CVEs from 2026
Total
13,682
critical
critical 1,199
high
high 4,384
medium
medium 4,286
low
low 468
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4956 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter … | |||
| CVE-2026-4955 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results … | |||
| CVE-2026-4953 | high | 7.3 | 7.3 | 2mo ago | A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing… | |||
| CVE-2026-4910 | high | 7.3 | 7.3 | 2mo ago | A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such ma… | |||
| CVE-2026-4860 | high | 7.3 | 7.3 | 2mo ago | A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/Redis… | |||
| CVE-2026-4844 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation … | |||
| CVE-2026-4842 | high | 7.3 | 7.3 | 2mo ago | A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Para… | |||
| CVE-2026-4841 | high | 7.3 | 7.3 | 2mo ago | A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation… | |||
| CVE-2026-4839 | high | 7.3 | 7.3 | 2mo ago | A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argum… | |||
| CVE-2026-4838 | high | 7.3 | 7.3 | 2mo ago | A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql inj… | |||
| CVE-2026-25456 | high | 7.3 | 7.3 | 2mo ago | Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.… | |||
| CVE-2026-4632 | high | 7.3 | 7.3 | 2mo ago | A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Execu… | |||
| CVE-2026-4625 | high | 7.3 | 7.3 | 2mo ago | A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql inj… | |||
| CVE-2026-4624 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a… | |||
| CVE-2026-4623 | high | 7.3 | 7.3 | 2mo ago | A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file… | |||
| CVE-2026-4617 | high | 7.3 | 7.3 | 2mo ago | A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the … | |||
| CVE-2026-4615 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injecti… | |||
| CVE-2026-4613 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. T… | |||
| CVE-2026-4612 | high | 7.3 | 7.3 | 2mo ago | A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter H… | |||
| CVE-2026-4594 | high | 7.3 | 7.3 | 2mo ago | A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.… | |||
| CVE-2026-4562 | high | 7.3 | 7.3 | 2mo ago | A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation r… | |||
| CVE-2026-4540 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation … | |||
| CVE-2026-4536 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may … | |||
| CVE-2026-4528 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component… | |||
| CVE-2026-4508 | high | 7.3 | 7.3 | 2mo ago | A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The ma… | |||
| CVE-2026-4504 | high | 7.3 | 7.3 | 2mo ago | A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. … | |||
| CVE-2026-4289 | high | 7.3 | 7.3 | 3mo ago | A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manip… | |||
| CVE-2026-4288 | high | 7.3 | 7.3 | 3mo ago | A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpo… | |||
| CVE-2026-4287 | high | 7.3 | 7.3 | 3mo ago | A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endp… | |||
| CVE-2026-4229 | high | 7.3 | 7.3 | 3mo ago | A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes… | |||
| CVE-2026-4237 | high | 7.3 | 7.3 | 3mo ago | A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argume… | |||
| CVE-2026-4236 | high | 7.3 | 7.3 | 3mo ago | A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument … | |||
| CVE-2026-4235 | high | 7.3 | 7.3 | 3mo ago | A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes… | |||
| CVE-2026-4232 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulat… | |||
| CVE-2026-4231 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Pe… | |||
| CVE-2026-4221 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the … | |||
| CVE-2026-4220 | high | 7.3 | 7.3 | 3mo ago | A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argu… | |||
| CVE-2026-4201 | high | 7.3 | 7.3 | 3mo ago | A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/co… | |||
| CVE-2026-4200 | high | 7.3 | 7.3 | 3mo ago | A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/c… | |||
| CVE-2026-4191 | high | 7.3 | 7.3 | 3mo ago | A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestrict… | |||
| CVE-2026-4190 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection.… | |||
| CVE-2026-3969 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Modu… | |||
| CVE-2026-3943 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in comman… | |||
| CVE-2026-29023 | high | 7.3 | 7.3 | 3mo ago | Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known st… | |||
| CVE-2026-3764 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes i… | |||
| CVE-2026-3734 | high | 7.3 | 7.3 | 3mo ago | A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of t… | |||
| CVE-2026-3693 | high | 7.3 | 7.3 | 3mo ago | A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User En… | |||
| CVE-2026-3409 | high | 7.3 | 7.3 | 3mo ago | A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component… | |||
| CVE-2026-28207 | high | 7.3 | 7.3 | 3mo ago | Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability (CWE-78) in the Zen C compiler allows local attackers to e… | |||
| CVE-2026-3200 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads t… | |||
| CVE-2026-3026 | high | 7.3 | 7.3 | 3mo ago | A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipul… | |||
| CVE-2026-2940 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the … | |||
| CVE-2026-2938 | high | 7.3 | 7.3 | 3mo ago | A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulatio… | |||
