CVEs from 2026
Total
13,614
critical
critical 1,176
high
high 4,271
medium
medium 4,143
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5251 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument is… | |||
| CVE-2026-5248 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such man… | |||
| CVE-2026-5206 | medium | 6.3 | 6.3 | 2mo ago | A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argumen… | |||
| CVE-2026-5205 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such man… | |||
| CVE-2026-5197 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /delete_user.php. The manipulation of the argument ID results in sql … | |||
| CVE-2026-5196 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument ID leads to sql injecti… | |||
| CVE-2026-5181 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctors_appointment/admin/ajax.php?action=save_ca… | |||
| CVE-2026-5126 | medium | 6.3 | 6.3 | 2mo ago | A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to … | |||
| CVE-2026-5011 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argum… | |||
| CVE-2026-4999 | medium | 6.3 | 6.3 | 2mo ago | A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the compon… | |||
| CVE-2026-4970 | medium | 6.3 | 6.3 | 2mo ago | A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argu… | |||
| CVE-2026-4966 | medium | 6.3 | 6.3 | 2mo ago | A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID c… | |||
| CVE-2026-4980 | medium | 6.3 | 6.3 | 2mo ago | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:inclu… | |||
| CVE-2026-4954 | medium | 6.3 | 6.3 | 2mo ago | A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List End… | |||
| CVE-2026-4907 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component En… | |||
| CVE-2026-4876 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulatio… | |||
| CVE-2026-4836 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id r… | |||
| CVE-2026-4783 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter … | |||
| CVE-2026-4614 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This… | |||
| CVE-2026-4597 | medium | 6.3 | 6.3 | 2mo ago | A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyPr… | |||
| CVE-2026-4593 | medium | 6.3 | 6.3 | 2mo ago | A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the co… | |||
| CVE-2026-4589 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the componen… | |||
| CVE-2026-4586 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web… | |||
| CVE-2026-4574 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument fir… | |||
| CVE-2026-4573 | medium | 6.3 | 6.3 | 2mo ago | A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET P… | |||
| CVE-2026-4543 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation … | |||
| CVE-2026-4516 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The… | |||
| CVE-2026-4515 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code inje… | |||
| CVE-2026-4514 | medium | 6.3 | 6.3 | 2mo ago | A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a … | |||
| CVE-2026-4513 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injectio… | |||
| CVE-2026-4511 | medium | 6.3 | 6.3 | 2mo ago | A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed… | |||
| CVE-2026-4509 | medium | 6.3 | 6.3 | 2mo ago | A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black … | |||
| CVE-2026-4507 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql inj… | |||
| CVE-2026-4506 | medium | 6.3 | 6.3 | 2mo ago | MindSQL is vulnerable to Code Injection through its ask_db function | |||
| CVE-2026-4505 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.… | |||
| CVE-2026-4500 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to i… | |||
| CVE-2026-4485 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Searc… | |||
| CVE-2026-4476 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a mani… | |||
| CVE-2026-4308 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side req… | |||
| CVE-2026-4241 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_c… | |||
| CVE-2026-4234 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tab… | |||
| CVE-2026-4230 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to … | |||
| CVE-2026-4215 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java… | |||
| CVE-2026-4192 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command inje… | |||
| CVE-2026-4185 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box.… | |||
| CVE-2026-4173 | medium | 6.3 | 6.3 | 3mo ago | A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updatePr… | |||
| CVE-2026-4171 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/… | |||
| CVE-2026-3992 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the ar… | |||
| CVE-2026-3968 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Su… | |||
| CVE-2026-3967 | medium | 6.3 | 6.3 | 3mo ago | A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/act… | |||
| CVE-2026-3966 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/med… | |||
| CVE-2026-3965 | medium | 6.3 | 6.3 | 3mo ago | @whyour/qinglong: manipulation of the argument command leads to protection mechanism failure | |||
| CVE-2026-3961 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py… | |||
| CVE-2026-3958 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulatio… | |||
| CVE-2026-3955 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpo… | |||
| CVE-2026-3739 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAcc… | |||
| CVE-2026-3738 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improp… | |||
| CVE-2026-3737 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipu… | |||
| CVE-2026-3733 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulati… | |||
| CVE-2026-3697 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Ex… | |||
| CVE-2026-3683 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manip… | |||
| CVE-2026-3682 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads t… | |||
| CVE-2026-3681 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-… | |||
| CVE-2026-3680 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation resu… | |||
| CVE-2026-3672 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The a… | |||
| CVE-2026-3616 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation … | |||
| CVE-2026-28230 | medium | 6.3 | 6.3 | 3mo ago | SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transac… | |||
| CVE-2026-3209 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper … | |||
| CVE-2026-2985 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a m… | |||
| CVE-2026-2963 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the … | |||
| CVE-2026-2860 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeControl… | |||
| CVE-2026-2852 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse… | |||
| CVE-2026-2849 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repo… | |||
| CVE-2026-2819 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workf… | |||
| CVE-2026-2676 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component … | |||
| CVE-2026-2665 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. P… | |||
| CVE-2026-2663 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the co… | |||
| CVE-2026-2560 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview … | |||
| CVE-2026-2558 | medium | 6.3 | 6.3 | 3mo ago | A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request for… | |||
| CVE-2026-2556 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoi… | |||
| CVE-2026-2553 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POS… | |||
| CVE-2026-2548 | medium | 6.3 | 6.3 | 3mo ago | A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead … | |||
| CVE-2026-2536 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. … | |||
| CVE-2026-2074 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation le… | |||
| CVE-2026-1977 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component v… | |||
| CVE-2026-1623 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injecti… | |||
| CVE-2026-1601 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileNam… | |||
| CVE-2026-1218 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Perform… | |||
| CVE-2026-1126 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\… | |||
| CVE-2026-0843 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Suc… | |||
| CVE-2026-0842 | medium | 6.3 | 6.3 | 5mo ago | A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The a… | |||
| CVE-2026-42328 | medium | 6.2 | 6.2 | 3d ago | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on … | |||
| CVE-2026-23679 | medium | 6.2 | 6.2 | 3d ago | libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla… | |||
| CVE-2026-2237 | medium | 6.2 | 6.2 | 3d ago | A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive informatio… | |||
| CVE-2026-48696 | medium | 6.2 | 6.2 | 5d ago | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. | |||
| CVE-2026-42627 | medium | 6.2 | 6.2 | 8d ago | In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based … | |||
| CVE-2026-36189 | medium | 6.2 | 6.2 | 9d ago | Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial… | |||
| CVE-2026-38719 | medium | 6.2 | 6.2 | 12d ago | OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A c… | |||
| CVE-2026-41969 | medium | 6.2 | 6.2 | 15d ago | Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-34688 | medium | 6.2 | 6.2 | 18d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … |