CVEs from 2026
Total
13,917
critical
critical 1,208
high
high 4,525
medium
medium 4,362
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25370 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a … | |||
| CVE-2026-25006 | medium | 5.3 | 5.3 | 3mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4. | |||
| CVE-2026-23548 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a … | |||
| CVE-2026-23543 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issu… | |||
| CVE-2026-2672 | medium | 5.3 | 5.3 | 3mo ago | A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Pe… | |||
| CVE-2026-22796 | medium | 5.3 | 5.3 | 4mo ago | Important: openssl security update | |||
| CVE-2026-24633 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue … | |||
| CVE-2026-24619 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2026-24615 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a thro… | |||
| CVE-2026-24613 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2026-24612 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <=… | |||
| CVE-2026-24607 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a… | |||
| CVE-2026-24606 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: … | |||
| CVE-2026-24604 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… | |||
| CVE-2026-24603 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Lev… | |||
| CVE-2026-24583 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This i… | |||
| CVE-2026-24577 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a th… | |||
| CVE-2026-24568 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0. | |||
| CVE-2026-24562 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product R… | |||
| CVE-2026-24559 | medium | 5.3 | 5.3 | 4mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration … | |||
| CVE-2026-24556 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.… | |||
| CVE-2026-24539 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección … | |||
| CVE-2026-24536 | medium | 5.3 | 5.3 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affect… | |||
| CVE-2026-24530 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a t… | |||
| CVE-2026-24525 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: fro… | |||
| CVE-2026-24523 | medium | 5.3 | 5.3 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue aff… | |||
| CVE-2026-24380 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime:… | |||
| CVE-2026-24368 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | |||
| CVE-2026-24366 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2026-23974 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5. | |||
| CVE-2026-22469 | medium | 5.3 | 5.3 | 4mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a throu… | |||
| CVE-2026-22447 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1. | |||
| CVE-2026-22445 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a throu… | |||
| CVE-2026-22348 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Co… | |||
| CVE-2026-1196 | medium | 5.3 | 5.3 | 4mo ago | MineAdmin May Expose Sensitive Information to an Unauthorized Actor | |||
| CVE-2026-22486 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9. | |||
| CVE-2026-40001 | medium | 5.2 | 5.2 | 27d ago | There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traver… | |||
| CVE-2026-42077 | medium | 5.2 | 5.2 | 28d ago | Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations | |||
| CVE-2026-41662 | medium | 5.2 | 5.2 | 1mo ago | Admidio Missing Minimum Administrator Check in Role Membership Removal | |||
| CVE-2026-35244 | medium | 5.2 | 5.2 | 1mo ago | Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.24.0.000. Easily exploita… | |||
| CVE-2026-32591 | medium | 5.2 | 5.2 | 2mo ago | A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the spec… | |||
| CVE-2026-3503 | medium | 5.2 | 5.2 | 2mo ago | Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cry… | |||
| CVE-2026-47271 | medium | 5.1 | 5.1 | 5d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(dat… | |||
| CVE-2026-2607 | medium | 5.1 | 5.1 | 6d ago | IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied M… | |||
| CVE-2026-8672 | medium | 5.1 | 5.1 | 11d ago | Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0. | |||
| CVE-2026-5091 | medium | 5.1 | 5.1 | 11d ago | Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess… | |||
| CVE-2026-23868 | medium | 5.1 | 5.1 | 14d ago | Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult b… | |||
| CVE-2026-42371 | medium | 5.1 | 5.1 | 1mo ago | uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | |||
| CVE-2026-40337 | medium | 5.1 | 5.1 | 2mo ago | The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task… | |||
| CVE-2026-6654 | medium | 5.1 | 5.1 | 2mo ago | Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. | |||
| CVE-2026-49433 | medium | 5.0 | 5.0 | 8h ago | The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacke… | |||
| CVE-2026-49138 | medium | 5.0 | 5.0 | 8h ago | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL th… | |||
| CVE-2026-10275 | medium | 5.0 | 5.0 | 10h ago | A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation … | |||
| CVE-2026-10533 | medium | 5.0 | 5.0 | 12h ago | A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged u… | |||
