CVEs from 2026
Total
14,064
critical
critical 1,226
high
high 4,619
medium
medium 4,430
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-49138 | medium | 5.0 | 5.0 | 1d ago | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL th… | |||
| CVE-2026-10275 | medium | 5.0 | 5.0 | 1d ago | A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation … | |||
| CVE-2026-10533 | medium | 5.0 | 5.0 | 1d ago | A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged u… | |||
| CVE-2026-6892 | medium | 5.0 | 5.0 | 5d ago | Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installat… | |||
| CVE-2026-6891 | medium | 5.0 | 5.0 | 5d ago | Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic lin… | |||
| CVE-2026-9980 | medium | 5.0 | 5.0 | 5d ago | Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a craft… | |||
| CVE-2026-9979 | medium | 5.0 | 5.0 | 5d ago | Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted … | |||
| CVE-2026-9942 | medium | 5.0 | 5.0 | 5d ago | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-9903 | medium | 5.0 | 5.0 | 5d ago | Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a… | |||
| CVE-2026-10010 | medium | 5.0 | 5.0 | 5d ago | Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTM… | |||
| CVE-2026-46526 | medium | 5.0 | 5.0 | 5d ago | Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attac… | |||
| CVE-2026-44972 | medium | 5.0 | 5.0 | 6d ago | GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-read… | |||
| CVE-2026-41704 | medium | 5.0 | 5.0 | 7d ago | AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338… | |||
| CVE-2026-9568 | medium | 5.0 | 5.0 | 7d ago | A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. Th… | |||
| CVE-2026-9304 | medium | 5.0 | 5.0 | 10d ago | A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The ma… | |||
| CVE-2026-9245 | medium | 5.0 | 5.0 | 11d ago | Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a craft… | |||
| CVE-2026-46561 | medium | 5.0 | 5.0 | 12d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An… | |||
| CVE-2026-44073 | medium | 5.0 | 5.0 | 13d ago | Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error condition… | |||
| CVE-2026-45443 | medium | 5.0 | 5.0 | 13d ago | Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affect… | |||
| CVE-2026-33234 | medium | 5.0 | 5.0 | 15d ago | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen… | |||
| CVE-2026-6333 | medium | 5.0 | 5.0 | 15d ago | Mattermost doesn't validate the Host header when constructing response URLs for custom slash command | |||
| CVE-2026-44550 | medium | 5.0 | 5.0 | 18d ago | Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts | |||
| CVE-2026-41051 | medium | 5.0 | 5.0 | 20d ago | csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. | |||
| CVE-2026-41195 | medium | 5.0 | 5.0 | 21d ago | mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker… | |||
| CVE-2026-43979 | medium | 5.0 | 5.0 | 22d ago | Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled value… | |||
| CVE-2026-45003 | medium | 5.0 | 5.0 | 22d ago | OpenClaw: Workspace dotenv files cannot override connector endpoint hosts | |||
| CVE-2026-45000 | medium | 5.0 | 5.0 | 22d ago | OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing… | |||
| CVE-2026-44992 | medium | 5.0 | 5.0 | 22d ago | OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests | |||
| CVE-2026-41648 | medium | 5.0 | 5.0 | 26d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This wa… | |||
| CVE-2026-8009 | medium | 5.0 | 5.0 | 27d ago | Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML pa… | |||
| CVE-2026-7317 | medium | 5.0 | 5.0 | 28d ago | Grav has Insecure Deserialization in File Cache | |||
| CVE-2026-35527 | medium | 5.0 | 5.0 | 28d ago | Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request a… | |||
| CVE-2026-7778 | medium | 5.0 | 5.0 | 28d ago | An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, an… | |||
| CVE-2026-7724 | medium | 5.0 | 5.0 | 1mo ago | Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url | |||
| CVE-2026-7688 | medium | 5.0 | 5.0 | 1mo ago | Dolibarr has an Injection issue | |||
| CVE-2026-22726 | medium | 5.0 | 5.0 | 1mo ago | Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure… | |||
| CVE-2026-36764 | medium | 5.0 | 5.0 | 1mo ago | A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request. | |||
| CVE-2026-42424 | medium | 5.0 | 5.0 | 1mo ago | OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration | |||
| CVE-2026-41367 | medium | 5.0 | 5.0 | 1mo ago | OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component action… | |||
| CVE-2026-7085 | medium | 5.0 | 5.0 | 1mo ago | A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp End… | |||
| CVE-2026-41338 | medium | 5.0 | 5.0 | 1mo ago | OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act pattern… | |||
| CVE-2026-35372 | medium | 5.0 | 5.0 | 1mo ago | A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is explicitly provided. The implementation pre… | |||
| CVE-2026-6845 | medium | 5.0 | 5.0 | 1mo ago | A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially c… | |||
| CVE-2026-34319 | medium | 5.0 | 5.0 | 1mo ago | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vuln… | |||
| CVE-2026-34317 | medium | 5.0 | 5.0 | 1mo ago | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vuln… | |||
| CVE-2026-4583 | medium | 5.0 | 5.0 | 2mo ago | A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation result… | |||
| CVE-2026-4582 | medium | 5.0 | 5.0 | 2mo ago | A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation le… | |||
| CVE-2026-32442 | medium | 5.0 | 5.0 | 3mo ago | Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15. | |||
| CVE-2026-10074 | medium | 4.9 | 4.9 | 4d ago | DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files. | |||
| CVE-2026-10039 | medium | 4.9 | 4.9 | 4d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on th… | |||
| CVE-2026-9801 | medium | 4.9 | 4.9 | 6d ago | A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromi… | |||
