CVEs from 2026
Total
13,521
critical
critical 1,179
high
high 4,311
medium
medium 4,198
low
low 452
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23850 | high | 7.5 | 7.5 | 4mo ago | SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel | |||
| CVE-2026-20921 | high | 7.5 | 7.5 | 5mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-22190 | high | 7.5 | 7.5 | 5mo ago | The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format… | |||
| CVE-2026-48555 | high | 7.4 | 7.4 | 3d ago | Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by … | |||
| CVE-2026-48501 | high | 7.4 | 7.4 | 3d ago | GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands | |||
| CVE-2026-46579 | high | 7.4 | 7.4 | 3d ago | A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows… | |||
| CVE-2026-46818 | high | 7.4 | 7.4 | 4d ago | Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability al… | |||
| CVE-2026-48526 | high | 7.4 | 7.4 | 4d ago | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate… | |||
| CVE-2026-47269 | high | 7.4 | 7.4 | 5d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request o… | |||
| CVE-2026-44460 | high | 7.4 | 7.4 | 5d ago | FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the passwo… | |||
| CVE-2026-49014 | high | 7.4 | 7.4 | 5d ago | In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer with… | |||
| CVE-2026-45575 | high | 7.4 | 7.4 | 6d ago | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI netwo… | |||
| CVE-2026-48697 | high | 7.4 | 7.4 | 6d ago | FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl… | |||
| CVE-2026-44053 | high | 7.4 | 7.4 | 11d ago | Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic at… | |||
| CVE-2026-45245 | high | 7.4 | 7.4 | 14d ago | Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links | |||
| CVE-2026-45539 | high | 7.4 | 7.4 | 17d ago | Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree | |||
| CVE-2026-45373 | high | 7.4 | 7.4 | 18d ago | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as htt… | |||
| CVE-2026-45310 | high | 7.4 | 7.4 | 18d ago | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to … | |||
| CVE-2026-41615 | high | 7.4 | 7.4 | 18d ago | <p>Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.</p> | |||
| CVE-2026-33376 | high | 7.4 | 7.4 | 19d ago | When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128… | |||
| CVE-2026-41132 | high | 7.4 | 7.4 | 19d ago | CKAN has no certificate validation on STMP connection | |||
| CVE-2026-34647 | high | 7.4 | 7.4 | 20d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security… | |||
| CVE-2026-41107 | high | 7.4 | 7.4 | 20d ago | <p>External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.</p> | |||
| CVE-2026-40414 | high | 7.4 | 7.4 | 20d ago | <p>Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.</p> | |||
| CVE-2026-40413 | high | 7.4 | 7.4 | 20d ago | <p>Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.</p> | |||
| CVE-2026-41872 | high | 7.4 | 7.4 | 20d ago | "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notific… | |||
| CVE-2026-39850 | high | 7.4 | 7.4 | 21d ago | Yii 2: Local file inclusion via view parameter name collision | |||
| CVE-2026-34354 | high | 7.4 | 7.4 | 24d ago | Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directo… | |||
| CVE-2026-41506 | high | 7.4 | 7.4 | 24d ago | go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smar… | |||
| CVE-2026-40213 | high | 7.4 | 7.4 | 25d ago | OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless… | |||
| CVE-2026-42011 | high | 7.4 | 7.4 | 25d ago | RHSA-2026:20611: gnutls security update (Important) | |||
| CVE-2026-44511 | high | 7.4 | 7.4 | 25d ago | katalyst-koi: Session cookies can be replayed after user logout | |||
| CVE-2026-42246 | high | 7.4 | 7.4 | 28d ago | net-imap vulnerable to STARTTLS stripping via invalid response timing | |||
| CVE-2026-3833 | high | 7.4 | 7.4 | 1mo ago | RHSA-2026:20611: gnutls security update (Important) | |||
| CVE-2026-41603 | high | 7.4 | 7.4 | 1mo ago | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixe… | |||
| CVE-2026-41414 | high | 7.4 | 7.4 | 1mo ago | Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with … | |||
| CVE-2026-42035 | high | 7.4 | 7.4 | 1mo ago | Axios: Header Injection via Prototype Pollution | |||
| CVE-2026-42033 | high | 7.4 | 7.4 | 1mo ago | Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking | |||
| CVE-2026-33667 | high | 7.4 | 7.4 | 2mo ago | OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_authentication module has no rate limiting,… | |||
| CVE-2026-32589 | high | 7.4 | 7.4 | 2mo ago | A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users… | |||
| CVE-2026-34076 | high | 7.4 | 7.4 | 2mo ago | Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host | |||
| CVE-2026-5343 | high | 7.4 | 7.4 | 2mo ago | Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 befor… | |||
| CVE-2026-2618 | high | 7.4 | 7.4 | 3mo ago | A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is po… | |||
| CVE-2026-21932 | high | 7.4 | 7.4 | 4mo ago | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Jav… | |||
| CVE-2026-10243 | high | 7.3 | 7.3 | 57 min ago | A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authenticatio… | |||
| CVE-2026-10236 | high | 7.3 | 7.3 | 57 min ago | A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management… | |||
| CVE-2026-10227 | high | 7.3 | 7.3 | 5h ago | A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check… | |||
| CVE-2026-10226 | high | 7.3 | 7.3 | 5h ago | A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulatio… | |||
| CVE-2026-10225 | high | 7.3 | 7.3 | 5h ago | A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login_check.php o… | |||
| CVE-2026-10221 | high | 7.3 | 7.3 | 6h ago | A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injectio… | |||
