CVEs from 2026
Total
13,682
critical
critical 1,199
high
high 4,384
medium
medium 4,286
low
low 468
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2657 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads t… | |||
| CVE-2026-0915 | medium | — | 5.5 | 4mo ago | RHSA-2026:4772: glibc security update (Moderate) | |||
| CVE-2026-0861 | medium | — | 5.5 | 4mo ago | Moderate: glibc security update | |||
| CVE-2026-22998 | medium | — | 5.5 | 4mo ago | RHSA-2026:2378: kernel-rt security update (Moderate) | |||
| CVE-2026-23157 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 … | |||
| CVE-2026-23151 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are … | |||
| CVE-2026-23141 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item w… | |||
| CVE-2026-21340 | medium | 5.5 | 5.5 | 4mo ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se… | |||
| CVE-2026-2259 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Pars… | |||
| CVE-2026-2258 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to… | |||
| CVE-2026-1998 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be l… | |||
| CVE-2026-1991 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null poin… | |||
| CVE-2026-1979 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after fr… | |||
| CVE-2026-1532 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of… | |||
| CVE-2026-22795 | medium | 5.5 | 5.5 | 4mo ago | Important: openssl security update | |||
| CVE-2026-22188 | medium | 5.5 | 5.5 | 5mo ago | The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy … | |||
| CVE-2026-21968 | medium | — | 5.5 | 5mo ago | RHSA-2026:6435: mariadb:10.11 security update (Moderate) | |||
| CVE-2026-23205 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 1. server: directories are exported read-only 2. client: mount -… | |||
| CVE-2026-23146 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work hci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling hci_u… | |||
| CVE-2026-48559 | medium | 5.4 | 5.4 | 5h ago | Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metad… | |||
| CVE-2026-9309 | medium | 5.4 | 5.4 | 7h ago | Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa… | |||
| CVE-2026-9308 | medium | 5.4 | 5.4 | 7h ago | Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit… | |||
| CVE-2026-10218 | medium | 5.4 | 5.4 | 16h ago | A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution_handlers.go. Such manipulation leads to improper authorizati… | |||
| CVE-2026-10213 | medium | 5.4 | 5.4 | 17h ago | A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of t… | |||
| CVE-2026-49368 | medium | 5.4 | 5.4 | 3d ago | In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible | |||
| CVE-2026-44611 | medium | 5.4 | 5.4 | 3d ago | Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks. | |||
| CVE-2026-42951 | medium | 5.4 | 5.4 | 3d ago | An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes. | |||
| CVE-2026-34507 | medium | 5.4 | 5.4 | 3d ago | OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin comma… | |||
| CVE-2026-47694 | medium | 5.4 | 5.4 | 3d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders category_description as raw HTML in the Gallery view. A user w… | |||
| CVE-2026-9811 | medium | 5.4 | 5.4 | 3d ago | A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application f… | |||
| CVE-2026-9971 | medium | 5.4 | 5.4 | 4d ago | Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTM… | |||
| CVE-2026-45023 | medium | 5.4 | 5.4 | 4d ago | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes block… | |||
| CVE-2026-42401 | medium | 5.4 | 5.4 | 4d ago | Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which… | |||
| CVE-2026-48523 | medium | 5.4 | 5.4 | 4d ago | PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. … | |||
| CVE-2026-47761 | medium | 5.4 | 5.4 | 4d ago | TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* a… | |||
| CVE-2026-47760 | medium | 5.4 | 5.4 | 4d ago | TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using… | |||
| CVE-2026-47759 | medium | 5.4 | 5.4 | 4d ago | TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style).… | |||
| CVE-2026-45718 | medium | 5.4 | 5.4 | 5d ago | Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is… | |||
| CVE-2026-4390 | medium | 5.4 | 5.4 | 5d ago | A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free… | |||
| CVE-2026-42082 | medium | 5.4 | 5.4 | 5d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AM… | |||
| CVE-2026-45335 | medium | 5.4 | 5.4 | 5d ago | WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically th… | |||
| CVE-2026-45571 | medium | 5.4 | 5.4 | 5d ago | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside… | |||
| CVE-2026-6287 | medium | 5.4 | 5.4 | 6d ago | The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks… | |||
| CVE-2026-38931 | medium | 5.4 | 5.4 | 6d ago | A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload. | |||
| CVE-2026-32389 | medium | 5.4 | 5.4 | 7d ago | Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2. | |||
| CVE-2026-24586 | medium | 5.4 | 5.4 | 7d ago | Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Newses: from n/a through 2.0.0.77. | |||
| CVE-2026-48589 | medium | 5.4 | 5.4 | 7d ago | Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value coul… | |||
| CVE-2026-44598 | medium | 5.4 | 5.4 | 7d ago | With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha… | |||
