Security Advisories

Vulnerability disclosures and security advisories published by Zyenra Security.

CVE ID	Title	Vendor	Severity	Type
CVE-2026-38651	JWT Verification Bypass in Netmaker Allows Unauthenticated Access to Host Endpoints	Gravitl	Critical	Auth Bypass
CVE-2024-42640	Unauthenticated Remote Code Execution via Angular-Base64-Upload Library	-	Critical	RCE
CVE-2024-57514	XSS in TP-Link A20 v3 Router	TP-Link	Low	XSS
CVE-2025-51569	XSS in LB-Link BL-CPE300M AX300 4G LTE Router	LB-Link	Medium	XSS
CVE-2025-57278	Improper IP Bound Session Authentication in LB-Link BL-CPE300M AX300 4G LTE Router	LB-Link	High	Auth Bypass
CVE-2025-62719	LinkAce Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality	LinkAce	Medium	SSRF
CVE-2025-62720	LinkAce - Data Exfiltration via Export Functions Allowing Access to All Users' Private Links	LinkAce	Medium	Data Exfiltration
CVE-2025-62721	LinkAce Authorization Bypass Allowing Unauthorized Access to All Private Links, Lists, and Tags via RSS Feed Endpoints	LinkAce	Medium	Auth Bypass
CVE-2025-62722	LinkAce - Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Functionality	LinkAce	Medium	XSS
CVE-2025-66291	Unauthorized Access to Interview Attachments via Direct Object Reference	OrangeHRM	Medium	IDOR
CVE-2026-25118	Insecure Transmission of Shared Link Password	Immich	Medium	Credential Disclosure
CVE-2026-27458	Stored XSS in Atom Feed via CDATA Escape in List Description	LinkAce	High	XSS
CVE-2026-29097	Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet	SuiteCRM	High	SSRF / DoS
CVE-2026-29109	Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing	SuiteCRM	High	RCE
GHSA-5qpc-x7rv-hvmp	Server-Side Request Forgery (SSRF) in Linkwarden Link Creation via fetchTitleAndHeaders Function	Linkwarden	Critical	SSRF
CVE-2026-39349	Use of AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure	OrangeHRM	Low	Cryptographic Weakness

16 published advisories