CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic
Vulnerabilities
CVE-2026-25154 | LocalSend up to 1.17.0 app/assets/web/main.js handleFilesDisplay cross site scripting (GHSA-34v6-52hh-x4r4)
A vulnerability labeled as problematic has been found in LocalSend up to 1.17.0. Affected is the function handleFilesDisplay of the
CVE-2020-37054 | Naviwebs Navigate CMS 2.8.7 cross-site request forgery (Exploit 48548 / EUVD-2020-30927)
A vulnerability marked as problematic has been reported in Naviwebs Navigate CMS 2.8.7. Affected by this vulnerability is an unknown
CVE-2025-36428 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 RPSCAN Feature improper validation of specified quantity in input
A vulnerability described as problematic has been identified in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. Affected by
CVE-2026-0797 | GIMP ICO File Parser heap-based overflow
A vulnerability classified as critical has been found in GIMP. This affects an unknown part of the component ICO File
CVE-2026-25153 | Backstage up to 1.13.10/1.14.0 MkDocs Feature code injection (GHSA-6jr7-99pf-8vgf)
A vulnerability classified as critical was found in Backstage up to 1.13.10/1.14.0. This vulnerability affects unknown code of the component
CVE-2026-0683 | SupportCandy Plugin up to 3.4.4 on WordPress Number Field Filter sql injection
A vulnerability, which was classified as critical, has been found in SupportCandy Plugin up to 3.4.4 on WordPress. This issue
CVE-2026-1251 | SupportCandy Plugin up to 3.4.4 on WordPress add_reply description_attachments resource injection
A vulnerability, which was classified as critical, was found in SupportCandy Plugin up to 3.4.4 on WordPress. Impacted is the
openSUSE Resolves Severe Vulnerabilities in Cacti openSUSE-SU-2026-0063-6
An update that solves 10 vulnerabilities and has one errata is now available.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux Enterprise Micro 5.2 Kernel Important Patch 2026-0350-1
An update that solves 68 vulnerabilities, contains one feature and has eight security fixes can now be installed.LinuxSecurity – Security
Ubuntu Jammy Kernel Notice UBN-SU-2026-0789-3 CVE-2026-12345
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Leap 15.6 openCryptoki Moderate Privilege Escalation 2026-0351-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux 11 SP4 Kernel Important Security Update CVE-2023-23559
An update that solves five vulnerabilities and has one security fix can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-36184 | IBM DB2/DB2 Connect Server up to 11.5.9 unnecessary privileges
A vulnerability identified as critical has been detected in IBM DB2 and DB2 Connect Server up to 11.5.9. This affects
CVE-2025-36098 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 allocation of resources
A vulnerability labeled as problematic has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This impacts
CVE-2025-36442 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 XML Column data query logic injection
A vulnerability marked as problematic has been reported in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. Affected is
CVE-2025-2668 | IBM DB2/DB2 Connect Server up to 11.5.9 Query memory allocation
A vulnerability described as problematic has been identified in IBM DB2 and DB2 Connect Server up to 11.5.9. Affected by
CVE-2025-36001 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 XML recursion
A vulnerability classified as problematic has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. Affected by
CVE-2025-36009 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 Global Variable excessive reliance on global variables
A vulnerability classified as problematic was found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This affects an
CVE-2025-36070 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 Table allocation of resources
A vulnerability, which was classified as problematic, has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3.
CVE-2025-36123 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 XML Data allocation of resources
A vulnerability, which was classified as problematic, was found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This
CVE-2020-37032 | Wing FTP Server 6.3.8 os.execute os command injection (Exploit 48676 / EDB-48676)
A vulnerability has been found in Wing FTP Server 6.3.8 and classified as critical. Impacted is the function os.execute. The
CVE-2020-37035 | amitkolloldey e-learning PHP Script 0.1.0 Search sql injection (Exploit 48629 / EDB-48629)
A vulnerability was found in amitkolloldey e-learning PHP Script 0.1.0 and classified as critical. The affected element is an unknown
CVE-2020-37051 | sunnygkp10 Online-Exam-System 2015 feed.php sql injection (Exploit 48560 / EDB-48560)
A vulnerability was found in sunnygkp10 Online-Exam-System 2015. It has been classified as critical. The impacted element is an unknown
CVE-2020-37046 | Adikiss Sistem Informasi Pengumuman Kelulusan Online up to 1.0 tambahuser.php cross-site request forgery (Exploit 48571 / EDB-48571)
A vulnerability was found in Adikiss Sistem Informasi Pengumuman Kelulusan Online up to 1.0. It has been declared as problematic.
