CVEs from 2026
Total
13,840
critical
critical 1,207
high
high 4,497
medium
medium 4,324
low
low 469
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24592 | medium | 5.3 | 5.3 | 7d ago | Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a … | |||
| CVE-2026-9502 | medium | 5.3 | 5.3 | 7d ago | A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap… | |||
| CVE-2026-9500 | medium | 5.3 | 5.3 | 7d ago | A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipul… | |||
| CVE-2026-24546 | medium | 5.3 | 5.3 | 7d ago | Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3. | |||
| CVE-2026-9466 | medium | 5.3 | 5.3 | 7d ago | A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoin… | |||
| CVE-2026-47069 | medium | 5.3 | 5.3 | 7d ago | CRLF injection in cookie domain/path options in hackney | |||
| CVE-2026-46745 | medium | 5.3 | 5.3 | 8d ago | Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache… | |||
| CVE-2026-5223 | medium | 5.3 | 5.3 | 8d ago | Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The… | |||
| CVE-2026-9369 | medium | 5.3 | 5.3 | 9d ago | A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboar… | |||
| CVE-2026-9352 | medium | 5.3 | 5.3 | 9d ago | A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway H… | |||
| CVE-2026-9349 | medium | 5.3 | 5.3 | 9d ago | A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideP… | |||
| CVE-2026-44618 | medium | 5.3 | 5.3 | 10d ago | Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this is… | |||
| CVE-2026-4635 | medium | 5.3 | 5.3 | 11d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to c… | |||
| CVE-2026-8684 | medium | 5.3 | 5.3 | 11d ago | The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is aut… | |||
| CVE-2026-46598 | medium | 5.3 | 5.3 | 11d ago | For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. | |||
| CVE-2026-39835 | medium | 5.3 | 5.3 | 11d ago | SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an… | |||
| CVE-2026-8337 | medium | 5.3 | 5.3 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unau… | |||
| CVE-2026-8240 | medium | 5.3 | 5.3 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted … | |||
| CVE-2026-8239 | medium | 5.3 | 5.3 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/get_rating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security … | |||
| CVE-2026-8238 | medium | 5.3 | 5.3 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message_page' endpoint returns the full content of any conversation message. An unauthenticated attacker can enume… | |||
| CVE-2026-8237 | medium | 5.3 | 5.3 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to IDOR. The `/ccm/frontend/conversations/message_detail` endpoint returns the full content of any conversation message. An unauthenticated attacker can enu… | |||
| CVE-2026-7879 | medium | 5.3 | 5.3 | 11d ago | In Concrete CMS 9.5.0 and below, the submit_password() method in concrete/controllers/single_page/download_file.php allows unauthorized file access since downloading permission-restricted files bypa… | |||
| CVE-2026-8205 | medium | 5.3 | 5.3 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being… | |||
| CVE-2026-8204 | medium | 5.3 | 5.3 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot… | |||
| CVE-2026-6826 | medium | 5.3 | 5.3 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs… | |||
| CVE-2026-48245 | medium | 5.3 | 5.3 | 11d ago | Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the sour… | |||
| CVE-2026-48244 | medium | 5.3 | 5.3 | 11d ago | Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to th… | |||
| CVE-2026-48243 | medium | 5.3 | 5.3 | 11d ago | Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can ext… | |||
| CVE-2026-27393 | medium | 5.3 | 5.3 | 12d ago | Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6. | |||
| CVE-2026-9124 | medium | 5.3 | 5.3 | 12d ago | Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craf… | |||
| CVE-2026-2812 | medium | 5.3 | 5.3 | 12d ago | ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the en… | |||
| CVE-2026-4293 | medium | 5.3 | 5.3 | 12d ago | The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the brow… | |||
| CVE-2026-5950 | medium | 5.3 | 5.3 | 12d ago | An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sendin… | |||
| CVE-2026-3592 | medium | 5.3 | 5.3 | 12d ago | BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resou… | |||
| CVE-2026-6728 | medium | 5.3 | 5.3 | 13d ago | The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for una… | |||
| CVE-2026-44390 | medium | 5.3 | 5.3 | 13d ago | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses… | |||
| CVE-2026-42923 | medium | 5.3 | 5.3 | 13d ago | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit… | |||
| CVE-2026-42534 | medium | 5.3 | 5.3 | 13d ago | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could ren… | |||
| CVE-2026-32792 | medium | 5.3 | 5.3 | 13d ago | NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbou… | |||
| CVE-2026-42526 | medium | 5.3 | 5.3 | 13d ago | In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `"my_… | |||
| CVE-2026-46337 | medium | 5.3 | 5.3 | 13d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private us… | |||
| CVE-2026-34883 | medium | 5.3 | 5.3 | 13d ago | An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate priv… | |||
| CVE-2026-31388 | medium | 5.3 | 5.3 | 14d ago | Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixe… | |||
| CVE-2026-31387 | medium | 5.3 | 5.3 | 14d ago | Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||
| CVE-2026-8814 | medium | 5.3 | 5.3 | 14d ago | ExifReader is vulnerable to denial of service via unbounded decompression of image metadata | |||
| CVE-2026-32994 | medium | 5.3 | 5.3 | 14d ago | The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any… | |||
| CVE-2026-32244 | medium | 5.3 | 5.3 | 14d ago | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv… | |||
| CVE-2026-4893 | medium | 5.3 | 5.3 | 14d ago | RHSA-2026:20589: dnsmasq security update (Important) | |||
| CVE-2026-4891 | medium | 5.3 | 5.3 | 14d ago | RHSA-2026:20589: dnsmasq security update (Important) | |||
