The German automaker’s sales in the United States plunged last year, hit by tariffs and the end of tax credits
Vulnerabilities
CVE-2025-14976 | User Registration & Membership Plugin up to 4.4.8 on WordPress Post process_row_actions cross-site request forgery
A vulnerability was found in User Registration & Membership Plugin up to 4.4.8 on WordPress and classified as problematic. Affected
CVE-2026-22606 | trailofbits fickling 0.1.6 run_path/runpy.run_module deserialization
A vulnerability was found in trailofbits fickling 0.1.6. It has been classified as critical. Affected by this vulnerability is the
CVE-2025-15504 | lief-project LIEF up to 0.17.1 ELF Binary Parser src/ELF/Parser.tcc Parser::parse_binary null pointer dereference (Issue 1277)
A vulnerability was found in lief-project LIEF up to 0.17.1. It has been declared as problematic. Affected by this issue
CVE-2026-22584 | Salesforce Uni2TS up to 1.2.0 Executable File code injection
A vulnerability was found in Salesforce Uni2TS up to 1.2.0. It has been rated as critical. This affects an unknown
CVE-2025-15035 | TP-Link Archer AXE75 up to 1.6 Build 20250107 VPN Module denial of service (PANW-2025-0004)
A vulnerability categorized as problematic has been discovered in TP-Link Archer AXE75 up to 1.6 Build 20250107. This affects an
CVE-2025-66744 | Yonyou YonBIP up to v3 LoginWithV8 Interface path traversal
A vulnerability identified as critical has been detected in Yonyou YonBIP up to v3. This impacts an unknown function of
CVE-2026-0773 | Upsonic Cloudpickle deserialization
A vulnerability labeled as very critical has been found in Upsonic. Affected is an unknown function of the component Cloudpickle.
CVE-2026-0774 | WatchYourLAN Configuration Page argument injection
A vulnerability marked as critical has been reported in WatchYourLAN. Affected by this vulnerability is an unknown functionality of the
CVE-2026-0776 | Discord uncontrolled search path
A vulnerability described as problematic has been identified in Discord. Affected by this issue is some unknown functionality. Such manipulation
CVE-2026-0778 | Enel X JuiceBox 40 Telnet Service missing authentication
A vulnerability classified as critical has been found in Enel X JuiceBox 40. This affects an unknown part of the
CVE-2026-0821 | quickjs-ng quickjs up to 0.11.0 quickjs.c js_typed_array_constructor heap-based overflow (Issue 1296)
A vulnerability classified as critical was found in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of
CVE-2026-0822 | quickjs-ng quickjs up to 0.11.0 quickjs.c js_typed_array_sort heap-based overflow (Issue 1297)
A vulnerability, which was classified as critical, has been found in quickjs-ng quickjs up to 0.11.0. This issue affects the
CVE-2026-0824 | questdb ui up to 1.11.9 Web Console cross site scripting
A vulnerability, which was classified as problematic, was found in questdb ui up to 1.11.9. Impacted is an unknown function
CVE-2025-67070 | Intelbras CFTV IP NVD 9032 R Ftd 2.800.00IB00C.0.T Multi-Factor Authentication improper authorization
A vulnerability has been found in Intelbras CFTV IP NVD 9032 R Ftd 2.800.00IB00C.0.T and classified as critical. The affected
CVE-2026-22196 | GestSup up to 3.2.56 Ticket Creation sql injection
A vulnerability classified as critical was found in GestSup up to 3.2.56. This affects an unknown part of the component
CVE-2026-22197 | GestSup up to 3.2.56 Request Parameter sql injection
A vulnerability, which was classified as critical, has been found in GestSup up to 3.2.56. This vulnerability affects unknown code
CVE-2025-69426 | RUCKUS vRIoT IOT Controller up to 2.x SSH Service permission assignment
A vulnerability, which was classified as very critical, was found in RUCKUS vRIoT IOT Controller up to 2.x. This issue
CVE-2026-22194 | GestSup up to 3.2.56 Administrative User Creation Endpoint cross-site request forgery
A vulnerability has been found in GestSup up to 3.2.56 and classified as problematic. Impacted is an unknown function of
CVE-2025-13457 | WooCommerce Square Plugin up to 5.1.1 on WordPress get_token_by_id resource injection
A vulnerability was found in WooCommerce Square Plugin up to 5.1.1 on WordPress and classified as problematic. The affected element
CVE-2026-0779 | ALGO 8180 IP Audio Alerter Ping command injection
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been classified as critical. The impacted element is