CVE-2025-69662 | geopandas up to 1.1.1 to_postgis sql injection
A vulnerability was found in geopandas up to 1.1.1. It has been rated as critical. This impacts the function to_postgis.
CVE-2026-25129 | bobthecow psysh up to 0.11.22/0.12.18 .psysh.php uncontrolled search path (GHSA-4486-gxhx-5mg7)
A vulnerability categorized as problematic has been discovered in bobthecow psysh up to 0.11.22/0.12.18. Affected is an unknown function of
CVE-2026-25130 | aliasrobotics cai up to 0.5.10 subprocess.Popen args os command injection (GHSA-jfpc-wj3m-qw2m)
A vulnerability identified as critical has been detected in aliasrobotics cai up to 0.5.10. Affected by this vulnerability is the
CVE-2025-36365 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 authorization
A vulnerability labeled as problematic has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. Affected by
CVE-2025-36353 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 Data Query Logic data query logic injection
A vulnerability marked as problematic has been reported in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This affects
CVE-2025-36366 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 Data Query Logic data query logic injection
A vulnerability described as problematic has been identified in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This vulnerability
CVE-2025-36407 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 Data Query Logic improper validation of specified quantity in input
A vulnerability classified as problematic has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This issue
CVE-2025-36423 | IBM DB2/DB2 Connect Server up to 12.1.3 Data Query Logic improper validation of specified quantity in input
A vulnerability classified as problematic was found in IBM DB2 and DB2 Connect Server up to 12.1.3. Impacted is an
CVE-2025-36424 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 Data Query Logic improper validation of specified quantity in input
A vulnerability, which was classified as problematic, has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3.
CVE-2025-36427 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 Data Query Logic improper validation of specified quantity in input
A vulnerability, which was classified as problematic, was found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. The
CVE-2025-36387 | IBM DB2/DB2 Connect Server up to 11.5.9 Query allocation of resources
A vulnerability has been found in IBM DB2 and DB2 Connect Server up to 11.5.9 and classified as problematic. This
CVE-2020-37023 | Koken CMS 0.22.24 unrestricted upload (Exploit 48706 / EDB-48706)
A vulnerability was found in Koken CMS 0.22.24 and classified as critical. This impacts an unknown function. Such manipulation leads
CVE-2026-23835 | lobehub lobe-chat up to 1.143.2 Upload Request file inclusion (GHSA-wrrr-8jcv-wjf5)
A vulnerability was found in lobehub lobe-chat up to 1.143.2. It has been classified as problematic. Affected is an unknown
CVE-2025-36384 | IBM DB2 up to 12.1.3 on Windows unquoted search path
A vulnerability was found in IBM DB2 up to 12.1.3 on Windows. It has been declared as problematic. Affected by
CVE-2026-25141 | orval-labs orval up to 7.20.x/8.1.x Incomplete Fix CVE-2026-23947 jsStringEscape code injection (GHSA-gch2-phqh-fg9q)
A vulnerability was found in orval-labs orval up to 7.20.x/8.1.x. It has been rated as critical. Affected by this issue
CVE-2020-37043 | 10-Strike Bandwidth Monitor 3.9 buffer overflow (Exploit 48570 / EDB-48570)
A vulnerability categorized as critical has been discovered in 10-Strike Bandwidth Monitor 3.9. This affects an unknown part. The manipulation
