CVEs from 2026
Total
13,833
critical
critical 1,206
high
high 4,492
medium
medium 4,322
low
low 469
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-36766 | medium | 5.4 | 5.4 | 1mo ago | Shopizer is vulnerable to Cross-site Scripting | |||
| CVE-2026-41519 | medium | 5.4 | 5.4 | 1mo ago | Weblate Doesn't Invalidate API Token on Password Change | |||
| CVE-2026-36756 | medium | 5.4 | 5.4 | 1mo ago | A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | |||
| CVE-2026-7500 | medium | 5.4 | 5.4 | 1mo ago | Keycloak has a Forced Browsing issue | |||
| CVE-2026-1493 | medium | 5.4 | 5.4 | 1mo ago | LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript … | |||
| CVE-2026-40230 | medium | 5.4 | 5.4 | 1mo ago | Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or Jav… | |||
| CVE-2026-40229 | medium | 5.4 | 5.4 | 1mo ago | Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered une… | |||
| CVE-2026-42641 | medium | 5.4 | 5.4 | 1mo ago | Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= 2.14. | |||
| CVE-2026-40296 | medium | 5.4 | 5.4 | 1mo ago | PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer | |||
| CVE-2026-35453 | medium | 5.4 | 5.4 | 1mo ago | PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer | |||
| CVE-2026-42421 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Existing WS sessions survive shared gateway token rotation | |||
| CVE-2026-41916 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: resolvedAuth closure becomes stale after config reload | |||
| CVE-2026-41406 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Feishu thread history and quoted messages bypass sender allowlist | |||
| CVE-2026-41402 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Zalo webhook replay cache cross-target messageId scope bypass | |||
| CVE-2026-41382 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps | |||
| CVE-2026-41381 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Discord voice manager bypasses channel-level member access allowlist | |||
| CVE-2026-38948 | medium | 5.4 | 5.4 | 1mo ago | Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-priv… | |||
| CVE-2026-5306 | medium | 5.4 | 5.4 | 1mo ago | The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting … | |||
| CVE-2026-41365 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API | |||
| CVE-2026-5362 | medium | 5.4 | 5.4 | 1mo ago | Pimcore has an authenticated Cross-site Scripting issue | |||
| CVE-2026-7024 | medium | 5.4 | 5.4 | 1mo ago | A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServl… | |||
| CVE-2026-41425 | medium | 5.4 | 5.4 | 1mo ago | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vuln… | |||
| CVE-2026-42042 | medium | 5.4 | 5.4 | 1mo ago | Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion | |||
| CVE-2026-25720 | medium | 5.4 | 5.4 | 1mo ago | A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requi… | |||
| CVE-2026-41358 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Slack thread context could include messages from non-allowlisted senders | |||
| CVE-2026-41356 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation | |||
| CVE-2026-41348 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist | |||
| CVE-2026-41341 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message | |||
| CVE-2026-41241 | medium | 5.4 | 5.4 | 1mo ago | pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown… | |||
| CVE-2026-41909 | medium | 5.4 | 5.4 | 1mo ago | OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers w… | |||
| CVE-2026-3007 | medium | 5.4 | 5.4 | 1mo ago | Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet fe… | |||
| CVE-2026-41243 | medium | 5.4 | 5.4 | 1mo ago | OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but … | |||
| CVE-2026-3837 | medium | 5.4 | 5.4 | 1mo ago | An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter i… | |||
| CVE-2026-3673 | medium | 5.4 | 5.4 | 1mo ago | An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interp… | |||
| CVE-2026-40923 | medium | 5.4 | 5.4 | 1mo ago | Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check | |||
| CVE-2026-0972 | medium | 5.4 | 5.4 | 1mo ago | HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing. | |||
| CVE-2026-34429 | medium | 5.4 | 5.4 | 1mo ago | Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME … | |||
| CVE-2026-6585 | medium | 5.4 | 5.4 | 1mo ago | A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organ… | |||
| CVE-2026-6584 | medium | 5.4 | 5.4 | 1mo ago | A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoi… | |||
| CVE-2026-6583 | medium | 5.4 | 5.4 | 1mo ago | A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key … | |||
| CVE-2026-40948 | medium | 5.4 | 5.4 | 1mo ago | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An at… | |||
| CVE-2026-40479 | medium | 5.4 | 5.4 | 2mo ago | Kimai has Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget | |||
| CVE-2026-40155 | medium | 5.4 | 5.4 | 2mo ago | Auth0 Next.js SDK has Improper Proxy Cache Lookup | |||
| CVE-2026-6496 | medium | 5.4 | 5.4 | 2mo ago | A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argum… | |||
| CVE-2026-26291 | medium | 5.4 | 5.4 | 2mo ago | Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser. | |||
| CVE-2026-22154 | medium | 5.4 | 5.4 | 2mo ago | An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR Paa… | |||
