General-Purpose System Vulnerabilities
Vulnerabilities related to traditional IT systems, servers, and desktop applications.
| CVE ID | Description | Severity | Published | Type |
|---|---|---|---|---|
| CVE-2026-21860 | Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows … | Unknown | 2026-01-08 | General-Purpose |
| CVE-2025-67325 | Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticate… | Critical (9.8) | 2026-01-08 | General-Purpose |
| CVE-2025-65518 | Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability … | High (7.5) | 2026-01-08 | General-Purpose |
| CVE-2026-22587 | Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a p… | Medium (5.5) | 2026-01-08 | General-Purpose |
| CVE-2026-22235 | OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate thr… | High (7.5) | 2026-01-08 | General-Purpose |