CVE-2020-37041 | Filigran OpenCTI 3.3.1 on Linux GET path traversal (Exploit 48595 / EDB-48595)
A vulnerability identified as critical has been detected in Filigran OpenCTI 3.3.1 on Linux. This vulnerability affects unknown code of
CVE-2020-37050 | M.J.M Soft Quick Player 1.3 File buffer overflow (Exploit 48564 / EDB-48564)
A vulnerability labeled as critical has been found in M.J.M Soft Quick Player 1.3. This issue affects some unknown processing
CVE-2020-37052 | Ubiquiti AirControl up to 1.4.2 /.seam code injection (Exploit 48541 / EDB-48541)
A vulnerability marked as critical has been reported in Ubiquiti AirControl up to 1.4.2. Impacted is an unknown function of
SUSE freerdp Important Security Fix for 18 Issues 2026-0345-1
An update that solves 18 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE 2026-0032-1 coredns Important Denial of Service Fix
An update that fixes 6 vulnerabilities is now available.LinuxSecurity – Security AdvisoriesRead More
openSUSE Leap 15.6 Security Update for assertj-core Moderate CVE-2026-24400
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 20.04 LTS Security Advisory USN-7990-2 Critical Linux Kernel Update
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 20.04 LTS Kernel Critical Security Issues USN-7990-1
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Fedora 39 – AssertJ Core Tiny XXE Adjustment for CVE-2026-0294-3
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2024-9432 | OpenText Vertica 23.x/24.x/25.x cleartext storage
A vulnerability was found in OpenText Vertica 23.x/24.x/25.x and classified as problematic. This vulnerability affects unknown code. Executing a manipulation
CVE-2025-51958 | aelsantex 2014-04-01 on DokuWiki postaction.php Remote Code Execution
A vulnerability was found in aelsantex 2014-04-01 on DokuWiki. It has been classified as critical. This issue affects some unknown
CVE-2025-15497 | OpenVPN up to 2.7_rc5 assertion
A vulnerability was found in OpenVPN up to 2.7_rc5. It has been declared as problematic. Impacted is an unknown function.
CVE-2026-1431 | Booking Calendar Plugin up to 10.14.13 on WordPress wpbc_ajax_WPBC_FLEXTIMELINE_NAV authorization
A vulnerability was found in Booking Calendar Plugin up to 10.14.13 on WordPress. It has been rated as problematic. The
CVE-2025-15525 | Ajax Load More Plugin up to 7.8.1 on WordPress parse_custom_args Title/Excerpt information disclosure
A vulnerability categorized as problematic has been discovered in Ajax Load More Plugin up to 7.8.1 on WordPress. The impacted
Debian Bookworm Chromium Important Security Risk DSA-6116-1 CVE-2026-1504
A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or
CVE-2026-24854 | ChurchCRM up to 6.7.1 /PaddleNumEditor.php PerID sql injection
A vulnerability classified as critical was found in ChurchCRM up to 6.7.1. The impacted element is an unknown function of
CVE-2025-7964 | Silabs Zigbee Stack up to 4.4.6/2025.6.1 values
A vulnerability, which was classified as problematic, has been found in Silabs Zigbee Stack up to 4.4.6/2025.6.1. This affects an
CVE-2026-25050 | vendurehq vendure up to 3.5.2 native-authentication-strategy.ts NativeAuthenticationStrategy.authenticate information exposure
A vulnerability, which was classified as problematic, was found in vendurehq vendure up to 3.5.2. This impacts the function NativeAuthenticationStrategy.authenticate
CVE-2026-25128 | NaturalIntelligence fast-xml-parser up to 5.3.3 denial of service
A vulnerability has been found in NaturalIntelligence fast-xml-parser up to 5.3.3 and classified as problematic. Affected is an unknown function.