| CVE-2026-10220 | high | 7.3 | 7.3 | 6h ago | A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lea… | |||
| CVE-2026-10219 | high | 7.3 | 7.3 | 6h ago | A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a… | |||
| CVE-2026-10214 | high | 7.3 | 7.3 | 7h ago | A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executin… | |||
| CVE-2026-10208 | high | 7.3 | 7.3 | 8h ago | A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function login_user of the file login_1.php. Executing a manipulation of the argument Username can lea… | |||
| CVE-2026-10186 | high | 7.3 | 7.3 | 20h ago | A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulati… | |||
| CVE-2026-10185 | high | 7.3 | 7.3 | 20h ago | A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argum… | |||
| CVE-2026-10184 | high | 7.3 | 7.3 | 20h ago | A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of th… | |||
| CVE-2026-10178 | high | 7.3 | 7.3 | 1d ago | A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID res… | |||
| CVE-2026-10167 | high | 7.3 | 7.3 | 1d ago | A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file appl… | |||
| CVE-2026-10157 | high | 7.3 | 7.3 | 1d ago | A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation le… | |||
| CVE-2026-10111 | high | 7.3 | 7.3 | 2d ago | A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injectio… | |||
| CVE-2026-10110 | high | 7.3 | 7.3 | 2d ago | A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in… | |||
| CVE-2026-10068 | high | 7.3 | 7.3 | 3d ago | A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side req… | |||
| CVE-2026-33462 | high | 7.3 | 7.3 | 4d ago | A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifi… | |||
| CVE-2026-30761 | high | 7.3 | 7.3 | 4d ago | An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file. | |||
| CVE-2026-30760 | high | 7.3 | 7.3 | 4d ago | An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call. | |||
| CVE-2026-37579 | high | 7.3 | 7.3 | 4d ago | An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component | |||
| CVE-2026-9795 | high | 7.3 | 7.3 | 4d ago | A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, in… | |||
| CVE-2026-44320 | high | 7.3 | 7.3 | 5d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbi… | |||
| CVE-2026-45932 | high | 7.3 | 7.3 | 5d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPF_PROG_DETACH on tcx o… | |||
| CVE-2026-42753 | high | 7.3 | 7.3 | 5d ago | Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: … | |||
| CVE-2026-42746 | high | 7.3 | 7.3 | 5d ago | Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online O… | |||
| CVE-2026-42745 | high | 7.3 | 7.3 | 5d ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order… | |||
| CVE-2026-48962 | high | 7.3 | 7.3 | 5d ago | IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in … | |||
| CVE-2026-48961 | high | 7.3 | 7.3 | 5d ago | IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decode_ux() in bin/… | |||
| CVE-2026-9605 | high | 7.3 | 7.3 | 5d ago | A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer ove… | |||
| CVE-2026-38427 | high | 7.3 | 7.3 | 5d ago | An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t varia… | |||
| CVE-2026-38426 | high | 7.3 | 7.3 | 5d ago | Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() fu… | |||
| CVE-2026-36540 | high | 7.3 | 7.3 | 5d ago | Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to … | |||
| CVE-2026-38422 | high | 7.3 | 7.3 | 5d ago | Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino, fetch_jpg() functio… | |||
| CVE-2026-8947 | high | 7.3 | 7.3 | 5d ago | RHSA-2026:21382: firefox security update (Important) | |||
| CVE-2026-37713 | high | 7.3 | 7.3 | 5d ago | An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php. | |||
| CVE-2026-36539 | high | 7.3 | 7.3 | 5d ago | Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the L… | |||
| CVE-2026-36538 | high | 7.3 | 7.3 | 5d ago | Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacke… | |||
| CVE-2026-36045 | high | 7.3 | 7.3 | 5d ago | picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a d… | |||
| CVE-2026-37712 | high | 7.3 | 7.3 | 5d ago | An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in fun… | |||
| CVE-2026-31266 | high | 7.3 | 7.3 | 5d ago | Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate). | |||
| CVE-2026-37711 | high | 7.3 | 7.3 | 5d ago | An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php | |||
| CVE-2026-9606 | high | 7.3 | 7.3 | 5d ago | A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection… | |||
| CVE-2026-44983 | high | 7.3 | 7.3 | 6d ago | smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocati… | |||
| CVE-2026-9584 | high | 7.3 | 7.3 | 6d ago | A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql in… | |||
| CVE-2026-9580 | high | 7.3 | 7.3 | 6d ago | A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access cont… | |||
| CVE-2026-9575 | high | 7.3 | 7.3 | 6d ago | A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulat… | |||
| CVE-2026-9574 | high | 7.3 | 7.3 | 6d ago | A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the a… | |||
| CVE-2026-9573 | high | 7.3 | 7.3 | 6d ago | A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation o… | |||
| CVE-2026-8835 | high | 7.3 | 7.3 | 6d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive informat… | |||
| CVE-2026-9562 | high | 7.3 | 7.3 | 6d ago | A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such mani… | |||
| CVE-2026-9552 | high | 7.3 | 7.3 | 6d ago | A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Valu… | |||
| CVE-2026-9551 | high | 7.3 | 7.3 | 6d ago | A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The … | |||
| CVE-2026-9550 | high | 7.3 | 7.3 | 6d ago | A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWE… |