CVEs from 2026
Total
14,078
critical
critical 1,229
high
high 4,627
medium
medium 4,434
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21789 | medium | 4.6 | 4.6 | 15d ago | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | |||
| CVE-2026-45317 | medium | 4.6 | 4.6 | 18d ago | Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation | |||
| CVE-2026-44259 | medium | 4.6 | 4.6 | 21d ago | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security heade… | |||
| CVE-2026-28963 | medium | 4.6 | 4.6 | 23d ago | A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensi… | |||
| CVE-2026-28961 | medium | 4.6 | 4.6 | 23d ago | This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information. | |||
| CVE-2026-8233 | medium | 4.6 | 4.6 | 24d ago | A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of com… | |||
| CVE-2026-42080 | medium | 4.6 | 4.6 | 29d ago | PPTAgent: Arbitrary File Write via `save_generated_slides` | |||
| CVE-2026-42078 | medium | 4.6 | 4.6 | 29d ago | PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image | |||
| CVE-2026-7429 | medium | 4.6 | 4.6 | 1mo ago | SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads t… | |||
| CVE-2026-41398 | medium | 4.6 | 4.6 | 1mo ago | OpenClaw: iOS A2UI bridge trusted generic local-network pages for agent.request dispatch | |||
| CVE-2026-41377 | medium | 4.6 | 4.6 | 1mo ago | OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open) | |||
| CVE-2026-31620 | medium | 4.6 | 4.6 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can hav… | |||
| CVE-2026-42086 | medium | 4.6 | 4.6 | 1mo ago | OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender | |||
| CVE-2026-20945 | medium | 4.6 | 4.6 | 2mo ago | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | |||
| CVE-2026-20928 | medium | 4.6 | 4.6 | 2mo ago | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2026-26175 | medium | 4.6 | 4.6 | 2mo ago | Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2026-5476 | medium | 4.6 | 4.6 | 2mo ago | A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation… | |||
| CVE-2026-30913 | medium | 4.6 | 4.6 | 3mo ago | flarum/nicknames extension has display name injection in notification emails (autolink & markdown) | |||
| CVE-2026-44640 | medium | 4.5 | 4.5 | 4d ago | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, but read as ex_quic_conn* during dialer close. This … | |||
| CVE-2026-44059 | medium | 4.5 | 4.5 | 13d ago | A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption. | |||
| CVE-2026-42887 | medium | 4.5 | 4.5 | 22d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLogin… | |||
| CVE-2026-41656 | medium | 4.5 | 4.5 | 1mo ago | Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read | |||
| CVE-2026-3620 | medium | 4.4 | 4.4 | 14h ago | The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input saniti… | |||
| CVE-2026-10100 | medium | 4.4 | 4.4 | 20h ago | The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up … | |||
| CVE-2026-45279 | medium | 4.4 | 4.4 | 1d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config… | |||
| CVE-2026-7430 | medium | 4.4 | 4.4 | 5d ago | The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet conte… | |||
| CVE-2026-48792 | medium | 4.4 | 4.4 | 6d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_vi… | |||
| CVE-2026-5516 | medium | 4.4 | 4.4 | 6d ago | IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting … | |||
| CVE-2026-3348 | medium | 4.4 | 4.4 | 7d ago | The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings (Description, Title, and other fields) in all versions up to, and including, 3.6.… | |||
| CVE-2026-41164 | medium | 4.4 | 4.4 | 7d ago | nuts-node has JWT type confusion in v1 access token introspection that allows VP replay as access token | |||
| CVE-2026-48849 | medium | 4.4 | 4.4 | 8d ago | In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes. | |||
| CVE-2026-25602 | medium | 4.4 | 4.4 | 14d ago | Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This i… | |||
| CVE-2026-6404 | medium | 4.4 | 4.4 | 14d ago | The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to and including 0.3.6. This is du… | |||
| CVE-2026-6399 | medium | 4.4 | 4.4 | 14d ago | The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitize_text_field() for output escaping in the… | |||
| CVE-2026-42408 | medium | 4.4 | 4.4 | 20d ago | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Soft… | |||
| CVE-2026-28758 | medium | 4.4 | 4.4 | 20d ago | When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is als… | |||
| CVE-2026-41100 | medium | 4.4 | 4.4 | 21d ago | Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | |||
| CVE-2026-32209 | medium | 4.4 | 4.4 | 21d ago | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-7431 | medium | 4.4 | 4.4 | 21d ago | An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a sh… | |||
| CVE-2026-6813 | medium | 4.4 | 4.4 | 22d ago | The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output esca… | |||
| CVE-2026-6800 | medium | 4.4 | 4.4 | 22d ago | The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escapi… | |||
| CVE-2026-7257 | medium | 4.4 | 4.4 | 22d ago | ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker … | |||
| CVE-2026-43895 | medium | 4.4 | 4.4 | 22d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during mo… | |||
| CVE-2026-42307 | medium | 4.4 | 4.4 | 25d ago | Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a cr… | |||
| CVE-2026-41520 | medium | 4.4 | 4.4 | 25d ago | Cillium exposes sensitive information included in the cilium-bugtool debug archive | |||
| CVE-2026-41004 | medium | 4.4 | 4.4 | 27d ago | Spring Cloud Config Server Logged Sensitive Information | |||
| CVE-2026-42549 | medium | 4.4 | 4.4 | 27d ago | Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root | |||
| CVE-2026-7941 | medium | 4.4 | 4.4 | 27d ago | Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extens… | |||