CVE-2026-24855 | ChurchCRM up to 6.7.1 Create Events Description cross site scripting
A vulnerability was found in ChurchCRM up to 6.7.1 and classified as problematic. Affected by this vulnerability is an unknown
CVE-2026-1705 | D-Link DSL-6641K N8.TR069.20131126 Web Interface ad_virtual_server_vdsl Name cross site scripting
A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. It has been classified as problematic. Affected by this issue is the
CVE-2020-36996 | Php-Fusion PHPFusion up to 9.03.50 print.php cross site scripting (Exploit 48497)
A vulnerability was found in Php-Fusion PHPFusion up to 9.03.50. It has been declared as problematic. This affects an unknown
CVE-2020-36966 | Dolibarr up to 11.0.3 LDAP Synchronization Settings /dolibarr/admin/ldap.php cross site scripting (Exploit 48504)
A vulnerability was found in Dolibarr up to 11.0.3. It has been rated as problematic. This vulnerability affects unknown code
CVE-2025-4686 | Kodmatic Online Exam and Assessment up to 30012026 sql injection
A vulnerability categorized as critical has been discovered in Kodmatic Online Exam and Assessment up to 30012026. This issue affects
CVE-2020-37019 | Orchardcore Orchard Core 1.0 Blog Post Creation MarkdownBodyPart.Source cross site scripting (Exploit 48456)
A vulnerability identified as problematic has been detected in Orchardcore Orchard Core 1.0. Impacted is an unknown function of the
CVE-2020-37003 | Sellacious eCommerce up to 4.6 Manage Your Addresses cross site scripting (Exploit 48467)
A vulnerability labeled as problematic has been found in Sellacious eCommerce up to 4.6. The affected element is an unknown
CVE-2020-37014 | Tryton up to 5.4 Profile user profile name cross site scripting (Exploit 48466)
A vulnerability marked as problematic has been reported in Tryton up to 5.4. The impacted element is an unknown function
CVE-2020-37059 | Getpopcorntime Popcorn Time 6.2.1.14 unquoted search path (Exploit 48378)
A vulnerability described as problematic has been identified in Getpopcorntime Popcorn Time 6.2.1.14. This affects an unknown function. Executing a
CVE-2020-36998 | forma E-Learning Suite up to 2.3.0.2 cross site scripting (Exploit 48478)
A vulnerability classified as problematic has been found in forma E-Learning Suite up to 2.3.0.2. This impacts an unknown function.
CVE-2020-37022 | OpenZ ERP up to 3.6.60 Employee name/description cross site scripting (Exploit 48450)
A vulnerability classified as problematic was found in OpenZ ERP up to 3.6.60. Affected is an unknown function of the
CVE-2020-37030 | Getoutline Outline Service up to 1.3.3 unquoted search path (Exploit 48414)
A vulnerability, which was classified as problematic, has been found in Getoutline Outline Service up to 1.3.3. Affected by this
CVE-2020-37058 | Andrea Electronics Andrea ST Filters Service 1.0.64.7 unquoted search path (Exploit 48396)
A vulnerability, which was classified as problematic, was found in Andrea Electronics Andrea ST Filters Service 1.0.64.7. Affected by this
CVE-2020-37060 | Drive-Software Atomic Alarm Clock x86 6.3 Service Program.exe unquoted search path (Exploit 48352)
A vulnerability has been found in Drive-Software Atomic Alarm Clock x86 6.3 and classified as problematic. This affects an unknown
CVE-2024-4027 | Red Hat Undertow HttpServletRequestImpl.getParameterNames denial of service
A vulnerability described as problematic has been identified in Red Hat Undertow. Impacted is the function HttpServletRequestImpl.getParameterNames. Such manipulation leads
CVE-2025-6723 | Progress Chef Inspec up to 5.23 Named Pipe privileges management
A vulnerability classified as critical has been found in Progress Chef Inspec up to 5.23. The affected element is an
SUSE Linux OpenSSL Moderate Update for Seven Issues 2026-0343-1
An update that solves seven vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-26385 | Johnson Controls Metasys up to 12.0/14.1/17.0/17.1 Application/Data Server command injection (icsa-26-027-04)
A vulnerability, which was classified as critical, was found in Johnson Controls Metasys up to 12.0/14.1/17.0/17.1. The affected element is
CVE-2026-0709 | Hikvision DS-3WAP521-SI Packet privilege escalation
A vulnerability has been found in Hikvision DS-3WAP521-SI, DS-3WAP522-SI, DS-3WAP621E-SI, DS-3WAP622E-SI, DS-3WAP623E-SI and DS-3WAP622G-SI and classified as critical. The impacted
CVE-2026-22623 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 Message input validation
A vulnerability was found in HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 and classified as critical. This affects an unknown function of the component
CVE-2026-22624 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 access control
A vulnerability was found in HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126. It has been classified as critical. This impacts an unknown function. This
CVE-2026-22625 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 Filename information disclosure
A vulnerability was found in HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126. It has been declared as problematic. Affected is an unknown function of
CVE-2026-22626 | HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126 Message denial of service
A vulnerability was found in HIKSEMI HS-AFS-S1H1 5.10.10_Build_251126. It has been rated as problematic. Affected by this vulnerability is an
CVE-2025-13176 | ESET Inspect Connector up to 2.8.5555 DLL privileges management
A vulnerability categorized as critical has been discovered in ESET Inspect Connector up to 2.8.5555. Affected by this issue is
CVE-2025-15510 | NEX-Forms Plugin up to 9.1.8 on WordPress NF5_Export_Forms nex_forms_Id information disclosure
A vulnerability identified as problematic has been detected in NEX-Forms Plugin up to 9.1.8 on WordPress. This affects the function
CVE-2026-1498 | WatchGuard Fireware OS up to 12.5.15/12.11.6/2026.0 ldap injection (wgsa-2026-00001)
A vulnerability labeled as critical has been found in WatchGuard Fireware OS up to 12.5.15/12.11.6/2026.0. This vulnerability affects unknown code.
