has been rated as problematic. This impacts an unknown function
CVE-2025-52637 | HCL AION 2.0 Configuration missing initialization (KB0129410)
A vulnerability categorized as problematic has been discovered in HCL AION 2.0. Affected is an unknown function of the component
CVE-2026-26246 | Mattermost up to 10.11.10/11.2.2/11.3.0 PSD File Parser memory allocation
A vulnerability identified as problematic has been detected in Mattermost up to 10.11.10/11.2.2/11.3.0. Affected by this vulnerability is an unknown
CVE-2026-2458 | Mattermost up to 10.11.10/11.2.2/11.3.0 API Endpoint authorization
A vulnerability labeled as problematic has been found in Mattermost up to 10.11.10/11.2.2/11.3.0. Affected by this issue is some unknown
CVE-2026-2457 | Mattermost up to 10.11.10/11.2.2/11.3.0 API Endpoint origin validation
A vulnerability marked as problematic has been reported in Mattermost up to 10.11.10/11.2.2/11.3.0. This affects an unknown part of the
CVE-2026-24458 | Mattermost up to 10.11.10/11.2.2/11.3.0 Long Password allocation of resources
A vulnerability described as problematic has been identified in Mattermost up to 10.11.10/11.2.2/11.3.0. This vulnerability affects unknown code of the
CVE-2026-25783 | Mattermost up to 10.11.10/11.2.2/11.3.0 Header User-Agent improper validation of specified type of input
A vulnerability classified as problematic has been found in Mattermost up to 10.11.10/11.2.2/11.3.0. This issue affects some unknown processing of
CVE-2026-2578 | Mattermost up to 11.3.0 Burn-on-Read Message insertion of sensitive information into sent data
A vulnerability classified as problematic was found in Mattermost up to 11.3.0. Impacted is an unknown function of the component
CVE-2026-4265 | Mattermost up to 10.11.10/11.2.2/11.3.0 POST Request authorization
A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.11.10/11.2.2/11.3.0. The affected element is an
CVE-2026-2476 | Mattermost Plugins up to 2.0.3 Configuration information disclosure
A vulnerability, which was classified as problematic, was found in Mattermost Plugins up to 2.0.3. The impacted element is an
CVE-2026-2461 | Mattermost Plugins up to 10.10.11/10.11.10/11.0.3/11.2.2/11.3.0 authorization
A vulnerability has been found in Mattermost Plugins up to 10.10.11/10.11.10/11.0.3/11.2.2/11.3.0 and classified as problematic. This affects an unknown function.
CVE-2025-15540 | Raytha CMS up to 1.4.5 .NET code injection
A vulnerability was found in Raytha CMS up to 1.4.5 and classified as critical. This impacts an unknown function of
CVE-2025-69243 | Raytha CMS up to 1.4.x Password Reset response discrepancy
A vulnerability was found in Raytha CMS up to 1.4.x. It has been classified as problematic. Affected is an unknown
CVE-2025-69240 | Raytha CMS up to 1.4.5 Password Reset X-Forwarded-Host/Host less trusted source
A vulnerability was found in Raytha CMS up to 1.4.5. It has been declared as critical. Affected by this vulnerability
CVE-2025-69236 | Raytha CMS up to 1.4.5 FieldValues[1].Value cross site scripting
A vulnerability was found in Raytha CMS up to 1.4.5. It has been rated as problematic. Affected by this issue
CVE-2025-69237 | Raytha CMS up to 1.4.5 FieldValues[0].Value cross site scripting
A vulnerability categorized as problematic has been discovered in Raytha CMS up to 1.4.5. This affects an unknown part. Such
CVE-2025-69238 | Raytha CMS up to 1.4.5 POST Request cross-site request forgery
A vulnerability identified as problematic has been detected in Raytha CMS up to 1.4.5. This vulnerability affects unknown code of
CVE-2025-69239 | Raytha CMS up to 1.4.5 Themes Import from URL server-side request forgery
A vulnerability labeled as critical has been found in Raytha CMS up to 1.4.5. This issue affects some unknown processing
CVE-2025-69241 | Raytha CMS up to 1.4.5 FirstName/LastName cross site scripting
A vulnerability marked as problematic has been reported in Raytha CMS up to 1.4.5. Impacted is an unknown function. The
CVE-2025-69242 | Raytha CMS up to 1.4.5 backToListUrl cross site scripting
A vulnerability described as problematic has been identified in Raytha CMS up to 1.4.5. The affected element is an unknown
CVE-2025-69245 | Raytha CMS up to 1.4.5 Logon returnUrl cross site scripting
A vulnerability classified as problematic has been found in Raytha CMS up to 1.4.5. The impacted element is an unknown
CVE-2026-3476 | Dassault Systèmes SOLIDWORKS Desktop 2025/2026 code injection
A vulnerability classified as critical was found in Dassault Systèmes SOLIDWORKS Desktop 2025/2026. This affects an unknown function. Such manipulation
CVE-2025-52638 | HCL AION 2.0 Image Parser improper authentication (KB0129410)
A vulnerability, which was classified as critical, has been found in HCL AION 2.0. This impacts an unknown function of
CVE-2025-52648 | HCL AION 2.0 Image Parser missing initialization (KB0129410)
