CVEs from 2026
Total
14,077
critical
critical 1,230
high
high 4,628
medium
medium 4,437
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10173 | medium | 4.3 | 4.3 | 3d ago | A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. Th… | |||
| CVE-2026-10156 | medium | 4.3 | 4.3 | 3d ago | A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulatio… | |||
| CVE-2026-10154 | medium | 4.3 | 4.3 | 3d ago | A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads … | |||
| CVE-2026-10153 | medium | 4.3 | 4.3 | 3d ago | A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. Th… | |||
| CVE-2026-10117 | medium | 4.3 | 4.3 | 3d ago | A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogs_pool_id_calloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of serv… | |||
| CVE-2026-10116 | medium | 4.3 | 4.3 | 4d ago | A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_sbi_xact_add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint.… | |||
| CVE-2026-10115 | medium | 4.3 | 4.3 | 4d ago | A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial … | |||
| CVE-2026-10114 | medium | 4.3 | 4.3 | 4d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This man… | |||
| CVE-2026-10113 | medium | 4.3 | 4.3 | 4d ago | A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. The manip… | |||
| CVE-2026-48811 | medium | 4.3 | 4.3 | 4d ago | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note (private thread) from any… | |||
| CVE-2026-48810 | medium | 4.3 | 4.3 | 4d ago | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox m… | |||
| CVE-2026-49378 | medium | 4.3 | 4.3 | 4d ago | In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion | |||
| CVE-2026-49377 | medium | 4.3 | 4.3 | 4d ago | In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters | |||
| CVE-2026-49369 | medium | 4.3 | 4.3 | 4d ago | In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages | |||
| CVE-2026-32906 | medium | 4.3 | 4.3 | 4d ago | OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attacke… | |||
| CVE-2026-47696 | medium | 4.3 | 4.3 | 4d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST pa… | |||
| CVE-2026-49323 | medium | 4.3 | 4.3 | 4d ago | Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with… | |||
| CVE-2026-49322 | medium | 4.3 | 4.3 | 5d ago | Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to… | |||
| CVE-2026-8995 | medium | 4.3 | 4.3 | 5d ago | The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient acc… | |||
| CVE-2026-9955 | medium | 4.3 | 4.3 | 5d ago | Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9943 | medium | 4.3 | 4.3 | 5d ago | Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9935 | medium | 4.3 | 4.3 | 5d ago | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9930 | medium | 4.3 | 4.3 | 5d ago | Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-9929 | medium | 4.3 | 4.3 | 5d ago | Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-9921 | medium | 4.3 | 4.3 | 5d ago | Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9919 | medium | 4.3 | 4.3 | 5d ago | Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9913 | medium | 4.3 | 4.3 | 5d ago | Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security… | |||
| CVE-2026-9911 | medium | 4.3 | 4.3 | 5d ago | Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9907 | medium | 4.3 | 4.3 | 5d ago | Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10028 | medium | 4.3 | 4.3 | 5d ago | A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS b… | |||
| CVE-2026-41160 | medium | 4.3 | 4.3 | 5d ago | EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw (Broken Access Control) in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary not… | |||
| CVE-2026-40914 | medium | 4.3 | 4.3 | 5d ago | A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routi… | |||
| CVE-2026-9807 | medium | 4.3 | 4.3 | 6d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked… | |||
| CVE-2026-9015 | medium | 4.3 | 4.3 | 6d ago | The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is… | |||
| CVE-2026-8689 | medium | 4.3 | 4.3 | 6d ago | The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability … | |||
| CVE-2026-7526 | medium | 4.3 | 4.3 | 6d ago | The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue_block_assets. This makes it possible for authenticate… | |||
| CVE-2026-9618 | medium | 4.3 | 4.3 | 6d ago | The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to… | |||
| CVE-2026-8682 | medium | 4.3 | 4.3 | 6d ago | The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin … | |||
| CVE-2026-7621 | medium | 4.3 | 4.3 | 6d ago | The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying th… | |||
| CVE-2026-9798 | medium | 4.3 | 4.3 | 6d ago | A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client cr… | |||
| CVE-2026-7533 | medium | 4.3 | 4.3 | 6d ago | The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth… | |||
| CVE-2026-9791 | medium | 4.3 | 4.3 | 6d ago | A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Conne… | |||
| CVE-2026-9241 | medium | 4.3 | 4.3 | 6d ago | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due … | |||
| CVE-2026-9228 | medium | 4.3 | 4.3 | 6d ago | The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action_get_event_data due to … | |||
| CVE-2026-4888 | medium | 4.3 | 4.3 | 6d ago | The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_… | |||
| CVE-2026-2601 | medium | 4.3 | 4.3 | 6d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authentic… | |||
| CVE-2026-5296 | medium | 4.3 | 4.3 | 6d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level,… | |||
| CVE-2026-8716 | medium | 4.3 | 4.3 | 6d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authen… | |||
| CVE-2026-44323 | medium | 4.3 | 4.3 | 6d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions han… | |||