CVE-2025-9226 | Zoho ManageEngine OpManager/NetFlow Analyzer/OpUtils prior 128582 Subnet Details cross site scripting
A vulnerability marked as problematic has been reported in Zoho ManageEngine OpManager, NetFlow Analyzer and OpUtils. This issue affects some
CVE-2026-1699 | Eclipse Theia preview.yml pull_request_target inclusion of functionality from untrusted control sphere (Issue 332)
A vulnerability described as critical has been identified in Eclipse Theia. This affects the function pull_request_target of the file github/workflows/preview.yml.
CVE-2026-1700 | projectworlds House Rental and Property Listing 1.0 /app/sms.php Message cross site scripting
A vulnerability classified as problematic has been found in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown
CVE-2026-1701 | itsourcecode Student Management System 1.0 /enrollment/index.php ID sql injection
A vulnerability classified as critical was found in itsourcecode Student Management System 1.0. This issue affects some unknown processing of
CVE-2026-1702 | SourceCodester Pet Grooming Management Software 1.0 User Management user.php group_id improper authorization
A vulnerability, which was classified as critical, has been found in SourceCodester Pet Grooming Management Software 1.0. Impacted is an
CVE-2026-1682 | Free5GC SMF up to 4.1.0 PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference (Issue 794)
A vulnerability described as problematic has been identified in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of
CVE-2026-1683 | Free5GC SMF up to 4.1.0 PFCP handler.go HandlePfcpSessionReportRequest denial of service (Issue 804)
A vulnerability classified as problematic has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the
CVE-2026-1684 | Free5GC SMF up to 4.1.0 PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service
A vulnerability classified as problematic was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function
CVE-2026-25211 | llamastack Llama Stack up to 0.4.0rc2 pgvector Password log file
A vulnerability, which was classified as problematic, has been found in llamastack Llama Stack up to 0.4.0rc2. This affects an
CVE-2026-1685 | D-Link DIR-823X 250416 Login sub_40AC74 excessive authentication
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of
CVE-2026-1686 | Totolink A3600R 5.9c.4959 /lib/cste_modules/app.so setAppEasyWizardConfig apcliSsid buffer overflow
A vulnerability has been found in Totolink A3600R 5.9c.4959 and classified as critical. This issue affects the function setAppEasyWizardConfig in
CVE-2026-1687 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Boa Webserver /boaform/formSamba serverString command injection
A vulnerability was found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon and classified as critical. Impacted is an unknown function of the file
CVE-2026-1688 | itsourcecode Directory Management System 1.0 /admin/index.php Username sql injection
A vulnerability was found in itsourcecode Directory Management System 1.0. It has been classified as critical. The affected element is
CVE-2026-1689 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Login Interface /boaform/admin/formLogin checkUserFromLanOrWan Host command injection
A vulnerability was found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. It has been declared as critical. The impacted element is the function
CVE-2026-1690 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon /boaform/formSysCmd system sysCmd command injection
A vulnerability was found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. It has been rated as critical. This affects the function system of