CVEs from 2026
Total
13,570
critical
critical 1,185
high
high 4,339
medium
medium 4,230
low
low 458
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 434
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1971 | medium | 4.8 | 4.8 | 4mo ago | A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cro… | |||
| CVE-2026-1744 | medium | 4.8 | 4.8 | 4mo ago | A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in … | |||
| CVE-2026-21925 | medium | 4.8 | 4.8 | 4mo ago | RHSA-2026:4832: java-1.8.0-ibm security update (Important) | |||
| CVE-2026-0730 | medium | 4.8 | 4.8 | 5mo ago | A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG… | |||
| CVE-2026-10248 | medium | 4.7 | 4.7 | 5h ago | A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create_supplier of the file /Export_csv/export of the component Supplie… | |||
| CVE-2026-10237 | medium | 4.7 | 4.7 | 7h ago | A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user of the component User Management Module. Per… | |||
| CVE-2026-10171 | medium | 4.7 | 4.7 | 1d ago | A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to … | |||
| CVE-2026-10155 | medium | 4.7 | 4.7 | 2d ago | A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accou… | |||
| CVE-2026-10070 | medium | 4.7 | 4.7 | 3d ago | A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results … | |||
| CVE-2026-9818 | medium | 4.7 | 4.7 | 4d ago | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||
| CVE-2026-49059 | medium | 4.7 | 4.7 | 5d ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0. | |||
| CVE-2026-9609 | medium | 4.7 | 4.7 | 6d ago | A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remot… | |||
| CVE-2026-24199 | medium | 4.7 | 4.7 | 6d ago | NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of… | |||
| CVE-2026-9464 | medium | 4.7 | 4.7 | 7d ago | A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such man… | |||
| CVE-2026-9446 | medium | 4.7 | 4.7 | 7d ago | A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argume… | |||
| CVE-2026-9444 | medium | 4.7 | 4.7 | 7d ago | A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler.… | |||
| CVE-2026-9423 | medium | 4.7 | 4.7 | 7d ago | A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument comma… | |||
| CVE-2026-20199 | medium | 4.7 | 4.7 | 12d ago | A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the roo… | |||
| CVE-2026-43163 | medium | 4.7 | 4.7 | 13d ago | RHSA-2026:21745: kernel-rt security update (Important) | |||
| CVE-2026-32848 | medium | 4.7 | 4.7 | 14d ago | NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently… | |||
| CVE-2026-8773 | medium | 4.7 | 4.7 | 15d ago | A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall… | |||
| CVE-2026-8772 | medium | 4.7 | 4.7 | 15d ago | A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can … | |||
| CVE-2026-44428 | medium | 4.7 | 4.7 | 18d ago | MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience | |||
| CVE-2026-45366 | medium | 4.7 | 4.7 | 18d ago | typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency bet… | |||
| CVE-2026-8565 | medium | 4.7 | 4.7 | 18d ago | Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafte… | |||
| CVE-2026-44581 | medium | 4.7 | 4.7 | 19d ago | Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces | |||
| CVE-2026-5061 | medium | 4.7 | 4.7 | 20d ago | The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) … | |||
| CVE-2026-34258 | medium | 4.7 | 4.7 | 21d ago | SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicki… | |||
| CVE-2026-27682 | medium | 4.7 | 4.7 | 21d ago | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that … | |||
| CVE-2026-28830 | medium | 4.7 | 4.7 | 21d ago | A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | |||
| CVE-2026-8320 | medium | 4.7 | 4.7 | 21d ago | A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of … | |||
| CVE-2026-44659 | medium | 4.7 | 4.7 | 21d ago | Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the a… | |||
| CVE-2026-28992 | medium | 4.7 | 4.7 | 22d ago | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS … | |||
| CVE-2026-43659 | medium | 4.7 | 4.7 | 22d ago | A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, … | |||
| CVE-2026-8211 | medium | 4.7 | 4.7 | 23d ago | A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JS… | |||
| CVE-2026-43448 | medium | 4.7 | 4.7 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix race bug in nvme_poll_irqdisable() In the following scenario, pdev can be disabled between (1) and (3) by (2). This… | |||
| CVE-2026-43439 | medium | 4.7 | 4.7 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a css_set, cgroup_migrate_add_task() first m… | |||
| CVE-2026-43430 | medium | 4.7 | 4.7 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before … | |||
| CVE-2026-43420 | medium | 4.7 | 4.7 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix i_nlink underrun during async unlink During async unlink, we drop the `i_nlink` counter before we receive the completio… | |||
| CVE-2026-43415 | medium | 4.7 | 4.7 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend In __ufshcd_wl_suspend(), cancel_delayed_work_sync() is calle… | |||
| CVE-2026-43342 | medium | 4.7 | 4.7 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as … | |||
| CVE-2026-44661 | medium | 4.7 | 4.7 | 25d ago | utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol | |||
| CVE-2026-41692 | medium | 4.7 | 4.7 | 25d ago | i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens inside src and… | |||
| CVE-2026-43275 | medium | 4.7 | 4.7 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly… | |||
| CVE-2026-43121 | medium | 4.7 | 4.7 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_ref race between scrub and refill paths The io_zcrx_put_niov_uref() function uses a non-atomic check-then… | |||
