Security Vulnerabilities
An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
CVSS Score
9.9
EPSS Score
0.001
Published
2026-01-15
Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.
CVSS Score
9.1
EPSS Score
0.002
Published
2026-01-15
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-15
The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-15
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-01-15
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.
CVSS Score
4.3
EPSS Score
0.001
Published
2026-01-15
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments as links" setting is enabled.
CVSS Score
3.7
EPSS Score
0.001
Published
2026-01-15
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-15
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2026-01-14
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-14