| CVE-2026-2821 | high | 7.3 | 7.3 | 3mo ago | A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of … | |||
| CVE-2026-2820 | high | 7.3 | 7.3 | 3mo ago | A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPl… | |||
| CVE-2026-2668 | high | 7.3 | 7.3 | 3mo ago | A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handl… | |||
| CVE-2026-2629 | high | 7.3 | 7.3 | 3mo ago | A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component T… | |||
| CVE-2026-2621 | high | 7.3 | 7.3 | 3mo ago | A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.… | |||
| CVE-2026-2620 | high | 7.3 | 7.3 | 3mo ago | A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipula… | |||
| CVE-2026-2549 | high | 7.3 | 7.3 | 4mo ago | A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls.… | |||
| CVE-2026-2531 | high | 7.3 | 7.3 | 4mo ago | A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Suc… | |||
| CVE-2026-2533 | high | 7.3 | 7.3 | 4mo ago | A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/tosei_datasend.php. Executing a manipulation of the argument adr_txt_1 can lead … | |||
| CVE-2026-2177 | high | 7.3 | 7.3 | 4mo ago | A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is p… | |||
| CVE-2026-1802 | high | 7.3 | 7.3 | 4mo ago | A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macTyp… | |||
| CVE-2026-1689 | high | 7.3 | 7.3 | 4mo ago | A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login … | |||
| CVE-2026-1687 | high | 7.3 | 7.3 | 4mo ago | A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulati… | |||
| CVE-2026-1449 | high | 7.3 | 7.3 | 4mo ago | A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a … | |||
| CVE-2026-1192 | high | 7.3 | 7.3 | 4mo ago | A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unknown function of the file /cgi-bin/imode_alldata.php. Executing a manipulation o… | |||
| CVE-2026-1050 | high | 7.3 | 7.3 | 5mo ago | risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability | |||
| CVE-2026-0589 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authent… | |||
| CVE-2026-39276 | high | 7.2 | 7.2 | 3d ago | The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containin… | |||
| CVE-2026-10072 | high | 7.2 | 7.2 | 3d ago | DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution… | |||
| CVE-2026-7634 | high | 7.2 | 7.2 | 5d ago | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitizatio… | |||
| CVE-2026-7052 | high | 7.2 | 7.2 | 5d ago | The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file_upload' parameter in all versions up to, and including, 2.… | |||
| CVE-2026-2374 | high | 7.2 | 7.2 | 5d ago | The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `$_SERVER['PHP_SELF']` superglobal in all versions up to, and including, 1.8.0. This is due to… | |||
| CVE-2026-40852 | high | 7.2 | 7.2 | 6d ago | A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it … | |||
| CVE-2026-3375 | high | 7.2 | 7.2 | 6d ago | The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss REST API endpoints in all version… | |||
| CVE-2026-8143 | high | 7.2 | 7.2 | 6d ago | The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb_country_iso', 'hb_usa_state_iso', and 'hb_canada_province_iso' parameters in all versions up to, and including,… | |||
| CVE-2026-6169 | high | 7.2 | 7.2 | 6d ago | The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runStri… | |||
| CVE-2026-44730 | high | 7.2 | 7.2 | 6d ago | OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd | |||
| CVE-2026-4051 | high | 7.2 | 7.2 | 6d ago | IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted. | |||
| CVE-2026-42785 | high | 7.2 | 7.2 | 6d ago | OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can sub… | |||
| CVE-2026-42425 | high | 7.2 | 7.2 | 6d ago | OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the Database… | |||
| CVE-2026-24937 | high | 7.2 | 7.2 | 7d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3. | |||
| CVE-2026-48848 | high | 7.2 | 7.2 | 7d ago | Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element… | |||
| CVE-2026-48843 | high | 7.2 | 7.2 | 7d ago | Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure,… | |||
| CVE-2026-42782 | high | 7.2 | 7.2 | 7d ago | Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c… | |||
| CVE-2026-8135 | high | 7.2 | 7.2 | 11d ago | Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add … | |||
| CVE-2026-8134 | high | 7.2 | 7.2 | 11d ago | Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue a… | |||
| CVE-2026-8596 | high | 7.2 | 7.2 | 11d ago | Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path | |||
| CVE-2026-44058 | high | 7.2 | 7.2 | 12d ago | An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism. | |||
| CVE-2026-7613 | high | 7.2 | 7.2 | 12d ago | The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due t… | |||
| CVE-2026-22315 | high | 7.2 | 7.2 | 12d ago | Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL ed… | |||
| CVE-2026-45609 | high | 7.2 | 7.2 | 14d ago | mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined… | |||
| CVE-2026-8764 | high | 7.2 | 7.2 | 15d ago | A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffe… | |||
| CVE-2026-8724 | high | 7.2 | 7.2 | 16d ago | A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results … | |||
| CVE-2026-45395 | high | 7.2 | 7.2 | 17d ago | Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution | |||
| CVE-2026-8597 | high | 7.2 | 7.2 | 18d ago | Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler | |||
| CVE-2026-22599 | high | 7.2 | 7.2 | 18d ago | Strapi Vulnerable to SQL Injection in Content Type Builder | |||
| CVE-2026-41937 | high | 7.2 | 7.2 | 18d ago | Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP f… |