| CVE-2026-6892 | medium | 5.0 | 5.0 | 4d ago | Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installat… | |||
| CVE-2026-6891 | medium | 5.0 | 5.0 | 4d ago | Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic lin… | |||
| CVE-2026-9980 | medium | 5.0 | 5.0 | 4d ago | Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a craft… | |||
| CVE-2026-9979 | medium | 5.0 | 5.0 | 4d ago | Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted … | |||
| CVE-2026-9942 | medium | 5.0 | 5.0 | 4d ago | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-9903 | medium | 5.0 | 5.0 | 4d ago | Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a… | |||
| CVE-2026-10010 | medium | 5.0 | 5.0 | 4d ago | Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTM… | |||
| CVE-2026-46526 | medium | 5.0 | 5.0 | 4d ago | Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attac… | |||
| CVE-2026-44972 | medium | 5.0 | 5.0 | 6d ago | GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-read… | |||
| CVE-2026-41704 | medium | 5.0 | 5.0 | 6d ago | AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338… | |||
| CVE-2026-9568 | medium | 5.0 | 5.0 | 6d ago | A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. Th… | |||
| CVE-2026-9304 | medium | 5.0 | 5.0 | 10d ago | A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The ma… | |||
| CVE-2026-9245 | medium | 5.0 | 5.0 | 10d ago | Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a craft… | |||
| CVE-2026-46561 | medium | 5.0 | 5.0 | 11d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An… | |||
| CVE-2026-44073 | medium | 5.0 | 5.0 | 12d ago | Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error condition… | |||
| CVE-2026-45443 | medium | 5.0 | 5.0 | 13d ago | Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affect… | |||
| CVE-2026-33234 | medium | 5.0 | 5.0 | 14d ago | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen… | |||
| CVE-2026-6333 | medium | 5.0 | 5.0 | 15d ago | Mattermost doesn't validate the Host header when constructing response URLs for custom slash command | |||
| CVE-2026-44550 | medium | 5.0 | 5.0 | 17d ago | Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts | |||
| CVE-2026-41051 | medium | 5.0 | 5.0 | 20d ago | csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. | |||
| CVE-2026-41195 | medium | 5.0 | 5.0 | 20d ago | mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker… | |||
| CVE-2026-43979 | medium | 5.0 | 5.0 | 21d ago | Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled value… | |||
| CVE-2026-45003 | medium | 5.0 | 5.0 | 21d ago | OpenClaw: Workspace dotenv files cannot override connector endpoint hosts | |||
| CVE-2026-45000 | medium | 5.0 | 5.0 | 21d ago | OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing… | |||
| CVE-2026-44992 | medium | 5.0 | 5.0 | 21d ago | OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests | |||
| CVE-2026-41648 | medium | 5.0 | 5.0 | 26d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This wa… | |||
| CVE-2026-8009 | medium | 5.0 | 5.0 | 26d ago | Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML pa… | |||
| CVE-2026-7317 | medium | 5.0 | 5.0 | 27d ago | Grav has Insecure Deserialization in File Cache | |||
| CVE-2026-35527 | medium | 5.0 | 5.0 | 27d ago | Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request a… | |||
| CVE-2026-7778 | medium | 5.0 | 5.0 | 28d ago | An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, an… | |||
| CVE-2026-7724 | medium | 5.0 | 5.0 | 29d ago | Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url | |||
| CVE-2026-7688 | medium | 5.0 | 5.0 | 1mo ago | Dolibarr has an Injection issue | |||
| CVE-2026-22726 | medium | 5.0 | 5.0 | 1mo ago | Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure… | |||
| CVE-2026-36764 | medium | 5.0 | 5.0 | 1mo ago | A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request. | |||
| CVE-2026-42424 | medium | 5.0 | 5.0 | 1mo ago | OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration | |||
| CVE-2026-41367 | medium | 5.0 | 5.0 | 1mo ago | OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component action… | |||
| CVE-2026-7085 | medium | 5.0 | 5.0 | 1mo ago | A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp End… | |||
| CVE-2026-41338 | medium | 5.0 | 5.0 | 1mo ago | OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act pattern… | |||
| CVE-2026-35372 | medium | 5.0 | 5.0 | 1mo ago | A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is explicitly provided. The implementation pre… | |||
| CVE-2026-6845 | medium | 5.0 | 5.0 | 1mo ago | A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially c… | |||
| CVE-2026-34319 | medium | 5.0 | 5.0 | 1mo ago | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vuln… | |||
| CVE-2026-34317 | medium | 5.0 | 5.0 | 1mo ago | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vuln… | |||
| CVE-2026-4583 | medium | 5.0 | 5.0 | 2mo ago | A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation result… | |||
| CVE-2026-4582 | medium | 5.0 | 5.0 | 2mo ago | A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation le… | |||
| CVE-2026-32442 | medium | 5.0 | 5.0 | 3mo ago | Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15. | |||
| CVE-2026-10074 | medium | 4.9 | 4.9 | 4d ago | DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files. |