| CVE-2026-35253 | medium | 4.7 | 4.7 | 26d ago | Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker w… | |||
| CVE-2026-7697 | medium | 4.7 | 4.7 | 29d ago | A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand_submit.php. This manipulation of the argument ID causes… | |||
| CVE-2026-7673 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of t… | |||
| CVE-2026-7612 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql i… | |||
| CVE-2026-43053 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfs_attr3_n… | |||
| CVE-2026-31751 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardw… | |||
| CVE-2026-31728 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop A race condition between gether_disconnect() and eth_stop()… | |||
| CVE-2026-7578 | medium | 4.7 | 4.7 | 1mo ago | A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. E… | |||
| CVE-2026-7553 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The manipulation of the argumen… | |||
| CVE-2026-41226 | medium | 4.7 | 4.7 | 1mo ago | Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary webs… | |||
| CVE-2026-7409 | medium | 4.7 | 4.7 | 1mo ago | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql inject… | |||
| CVE-2026-7408 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation r… | |||
| CVE-2026-7407 | medium | 4.7 | 4.7 | 1mo ago | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save… | |||
| CVE-2026-7394 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parame… | |||
| CVE-2026-7393 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performin… | |||
| CVE-2026-7388 | medium | 4.7 | 4.7 | 1mo ago | A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a m… | |||
| CVE-2026-7293 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete_category of the file /admin/ajax.php?action=delete_category. The manipulation of the argum… | |||
| CVE-2026-7283 | medium | 4.7 | 4.7 | 1mo ago | A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save_expired of the file /ajax.php?action=save_expired. The manipulation of th… | |||
| CVE-2026-7282 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the… | |||
| CVE-2026-7238 | medium | 4.7 | 4.7 | 1mo ago | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unres… | |||
| CVE-2026-7134 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unre… | |||
| CVE-2026-7133 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unres… | |||
| CVE-2026-7083 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of th… | |||
| CVE-2026-7028 | medium | 4.7 | 4.7 | 1mo ago | A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Perf… | |||
| CVE-2026-6984 | medium | 4.7 | 4.7 | 1mo ago | AstrBot has Incomplete Filtering of Special Elements | |||
| CVE-2026-6983 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url … | |||
| CVE-2026-6978 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sq… | |||
| CVE-2026-41244 | medium | 4.7 | 4.7 | 1mo ago | Mojic: Observable Timing Discrepancy in HMAC Verification | |||
| CVE-2026-31572 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the com… | |||
| CVE-2026-31535 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_i… | |||
| CVE-2026-31523 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during… | |||
| CVE-2026-31466 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't locked in softleaf_to_folio() On arm64 server, we found folio that get from migration entry isn't… | |||
| CVE-2026-31456 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk_pud_range() can race with a concu… | |||
| CVE-2026-6652 | medium | 4.7 | 4.7 | 1mo ago | A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. Th… | |||
| CVE-2026-6650 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation lead… | |||
| CVE-2026-6561 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filen… | |||
| CVE-2026-40301 | medium | 4.7 | 4.7 | 2mo ago | rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives | |||
| CVE-2026-20060 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is du… | |||
| CVE-2026-6220 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handl… | |||
| CVE-2026-5987 | medium | 4.7 | 4.7 | 2mo ago | A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/c… | |||
| CVE-2026-5848 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Dat… | |||
| CVE-2026-5840 | medium | 4.7 | 4.7 | 2mo ago | A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Usernam… | |||
| CVE-2026-5839 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescrip… | |||
| CVE-2026-5838 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername ca… | |||
| CVE-2026-35613 | medium | 4.7 | 4.7 | 2mo ago | coursevault-preview has a path traversal due to improper base-directory boundary validation | |||
| CVE-2026-5576 | medium | 4.7 | 4.7 | 2mo ago | A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manip… | |||
| CVE-2026-23469 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU The runtime PM suspend callback doesn't know whether the IRQ ha… | |||
| CVE-2026-23463 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qman_destroy_fq When QMAN_FQ_FLAG_DYNAMIC_FQID is set, there's a race condition between fq… | |||
| CVE-2026-23452 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pm_runtime_work() may dereference the dev->pare… | |||
| CVE-2026-5417 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. Thi… | |||
| CVE-2026-5331 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path travers… | |||
| CVE-2026-5203 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserG… | |||
| CVE-2026-5148 | medium | 4.7 | 4.7 | 2mo ago | A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail cause… | |||
| CVE-2026-5041 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument … | |||
| CVE-2026-4875 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of… |