SiYuan desktop’s notification endpoint could render attacker HTML into an Electron renderer with nodeIntegration enabled, enabling local code execution; update to 3.6.5 and harden Electron settings.

P4 Server versions before 2026.1 permit unauthenticated attackers to create accounts and access depot contents via the ‘remote’ user; upgrade, isolate and audit now.

A high-severity path traversal in the LabOne Web Server can let unauthenticated attackers read arbitrary files; if you run LabOne, stop the Web Server, check file permissions and rotate exposed credentials.

CVE-2026-6235 in Sendmachine for WordPress allows unauthenticated attackers to overwrite SMTP settings and intercept password reset emails; immediate patching, SMTP audit and access hardening are essential.

A high‑severity command injection in the Quantum Networks QN-I-470 management CLI could allow authenticated attackers to achieve root remote code execution; inventory, isolate and check vendor guidance immediately.

Three high‑severity buffer overflows in Tenda F451 firmware have public exploits; patch or isolate affected routers immediately.