CVEs from 2026
Total
14,064
critical
critical 1,227
high
high 4,623
medium
medium 4,425
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44443 | medium | 4.8 | 4.8 | 7d ago | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce() only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP… | |||
| CVE-2026-8353 | medium | 4.8 | 4.8 | 11d ago | Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user … | |||
| CVE-2026-8197 | medium | 4.8 | 4.8 | 12d ago | Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name (admin-controlled) through Concrete's t() translation he… | |||
| CVE-2026-41999 | medium | 4.8 | 4.8 | 12d ago | Incorrect Behaviour of Views with TCP PROXY Requests | |||
| CVE-2026-43617 | medium | 4.8 | 4.8 | 14d ago | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass host… | |||
| CVE-2026-34246 | medium | 4.8 | 4.8 | 14d ago | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management interface. In a… | |||
| CVE-2026-3495 | medium | 4.8 | 4.8 | 16d ago | Mattermost doesn't escape some variables that could contain malicious content during error page composition | |||
| CVE-2026-44568 | medium | 4.8 | 4.8 | 18d ago | Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order | |||
| CVE-2026-41281 | medium | 4.8 | 4.8 | 20d ago | Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify commun… | |||
| CVE-2026-39428 | medium | 4.8 | 4.8 | 20d ago | CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious … | |||
| CVE-2026-8367 | medium | 4.8 | 4.8 | 20d ago | aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be ab… | |||
| CVE-2026-42934 | medium | 4.8 | 4.8 | 20d ago | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives ar… | |||
| CVE-2026-40701 | medium | 4.8 | 4.8 | 20d ago | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or… | |||
| CVE-2026-42948 | medium | 4.8 | 4.8 | 20d ago | Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another adminis… | |||
| CVE-2026-34658 | medium | 4.8 | 4.8 | 21d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p… | |||
| CVE-2026-34655 | medium | 4.8 | 4.8 | 21d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p… | |||
| CVE-2026-6663 | medium | 4.8 | 4.8 | 22d ago | The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints… | |||
| CVE-2026-7814 | medium | 4.8 | 4.8 | 22d ago | pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules | |||
| CVE-2026-42150 | medium | 4.8 | 4.8 | 26d ago | wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting… | |||
| CVE-2026-40243 | medium | 4.8 | 4.8 | 27d ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database… | |||
| CVE-2026-42841 | medium | 4.8 | 4.8 | 28d ago | Grav CMS vulnerable to stored XSS via Markdown media attribute() action | |||
| CVE-2026-33006 | medium | 4.8 | 4.8 | 29d ago | A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes th… | |||
| CVE-2026-37503 | medium | 4.8 | 4.8 | 1mo ago | Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can injec… | |||
| CVE-2026-1858 | medium | 4.8 | 4.8 | 1mo ago | wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpos… | |||
| CVE-2026-41393 | medium | 4.8 | 4.8 | 1mo ago | OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration | |||
| CVE-2026-40557 | medium | 4.8 | 4.8 | 1mo ago | Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade | |||
| CVE-2026-7027 | medium | 4.8 | 4.8 | 1mo ago | A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to … | |||
| CVE-2026-7026 | medium | 4.8 | 4.8 | 1mo ago | A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name… | |||
| CVE-2026-22751 | medium | 4.8 | 4.8 | 1mo ago | Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured | |||
| CVE-2026-40594 | medium | 4.8 | 4.8 | 1mo ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request handler in src/pyload/webui/app/__init__.py reads the X-Forwa… | |||
| CVE-2026-28263 | medium | 4.8 | 4.8 | 2mo ago | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1… | |||
| CVE-2026-37980 | medium | 4.8 | 4.8 | 2mo ago | A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cro… | |||
| CVE-2026-40175 | medium | 4.8 | 4.8 | 2mo ago | Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain | |||
| CVE-2026-5106 | medium | 4.8 | 4.8 | 2mo ago | A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation of the argument sname can lead… | |||
| CVE-2026-4544 | medium | 4.8 | 4.8 | 2mo ago | A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the arg… | |||
| CVE-2026-3862 | medium | 4.8 | 4.8 | 3mo ago | Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page. | |||
| CVE-2026-3716 | medium | 4.8 | 4.8 | 3mo ago | A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can l… | |||
| CVE-2026-3403 | medium | 4.8 | 4.8 | 3mo ago | A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Su… | |||
| CVE-2026-3402 | medium | 4.8 | 4.8 | 3mo ago | A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the arg… | |||
| CVE-2026-3170 | medium | 4.8 | 4.8 | 3mo ago | A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of th… | |||
| CVE-2026-26351 | medium | 4.8 | 4.8 | 3mo ago | GetSimpleCMS Community Edition (CE) versions prior to 3.3.22 (3.3.16 tested) contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php.… | |||
| CVE-2026-2939 | medium | 4.8 | 4.8 | 3mo ago | A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation re… | |||
| CVE-2026-2934 | medium | 4.8 | 4.8 | 3mo ago | A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The … | |||
| CVE-2026-2933 | medium | 4.8 | 4.8 | 3mo ago | A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulatio… | |||
| CVE-2026-2932 | medium | 4.8 | 4.8 | 3mo ago | A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Perfo… | |||
| CVE-2026-2897 | medium | 4.8 | 4.8 | 3mo ago | funadmin: XSS through Value argument in Backend Interface component | |||
| CVE-2026-2222 | medium | 4.8 | 4.8 | 4mo ago | A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php… | |||
| CVE-2026-2214 | medium | 4.8 | 4.8 | 4mo ago | A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross … | |||
| CVE-2026-2200 | medium | 4.8 | 4.8 | 4mo ago | A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross sit… | |||