| CVE-2026-6957 | medium | 4.9 | 4.9 | 6d ago | Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federat… | |||
| CVE-2026-40826 | medium | 4.9 | 4.9 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command. Th… | |||
| CVE-2026-40822 | medium | 4.9 | 4.9 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL SELECT command.… | |||
| CVE-2026-40821 | medium | 4.9 | 4.9 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command.… | |||
| CVE-2026-7618 | medium | 4.9 | 4.9 | 7d ago | The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to in… | |||
| CVE-2026-41917 | medium | 4.9 | 4.9 | 7d ago | OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying… | |||
| CVE-2026-27346 | medium | 4.9 | 4.9 | 8d ago | Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10. | |||
| CVE-2026-42797 | medium | 4.9 | 4.9 | 8d ago | Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which a… | |||
| CVE-2026-4811 | medium | 4.9 | 4.9 | 13d ago | The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all version… | |||
| CVE-2026-7472 | medium | 4.9 | 4.9 | 14d ago | The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_s… | |||
| CVE-2026-37978 | medium | 4.9 | 4.9 | 14d ago | A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) para… | |||
| CVE-2026-45684 | medium | 4.9 | 4.9 | 15d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by readi… | |||
| CVE-2026-45731 | medium | 4.9 | 4.9 | 15d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line executi… | |||
| CVE-2026-7046 | medium | 4.9 | 4.9 | 18d ago | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to … | |||
| CVE-2026-45054 | medium | 4.9 | 4.9 | 20d ago | CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page (admin.php?_g=orders&node=transactions) builds a raw ORDER BY SQL fragment from the attacker-con… | |||
| CVE-2026-42780 | medium | 4.9 | 4.9 | 20d ago | A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. Note: Software … | |||
| CVE-2026-42063 | medium | 4.9 | 4.9 | 20d ago | A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files. Note: Software versions which have reached… | |||
| CVE-2026-41954 | medium | 4.9 | 4.9 | 20d ago | Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator rol… | |||
| CVE-2026-44874 | medium | 4.9 | 4.9 | 21d ago | A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Succe… | |||
| CVE-2026-3604 | medium | 4.9 | 4.9 | 21d ago | The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab` parameter in all versions up to, and including, 2.8.1 due to insufficien… | |||
| CVE-2026-42600 | medium | 4.9 | 4.9 | 22d ago | MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint | |||
| CVE-2026-28967 | medium | 4.9 | 4.9 | 22d ago | iOS 18.7.7 and iPadOS 18.7.7 | |||
| CVE-2026-42886 | medium | 4.9 | 4.9 | 22d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely … | |||
| CVE-2026-42876 | medium | 4.9 | 4.9 | 22d ago | ExternalSecrets vulnerable to privilege escalation with secret overwriting | |||
| CVE-2026-42295 | medium | 4.9 | 4.9 | 25d ago | Argo vulnerable to exposure of artifact repository credentials | |||
| CVE-2026-44298 | medium | 4.9 | 4.9 | 25d ago | Kimai has an arbitrary file read in its invoice PDF renderer (admin) | |||
| CVE-2026-6344 | medium | 4.9 | 4.9 | 28d ago | The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments() method of EmailNo… | |||
| CVE-2026-6418 | medium | 4.9 | 4.9 | 29d ago | An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchr… | |||
| CVE-2026-1921 | medium | 4.9 | 4.9 | 29d ago | The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `fsReference` AJAX route. This is due to the `findSourceFile()` method norm… | |||
| CVE-2026-6948 | medium | 4.9 | 4.9 | 1mo ago | Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server … | |||
| CVE-2026-37505 | medium | 4.9 | 4.9 | 1mo ago | SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) wit… | |||
| CVE-2026-41657 | medium | 4.9 | 4.9 | 1mo ago | Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php | |||
| CVE-2026-0206 | medium | 4.9 | 4.9 | 1mo ago | A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall. | |||
| CVE-2026-41887 | medium | 4.9 | 4.9 | 1mo ago | Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577) | |||
| CVE-2026-33611 | medium | 4.9 | 4.9 | 1mo ago | An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend. | |||
| CVE-2026-6416 | medium | 4.9 | 4.9 | 1mo ago | Tanium addressed an uncontrolled resource consumption vulnerability in Interact. | |||
| CVE-2026-31927 | medium | 4.9 | 4.9 | 2mo ago | Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with deb… | |||
| CVE-2026-34164 | medium | 4.9 | 4.9 | 2mo ago | Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService | |||
| CVE-2026-39961 | medium | 4.9 | 4.9 | 2mo ago | Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource | |||
| CVE-2026-39631 | medium | 4.9 | 4.9 | 2mo ago | Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a… | |||
| CVE-2026-31850 | medium | 4.9 | 4.9 | 2mo ago | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuratio… | |||
| CVE-2026-32828 | medium | 4.9 | 4.9 | 3mo ago | Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo | |||
| CVE-2026-29516 | medium | 4.9 | 4.9 | 3mo ago | Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading … | |||
| CVE-2026-1884 | medium | 4.9 | 4.9 | 4mo ago | A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation cau… | |||
| CVE-2026-24356 | medium | 4.9 | 4.9 | 4mo ago | Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0. | |||
| CVE-2026-22482 | medium | 4.9 | 4.9 | 4mo ago | Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12. | |||
| CVE-2026-49381 | medium | 4.8 | 4.8 | 4d ago | In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible | |||
| CVE-2026-34127 | medium | 4.8 | 4.8 | 4d ago | A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration paramete… | |||
| CVE-2026-10058 | medium | 4.8 | 4.8 | 4d ago | ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed … |