Tenable

ScadaBR - Multiple Vulnerabilities Multiple vulnerabilities affect ScadaBR. Tenable was unsuccessful in contacting the project. Recent publications indicate similar difficulty. CVE-2026-9645 Authenticated Remote Code Execution...

Gladinet Triofox Server Agent Multiple Vulnerabilities Multiple vulnerabilities exist in Gladinet Triofox Server Agent 17.1.10488.57063. CVE-2026-8364 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Gladinet Triofox Cloud...

Delta Electronics DIAView Patch Bypass There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access)An unauthenticated remote attacker can access...

Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00 Sensor Proxy leverages third-party software to help provide underlying functionality....

Surecart - SQL Injection SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the...

NextGEN Gallery - SQL Injection NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST...

Chatwoot - Second Order Time-Based Blind SQL Injection via Custom Attribute Key The custom attribute definition API allows creating attributes with arbitrary attribute_key values...

Microsoft Foundry Toolkit for VS Code: Command Injection via Python Interpreter Path Leading to Arbitrary Code Execution Microsoft Foundry Toolkit for VS Code (formerly...

Open WebUI Multiple Vulnerabilities CVE-2026-45398 - IDOR: Retrieval API Bypasses Knowledge Base Access ControlsSummary_validate_collection_access() (PR #22109) checks the user-memory-* and file-* collection name prefixes but does...

Tenable Network Monitor 6.5.4 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/14/2026 - 13:00 Tenable Network Monitor leverages third-party software to help provide underlying...