CVEs from 2026
Total
13,520
critical
critical 1,179
high
high 4,314
medium
medium 4,203
low
low 456
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 418
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9552 | high | 7.3 | 7.3 | 6d ago | A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Valu… | |||
| CVE-2026-9551 | high | 7.3 | 7.3 | 6d ago | A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The … | |||
| CVE-2026-9550 | high | 7.3 | 7.3 | 6d ago | A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWE… | |||
| CVE-2026-9544 | high | 7.3 | 7.3 | 6d ago | A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. … | |||
| CVE-2026-9495 | high | 7.3 | 7.3 | 6d ago | Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix … | |||
| CVE-2026-9528 | high | 7.3 | 7.3 | 6d ago | A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to … | |||
| CVE-2026-9526 | high | 7.3 | 7.3 | 6d ago | A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in s… | |||
| CVE-2026-9525 | high | 7.3 | 7.3 | 6d ago | A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql in… | |||
| CVE-2026-9523 | high | 7.3 | 7.3 | 6d ago | A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /Subs… | |||
| CVE-2026-9521 | high | 7.3 | 7.3 | 6d ago | A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h. Such manipulation leads to … | |||
| CVE-2026-9517 | high | 7.3 | 7.3 | 7d ago | A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student M… | |||
| CVE-2026-8090 | high | 7.3 | 7.3 | 7d ago | RHSA-2026:20566: firefox security update (Important) | |||
| CVE-2026-9474 | high | 7.3 | 7.3 | 7d ago | A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirm_logged_in of the file /studentdel.… | |||
| CVE-2026-9470 | high | 7.3 | 7.3 | 7d ago | A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm_logged_in of the file student_trans.… | |||
| CVE-2026-9469 | high | 7.3 | 7.3 | 7d ago | A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipul… | |||
| CVE-2026-9465 | high | 7.3 | 7.3 | 7d ago | A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation … | |||
| CVE-2026-9453 | high | 7.3 | 7.3 | 7d ago | A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component Ski… | |||
| CVE-2026-9452 | high | 7.3 | 7.3 | 7d ago | A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.… | |||
| CVE-2026-9447 | high | 7.3 | 7.3 | 7d ago | A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Na… | |||
| CVE-2026-9422 | high | 7.3 | 7.3 | 7d ago | A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. T… | |||
| CVE-2026-9421 | high | 7.3 | 7.3 | 7d ago | A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrest… | |||
| CVE-2026-9383 | high | 7.3 | 7.3 | 8d ago | A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql… | |||
| CVE-2026-9372 | high | 7.3 | 7.3 | 8d ago | A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of th… | |||
| CVE-2026-9368 | high | 7.3 | 7.3 | 8d ago | A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Hand… | |||
| CVE-2026-9367 | high | 7.3 | 7.3 | 8d ago | A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the com… | |||
| CVE-2026-9364 | high | 7.3 | 7.3 | 8d ago | A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is an unknown function of the file /admin/adminHome.php. Executing a manipulation of the argument social_linked can lead t… | |||
| CVE-2026-9366 | high | 7.3 | 7.3 | 8d ago | A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection… | |||
| CVE-2026-9356 | high | 7.3 | 7.3 | 8d ago | A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of… | |||
| CVE-2026-9355 | high | 7.3 | 7.3 | 8d ago | A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manip… | |||
| CVE-2026-9353 | high | 7.3 | 7.3 | 8d ago | A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Pro… | |||
| CVE-2026-9350 | high | 7.3 | 7.3 | 8d ago | A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manip… | |||
| CVE-2026-37470 | high | 7.3 | 7.3 | 10d ago | An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components | |||
| CVE-2026-36228 | high | 7.3 | 7.3 | 10d ago | Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality | |||
| CVE-2026-43497 | high | 7.3 | 7.3 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free dlfb_ops_mmap() uses remap_pfn_range() to map vmalloc framebu… | |||
| CVE-2026-39250 | high | 7.3 | 7.3 | 13d ago | An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations. | |||
| CVE-2026-29226 | high | 7.3 | 7.3 | 13d ago | Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.0… | |||
| CVE-2026-22069 | high | 7.3 | 7.3 | 13d ago | A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. | |||
| CVE-2026-7322 | high | 7.3 | 7.3 | 14d ago | RHSA-2026:20586: thunderbird security update (Important) | |||
| CVE-2026-2291 | high | 7.3 | 7.3 | 14d ago | RHSA-2026:20589: dnsmasq security update (Important) | |||
| CVE-2026-7323 | high | 7.3 | 7.3 | 14d ago | RHSA-2026:20586: thunderbird security update (Important) | |||
| CVE-2026-26462 | high | 7.3 | 7.3 | 14d ago | Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation… | |||
| CVE-2026-8788 | high | 7.3 | 7.3 | 14d ago | Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sour… | |||
| CVE-2026-8785 | high | 7.3 | 7.3 | 14d ago | A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Param… | |||
| CVE-2026-8771 | high | 7.3 | 7.3 | 15d ago | org.linlinjava:litemall-wx-api has an Injection issue | |||
| CVE-2026-8768 | high | 7.3 | 7.3 | 15d ago | A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils.… | |||
| CVE-2026-8759 | high | 7.3 | 7.3 | 15d ago | Beetl's SpELFunction extension function has an expression injection risk | |||
| CVE-2026-8758 | high | 7.3 | 7.3 | 15d ago | A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lea… | |||
| CVE-2026-8756 | high | 7.3 | 7.3 | 15d ago | A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the comp… | |||
| CVE-2026-8755 | high | 7.3 | 7.3 | 15d ago | A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handl… | |||