A vulnerability, which was classified as critical, was found in HCL AION 2.0. Affected is an unknown function of the
CVE-2025-10461 | Softing smartLink SW-HT/smartLink SW-PN webserver input validation
A vulnerability has been found in Softing smartLink SW-HT and smartLink SW-PN and classified as problematic. Affected by this vulnerability
CVE-2025-10685 | Softing smartLink SW-PN/smartLink SW-HT Webserver heap-based overflow
A vulnerability was found in Softing smartLink SW-PN and smartLink SW-HT and classified as critical. Affected by this issue is
CVE-2026-25780 | Mattermost up to 10.11.10/11.2.2/11.3.0 DOC File Parser memory allocation
A vulnerability was found in Mattermost up to 10.11.10/11.2.2/11.3.0. It has been classified as problematic. This affects an unknown part
CVE-2026-2462 | Mattermost up to 10.11.10/11.2.2/11.3.0 Plugin authorization
A vulnerability was found in Mattermost up to 10.11.10/11.2.2/11.3.0. It has been declared as problematic. This vulnerability affects unknown code
CVE-2025-69246 | Raytha CMS up to 1.4.5 excessive authentication
A vulnerability was found in Raytha CMS up to 1.4.5. It has been rated as problematic. This issue affects some
CVE-2025-52636 | HCL AION 2.0 Upload resource consumption (KB0129410)
A vulnerability categorized as problematic has been discovered in HCL AION 2.0. Impacted is an unknown function of the component
CVE-2025-52649 | HCL AION 2.0 information disclosure (KB0129410)
A vulnerability identified as problematic has been detected in HCL AION 2.0. The affected element is an unknown function. The
CVE-2025-52643 | HCL AION 2.0 access control (KB0129410)
A vulnerability labeled as critical has been found in HCL AION 2.0. The impacted element is an unknown function. The
CVE-2025-52644 | HCL AION 2.0 Local Privilege Escalation (KB0129410)
A vulnerability marked as problematic has been reported in HCL AION 2.0. This affects an unknown function. This manipulation causes
CVE-2026-25369 | Flexmls IDX Plugin up to 3.15.9 on WordPress cross site scripting
A vulnerability described as problematic has been identified in Flexmls IDX Plugin up to 3.15.9 on WordPress. This impacts an
CVE-2025-52646 | HCL AION 2.0 Configuration missing initialization (KB0129410)
A vulnerability classified as problematic has been found in HCL AION 2.0. Affected is an unknown function of the component
CVE-2026-24692 | Mattermost up to 10.11.10/11.2.2/11.3.0 API Endpoint authorization
A vulnerability classified as problematic was found in Mattermost up to 10.11.10/11.2.2/11.3.0. Affected by this vulnerability is an unknown functionality
CVE-2025-52645 | HCL AION 2.0 missing initialization (KB0129410)
A vulnerability, which was classified as problematic, has been found in HCL AION 2.0. Affected by this issue is some
CVE-2025-52642 | HCL AION 2.0 Internal File information disclosure (KB0129410)
A vulnerability, which was classified as problematic, was found in HCL AION 2.0. This affects an unknown part of the
CVE-2026-21386 | Mattermost up to 10.11.10/11.2.2/11.3.0 /mute information exposure
A vulnerability has been found in Mattermost up to 10.11.10/11.2.2/11.3.0 and classified as problematic. This vulnerability affects unknown code of
CVE-2026-22545 | Mattermost up to 10.11.10 authorization
A vulnerability was found in Mattermost up to 10.11.10 and classified as problematic. This issue affects some unknown processing. Such
CVE-2026-2455 | Mattermost up to 10.11.10/11.2.2/11.3.0/11.3.x IPv6 Address server-side request forgery
A vulnerability was found in Mattermost up to 10.11.10/11.2.2/11.3.0/11.3.x. It has been classified as critical. Impacted is an unknown function
CVE-2025-2274 | Forcepoint Web Security up to 8.5.6 on Windows cross site scripting
A vulnerability was found in Forcepoint Web Security up to 8.5.6 on Windows. It has been declared as problematic. The
openSUSE Leap 15.4 python-black Moderate File Write Risk 2026-0900-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
urgent security warning for openSUSE Leap 15.4 python-flake8 advisory
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-12736 | OpenHarmony up to 5.0.3.x uninitialized resource
A vulnerability was found in OpenHarmony up to 5.0.3.x and classified as problematic. This vulnerability affects unknown code. The manipulation
CVE-2025-26474 | OpenHarmony up to 5.0.3.x input validation
A vulnerability was found in OpenHarmony up to 5.0.3.x. It has been classified as problematic. This issue affects some unknown
CVE-2025-6969 | OpenHarmony up to 5.1.0.x input validation
A vulnerability was found in OpenHarmony up to 5.1.0.x. It has been declared as problematic. Impacted is an unknown function.
CVE-2026-0639 | OpenHarmony up to 6.0 memory leak
A vulnerability was found in OpenHarmony up to 6.0. It has been rated as problematic. The affected element is an