CVE-2026-0780 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been declared as critical. This affects an unknown
CVE-2026-0781 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been rated as critical. This impacts an unknown
CVE-2026-0782 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability categorized as critical has been discovered in ALGO 8180 IP Audio Alerter. Affected is an unknown function of
CVE-2026-0783 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability identified as critical has been detected in ALGO 8180 IP Audio Alerter. Affected by this vulnerability is an
CVE-2026-0784 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability labeled as critical has been found in ALGO 8180 IP Audio Alerter. Affected by this issue is some
CVE-2026-0785 | ALGO 8180 IP Audio Alerter API command injection
A vulnerability marked as critical has been reported in ALGO 8180 IP Audio Alerter. This affects an unknown part of
CVE-2026-0786 | ALGO 8180 IP Audio Alerter SCI command injection
A vulnerability described as critical has been identified in ALGO 8180 IP Audio Alerter. This vulnerability affects unknown code of
CVE-2026-0787 | ALGO 8180 IP Audio Alerter SAC command injection
A vulnerability classified as critical has been found in ALGO 8180 IP Audio Alerter. This issue affects some unknown processing
CVE-2026-0788 | ALGO 8180 IP Audio Alerter Web UI cross site scripting
A vulnerability classified as problematic was found in ALGO 8180 IP Audio Alerter. Impacted is an unknown function of the
CVE-2026-0789 | ALGO 8180 IP Audio Alerter WebUI information disclosure
A vulnerability, which was classified as problematic, has been found in ALGO 8180 IP Audio Alerter. The affected element is
CVE-2026-0790 | ALGO 8180 IP Audio Alerter Web UI file information disclosure
A vulnerability, which was classified as problematic, was found in ALGO 8180 IP Audio Alerter. The impacted element is an
CVE-2026-0791 | ALGO 8180 IP Audio Alerter SIP INVITE stack-based overflow
A vulnerability has been found in ALGO 8180 IP Audio Alerter and classified as critical. This affects an unknown function
CVE-2026-0792 | ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info stack-based overflow
A vulnerability was found in ALGO 8180 IP Audio Alerter and classified as critical. This impacts an unknown function of
CVE-2026-0793 | ALGO 8180 IP Audio Alerter InformaCast heap-based overflow
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been classified as critical. Affected is an unknown
CVE-2026-0794 | ALGO 8180 IP Audio Alerter SIP use after free
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been declared as critical. Affected by this vulnerability
CVE-2026-0795 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been rated as critical. Affected by this issue
CVE-2026-0796 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability categorized as critical has been discovered in ALGO 8180 IP Audio Alerter. This affects an unknown part of
CVE-2020-36875 | AccessAlly Plugin up to 3.3.1 on WordPress Login Widget login_error code injection
A vulnerability identified as critical has been detected in AccessAlly Plugin up to 3.3.1 on WordPress. This vulnerability affects unknown
CVE-2025-67004 | CouchCMS 2.4 information disclosure
A vulnerability labeled as problematic has been found in CouchCMS 2.4. This issue affects some unknown processing. Such manipulation leads
CVE-2025-15063 | Ollama MCP Server execAsync command injection
A vulnerability marked as critical has been reported in Ollama MCP Server. Impacted is the function execAsync. Performing a manipulation
CVE-2026-0755 | gemini-mcp-tool execAsync command injection
A vulnerability described as critical has been identified in gemini-mcp-tool. The affected element is the function execAsync. Executing a manipulation
CVE-2026-0756 | github-kanban-mcp-server execAsync command injection
A vulnerability classified as critical has been found in github-kanban-mcp-server. The impacted element is the function execAsync. The manipulation leads
CVE-2026-0758 | mcp-server-siri-shortcuts shortcutName command injection
A vulnerability classified as critical was found in mcp-server-siri-shortcuts. This affects the function shortcutName. The manipulation results in command injection.