| CVE-2026-9078 | medium | 5.4 | 5.4 | 7d ago | Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portio… | |||
| CVE-2026-9438 | medium | 5.4 | 5.4 | 8d ago | A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the arg… | |||
| CVE-2026-39964 | medium | 5.4 | 5.4 | 10d ago | Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers | |||
| CVE-2026-28735 | medium | 5.4 | 5.4 | 10d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to g… | |||
| CVE-2026-9251 | medium | 5.4 | 5.4 | 10d ago | Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain ac… | |||
| CVE-2026-8381 | medium | 5.4 | 5.4 | 10d ago | A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an a… | |||
| CVE-2026-7798 | medium | 5.4 | 5.4 | 10d ago | The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions… | |||
| CVE-2026-8245 | medium | 5.4 | 5.4 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL fi… | |||
| CVE-2026-8139 | medium | 5.4 | 5.4 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnera… | |||
| CVE-2026-4929 | medium | 5.4 | 5.4 | 11d ago | Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output (shs_fie… | |||
| CVE-2026-4093 | medium | 5.4 | 5.4 | 11d ago | In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A (token display templates): When the Token module is enabled and token di… | |||
| CVE-2026-22678 | medium | 5.4 | 5.4 | 11d ago | Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attack… | |||
| CVE-2026-8203 | medium | 5.4 | 5.4 | 11d ago | Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that execute… | |||
| CVE-2026-48230 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsan… | |||
| CVE-2026-48229 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va… | |||
| CVE-2026-48228 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v… | |||
| CVE-2026-48227 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val… | |||
| CVE-2026-48226 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va… | |||
| CVE-2026-48225 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value… | |||
| CVE-2026-48224 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-48223 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va… | |||
| CVE-2026-48222 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-48221 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val… | |||
| CVE-2026-48220 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-48219 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-48218 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an uns… | |||
| CVE-2026-48217 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitiz… | |||
| CVE-2026-48216 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v… | |||
| CVE-2026-48215 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-48214 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-48213 | medium | 5.4 | 5.4 | 11d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value t… | |||
| CVE-2026-44924 | medium | 5.4 | 5.4 | 12d ago | InfoScale VIOM 9.1.3 allows XSS. | |||
| CVE-2026-9056 | medium | 5.4 | 5.4 | 13d ago | A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a differ… | |||
| CVE-2026-6394 | medium | 5.4 | 5.4 | 13d ago | The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to and including 1.1.1. This is due… | |||
| CVE-2026-8493 | medium | 5.4 | 5.4 | 13d ago | This module enables you to open content already on the page within a colorbox. The module doesn't sufficiently sanitize the data-colorbox-inline attribute value before passing it to jQuery, leading … | |||
| CVE-2026-36827 | medium | 5.4 | 5.4 | 13d ago | A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters … | |||
| CVE-2026-8922 | medium | 5.4 | 5.4 | 14d ago | A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the… | |||
| CVE-2026-45244 | medium | 5.4 | 5.4 | 14d ago | Summarize contains a missing authorization vulnerability | |||
| CVE-2026-45494 | medium | 5.4 | 5.4 | 14d ago | Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||
| CVE-2026-45492 | medium | 5.4 | 5.4 | 14d ago | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2026-45660 | medium | 5.4 | 5.4 | 14d ago | Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't nor… | |||
| CVE-2026-1631 | medium | 5.4 | 5.4 | 15d ago | The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and galle… | |||
| CVE-2026-45365 | medium | 5.4 | 5.4 | 17d ago | Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED] | |||
| CVE-2026-45347 | medium | 5.4 | 5.4 | 17d ago | Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function | |||
| CVE-2026-45346 | medium | 5.4 | 5.4 | 17d ago | Open WebUI Has Stored Cross-Site Scripting in SVG Renderer | |||
| CVE-2026-45318 | medium | 5.4 | 5.4 | 17d ago | Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify) | |||
| CVE-2026-46365 | medium | 5.4 | 5.4 | 17d ago | phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, incl… | |||
| CVE-2026-46360 | medium | 5.4 | 5.4 | 17d ago | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass san… | |||
| CVE-2026-46363 | medium | 5.4 | 5.4 | 17d ago | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authent… | |||
| CVE-2026-45396 | medium | 5.4 | 5.4 | 17d ago | Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation | |||
| CVE-2026-44564 | medium | 5.4 | 5.4 | 17d ago | Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO | |||
| CVE-2026-44563 | medium | 5.4 | 5.4 | 17d ago | Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show |