CVEs from 2026
Total
13,506
critical
critical 1,178
high
high 4,304
medium
medium 4,191
low
low 452
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42800 | medium | 5.3 | 5.3 | 1mo ago | NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/s… | |||
| CVE-2026-7403 | medium | 5.3 | 5.3 | 1mo ago | A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in … | |||
| CVE-2026-7396 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Ad… | |||
| CVE-2026-42644 | medium | 5.3 | 5.3 | 1mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: fr… | |||
| CVE-2026-42642 | medium | 5.3 | 5.3 | 1mo ago | Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5. | |||
| CVE-2026-22745 | medium | 5.3 | 5.3 | 1mo ago | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources | |||
| CVE-2026-4019 | medium | 5.3 | 5.3 | 1mo ago | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/co… | |||
| CVE-2026-42427 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class) | |||
| CVE-2026-41407 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Shared-secret comparison call sites leaked length information through timing | |||
| CVE-2026-41374 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw runs Discord audio preflight transcription before member authorization | |||
| CVE-2026-40969 | medium | 5.3 | 5.3 | 1mo ago | Spring gRPC AuthenticationException messages are reflected to remote client | |||
| CVE-2026-7271 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-ag… | |||
| CVE-2026-41606 | medium | 5.3 | 5.3 | 1mo ago | Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |||
| CVE-2026-7235 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file … | |||
| CVE-2026-4911 | medium | 5.3 | 5.3 | 1mo ago | The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function passing user-controlled $_POST['amo… | |||
| CVE-2026-7217 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-of… | |||
| CVE-2026-7183 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulati… | |||
| CVE-2026-7179 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the comp… | |||
| CVE-2026-7135 | medium | 5.3 | 5.3 | 1mo ago | A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the comp… | |||
| CVE-2026-42037 | medium | 5.3 | 5.3 | 1mo ago | Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream | |||
| CVE-2026-42036 | medium | 5.3 | 5.3 | 1mo ago | Axios: HTTP adapter streamed responses bypass maxContentLength | |||
| CVE-2026-42034 | medium | 5.3 | 5.3 | 1mo ago | Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0 | |||
| CVE-2026-40431 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication… | |||
| CVE-2026-23865 | medium | 5.3 | 5.3 | 1mo ago | RHSA-2026:9689: java-21-openjdk security update (Important) | |||
| CVE-2026-41354 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders | |||
| CVE-2026-41351 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding | |||
| CVE-2026-41345 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by… | |||
| CVE-2026-41343 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification | |||
| CVE-2026-41337 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection | |||
| CVE-2026-41335 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability | |||
| CVE-2026-41332 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override | |||
| CVE-2026-2708 | medium | 5.3 | 5.3 | 1mo ago | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each hea… | |||
| CVE-2026-40894 | medium | 5.3 | 5.3 | 1mo ago | OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers | |||
| CVE-2026-40891 | medium | 5.3 | 5.3 | 1mo ago | OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling | |||
| CVE-2026-41182 | medium | 5.3 | 5.3 | 1mo ago | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redacti… | |||
| CVE-2026-35345 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continue… | |||
| CVE-2026-35061 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | |||
| CVE-2026-33093 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | |||
| CVE-2026-32648 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device. | |||
| CVE-2026-6491 | medium | 5.3 | 5.3 | 2mo ago | A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such… | |||
| CVE-2026-24749 | medium | 5.3 | 5.3 | 2mo ago | Silverstripe Assets Module has a DBFile::getURL() permission bypass | |||
| CVE-2026-40778 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: … | |||
| CVE-2026-40742 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: fr… | |||
| CVE-2026-28421 | medium | 5.3 | 5.3 | 2mo ago | RHSA-2026:6915: vim security update (Important) | |||
| CVE-2026-6219 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulati… | |||
| CVE-2026-5504 | medium | 5.3 | 5.3 | 2mo ago | A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfS… | |||
| CVE-2026-5772 | medium | 5.3 | 5.3 | 2mo ago | A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * e… | |||
| CVE-2026-5833 | medium | 5.3 | 5.3 | 2mo ago | awwaiid mcp-server-taskwarrior vulnerable to command injection | |||
| CVE-2026-39716 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8. | |||
| CVE-2026-39713 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly … | |||
| CVE-2026-39712 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a th… | |||
| CVE-2026-39706 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a throug… | |||
| CVE-2026-39704 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access C… | |||
| CVE-2026-39701 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | |||
| CVE-2026-39700 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32. | |||
| CVE-2026-39698 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects T… | |||
| CVE-2026-39697 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-39694 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Si… | |||
| CVE-2026-39689 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from … | |||
| CVE-2026-39688 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profil… | |||
| CVE-2026-39687 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rap… | |||
| CVE-2026-39686 | medium | 5.3 | 5.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PD… | |||
| CVE-2026-39682 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: fr… | |||
| CVE-2026-39680 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet … | |||
| CVE-2026-39678 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sy… | |||
| CVE-2026-39676 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a… | |||
| CVE-2026-39675 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from… | |||
| CVE-2026-39672 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… | |||
| CVE-2026-39669 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3. | |||
| CVE-2026-39664 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2. | |||
| CVE-2026-39662 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security … | |||
| CVE-2026-39658 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pand… | |||
| CVE-2026-39657 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n… | |||
| CVE-2026-39652 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: fro… | |||
| CVE-2026-39650 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: … | |||
| CVE-2026-39648 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7. | |||
| CVE-2026-39644 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from… | |||
| CVE-2026-39628 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <… | |||
| CVE-2026-39626 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | |||
| CVE-2026-39624 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3. | |||
| CVE-2026-39616 | medium | 5.3 | 5.3 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |||
| CVE-2026-39612 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9. | |||
| CVE-2026-39609 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0… | |||
| CVE-2026-39605 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: fro… | |||
| CVE-2026-39602 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a thr… | |||
| CVE-2026-39585 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booktics: from n/a through 1.0.16. | |||
| CVE-2026-39563 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a th… | |||
| CVE-2026-39561 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7. | |||
| CVE-2026-39535 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display… | |||
| CVE-2026-39520 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18. | |||
| CVE-2026-39365 | medium | 5.3 | 5.3 | 2mo ago | Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling | |||
| CVE-2026-35484 | medium | 5.3 | 5.3 | 2mo ago | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file o… | |||
| CVE-2026-5621 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulatio… | |||
| CVE-2026-5619 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipu… | |||
| CVE-2026-5603 | medium | 5.3 | 5.3 | 2mo ago | @elgentos/magento2-dev-mcp vulnerable to command injection | |||
| CVE-2026-5602 | medium | 5.3 | 5.3 | 2mo ago | @nor2/heim-mcp vulnerable to command injection | |||
| CVE-2026-5527 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Pr… | |||
| CVE-2026-3184 | medium | 5.3 | 5.3 | 2mo ago | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A … | |||
| CVE-2026-5342 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipu… | |||
| CVE-2026-5323 | medium | 5.3 | 5.3 | 2mo ago | a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function |