CVEs from 2026
Total
13,506
critical
critical 1,178
high
high 4,304
medium
medium 4,191
low
low 452
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2946 | medium | 5.4 | 5.4 | 3mo ago | A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java o… | |||
| CVE-2026-2864 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.j… | |||
| CVE-2026-2863 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java… | |||
| CVE-2026-2622 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/Articl… | |||
| CVE-2026-2557 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation r… | |||
| CVE-2026-2551 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the a… | |||
| CVE-2026-2224 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argume… | |||
| CVE-2026-2201 | medium | 5.4 | 5.4 | 4mo ago | A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanage… | |||
| CVE-2026-2145 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipul… | |||
| CVE-2026-2064 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such … | |||
| CVE-2026-1700 | medium | 5.4 | 5.4 | 4mo ago | A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message caus… | |||
| CVE-2026-1598 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Informatio… | |||
| CVE-2026-1421 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. The attack … | |||
| CVE-2026-24631 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: fro… | |||
| CVE-2026-24622 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolk… | |||
| CVE-2026-24595 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: fro… | |||
| CVE-2026-24587 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX… | |||
| CVE-2026-24581 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-24570 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a thro… | |||
| CVE-2026-24561 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a… | |||
| CVE-2026-24560 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2026-24551 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official P… | |||
| CVE-2026-24548 | medium | 5.4 | 5.4 | 4mo ago | Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91. | |||
| CVE-2026-24540 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate G… | |||
| CVE-2026-24384 | medium | 5.4 | 5.4 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from … | |||
| CVE-2026-24381 | medium | 5.4 | 5.4 | 4mo ago | Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2. | |||
| CVE-2026-24374 | medium | 5.4 | 5.4 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects Registrati… | |||
| CVE-2026-24365 | medium | 5.4 | 5.4 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce… | |||
| CVE-2026-22430 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: fro… | |||
| CVE-2026-22426 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet J… | |||
| CVE-2026-22400 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n… | |||
| CVE-2026-22398 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a … | |||
| CVE-2026-22396 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: … | |||
| CVE-2026-22393 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a … | |||
| CVE-2026-22391 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a … | |||
| CVE-2026-1154 | medium | 5.4 | 5.4 | 4mo ago | A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipul… | |||
| CVE-2026-1151 | medium | 5.4 | 5.4 | 4mo ago | A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross s… | |||
| CVE-2026-1147 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manip… | |||
| CVE-2026-1146 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/api_register_pa… | |||
| CVE-2026-1106 | medium | 5.4 | 5.4 | 4mo ago | A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Co… | |||
| CVE-2026-1049 | medium | 5.4 | 5.4 | 5mo ago | A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cro… | |||
| CVE-2026-1048 | medium | 5.4 | 5.4 | 5mo ago | A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. This manipulation of the argument TicketID causes cross … | |||
| CVE-2026-0587 | medium | 5.4 | 5.4 | 5mo ago | A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the … | |||
| CVE-2026-10232 | medium | 5.3 | 5.3 | 23 min ago | A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation c… | |||
| CVE-2026-10231 | medium | 5.3 | 5.3 | 23 min ago | A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a… | |||
| CVE-2026-10230 | medium | 5.3 | 5.3 | 23 min ago | A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::read_animations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Load… | |||
| CVE-2026-10229 | medium | 5.3 | 5.3 | 23 min ago | A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation cause… | |||
| CVE-2026-10224 | medium | 5.3 | 5.3 | 4h ago | A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the… | |||
| CVE-2026-10200 | medium | 5.3 | 5.3 | 9h ago | A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in h… | |||
| CVE-2026-8382 | medium | 5.3 | 5.3 | 1d ago | The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user … | |||
| CVE-2026-48840 | medium | 5.3 | 5.3 | 2d ago | Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client. | |||
| CVE-2026-45294 | medium | 5.3 | 5.3 | 3d ago | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted… | |||
| CVE-2026-46344 | medium | 5.3 | 5.3 | 3d ago | liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT … | |||
| CVE-2026-44518 | medium | 5.3 | 5.3 | 3d ago | liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT … | |||
| CVE-2026-45352 | medium | 5.3 | 5.3 | 3d ago | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process cras… | |||