| CVE-2026-7932 | medium | 4.4 | 4.4 | 27d ago | Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-41686 | medium | 4.4 | 4.4 | 29d ago | Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool | |||
| CVE-2026-42140 | medium | 4.4 | 4.4 | 29d ago | XWiki PlantUML Macro Vulnerable to Server-Side Request Forgery (SSRF) via 'server' parameter | |||
| CVE-2026-6812 | medium | 4.4 | 4.4 | 1mo ago | The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona_activate_child_theme. This makes it possible for authenticated attacker… | |||
| CVE-2026-6447 | medium | 4.4 | 4.4 | 1mo ago | The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitizat… | |||
| CVE-2026-35233 | medium | 4.4 | 4.4 | 1mo ago | An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via… | |||
| CVE-2026-6539 | medium | 4.4 | 4.4 | 1mo ago | Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious … | |||
| CVE-2026-40949 | medium | 4.4 | 4.4 | 1mo ago | CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service. | |||
| CVE-2026-7439 | medium | 4.4 | 4.4 | 1mo ago | AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boun… | |||
| CVE-2026-7397 | medium | 4.4 | 4.4 | 1mo ago | A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following.… | |||
| CVE-2026-35901 | medium | 4.4 | 4.4 | 1mo ago | A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the… | |||
| CVE-2026-35370 | medium | 4.4 | 4.4 | 1mo ago | uutils coreutils has an Incorrect Authorization issue | |||
| CVE-2026-35366 | medium | 4.4 | 4.4 | 1mo ago | The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils impleme… | |||
| CVE-2026-28417 | medium | 4.4 | 4.4 | 2mo ago | Important: vim security update | |||
| CVE-2026-32220 | medium | 4.4 | 4.4 | 2mo ago | Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-27906 | medium | 4.4 | 4.4 | 2mo ago | Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-34757 | medium | 4.4 | 4.4 | 2mo ago | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained fro… | |||
| CVE-2026-24360 | medium | 4.4 | 4.4 | 4mo ago | Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcast… | |||
| CVE-2026-10661 | medium | 4.3 | 4.3 | 1h ago | A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the arg… | |||
| CVE-2026-10624 | medium | 4.3 | 4.3 | 2h ago | A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View P… | |||
| CVE-2026-10616 | medium | 4.3 | 4.3 | 3h ago | A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_tasks_lifecycle.go of the co… | |||
| CVE-2026-32250 | medium | 4.3 | 4.3 | 9h ago | NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint `/index.php?route=/queri… | |||
| CVE-2026-41115 | medium | 4.3 | 4.3 | 13h ago | An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead… | |||
| CVE-2026-9730 | medium | 4.3 | 4.3 | 14h ago | The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on t… | |||
| CVE-2026-9723 | medium | 4.3 | 4.3 | 14h ago | The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the go… | |||
| CVE-2026-9722 | medium | 4.3 | 4.3 | 14h ago | The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPage… | |||
| CVE-2026-9599 | medium | 4.3 | 4.3 | 14h ago | The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin_init fu… | |||
| CVE-2026-9234 | medium | 4.3 | 4.3 | 14h ago | The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification … | |||
| CVE-2026-8422 | medium | 4.3 | 4.3 | 14h ago | The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation o… | |||
| CVE-2026-4071 | medium | 4.3 | 4.3 | 14h ago | The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed_plugin_settings_page… | |||
| CVE-2026-9050 | medium | 4.3 | 4.3 | 23h ago | The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user i… | |||
| CVE-2026-9048 | medium | 4.3 | 4.3 | 23h ago | The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated … | |||
| CVE-2026-10301 | medium | 4.3 | 4.3 | 23h ago | A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in c… | |||
| CVE-2026-28511 | medium | 4.3 | 4.3 | 1d ago | eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the … | |||
| CVE-2026-24756 | medium | 4.3 | 4.3 | 1d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou… | |||
| CVE-2026-10294 | medium | 4.3 | 4.3 | 1d ago | A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket… | |||
| CVE-2026-10291 | medium | 4.3 | 4.3 | 1d ago | A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the co… | |||
| CVE-2026-10289 | medium | 4.3 | 4.3 | 1d ago | A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name… | |||
| CVE-2026-49140 | medium | 4.3 | 4.3 | 1d ago | Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth b… | |||
| CVE-2026-45729 | medium | 4.3 | 4.3 | 1d ago | Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data to … | |||
| CVE-2026-45544 | medium | 4.3 | 4.3 | 1d ago | Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. Th… | |||
| CVE-2026-45286 | medium | 4.3 | 4.3 | 1d ago | Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance … | |||
| CVE-2026-10282 | medium | 4.3 | 4.3 | 1d ago | A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to imp… | |||
| CVE-2026-45264 | medium | 4.3 | 4.3 | 1d ago | Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before … | |||
| CVE-2026-34193 | medium | 4.3 | 4.3 | 1d ago | Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address… | |||
| CVE-2026-46764 | medium | 4.3 | 4.3 | 2d ago | The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the colle… | |||
| CVE-2026-46605 | medium | 4.3 | 4.3 | 2d ago | Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apa… | |||
| CVE-2026-41014 | medium | 4.3 | 4.3 | 2d ago | The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerat… | |||
| CVE-2026-10215 | medium | 4.3 | 4.3 | 2d ago | A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component … | |||
| CVE-2026-10173 | medium | 4.3 | 4.3 | 3d ago | A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. Th… | |||
| CVE-2026-10156 | medium | 4.3 | 4.3 | 3d ago | A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulatio… | |||
| CVE-2026-10154 | medium | 4.3 | 4.3 | 3d ago | A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads … |