CVEs from 2026
Total
13,622
critical
critical 1,190
high
high 4,358
medium
medium 4,254
low
low 466
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 442
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6652 | medium | 4.7 | 4.7 | 1mo ago | A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. Th… | |||
| CVE-2026-6650 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation lead… | |||
| CVE-2026-6561 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filen… | |||
| CVE-2026-40301 | medium | 4.7 | 4.7 | 2mo ago | rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives | |||
| CVE-2026-20060 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is du… | |||
| CVE-2026-6220 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handl… | |||
| CVE-2026-5987 | medium | 4.7 | 4.7 | 2mo ago | A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/c… | |||
| CVE-2026-5848 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Dat… | |||
| CVE-2026-5840 | medium | 4.7 | 4.7 | 2mo ago | A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Usernam… | |||
| CVE-2026-5839 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescrip… | |||
| CVE-2026-5838 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername ca… | |||
| CVE-2026-35613 | medium | 4.7 | 4.7 | 2mo ago | coursevault-preview has a path traversal due to improper base-directory boundary validation | |||
| CVE-2026-5576 | medium | 4.7 | 4.7 | 2mo ago | A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manip… | |||
| CVE-2026-23469 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU The runtime PM suspend callback doesn't know whether the IRQ ha… | |||
| CVE-2026-23463 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qman_destroy_fq When QMAN_FQ_FLAG_DYNAMIC_FQID is set, there's a race condition between fq… | |||
| CVE-2026-23452 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pm_runtime_work() may dereference the dev->pare… | |||
| CVE-2026-5417 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. Thi… | |||
| CVE-2026-5331 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path travers… | |||
| CVE-2026-5203 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserG… | |||
| CVE-2026-5148 | medium | 4.7 | 4.7 | 2mo ago | A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail cause… | |||
| CVE-2026-5041 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument … | |||
| CVE-2026-4875 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of… | |||
| CVE-2026-23394 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: af_unix: Give up GC if MSG_PEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a ra… | |||
| CVE-2026-23302 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers whi… | |||
| CVE-2026-4591 | medium | 4.7 | 4.7 | 2mo ago | A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing… | |||
| CVE-2026-4564 | medium | 4.7 | 4.7 | 2mo ago | A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulat… | |||
| CVE-2026-4550 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname lead… | |||
| CVE-2026-4537 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation c… | |||
| CVE-2026-4468 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=update_interface_png. This manipulation causes command … | |||
| CVE-2026-4467 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wireless_device_dissoc. The manipulation results in command… | |||
| CVE-2026-4466 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone. The manipulation leads to command inject… | |||
| CVE-2026-4284 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-mo… | |||
| CVE-2026-4238 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code l… | |||
| CVE-2026-4189 | medium | 4.7 | 4.7 | 3mo ago | A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipul… | |||
| CVE-2026-32772 | medium | 4.7 | 4.7 | 3mo ago | telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. | |||
| CVE-2026-3957 | medium | 4.7 | 4.7 | 3mo ago | A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/m… | |||
| CVE-2026-3956 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weim… | |||
| CVE-2026-25392 | medium | 4.7 | 4.7 | 3mo ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows … | |||
| CVE-2026-1517 | medium | 4.7 | 4.7 | 4mo ago | A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely.… | |||
| CVE-2026-23110 | medium | 4.7 | 4.7 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking command… | |||
| CVE-2026-1690 | medium | 4.7 | 4.7 | 4mo ago | A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command inje… | |||
| CVE-2026-1445 | medium | 4.7 | 4.7 | 4mo ago | A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php… | |||
| CVE-2026-1064 | medium | 4.7 | 4.7 | 5mo ago | A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component S… | |||
| CVE-2026-1063 | medium | 4.7 | 4.7 | 5mo ago | A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the compone… | |||
| CVE-2026-0649 | medium | 4.7 | 4.7 | 5mo ago | A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipu… | |||
| CVE-2026-45153 | medium | 4.6 | 4.6 | 25 min ago | Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud … | |||
| CVE-2026-49325 | medium | 4.6 | 4.6 | 3d ago | Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Modul… | |||
| CVE-2026-49316 | medium | 4.6 | 4.6 | 3d ago | Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown b… | |||
| CVE-2026-49324 | medium | 4.6 | 4.6 | 3d ago | Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-veh… | |||
| CVE-2026-44710 | medium | 4.6 | 4.6 | 5d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and u… | |||
| CVE-2026-3314 | medium | 4.6 | 4.6 | 6d ago | Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint… | |||
| CVE-2026-41073 | medium | 4.6 | 4.6 | 10d ago | RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled … | |||
| CVE-2026-35016 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-35015 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitize… | |||
| CVE-2026-35014 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v… | |||
| CVE-2026-35013 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized va… | |||
| CVE-2026-35012 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized… | |||
| CVE-2026-35011 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value… | |||
| CVE-2026-35010 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | |||
| CVE-2026-35009 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va… | |||
| CVE-2026-35008 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-35007 | medium | 4.6 | 4.6 | 12d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized… | |||
| CVE-2026-47090 | medium | 4.6 | 4.6 | 14d ago | Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded… | |||
| CVE-2026-21789 | medium | 4.6 | 4.6 | 14d ago | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | |||
| CVE-2026-45317 | medium | 4.6 | 4.6 | 17d ago | Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation | |||
| CVE-2026-44259 | medium | 4.6 | 4.6 | 20d ago | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security heade… | |||
| CVE-2026-28961 | medium | 4.6 | 4.6 | 22d ago | This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information. | |||
| CVE-2026-28963 | medium | 4.6 | 4.6 | 22d ago | A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensi… | |||
| CVE-2026-8233 | medium | 4.6 | 4.6 | 22d ago | A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of com… | |||
| CVE-2026-42080 | medium | 4.6 | 4.6 | 28d ago | PPTAgent: Arbitrary File Write via `save_generated_slides` | |||
| CVE-2026-42078 | medium | 4.6 | 4.6 | 28d ago | PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image | |||
| CVE-2026-7429 | medium | 4.6 | 4.6 | 1mo ago | SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads t… | |||
| CVE-2026-41398 | medium | 4.6 | 4.6 | 1mo ago | OpenClaw: iOS A2UI bridge trusted generic local-network pages for agent.request dispatch | |||
| CVE-2026-41377 | medium | 4.6 | 4.6 | 1mo ago | OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open) | |||
| CVE-2026-31620 | medium | 4.6 | 4.6 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can hav… | |||
| CVE-2026-42086 | medium | 4.6 | 4.6 | 1mo ago | OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender | |||
| CVE-2026-5476 | medium | 4.6 | 4.6 | 2mo ago | A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation… | |||
| CVE-2026-30913 | medium | 4.6 | 4.6 | 3mo ago | flarum/nicknames extension has display name injection in notification emails (autolink & markdown) | |||
| CVE-2026-44640 | medium | 4.5 | 4.5 | 3d ago | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, but read as ex_quic_conn* during dialer close. This … | |||
| CVE-2026-44059 | medium | 4.5 | 4.5 | 11d ago | A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption. | |||
| CVE-2026-42887 | medium | 4.5 | 4.5 | 21d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLogin… | |||
| CVE-2026-41656 | medium | 4.5 | 4.5 | 1mo ago | Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read | |||
| CVE-2026-7430 | medium | 4.4 | 4.4 | 4d ago | The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet conte… | |||
| CVE-2026-48792 | medium | 4.4 | 4.4 | 5d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_vi… | |||
| CVE-2026-5516 | medium | 4.4 | 4.4 | 5d ago | IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting … | |||
| CVE-2026-3348 | medium | 4.4 | 4.4 | 5d ago | The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings (Description, Title, and other fields) in all versions up to, and including, 3.6.… | |||
| CVE-2026-41164 | medium | 4.4 | 4.4 | 6d ago | nuts-node has JWT type confusion in v1 access token introspection that allows VP replay as access token | |||
| CVE-2026-48849 | medium | 4.4 | 4.4 | 7d ago | In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes. | |||
| CVE-2026-25602 | medium | 4.4 | 4.4 | 12d ago | Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This i… | |||
| CVE-2026-6404 | medium | 4.4 | 4.4 | 13d ago | The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to and including 0.3.6. This is du… | |||
| CVE-2026-6399 | medium | 4.4 | 4.4 | 13d ago | The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitize_text_field() for output escaping in the… | |||
| CVE-2026-42408 | medium | 4.4 | 4.4 | 19d ago | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Soft… | |||
| CVE-2026-28758 | medium | 4.4 | 4.4 | 19d ago | When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is als… | |||
| CVE-2026-41100 | medium | 4.4 | 4.4 | 20d ago | <p>Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-32209 | medium | 4.4 | 4.4 | 20d ago | <p>Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.</p> | |||
| CVE-2026-7431 | medium | 4.4 | 4.4 | 20d ago | An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a sh… | |||
| CVE-2026-6813 | medium | 4.4 | 4.4 | 20d ago | The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output esca… | |||
| CVE-2026-6800 | medium | 4.4 | 4.4 | 20d ago | The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escapi… | |||
| CVE-2026-7257 | medium | 4.4 | 4.4 | 21d ago | ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker … | |||
| CVE-2026-43895 | medium | 4.4 | 4.4 | 21d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during mo… |