CVEs from 2026
Total
13,909
critical
critical 1,208
high
high 4,525
medium
medium 4,356
low
low 481
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39658 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pand… | |||
| CVE-2026-39657 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n… | |||
| CVE-2026-39652 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: fro… | |||
| CVE-2026-39650 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: … | |||
| CVE-2026-39648 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7. | |||
| CVE-2026-39644 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from… | |||
| CVE-2026-39628 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <… | |||
| CVE-2026-39626 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | |||
| CVE-2026-39624 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3. | |||
| CVE-2026-39616 | medium | 5.3 | 5.3 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |||
| CVE-2026-39612 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9. | |||
| CVE-2026-39609 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0… | |||
| CVE-2026-39605 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: fro… | |||
| CVE-2026-39602 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a thr… | |||
| CVE-2026-39585 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booktics: from n/a through 1.0.16. | |||
| CVE-2026-39563 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a th… | |||
| CVE-2026-39561 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7. | |||
| CVE-2026-39535 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display… | |||
| CVE-2026-39520 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18. | |||
| CVE-2026-39365 | medium | 5.3 | 5.3 | 2mo ago | Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling | |||
| CVE-2026-35484 | medium | 5.3 | 5.3 | 2mo ago | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file o… | |||
| CVE-2026-5621 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulatio… | |||
| CVE-2026-5619 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipu… | |||
| CVE-2026-5603 | medium | 5.3 | 5.3 | 2mo ago | @elgentos/magento2-dev-mcp vulnerable to command injection | |||
| CVE-2026-5602 | medium | 5.3 | 5.3 | 2mo ago | @nor2/heim-mcp vulnerable to command injection | |||
| CVE-2026-5527 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Pr… | |||
| CVE-2026-3184 | medium | 5.3 | 5.3 | 2mo ago | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A … | |||
| CVE-2026-5342 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipu… | |||
| CVE-2026-5323 | medium | 5.3 | 5.3 | 2mo ago | a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function | |||
| CVE-2026-5236 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of t… | |||
| CVE-2026-5235 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation … | |||
| CVE-2026-5215 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-5186 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation cause… | |||
| CVE-2026-5185 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipula… | |||
| CVE-2026-5125 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument gi… | |||
| CVE-2026-5023 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the … | |||
| CVE-2026-5007 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulatio… | |||
| CVE-2026-27860 | medium | 5.3 | 5.3 | 2mo ago | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure… | |||
| CVE-2026-27859 | medium | 5.3 | 5.3 | 2mo ago | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU … | |||
| CVE-2026-0394 | medium | 5.3 | 5.3 | 2mo ago | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the dom… | |||
| CVE-2026-32497 | medium | 5.3 | 5.3 | 2mo ago | Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45. | |||
| CVE-2026-32492 | medium | 5.3 | 5.3 | 2mo ago | Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1. | |||
| CVE-2026-28838 | medium | 5.3 | 5.3 | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-4733 | medium | 5.3 | 5.3 | 2mo ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | |||
| CVE-2026-28809 | medium | 5.3 | 5.3 | 2mo ago | esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages | |||
| CVE-2026-4603 | medium | 5.3 | 5.3 | 2mo ago | jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations | |||
| CVE-2026-4530 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument D… | |||
| CVE-2026-4496 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of th… | |||
| CVE-2026-1005 | medium | 5.3 | 5.3 | 2mo ago | Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authenticati… | |||
| CVE-2026-28070 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2. | |||
| CVE-2026-32565 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Rel… | |||
| CVE-2026-32586 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooC… | |||
| CVE-2026-4216 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. … | |||
| CVE-2026-4199 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command inj… | |||
| CVE-2026-4198 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command inj… | |||
| CVE-2026-32438 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education:… | |||
| CVE-2026-32437 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= … | |||
| CVE-2026-32436 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a throu… | |||
| CVE-2026-32435 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4… | |||
| CVE-2026-32434 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4. | |||
| CVE-2026-32427 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from … | |||
| CVE-2026-32421 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a throu… | |||
| CVE-2026-32413 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager… | |||
| CVE-2026-32410 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Cu… | |||
| CVE-2026-32409 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects F… | |||
| CVE-2026-32404 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor:… | |||
| CVE-2026-32397 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through … | |||
| CVE-2026-32396 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13. | |||
| CVE-2026-32395 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-32383 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2. | |||
| CVE-2026-32347 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe… | |||
| CVE-2026-32346 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through… | |||
| CVE-2026-32345 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from… | |||
| CVE-2026-32332 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9. | |||
| CVE-2026-31916 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post S… | |||
| CVE-2026-31915 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6. | |||
| CVE-2026-23943 | medium | 5.3 | 5.3 | 3mo ago | Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advert… | |||
| CVE-2026-4016 | medium | 5.3 | 5.3 | 3mo ago | A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipula… | |||
| CVE-2026-4015 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lea… | |||
| CVE-2026-3994 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File… | |||
| CVE-2026-3979 | medium | 5.3 | 5.3 | 3mo ago | A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local… | |||
| CVE-2026-3964 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the ar… | |||
| CVE-2026-3959 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The … | |||
| CVE-2026-2742 | medium | 5.3 | 5.3 | 3mo ago | Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash | |||
| CVE-2026-3713 | medium | 5.3 | 5.3 | 3mo ago | A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of … | |||
| CVE-2026-3707 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_h… | |||
| CVE-2026-3675 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation… | |||
| CVE-2026-3674 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipula… | |||
| CVE-2026-3670 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The… | |||
| CVE-2026-3669 | medium | 5.3 | 5.3 | 3mo ago | A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authori… | |||
| CVE-2026-3667 | medium | 5.3 | 5.3 | 3mo ago | A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation resul… | |||
| CVE-2026-28132 | medium | 5.3 | 5.3 | 3mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects … | |||
| CVE-2026-2896 | medium | 5.3 | 5.3 | 3mo ago | funadmin has Incorrect Privilege Assignment in its Configuration Handler | |||
| CVE-2026-2851 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repo… | |||
| CVE-2026-27066 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Securit… | |||
| CVE-2026-25370 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a … | |||
| CVE-2026-25006 | medium | 5.3 | 5.3 | 3mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4. | |||
| CVE-2026-23548 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a … | |||
| CVE-2026-23543 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issu… | |||
| CVE-2026-2672 | medium | 5.3 | 5.3 | 3mo ago | A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Pe… |