| CVE-2026-38651 | JWT Verification Bypass in Netmaker Allows Unauthenticated Access to Host Endpoints | Gravitl | Critical | Auth Bypass (CWE-287) |
| CVE-2024-42640 | Unauthenticated Remote Code Execution via Angular-Base64-Upload Library | Adones Pitogo | Critical | RCE (CWE-434) |
| CVE-2024-57514 | XSS in TP-Link A20 v3 Router | TP-Link | Low | XSS (CWE-79) |
| CVE-2025-51569 | XSS in LB-Link BL-CPE300M AX300 4G LTE Router | LB-Link | Medium | XSS (CWE-79) |
| CVE-2025-57278 | Improper IP Bound Session Authentication in LB-Link BL-CPE300M AX300 4G LTE Router | LB-Link | High | Auth Bypass (CWE-287) |
| CVE-2025-62719 | LinkAce Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality | LinkAce | Medium | SSRF (CWE-918) |
| CVE-2025-62720 | LinkAce - Data Exfiltration via Export Functions Allowing Access to All Users' Private Links | LinkAce | Medium | Data Exfiltration (CWE-862) |
| CVE-2025-62721 | LinkAce Authorization Bypass Allowing Unauthorized Access to All Private Links, Lists, and Tags via RSS Feed Endpoints | LinkAce | Medium | Auth Bypass (CWE-862) |
| CVE-2025-62722 | LinkAce - Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Functionality | LinkAce | Medium | XSS (CWE-79) |
| CVE-2025-66291 | Unauthorized Access to Interview Attachments via Direct Object Reference | OrangeHRM | Medium | IDOR (CWE-639) |
| CVE-2026-25118 | Insecure Transmission of Shared Link Password | Immich | Medium | Credential Disclosure (CWE-598) |
| CVE-2026-27458 | Stored XSS in Atom Feed via CDATA Escape in List Description | LinkAce | High | XSS (CWE-80) |
| CVE-2026-29097 | Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet | SuiteCRM | High | SSRF / DoS (CWE-918) |
| CVE-2026-29109 | Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing | SuiteCRM | High | RCE (CWE-502) |
| CVE-2026-44313 | Server-Side Request Forgery (SSRF) in Linkwarden Link Creation via fetchTitleAndHeaders Function | Linkwarden | Critical | SSRF (CWE-918) |
| CVE-2026-44522 | Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution | Note Mark | High | Arbitrary File Write / RCE (CWE-22) |
| CVE-2026-39349 | Use of AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure | OrangeHRM | Low | Cryptographic Weakness (CWE-327) |
| CVE-2026-45342 | IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes | LinkAce | High | IDOR (CWE-639) |
| CVE-2026-45343 | Stored XSS via Unsanitized SSO User's Name Rendered in Admin Audit Log Allows Session Hijacking | LinkAce | High | XSS (CWE-79) |