| CVE-2026-42500 | medium | 5.3 | 5.3 | 3d ago | Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. | |||
| CVE-2026-10075 | medium | 5.3 | 5.3 | 3d ago | DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulner… | |||
| CVE-2026-9189 | medium | 5.3 | 5.3 | 3d ago | The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Althou… | |||
| CVE-2026-2128 | medium | 5.3 | 5.3 | 3d ago | The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the `wo… | |||
| CVE-2026-9985 | medium | 5.3 | 5.3 | 3d ago | Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensi… | |||
| CVE-2026-45410 | medium | 5.3 | 5.3 | 3d ago | TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an e… | |||
| CVE-2026-46843 | medium | 5.3 | 5.3 | 4d ago | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac… | |||
| CVE-2026-46842 | medium | 5.3 | 5.3 | 4d ago | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac… | |||
| CVE-2026-46841 | medium | 5.3 | 5.3 | 4d ago | Vulnerability in Oracle REST Data Services (component: General). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network… | |||
| CVE-2026-46830 | medium | 5.3 | 5.3 | 4d ago | Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with networ… | |||
| CVE-2026-49130 | medium | 5.3 | 5.3 | 4d ago | Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF by… | |||
| CVE-2026-33463 | medium | 5.3 | 5.3 | 4d ago | Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-b… | |||
| CVE-2026-9091 | medium | 5.3 | 5.3 | 4d ago | Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go c… | |||
| CVE-2026-47676 | medium | 5.3 | 5.3 | 4d ago | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount() strips the mount prefix from the incoming request path using the raw URL pathname, … | |||
| CVE-2026-47675 | medium | 5.3 | 5.3 | 4d ago | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize() function in hono/cookie validates domain and path options against characters th… | |||
| CVE-2026-47674 | medium | 5.3 | 5.3 | 4d ago | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware (hono/ip-restriction) compares incoming IP addresses against conf… | |||
| CVE-2026-48525 | medium | 5.3 | 5.3 | 4d ago | PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL deco… | |||
| CVE-2026-6937 | medium | 5.3 | 5.3 | 4d ago | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the pl… | |||
| CVE-2026-7651 | medium | 5.3 | 5.3 | 4d ago | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure… | |||
| CVE-2026-7552 | medium | 5.3 | 5.3 | 4d ago | The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to … | |||
| CVE-2026-9803 | medium | 5.3 | 5.3 | 4d ago | A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authori… | |||
| CVE-2026-9794 | medium | 5.3 | 5.3 | 4d ago | A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced… | |||
| CVE-2026-46544 | medium | 5.3 | 5.3 | 4d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied session_id values in WebSocket task messages a… | |||
| CVE-2026-6713 | medium | 5.3 | 5.3 | 5d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauth… | |||
| CVE-2026-4392 | medium | 5.3 | 5.3 | 5d ago | A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proo… | |||
| CVE-2026-4391 | medium | 5.3 | 5.3 | 5d ago | A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer ov… | |||
| CVE-2026-44318 | medium | 5.3 | 5.3 | 5d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscrip… | |||
| CVE-2026-49053 | medium | 5.3 | 5.3 | 5d ago | Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addon… | |||
| CVE-2026-7254 | medium | 5.3 | 5.3 | 5d ago | IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. | |||
| CVE-2026-49001 | medium | 5.3 | 5.3 | 5d ago | Cross-site request forgery (CSRF) vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampe… | |||
| CVE-2026-9014 | medium | 5.3 | 5.3 | 5d ago | The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_stats() function in versions up to, and including, 1.3. The func… | |||
| CVE-2026-7493 | medium | 5.3 | 5.3 | 5d ago | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a… | |||
| CVE-2026-8391 | medium | 5.3 | 5.3 | 5d ago | RHSA-2026:21382: firefox security update (Important) | |||
| CVE-2026-38808 | medium | 5.3 | 5.3 | 5d ago | SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components | |||
| CVE-2026-46740 | medium | 5.3 | 5.3 | 5d ago | Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted… | |||
| CVE-2026-42015 | medium | 5.3 | 5.3 | 5d ago | RHSA-2026:20611: gnutls security update (Important) | |||
| CVE-2026-44214 | medium | 5.3 | 5.3 | 6d ago | eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage b… | |||
| CVE-2026-25426 | medium | 5.3 | 5.3 | 6d ago | Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking M… | |||
| CVE-2026-9541 | medium | 5.3 | 5.3 | 6d ago | A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results … | |||
| CVE-2026-9540 | medium | 5.3 | 5.3 | 6d ago | A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. I… | |||
| CVE-2026-48135 | medium | 5.3 | 5.3 | 6d ago | A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation. | |||
| CVE-2026-39642 | medium | 5.3 | 5.3 | 6d ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7. | |||
| CVE-2026-24590 | medium | 5.3 | 5.3 | 6d ago | Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey… | |||
| CVE-2026-39655 | medium | 5.3 | 5.3 | 6d ago | Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7. | |||
| CVE-2026-27398 | medium | 5.3 | 5.3 | 6d ago | Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from … |