CVE-2026-0757 | MCP Manager for Claude Desktop execute-command command injection
A vulnerability, which was classified as critical, has been found in MCP Manager for Claude Desktop. This impacts the function
CVE-2026-0759 | Katana Development Starter Kit executeCommand command injection
A vulnerability, which was classified as critical, was found in Katana Development Starter Kit. Affected is the function executeCommand. Such
CVE-2026-0760 | Foundation Agents MetaGPT deserialize_message deserialization
A vulnerability has been found in Foundation Agents MetaGPT and classified as very critical. Affected by this vulnerability is the
CVE-2026-0763 | GPT Academic run_in_subprocess_wrapper_func deserialization
A vulnerability was found in GPT Academic and classified as very critical. Affected by this issue is the function run_in_subprocess_wrapper_func.
CVE-2026-0761 | Foundation Agents MetaGPT actionoutput_str_to_mapping code injection
A vulnerability was found in Foundation Agents MetaGPT. It has been classified as critical. This affects the function actionoutput_str_to_mapping. The
CVE-2026-0764 | GPT Academic Upload deserialization
A vulnerability was found in GPT Academic. It has been declared as very critical. This vulnerability affects unknown code of
CVE-2026-0765 | Open WebUI PIP install_frontmatter_requirements command injection
A vulnerability was found in Open WebUI. It has been rated as critical. This issue affects the function install_frontmatter_requirements of
CVE-2026-0762 | GPT Academic stream_daas deserialization
A vulnerability categorized as critical has been discovered in GPT Academic. Impacted is the function stream_daas. Such manipulation leads to
CVE-2026-0766 | Open WebUI load_tool_module_by_id command injection
A vulnerability identified as critical has been detected in Open WebUI. The affected element is the function load_tool_module_by_id. Performing a
CVE-2026-0767 | Open WebUI cleartext transmission
A vulnerability labeled as problematic has been found in Open WebUI. The impacted element is an unknown function. Executing a
CVE-2026-0768 | Langflow code injection
A vulnerability marked as critical has been reported in Langflow. This affects an unknown function. The manipulation leads to code
CVE-2026-0769 | Langflow eval_custom_component_code injection
A vulnerability described as problematic has been identified in Langflow. This impacts the function eval_custom_component_code. The manipulation results in injection.
CVE-2026-0770 | Langflow exec_globals Remote Code Execution
A vulnerability classified as very critical has been found in Langflow. Affected is the function exec_globals. This manipulation causes Remote
CVE-2026-0771 | Langflow PythonFunction code injection
A vulnerability classified as critical was found in Langflow. Affected by this vulnerability is the function PythonFunction. Such manipulation leads
CVE-2026-0772 | Langflow Disk Cache deserialization
A vulnerability, which was classified as critical, has been found in Langflow. Affected by this issue is some unknown functionality
CVE-2025-14525 | KubeVirt Guest Agent denial of service
A vulnerability, which was classified as problematic, was found in KubeVirt. This affects an unknown part of the component Guest
CVE-2025-15499 | Sangfor Operation and Maintenance Management System up to 3.0.8 VersionController.java uploadCN filename os command injection
A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8 and classified as critical. This
CVE-2025-15500 | Sangfor Operation and Maintenance Management System up to 3.0.8 HTTP POST Request getHis sessionPath os command injection
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8 and classified as critical. This issue
CVE-2025-15501 | Sangfor Operation and Maintenance Management System up to 3.0.8 getCmd WriterHandle.getCmd sessionPath os command injection
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. It has been classified as critical.
CVE-2025-15502 | Sangfor Operation and Maintenance Management System up to 3.0.8 session SessionController Hostname os command injection
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. It has been declared as critical.
