CVEs from 2026
Total
13,572
critical
critical 1,186
high
high 4,342
medium
medium 4,229
low
low 459
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 434
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39678 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sy… | |||
| CVE-2026-39676 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a… | |||
| CVE-2026-39675 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from… | |||
| CVE-2026-39672 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… | |||
| CVE-2026-39669 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3. | |||
| CVE-2026-39664 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2. | |||
| CVE-2026-39662 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security … | |||
| CVE-2026-39658 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pand… | |||
| CVE-2026-39657 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n… | |||
| CVE-2026-39652 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: fro… | |||
| CVE-2026-39650 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: … | |||
| CVE-2026-39648 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7. | |||
| CVE-2026-39644 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from… | |||
| CVE-2026-39628 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <… | |||
| CVE-2026-39626 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | |||
| CVE-2026-39624 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3. | |||
| CVE-2026-39616 | medium | 5.3 | 5.3 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |||
| CVE-2026-39612 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9. | |||
| CVE-2026-39609 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0… | |||
| CVE-2026-39605 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: fro… | |||
| CVE-2026-39602 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a thr… | |||
| CVE-2026-39585 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booktics: from n/a through 1.0.16. | |||
| CVE-2026-39563 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a th… | |||
| CVE-2026-39561 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7. | |||
| CVE-2026-39535 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display… | |||
| CVE-2026-39520 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18. | |||
| CVE-2026-39365 | medium | 5.3 | 5.3 | 2mo ago | Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling | |||
| CVE-2026-35484 | medium | 5.3 | 5.3 | 2mo ago | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file o… | |||
| CVE-2026-5621 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulatio… | |||
| CVE-2026-5619 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipu… | |||
| CVE-2026-5603 | medium | 5.3 | 5.3 | 2mo ago | @elgentos/magento2-dev-mcp vulnerable to command injection | |||
| CVE-2026-5602 | medium | 5.3 | 5.3 | 2mo ago | @nor2/heim-mcp vulnerable to command injection | |||
| CVE-2026-5527 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Pr… | |||
| CVE-2026-3184 | medium | 5.3 | 5.3 | 2mo ago | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A … | |||
| CVE-2026-5342 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipu… | |||
| CVE-2026-5323 | medium | 5.3 | 5.3 | 2mo ago | a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function | |||
| CVE-2026-5236 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of t… | |||
| CVE-2026-5235 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation … | |||
| CVE-2026-5215 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-5186 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation cause… | |||
| CVE-2026-5185 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipula… | |||
| CVE-2026-5125 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument gi… | |||
| CVE-2026-5023 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the … | |||
| CVE-2026-5007 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulatio… | |||
| CVE-2026-27860 | medium | 5.3 | 5.3 | 2mo ago | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure… | |||
| CVE-2026-27859 | medium | 5.3 | 5.3 | 2mo ago | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU … | |||
| CVE-2026-0394 | medium | 5.3 | 5.3 | 2mo ago | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the dom… | |||
| CVE-2026-32497 | medium | 5.3 | 5.3 | 2mo ago | Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45. | |||
| CVE-2026-32492 | medium | 5.3 | 5.3 | 2mo ago | Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1. | |||
| CVE-2026-28838 | medium | 5.3 | 5.3 | 2mo ago | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sand… | |||
| CVE-2026-4733 | medium | 5.3 | 5.3 | 2mo ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | |||
| CVE-2026-28809 | medium | 5.3 | 5.3 | 2mo ago | esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages | |||
| CVE-2026-4603 | medium | 5.3 | 5.3 | 2mo ago | jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations | |||
| CVE-2026-4530 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument D… | |||
| CVE-2026-4496 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of th… | |||
| CVE-2026-1005 | medium | 5.3 | 5.3 | 2mo ago | Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authenticati… | |||
| CVE-2026-28070 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2. | |||
| CVE-2026-32565 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Rel… | |||
| CVE-2026-32586 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooC… | |||
| CVE-2026-4216 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. … | |||
| CVE-2026-4199 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command inj… | |||
| CVE-2026-4198 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command inj… | |||
| CVE-2026-32438 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education:… | |||
| CVE-2026-32437 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= … | |||
| CVE-2026-32436 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a throu… | |||
| CVE-2026-32435 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4… | |||
| CVE-2026-32434 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4. | |||
| CVE-2026-32427 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from … | |||
| CVE-2026-32421 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a throu… | |||
| CVE-2026-32413 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager… | |||
| CVE-2026-32410 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Cu… | |||
| CVE-2026-32409 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects F… | |||
| CVE-2026-32404 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor:… | |||
| CVE-2026-32397 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through … | |||
| CVE-2026-32396 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13. | |||
| CVE-2026-32395 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-32383 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2. | |||
| CVE-2026-32347 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe… | |||
| CVE-2026-32346 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through… | |||
| CVE-2026-32345 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from… | |||
| CVE-2026-32332 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9. | |||
| CVE-2026-31916 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post S… | |||
| CVE-2026-31915 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6. | |||
| CVE-2026-23943 | medium | 5.3 | 5.3 | 3mo ago | Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advert… | |||
| CVE-2026-4016 | medium | 5.3 | 5.3 | 3mo ago | A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipula… | |||
| CVE-2026-4015 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lea… | |||
| CVE-2026-3994 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File… | |||
| CVE-2026-3979 | medium | 5.3 | 5.3 | 3mo ago | A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local… | |||
| CVE-2026-3964 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the ar… | |||
| CVE-2026-3959 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The … | |||
| CVE-2026-2742 | medium | 5.3 | 5.3 | 3mo ago | Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash | |||
| CVE-2026-3713 | medium | 5.3 | 5.3 | 3mo ago | A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of … | |||
| CVE-2026-3707 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_h… | |||
| CVE-2026-3675 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation… | |||
| CVE-2026-3674 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipula… | |||
| CVE-2026-3670 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The… | |||
| CVE-2026-3669 | medium | 5.3 | 5.3 | 3mo ago | A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authori… | |||
| CVE-2026-3667 | medium | 5.3 | 5.3 | 3mo ago | A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation resul… | |||
| CVE-2026-28132 | medium | 5.3 | 5.3 | 3mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects … | |||
| CVE-2026-2896 | medium | 5.3 | 5.3 | 3mo ago | funadmin has Incorrect Privilege Assignment in its Configuration Handler |