| CVE-2026-8734 | high | 7.3 | 7.3 | 15d ago | A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulatio… | |||
| CVE-2026-8725 | high | 7.3 | 7.3 | 15d ago | A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation cau… | |||
| CVE-2026-8700 | high | 7.3 | 7.3 | 17d ago | Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. | |||
| CVE-2026-44721 | high | 7.3 | 7.3 | 17d ago | open-webui Vulnerable to Stored XSS via Model Description | |||
| CVE-2026-45364 | high | 7.3 | 7.3 | 17d ago | Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it rece… | |||
| CVE-2026-39054 | high | 7.3 | 7.3 | 17d ago | Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce… | |||
| CVE-2026-24712 | high | 7.3 | 7.3 | 18d ago | Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. | |||
| CVE-2026-37430 | high | 7.3 | 7.3 | 19d ago | An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2026-35433 | high | 7.3 | 7.3 | 20d ago | <p>Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-32177 | high | 7.3 | 7.3 | 20d ago | <p>Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-5089 | high | 7.3 | 7.3 | 20d ago | YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. Whe… | |||
| CVE-2026-42498 | high | 7.3 | 7.3 | 20d ago | Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1… | |||
| CVE-2026-43939 | high | 7.3 | 7.3 | 20d ago | YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers | |||
| CVE-2026-8390 | high | 7.3 | 7.3 | 20d ago | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3. | |||
| CVE-2026-8389 | high | 7.3 | 7.3 | 20d ago | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. | |||
| CVE-2026-0804 | high | 7.3 | 7.3 | 20d ago | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axi… | |||
| CVE-2026-0802 | high | 7.3 | 7.3 | 20d ago | An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis d… | |||
| CVE-2026-0541 | high | 7.3 | 7.3 | 20d ago | ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited … | |||
| CVE-2026-43887 | high | 7.3 | 7.3 | 21d ago | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, the Outline comment section permits users to mention other users; however, the backend does not validate or san… | |||
| CVE-2026-37630 | high | 7.3 | 7.3 | 21d ago | An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function | |||
| CVE-2026-8321 | high | 7.3 | 7.3 | 21d ago | A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. P… | |||
| CVE-2026-31253 | high | 7.3 | 7.3 | 21d ago | flash-attention contains an insecure deserialization vulnerability in its checkpoint loading mechanism | |||
| CVE-2026-5172 | high | 7.3 | 7.3 | 21d ago | A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc… | |||
| CVE-2026-44995 | high | 7.3 | 7.3 | 21d ago | OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config | |||
| CVE-2026-36983 | high | 7.3 | 7.3 | 21d ago | D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection. | |||
| CVE-2026-36962 | high | 7.3 | 7.3 | 21d ago | SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution… | |||
| CVE-2026-31254 | high | 7.3 | 7.3 | 21d ago | The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The script registers the Python … | |||
| CVE-2026-31251 | high | 7.3 | 7.3 | 21d ago | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads… | |||
| CVE-2026-31250 | high | 7.3 | 7.3 | 21d ago | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads… | |||
| CVE-2026-31249 | high | 7.3 | 7.3 | 21d ago | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script l… | |||
| CVE-2026-44338 | high | 7.3 | 7.3 | 21d ago | PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution | |||
| CVE-2026-6433 | high | 7.3 | 7.3 | 21d ago | The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execut… | |||
| CVE-2026-43655 | high | 7.3 | 7.3 | 22d ago | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected s… | |||
| CVE-2026-43656 | high | 7.3 | 7.3 | 22d ago | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, ma… | |||
| CVE-2026-8216 | high | 7.3 | 7.3 | 22d ago | A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. … | |||
| CVE-2026-44567 | high | 7.3 | 7.3 | 24d ago | Open WebUI has Improper Authorization Control | |||
| CVE-2026-43459 | high | 7.3 | 7.3 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a us… | |||
| CVE-2026-8133 | high | 7.3 | 7.3 | 24d ago | A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Fileli… | |||
| CVE-2026-8132 | high | 7.3 | 7.3 | 24d ago | A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. T… | |||
| CVE-2026-8131 | high | 7.3 | 7.3 | 24d ago | A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql … | |||
| CVE-2026-8130 | high | 7.3 | 7.3 | 24d ago | A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injecti… | |||
| CVE-2026-8129 | high | 7.3 | 7.3 | 24d ago | A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can… | |||
| CVE-2026-8128 | high | 7.3 | 7.3 | 24d ago | A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid result… | |||
| CVE-2026-8126 | high | 7.3 | 7.3 | 24d ago | A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remot… | |||
| CVE-2026-6411 | high | 7.3 | 7.3 | 25d ago | This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to t… | |||
| CVE-2026-8098 | high | 7.3 | 7.3 | 25d ago | A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sq… | |||
| CVE-2026-8083 | high | 7.3 | 7.3 | 25d ago | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results i… | |||
| CVE-2026-8032 | high | 7.3 | 7.3 | 26d ago | A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KE… | |||
| CVE-2026-40110 | high | 7.3 | 7.3 | 27d ago | Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr) | |||
| CVE-2026-29168 | high | 7.3 | 7.3 | 27d ago | Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users a… | |||
| CVE-2026-43870 | high | 7.3 | 7.3 | 27d ago | Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption |