CVEs from 2026
Total
14,073
critical
critical 1,229
high
high 4,626
medium
medium 4,430
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35253 | medium | 4.7 | 4.7 | 28d ago | Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker w… | |||
| CVE-2026-7697 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand_submit.php. This manipulation of the argument ID causes… | |||
| CVE-2026-7673 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of t… | |||
| CVE-2026-7612 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql i… | |||
| CVE-2026-43053 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfs_attr3_n… | |||
| CVE-2026-31751 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardw… | |||
| CVE-2026-31728 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop A race condition between gether_disconnect() and eth_stop()… | |||
| CVE-2026-7578 | medium | 4.7 | 4.7 | 1mo ago | A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. E… | |||
| CVE-2026-7553 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The manipulation of the argumen… | |||
| CVE-2026-41226 | medium | 4.7 | 4.7 | 1mo ago | Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary webs… | |||
| CVE-2026-7409 | medium | 4.7 | 4.7 | 1mo ago | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql inject… | |||
| CVE-2026-7408 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation r… | |||
| CVE-2026-7407 | medium | 4.7 | 4.7 | 1mo ago | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save… | |||
| CVE-2026-7394 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parame… | |||
| CVE-2026-7393 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performin… | |||
| CVE-2026-7388 | medium | 4.7 | 4.7 | 1mo ago | A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a m… | |||
| CVE-2026-7293 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete_category of the file /admin/ajax.php?action=delete_category. The manipulation of the argum… | |||
| CVE-2026-7283 | medium | 4.7 | 4.7 | 1mo ago | A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save_expired of the file /ajax.php?action=save_expired. The manipulation of th… | |||
| CVE-2026-7282 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the… | |||
| CVE-2026-7238 | medium | 4.7 | 4.7 | 1mo ago | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unres… | |||
| CVE-2026-7134 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unre… | |||
| CVE-2026-7133 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unres… | |||
| CVE-2026-7083 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of th… | |||
| CVE-2026-7028 | medium | 4.7 | 4.7 | 1mo ago | A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Perf… | |||
| CVE-2026-6984 | medium | 4.7 | 4.7 | 1mo ago | AstrBot has Incomplete Filtering of Special Elements | |||
| CVE-2026-6983 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url … | |||
| CVE-2026-6978 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sq… | |||
| CVE-2026-41244 | medium | 4.7 | 4.7 | 1mo ago | Mojic: Observable Timing Discrepancy in HMAC Verification | |||
| CVE-2026-31572 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the com… | |||
| CVE-2026-31535 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_i… | |||
| CVE-2026-31523 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during… | |||
| CVE-2026-31466 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't locked in softleaf_to_folio() On arm64 server, we found folio that get from migration entry isn't… | |||
| CVE-2026-31456 | medium | 4.7 | 4.7 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk_pud_range() can race with a concu… | |||
| CVE-2026-6652 | medium | 4.7 | 4.7 | 1mo ago | A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. Th… | |||
| CVE-2026-6650 | medium | 4.7 | 4.7 | 1mo ago | A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation lead… | |||
| CVE-2026-6561 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filen… | |||
| CVE-2026-40301 | medium | 4.7 | 4.7 | 2mo ago | rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives | |||
| CVE-2026-20060 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is du… | |||
| CVE-2026-6220 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handl… | |||
| CVE-2026-5987 | medium | 4.7 | 4.7 | 2mo ago | A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/c… | |||
| CVE-2026-5848 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Dat… | |||
| CVE-2026-5840 | medium | 4.7 | 4.7 | 2mo ago | A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Usernam… | |||
| CVE-2026-5839 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescrip… | |||
| CVE-2026-5838 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername ca… | |||
| CVE-2026-35613 | medium | 4.7 | 4.7 | 2mo ago | coursevault-preview has a path traversal due to improper base-directory boundary validation | |||
| CVE-2026-5576 | medium | 4.7 | 4.7 | 2mo ago | A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manip… | |||
| CVE-2026-23469 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU The runtime PM suspend callback doesn't know whether the IRQ ha… | |||
| CVE-2026-23463 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qman_destroy_fq When QMAN_FQ_FLAG_DYNAMIC_FQID is set, there's a race condition between fq… | |||
| CVE-2026-23452 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pm_runtime_work() may dereference the dev->pare… | |||