CVE-2025-15503 | Sangfor Operation and Maintenance Management System up to 3.0.8 common.jsp File unrestricted upload
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. It has been rated as critical.
openSUSE: curl Moderate TLS Options Flaw CVE-2025-14017 2026:0077-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: curl Moderate TLS Options Fix SUSE-2026:0077-1 CVE-2025-14017
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-15495 | BiggiDroid Simple PHP CMS 1.0 /admin/editsite.php image unrestricted upload (IDGO28)
A vulnerability, which was classified as critical, was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function
CVE-2025-15496 | guchengwuyue yshopmall up to 1.9.1 /api/jobs getPage sort sql injection
A vulnerability has been found in guchengwuyue yshopmall up to 1.9.1 and classified as critical. Affected is the function getPage
CVE-2025-7072 | KAON CG3000T/CG3000TC prior 1.00.27 hard-coded credentials
A vulnerability was found in KAON CG3000T and CG3000TC and classified as critical. Affected by this vulnerability is an unknown
CVE-2026-22082 | Tenda F3/N300 Web-based Administrative Interface session fixiation (CIVN-2026-0004)
A vulnerability was found in Tenda F3 and N300. It has been classified as critical. Affected by this issue is
CVE-2025-66051 | Vivotek IP7137 0200a HTTP Request path traversal
A vulnerability was found in Vivotek IP7137 0200a. It has been declared as critical. This affects an unknown part of
CVE-2025-66049 | Vivotek IP7137 0200a RTSP Protocol missing authentication
A vulnerability was found in Vivotek IP7137 0200a. It has been rated as critical. This vulnerability affects unknown code of
CVE-2025-66050 | Vivotek IP7137 0200a default password
A vulnerability categorized as critical has been discovered in Vivotek IP7137 0200a. This issue affects some unknown processing. The manipulation
CVE-2025-66052 | Vivotek IP7137 0200a setparam.cgi system_ntpIt os command injection
A vulnerability identified as critical has been detected in Vivotek IP7137 0200a. Impacted is an unknown function of the file
CVE-2025-14598 | BeeS Software Solutions BET ePortal Login sql injection
A vulnerability labeled as critical has been found in BeeS Software Solutions BET ePortal. The affected element is an unknown
CVE-2026-0803 | PHPGurukul Online Course Registration System up to 3.1 /enroll.php sql injection
A vulnerability described as critical has been identified in PHPGurukul Online Course Registration System up to 3.1. This affects an
CVE-2026-22079 | Tenda F3/N300 Web-based Administrative Interface cleartext transmission (CIVN-2026-0004)
A vulnerability classified as critical has been found in Tenda F3 and N300. This vulnerability affects unknown code of the
CVE-2025-11246 | GitLab Community Edition/Enterprise Edition up to 18.5.4/18.6.2/18.7.0 GraphQL Runner Association insufficient granularity of access control (Issue 573728)
A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 18.5.4/18.6.2/18.7.0. This issue affects
CVE-2025-13761 | GitLab Community Edition/Enterprise Edition up to 18.6.2/18.7.0 cross site scripting (Issue 582237)
A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 18.6.2/18.7.0.
CVE-2025-10569 | GitLab Community Edition/Enterprise Edition up to 18.5.4/18.6.2/18.7.0 External API Call allocation of resources (Issue 570528)
A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 18.5.4/18.6.2/18.7.0. The
CVE-2025-13772 | GitLab Enterprise Edition up to 18.5.4/18.6.2/18.7.0 API Request authorization (Issue 581268)
A vulnerability has been found in GitLab Enterprise Edition up to 18.5.4/18.6.2/18.7.0 and classified as critical. The impacted element is
CVE-2025-13781 | GitLab Enterprise Edition up to 18.5.4/18.6.2/18.7.0 AI Feature Provider Setting authorization (Issue 578756)
A vulnerability was found in GitLab Enterprise Edition up to 18.5.4/18.6.2/18.7.0 and classified as problematic. This affects an unknown function
CVE-2025-3950 | GitLab Community Edition/Enterprise Edition up to 18.5.4/18.6.2/18.7.0 Asset Proxy Protection private personal information (Issue 537697)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.5.4/18.6.2/18.7.0. It has been classified as problematic.