| CVE-2026-24069 | medium | 5.4 | 5.4 | 2mo ago | Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-pr… | |||
| CVE-2026-6201 | medium | 5.4 | 5.4 | 2mo ago | A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manip… | |||
| CVE-2026-33119 | medium | 5.4 | 5.4 | 2mo ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-5392 | medium | 5.4 | 5.4 | 2mo ago | Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_V… | |||
| CVE-2026-40071 | medium | 5.4 | 5.4 | 2mo ago | pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions | |||
| CVE-2026-5812 | medium | 5.4 | 5.4 | 2mo ago | A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performin… | |||
| CVE-2026-5811 | medium | 5.4 | 5.4 | 2mo ago | A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler.… | |||
| CVE-2026-39635 | medium | 5.4 | 5.4 | 2mo ago | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5. | |||
| CVE-2026-39614 | medium | 5.4 | 5.4 | 2mo ago | Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for Word… | |||
| CVE-2026-39504 | medium | 5.4 | 5.4 | 2mo ago | Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a thr… | |||
| CVE-2026-5535 | medium | 5.4 | 5.4 | 2mo ago | A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the … | |||
| CVE-2026-5468 | medium | 5.4 | 5.4 | 2mo ago | Casdoor vulnerable to Stored XSS via Application formCss / formSideHtml | |||
| CVE-2026-32859 | medium | 5.4 | 5.4 | 2mo ago | ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious … | |||
| CVE-2026-33559 | medium | 5.4 | 5.4 | 2mo ago | WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/edi… | |||
| CVE-2026-32562 | medium | 5.4 | 5.4 | 2mo ago | Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.… | |||
| CVE-2026-32511 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7. | |||
| CVE-2026-32510 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3. | |||
| CVE-2026-32509 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4. | |||
| CVE-2026-32508 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8. | |||
| CVE-2026-32507 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4. | |||
| CVE-2026-32506 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7. | |||
| CVE-2026-3591 | medium | 5.4 | 5.4 | 2mo ago | A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperl… | |||
| CVE-2026-4626 | medium | 5.4 | 5.4 | 2mo ago | A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to c… | |||
| CVE-2026-4596 | medium | 5.4 | 5.4 | 2mo ago | A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to… | |||
| CVE-2026-4542 | medium | 5.4 | 5.4 | 2mo ago | A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the ar… | |||
| CVE-2026-33331 | medium | 5.4 | 5.4 | 2mo ago | oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI d… | |||
| CVE-2026-4324 | medium | 5.4 | 5.4 | 3mo ago | A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands int… | |||
| CVE-2026-32587 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2… | |||
| CVE-2026-32417 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9. | |||
| CVE-2026-32391 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4. | |||
| CVE-2026-32388 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2. | |||
| CVE-2026-32331 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.… | |||
| CVE-2026-23942 | medium | 5.4 | 5.4 | 3mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program fil… | |||
| CVE-2026-30964 | medium | 5.4 | 5.4 | 3mo ago | Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation | |||
| CVE-2026-3819 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Manageme… | |||
| CVE-2026-3766 | medium | 5.4 | 5.4 | 3mo ago | A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the… | |||
| CVE-2026-3761 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing … | |||
| CVE-2026-3743 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site script… | |||
| CVE-2026-3742 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in cro… | |||
| CVE-2026-3741 | medium | 5.4 | 5.4 | 3mo ago | A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads… | |||
| CVE-2026-3721 | medium | 5.4 | 5.4 | 3mo ago | A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/doma… | |||
| CVE-2026-3720 | medium | 5.4 | 5.4 | 3mo ago | A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-fo… | |||
| CVE-2026-27411 | medium | 5.4 | 5.4 | 3mo ago | Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9. | |||
| CVE-2026-24351 | medium | 5.4 | 5.4 | 3mo ago | PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visi… | |||
| CVE-2026-24350 | medium | 5.4 | 5.4 | 3mo ago | PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks th… | |||
| CVE-2026-3171 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipu… | |||
| CVE-2026-3050 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argumen… | |||
| CVE-2026-2972 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.… | |||
| CVE-2026-2947 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component U… | |||
| CVE-2026-2946 | medium | 5.4 | 5.4 | 3mo ago | A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java o… | |||
| CVE-2026-2864 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.j… | |||
| CVE-2026-2863 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java… | |||
| CVE-2026-2622 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/Articl… | |||
| CVE-2026-2557 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation r… |