| CVE-2026-36438 | medium | 5.3 | 5.3 | 14d ago | An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd | |||
| CVE-2026-45620 | medium | 5.3 | 5.3 | 14d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck() or admin gate. It only has an entry guard: preg_match('/^@/', $_REQUEST['term']) … | |||
| CVE-2026-8752 | medium | 5.3 | 5.3 | 15d ago | A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the compon… | |||
| CVE-2026-8739 | medium | 5.3 | 5.3 | 16d ago | A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigC… | |||
| CVE-2026-8737 | medium | 5.3 | 5.3 | 16d ago | A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListD… | |||
| CVE-2026-8723 | medium | 5.3 | 5.3 | 16d ago | ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha… | |||
| CVE-2026-8681 | medium | 5.3 | 5.3 | 17d ago | The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is auth… | |||
| CVE-2026-44309 | medium | 5.3 | 5.3 | 17d ago | gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits | |||
| CVE-2026-8454 | medium | 5.3 | 5.3 | 17d ago | Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer G… | |||
| CVE-2026-8612 | medium | 5.3 | 5.3 | 18d ago | WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache… | |||
| CVE-2026-45248 | medium | 5.3 | 5.3 | 18d ago | Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user inform… | |||
| CVE-2026-45397 | medium | 5.3 | 5.3 | 18d ago | Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure | |||
| CVE-2026-8583 | medium | 5.3 | 5.3 | 18d ago | Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa… | |||
| CVE-2026-8582 | medium | 5.3 | 5.3 | 18d ago | Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se… | |||
| CVE-2026-8546 | medium | 5.3 | 5.3 | 18d ago | Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information fr… | |||
| CVE-2026-8543 | medium | 5.3 | 5.3 | 18d ago | Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive infor… | |||
| CVE-2026-8541 | medium | 5.3 | 5.3 | 18d ago | Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi… | |||
| CVE-2026-8538 | medium | 5.3 | 5.3 | 18d ago | Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a craf… | |||
| CVE-2026-8535 | medium | 5.3 | 5.3 | 18d ago | Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informati… | |||
| CVE-2026-8516 | medium | 5.3 | 5.3 | 18d ago | Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentia… | |||
| CVE-2026-24000 | medium | 5.3 | 5.3 | 18d ago | Fleet has a rate limiting bypass via untrusted client IP headers | |||
| CVE-2026-38740 | medium | 5.3 | 5.3 | 18d ago | Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol (SDP), including ICE creden… | |||
| CVE-2026-45292 | medium | 5.3 | 5.3 | 18d ago | opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggag… | |||
| CVE-2026-42593 | medium | 5.3 | 5.3 | 18d ago | Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes | |||
| CVE-2026-42592 | medium | 5.3 | 5.3 | 18d ago | Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes | |||
| CVE-2026-41933 | medium | 5.3 | 5.3 | 18d ago | Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking pro… | |||
| CVE-2026-24711 | medium | 5.3 | 5.3 | 18d ago | Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control. | |||
| CVE-2026-45205 | medium | 5.3 | 5.3 | 18d ago | Apache Commons Configuration: StackOverflowError for YAML input with cycles | |||
| CVE-2026-6206 | medium | 5.3 | 5.3 | 19d ago | The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restri… | |||
| CVE-2026-6145 | medium | 5.3 | 5.3 | 19d ago | The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the is_admin_creation_process() method relyi… | |||
| CVE-2026-44381 | medium | 5.3 | 5.3 | 19d ago | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow … | |||
| CVE-2026-44379 | medium | 5.3 | 5.3 | 19d ago | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or mo… | |||
| CVE-2026-44373 | medium | 5.3 | 5.3 | 19d ago | Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward… | |||
| CVE-2026-33584 | medium | 5.3 | 5.3 | 19d ago | Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Sym… | |||
| CVE-2026-44457 | medium | 5.3 | 5.3 | 19d ago | Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage | |||
| CVE-2026-44431 | medium | 5.3 | 5.3 | 19d ago | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=Fa… | |||
| CVE-2026-44294 | medium | 5.3 | 5.3 | 19d ago | protobuf.js: Denial of service from crafted field names in generated code | |||
| CVE-2026-44292 | medium | 5.3 | 5.3 | 19d ago | protobuf.js: Prototype injection in generated message constructors | |||
| CVE-2026-44288 | medium | 5.3 | 5.3 | 19d ago | protobufjs has overlong UTF-8 decoding | |||
| CVE-2026-40435 | medium | 5.3 | 5.3 | 19d ago | When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Su… | |||
| CVE-2026-34019 | medium | 5.3 | 5.3 | 19d ago | When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD pack… | |||
| CVE-2026-8463 | medium | 5.3 | 5.3 | 19d ago | Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes encoded_len - 1 as the… | |||
| CVE-2026-7168 | medium | 5.3 | 5.3 | 19d ago | Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reu… | |||
| CVE-2026-7009 | medium | 5.3 | 5.3 | 19d ago | When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and inste… | |||
| CVE-2026-6429 | medium | 5.3 | 5.3 | 19d ago | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances. | |||
| CVE-2026-2515 | medium | 5.3 | 5.3 | 19d ago | The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_ajax_action' fu… | |||
| CVE-2026-6965 | medium | 5.3 | 5.3 | 20d ago | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the `get_course_id_by… | |||
| CVE-2026-8200 | medium | 5.3 | 5.3 | 20d ago | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This is… | |||
| CVE-2026-44341 | medium | 5.3 | 5.3 | 20d ago | GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. Th… | |||
| CVE-2026-34654 | medium | 5.3 | 5.3 | 20d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result i… | |||
| CVE-2026-23822 | medium | 5.3 | 5.3 | 20d ago | A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an at… |