CVE-2025-9222 | GitLab Community Edition/Enterprise Edition up to 18.5.4/18.6.2/18.7.0 Flavored Markdown cross site scripting (Issue 562561)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.5.4/18.6.2/18.7.0. It has been declared as problematic.
CVE-2025-64093 | Zenitel ICX500/ICX510 prior 1.4.3.3 command injection
A vulnerability was found in Zenitel ICX500 and ICX510. It has been rated as critical. Affected by this vulnerability is
CVE-2025-64090 | Zenitel TCIS-3+ prior 9.2.3.3 Hostname privilege escalation
A vulnerability categorized as critical has been discovered in Zenitel TCIS-3+. Affected by this issue is some unknown functionality of
CVE-2025-64091 | Zenitel TCIS-3+ prior 9.2.3.3 NTP Configuration privilege escalation
A vulnerability identified as critical has been detected in Zenitel TCIS-3+. This affects an unknown part of the component NTP
CVE-2025-64092 | Zenitel ICX500/ICX510 prior 1.4.3.3 GET Request Parameter Remote Code Execution
A vulnerability labeled as critical has been found in Zenitel ICX500 and ICX510. This vulnerability affects unknown code of the
CVE-2026-22080 | Tenda F3/N300 Web-based Administrative Interface cleartext transmission (CIVN-2026-0004)
A vulnerability marked as critical has been reported in Tenda F3 and N300. This issue affects some unknown processing of
CVE-2026-22081 | Tenda F3/N300 Web-based Administrative Interface cookie httponly flag (CIVN-2026-0004)
A vulnerability described as critical has been identified in Tenda F3 and N300. Impacted is an unknown function of the
CVE-2025-15492 | RainyGao DocSys up to 2.02.36 GroupMemberMapper.xml searchWord sql injection
A vulnerability classified as critical has been found in RainyGao DocSys up to 2.02.36. The affected element is an unknown
CVE-2025-15493 | RainyGao DocSys up to 2.02.36 ReposAuthMapper.xml searchWord sql injection
A vulnerability classified as critical was found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function
CVE-2025-15494 | RainyGao DocSys up to 2.02.37 UserMapper.xml Username sql injection
A vulnerability, which was classified as critical, has been found in RainyGao DocSys up to 2.02.37. This affects an unknown
CVE-2025-70974 | Alibaba Fastjson up to 1.2.47 inclusion of functionality from untrusted control sphere
A vulnerability classified as critical has been found in Alibaba Fastjson up to 1.2.47. Affected by this vulnerability is an
CVE-2025-66315 | ZTE MF258K Setting privileges management
A vulnerability classified as critical was found in ZTE MF258K ZTE_MF258kPRO_PLAY_V1.0.0B03/ZTE_MF258PRO_STD_V1.0.0B04. Affected by this issue is some unknown functionality of
CVE-2025-14803 | NEX-Forms Plugin up to 9.1.7 on WordPress Setting cross site scripting
A vulnerability, which was classified as problematic, has been found in NEX-Forms Plugin up to 9.1.7 on WordPress. This affects
CVE-2026-20969 | Samsung SecSettings access control
A vulnerability, which was classified as critical, was found in Samsung SecSettings. This vulnerability affects unknown code. Such manipulation leads
CVE-2026-20973 | Samsung Devices libimagecodec.quram.so out-of-bounds
A vulnerability has been found in Samsung Devices and classified as critical. This issue affects some unknown processing of the
CVE-2026-20968 | Samsung Devices DualDAR use after free
A vulnerability was found in Samsung Devices and classified as critical. Impacted is an unknown function of the component DualDAR.
CVE-2026-20970 | Samsung Devices SLocation access control
A vulnerability was found in Samsung Devices. It has been classified as critical. The affected element is an unknown function