| CVE-2026-5417 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. Thi… | |||
| CVE-2026-5331 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path travers… | |||
| CVE-2026-5203 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserG… | |||
| CVE-2026-5148 | medium | 4.7 | 4.7 | 2mo ago | A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail cause… | |||
| CVE-2026-5041 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument … | |||
| CVE-2026-4875 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of… | |||
| CVE-2026-23394 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: af_unix: Give up GC if MSG_PEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a ra… | |||
| CVE-2026-23302 | medium | 4.7 | 4.7 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers whi… | |||
| CVE-2026-4591 | medium | 4.7 | 4.7 | 2mo ago | A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing… | |||
| CVE-2026-4564 | medium | 4.7 | 4.7 | 2mo ago | A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulat… | |||
| CVE-2026-4550 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname lead… | |||
| CVE-2026-4537 | medium | 4.7 | 4.7 | 2mo ago | A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation c… | |||
| CVE-2026-4468 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=update_interface_png. This manipulation causes command … | |||
| CVE-2026-4467 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wireless_device_dissoc. The manipulation results in command… | |||
| CVE-2026-4466 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone. The manipulation leads to command inject… | |||
| CVE-2026-4284 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-mo… | |||
| CVE-2026-4238 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code l… | |||
| CVE-2026-4189 | medium | 4.7 | 4.7 | 3mo ago | A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipul… | |||
| CVE-2026-32772 | medium | 4.7 | 4.7 | 3mo ago | telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. | |||
| CVE-2026-3957 | medium | 4.7 | 4.7 | 3mo ago | A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/m… | |||
| CVE-2026-3956 | medium | 4.7 | 4.7 | 3mo ago | A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weim… | |||
| CVE-2026-25392 | medium | 4.7 | 4.7 | 3mo ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows … | |||
| CVE-2026-1517 | medium | 4.7 | 4.7 | 4mo ago | A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely.… | |||
| CVE-2026-23110 | medium | 4.7 | 4.7 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking command… | |||
| CVE-2026-1690 | medium | 4.7 | 4.7 | 4mo ago | A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command inje… | |||
| CVE-2026-1445 | medium | 4.7 | 4.7 | 4mo ago | A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php… | |||
| CVE-2026-1064 | medium | 4.7 | 4.7 | 5mo ago | A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component S… | |||
| CVE-2026-1063 | medium | 4.7 | 4.7 | 5mo ago | A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the compone… | |||
| CVE-2026-0649 | medium | 4.7 | 4.7 | 5mo ago | A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipu… | |||
| CVE-2026-45284 | medium | 4.6 | 4.6 | 1d ago | Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user … | |||
| CVE-2026-45153 | medium | 4.6 | 4.6 | 1d ago | Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud … | |||
| CVE-2026-49325 | medium | 4.6 | 4.6 | 4d ago | Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Modul… | |||
| CVE-2026-49316 | medium | 4.6 | 4.6 | 4d ago | Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown b… | |||
| CVE-2026-49324 | medium | 4.6 | 4.6 | 4d ago | Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-veh… | |||
| CVE-2026-44710 | medium | 4.6 | 4.6 | 6d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and u… | |||
| CVE-2026-3314 | medium | 4.6 | 4.6 | 8d ago | Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint… | |||
| CVE-2026-41073 | medium | 4.6 | 4.6 | 11d ago | RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled … | |||
| CVE-2026-35016 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-35015 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitize… | |||
| CVE-2026-35014 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v… | |||
| CVE-2026-35013 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized va… | |||
| CVE-2026-35012 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized… | |||
| CVE-2026-35011 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value… | |||
| CVE-2026-35010 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | |||
| CVE-2026-35009 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va… | |||
| CVE-2026-35008 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu… | |||
| CVE-2026-35007 | medium | 4.6 | 4.6 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized… | |||
| CVE-2026-47090 | medium | 4.6 | 4.6 | 15d ago | Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded… | |||
| CVE-2026-21789 | medium | 4.6 | 4.6 | 15d ago | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | |||
| CVE-2026-45317 | medium | 4.6 | 4.6 | 18d ago | Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation | |||
| CVE-2026-44259 | medium | 4.6 | 4.6 | 21d ago | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security heade… |