| CVE-2026-49054 | medium | 4.3 | 4.3 | 6d ago | Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2. | |||
| CVE-2026-49052 | medium | 4.3 | 4.3 | 6d ago | Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addon… | |||
| CVE-2026-49051 | medium | 4.3 | 4.3 | 6d ago | Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: … | |||
| CVE-2026-49047 | medium | 4.3 | 4.3 | 6d ago | Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27. | |||
| CVE-2026-49045 | medium | 4.3 | 4.3 | 6d ago | Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11. | |||
| CVE-2026-48973 | medium | 4.3 | 4.3 | 6d ago | Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14. | |||
| CVE-2026-1248 | medium | 4.3 | 4.3 | 6d ago | IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. | |||
| CVE-2026-9674 | medium | 4.3 | 4.3 | 6d ago | A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds. | |||
| CVE-2026-48926 | medium | 4.3 | 4.3 | 6d ago | Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of cred… | |||
| CVE-2026-48925 | medium | 4.3 | 4.3 | 6d ago | A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request. | |||
| CVE-2026-48924 | medium | 4.3 | 4.3 | 6d ago | Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks. | |||
| CVE-2026-48923 | medium | 4.3 | 4.3 | 6d ago | Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-spe… | |||
| CVE-2026-48971 | medium | 4.3 | 4.3 | 7d ago | Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Expo… | |||
| CVE-2026-8942 | medium | 4.3 | 4.3 | 7d ago | The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the metama… | |||
| CVE-2026-8708 | medium | 4.3 | 4.3 | 7d ago | The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the _options… | |||
| CVE-2026-7614 | medium | 4.3 | 4.3 | 7d ago | The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPH… | |||
| CVE-2026-8903 | medium | 4.3 | 4.3 | 7d ago | The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce… | |||
| CVE-2026-8943 | medium | 4.3 | 4.3 | 7d ago | The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gosta… | |||
| CVE-2026-8941 | medium | 4.3 | 4.3 | 7d ago | The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdl_off_opt… | |||
| CVE-2026-8938 | medium | 4.3 | 4.3 | 7d ago | The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL_… | |||
| CVE-2026-8939 | medium | 4.3 | 4.3 | 7d ago | The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the search_sim… | |||
| CVE-2026-9236 | medium | 4.3 | 4.3 | 7d ago | The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due… | |||
| CVE-2026-2255 | medium | 4.3 | 4.3 | 7d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Al… | |||
| CVE-2026-9604 | medium | 4.3 | 4.3 | 7d ago | A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improp… | |||
| CVE-2026-9583 | medium | 4.3 | 4.3 | 7d ago | A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. E… | |||
| CVE-2026-9582 | medium | 4.3 | 4.3 | 7d ago | A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site … | |||
| CVE-2026-24520 | medium | 4.3 | 4.3 | 7d ago | Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24. | |||
| CVE-2026-25444 | medium | 4.3 | 4.3 | 7d ago | Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9. | |||
| CVE-2026-44749 | medium | 4.3 | 4.3 | 7d ago | The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leadi… | |||
| CVE-2026-47728 | medium | 4.3 | 4.3 | 7d ago | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An a… | |||
| CVE-2026-46431 | medium | 4.3 | 4.3 | 7d ago | Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: * | |||
| CVE-2026-46430 | medium | 4.3 | 4.3 | 7d ago | Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS | |||
| CVE-2026-44314 | medium | 4.3 | 4.3 | 7d ago | Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.Permission(User.class, getUserId(), Device.class) and th… | |||
| CVE-2026-9566 | medium | 4.3 | 4.3 | 7d ago | A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipul… | |||
| CVE-2026-35220 | medium | 4.3 | 4.3 | 7d ago | Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. | |||
| CVE-2026-48900 | medium | 4.3 | 4.3 | 7d ago | An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. | |||
| CVE-2026-43936 | medium | 4.3 | 4.3 | 7d ago | e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "M… | |||
| CVE-2026-38587 | medium | 4.3 | 4.3 | 7d ago | An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-l… | |||
| CVE-2026-44502 | medium | 4.3 | 4.3 | 7d ago | Bunsink has an SSRF bypass in `validate_webhook_url` | |||
| CVE-2026-24638 | medium | 4.3 | 4.3 | 8d ago | Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121. | |||
| CVE-2026-9527 | medium | 4.3 | 4.3 | 8d ago | A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes … | |||
| CVE-2026-9520 | medium | 4.3 | 4.3 | 8d ago | A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the comp… | |||
| CVE-2026-9519 | medium | 4.3 | 4.3 | 8d ago | A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto… | |||
| CVE-2026-9518 | medium | 4.3 | 4.3 | 8d ago | A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file view_students.php of the component Students Controller. T… | |||
| CVE-2026-36239 | medium | 4.3 | 4.3 | 8d ago | PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality | |||
| CVE-2026-24582 | medium | 4.3 | 4.3 | 8d ago | Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0. | |||
| CVE-2026-24554 | medium | 4.3 | 4.3 | 8d ago | Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1. | |||
| CVE-2026-24527 | medium | 4.3 | 4.3 | 8d ago | Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue … | |||
| CVE-2026-24597 | medium | 4.3 | 4.3 | 8d ago | Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5. | |||
| CVE-2026-24545 | medium | 4.3 | 4.3 | 8d ago | Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3. | |||
| CVE-2026-9486 | medium | 4.3 | 4.3 | 8d ago | A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be exe… |