| CVE-2026-2156 | medium | 4.8 | 4.8 | 4mo ago | A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component A… | |||
| CVE-2026-1971 | medium | 4.8 | 4.8 | 4mo ago | A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cro… | |||
| CVE-2026-1744 | medium | 4.8 | 4.8 | 4mo ago | A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in … | |||
| CVE-2026-21925 | medium | 4.8 | 4.8 | 4mo ago | RHSA-2026:4832: java-1.8.0-ibm security update (Important) | |||
| CVE-2026-0730 | medium | 4.8 | 4.8 | 5mo ago | A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG… | |||
| CVE-2026-10583 | medium | 4.7 | 4.7 | 17h ago | A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configur… | |||
| CVE-2026-10248 | medium | 4.7 | 4.7 | 1d ago | A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create_supplier of the file /Export_csv/export of the component Supplie… | |||
| CVE-2026-10237 | medium | 4.7 | 4.7 | 2d ago | A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user of the component User Management Module. Per… | |||
| CVE-2026-10171 | medium | 4.7 | 4.7 | 3d ago | A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to … | |||
| CVE-2026-10155 | medium | 4.7 | 4.7 | 3d ago | A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accou… | |||
| CVE-2026-10070 | medium | 4.7 | 4.7 | 4d ago | A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results … | |||
| CVE-2026-9818 | medium | 4.7 | 4.7 | 5d ago | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||
| CVE-2026-49059 | medium | 4.7 | 4.7 | 6d ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0. | |||
| CVE-2026-9609 | medium | 4.7 | 4.7 | 7d ago | A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remot… | |||
| CVE-2026-24199 | medium | 4.7 | 4.7 | 7d ago | NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of… | |||
| CVE-2026-9464 | medium | 4.7 | 4.7 | 8d ago | A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such man… | |||
| CVE-2026-9446 | medium | 4.7 | 4.7 | 8d ago | A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argume… | |||
| CVE-2026-9444 | medium | 4.7 | 4.7 | 8d ago | A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler.… | |||
| CVE-2026-9423 | medium | 4.7 | 4.7 | 9d ago | A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument comma… | |||
| CVE-2026-20199 | medium | 4.7 | 4.7 | 13d ago | A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the roo… | |||
| CVE-2026-43163 | medium | 4.7 | 4.7 | 14d ago | RHSA-2026:21745: kernel-rt security update (Important) | |||
| CVE-2026-32848 | medium | 4.7 | 4.7 | 15d ago | NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently… | |||
| CVE-2026-8773 | medium | 4.7 | 4.7 | 16d ago | A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall… | |||
| CVE-2026-8772 | medium | 4.7 | 4.7 | 16d ago | A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can … | |||
| CVE-2026-44428 | medium | 4.7 | 4.7 | 19d ago | MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience | |||
| CVE-2026-45366 | medium | 4.7 | 4.7 | 19d ago | typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency bet… | |||
| CVE-2026-8565 | medium | 4.7 | 4.7 | 19d ago | Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafte… | |||
| CVE-2026-44581 | medium | 4.7 | 4.7 | 20d ago | Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces | |||
| CVE-2026-5061 | medium | 4.7 | 4.7 | 21d ago | The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) … | |||
| CVE-2026-34258 | medium | 4.7 | 4.7 | 22d ago | SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicki… | |||
| CVE-2026-27682 | medium | 4.7 | 4.7 | 22d ago | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that … | |||
| CVE-2026-28830 | medium | 4.7 | 4.7 | 22d ago | macOS Tahoe 26.4 | |||
| CVE-2026-8320 | medium | 4.7 | 4.7 | 22d ago | A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of … | |||
| CVE-2026-44659 | medium | 4.7 | 4.7 | 22d ago | Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the a… | |||
| CVE-2026-43659 | medium | 4.7 | 4.7 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28992 | medium | 4.7 | 4.7 | 23d ago | visionOS 26.5 | |||
| CVE-2026-8211 | medium | 4.7 | 4.7 | 24d ago | A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JS… | |||
| CVE-2026-43448 | medium | 4.7 | 4.7 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix race bug in nvme_poll_irqdisable() In the following scenario, pdev can be disabled between (1) and (3) by (2). This… | |||
| CVE-2026-43439 | medium | 4.7 | 4.7 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a css_set, cgroup_migrate_add_task() first m… | |||
| CVE-2026-43430 | medium | 4.7 | 4.7 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before … | |||
| CVE-2026-43420 | medium | 4.7 | 4.7 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix i_nlink underrun during async unlink During async unlink, we drop the `i_nlink` counter before we receive the completio… | |||
| CVE-2026-43415 | medium | 4.7 | 4.7 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend In __ufshcd_wl_suspend(), cancel_delayed_work_sync() is calle… | |||
| CVE-2026-43342 | medium | 4.7 | 4.7 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as … | |||
| CVE-2026-44661 | medium | 4.7 | 4.7 | 26d ago | utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol | |||
| CVE-2026-41692 | medium | 4.7 | 4.7 | 26d ago | i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens inside src and… | |||
| CVE-2026-43275 | medium | 4.7 | 4.7 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly… | |||
| CVE-2026-43121 | medium | 4.7 | 4.7 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_ref race between scrub and refill paths The io_zcrx_put_niov_uref() function uses a non-atomic check-then… | |||
| CVE-2026-35253 | medium | 4.7 | 4.7 | 28d ago | Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker w… | |||
| CVE-2026-7697 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand_submit.php. This manipulation of the argument ID causes… | |||
| CVE-2026-7673 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of t… | |||
| CVE-2026-7612 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql i… |