CVEs from 2026
Total
13,880
critical
critical 1,207
high
high 4,522
medium
medium 4,333
low
low 475
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7701 | medium | 4.3 | 4.3 | 29d ago | A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the compon… | |||
| CVE-2026-7680 | medium | 4.3 | 4.3 | 1mo ago | A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipu… | |||
| CVE-2026-7676 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/control… | |||
| CVE-2026-7643 | medium | 4.3 | 4.3 | 1mo ago | A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cros… | |||
| CVE-2026-7601 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denia… | |||
| CVE-2026-7596 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py … | |||
| CVE-2026-7587 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. T… | |||
| CVE-2026-7586 | medium | 4.3 | 4.3 | 1mo ago | A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. … | |||
| CVE-2026-7585 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manip… | |||
| CVE-2026-23866 | medium | 4.3 | 4.3 | 1mo ago | Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigg… | |||
| CVE-2026-7583 | medium | 4.3 | 4.3 | 1mo ago | A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsf_sess_find_by_ipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Pr… | |||
| CVE-2026-7581 | medium | 4.3 | 4.3 | 1mo ago | A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to pe… | |||
| CVE-2026-3140 | medium | 4.3 | 4.3 | 1mo ago | The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'hand… | |||
| CVE-2026-7535 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was found in Open5GS up to 2.7.7. This affects the function amf_namf_comm_handle_registration_status_update_request in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-con… | |||
| CVE-2026-7518 | medium | 4.3 | 4.3 | 1mo ago | A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify of the file /namf-callback/v1/{id}/sdmsubscription-notify of the componen… | |||
| CVE-2026-36757 | medium | 4.3 | 4.3 | 1mo ago | A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | |||
| CVE-2026-36758 | medium | 4.3 | 4.3 | 1mo ago | A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | |||
| CVE-2026-7401 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the com… | |||
| CVE-2026-6915 | medium | 4.3 | 4.3 | 1mo ago | An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect h… | |||
| CVE-2026-42525 | medium | 4.3 | 4.3 | 1mo ago | Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability | |||
| CVE-2026-42522 | medium | 4.3 | 4.3 | 1mo ago | Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test | |||
| CVE-2026-42519 | medium | 4.3 | 4.3 | 1mo ago | Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths | |||
| CVE-2026-42648 | medium | 4.3 | 4.3 | 1mo ago | Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from … | |||
| CVE-2026-42645 | medium | 4.3 | 4.3 | 1mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders al… | |||
| CVE-2026-23773 | medium | 4.3 | 4.3 | 1mo ago | Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vu… | |||
| CVE-2026-7340 | medium | 4.3 | 4.3 | 1mo ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-41910 | medium | 4.3 | 4.3 | 1mo ago | OpenClaw: /allowlist omits owner-only enforcement for cross-channel allowlist writes | |||
| CVE-2026-7309 | medium | 4.3 | 4.3 | 1mo ago | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-bu… | |||
| CVE-2026-7230 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in cross site scripting. The attac… | |||
| CVE-2026-7200 | medium | 4.3 | 4.3 | 1mo ago | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of th… | |||
| CVE-2026-41362 | medium | 4.3 | 4.3 | 1mo ago | OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attacke… | |||
| CVE-2026-7144 | medium | 4.3 | 4.3 | 1mo ago | A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp… | |||
| CVE-2026-7129 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of the argume… | |||
| CVE-2026-7116 | medium | 4.3 | 4.3 | 1mo ago | A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation results in c… | |||
| CVE-2026-7108 | medium | 4.3 | 4.3 | 1mo ago | A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be p… | |||
| CVE-2026-7095 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site s… | |||
| CVE-2026-7089 | medium | 4.3 | 4.3 | 1mo ago | A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The man… | |||
| CVE-2026-7086 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulatio… | |||
| CVE-2026-33566 | medium | 4.3 | 4.3 | 1mo ago | There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered. | |||
| CVE-2026-29197 | medium | 4.3 | 4.3 | 1mo ago | In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing… | |||
| CVE-2026-41350 | medium | 4.3 | 4.3 | 1mo ago | OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invoc… | |||
| CVE-2026-41339 | medium | 4.3 | 4.3 | 1mo ago | OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients | |||
| CVE-2026-6874 | medium | 4.3 | 4.3 | 1mo ago | copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action | |||
| CVE-2026-42085 | medium | 4.3 | 4.3 | 1mo ago | OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames | |||
| CVE-2026-5512 | medium | 4.3 | 4.3 | 1mo ago | An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobil… | |||
| CVE-2026-32147 | medium | 4.3 | 4.3 | 1mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside t… | |||
| CVE-2026-6636 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulati… | |||
| CVE-2026-6601 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation o… | |||
| CVE-2026-6598 | medium | 4.3 | 4.3 | 1mo ago | Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint | |||
| CVE-2026-6591 | medium | 4.3 | 4.3 | 1mo ago | A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argum… | |||
| CVE-2026-6590 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in… | |||
| CVE-2026-6589 | medium | 4.3 | 4.3 | 1mo ago | A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery… | |||
| CVE-2026-6564 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is … | |||
| CVE-2026-40486 | medium | 4.3 | 4.3 | 2mo ago | Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate | |||
| CVE-2026-6487 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument pa… | |||
| CVE-2026-6362 | medium | 4.3 | 4.3 | 2mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: H… | |||
| CVE-2026-6298 | medium | 4.3 | 4.3 | 2mo ago | Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-40786 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <=… | |||
| CVE-2026-40729 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D M… | |||
| CVE-2026-40728 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a th… | |||
| CVE-2026-33829 | medium | 4.3 | 4.3 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-34262 | medium | 4.3 | 4.3 | 2mo ago | Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | |||
| CVE-2026-6159 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such ma… | |||
| CVE-2026-6150 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross s… | |||
| CVE-2026-33118 | medium | 4.3 | 4.3 | 2mo ago | Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||
| CVE-2026-6035 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipu… | |||
| CVE-2026-6034 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the a… | |||
| CVE-2026-6032 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in c… | |||
| CVE-2026-5448 | medium | 4.3 | 4.3 | 2mo ago | X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. Th… | |||
| CVE-2026-5826 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can… | |||
| CVE-2026-5825 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid resul… | |||
| CVE-2026-5911 | medium | 4.3 | 4.3 | 2mo ago | Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-5867 | medium | 4.3 | 4.3 | 2mo ago | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-39653 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This is… | |||
| CVE-2026-39627 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266. | |||
| CVE-2026-39592 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n… | |||
| CVE-2026-39572 | medium | 4.3 | 4.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Ret… | |||
| CVE-2026-39566 | medium | 4.3 | 4.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects Dire… | |||
| CVE-2026-39565 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a t… | |||
| CVE-2026-39506 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a th… | |||
| CVE-2026-39477 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2… | |||
| CVE-2026-39469 | medium | 4.3 | 4.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from … | |||
| CVE-2026-5705 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such m… | |||
| CVE-2026-5671 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/delete_batch.… | |||
| CVE-2026-5630 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cr… | |||
| CVE-2026-5625 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interfa… | |||
| CVE-2026-5624 | medium | 4.3 | 4.3 | 2mo ago | A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack m… | |||
| CVE-2026-5615 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argume… | |||
| CVE-2026-5572 | medium | 4.3 | 4.3 | 2mo ago | A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can … | |||
| CVE-2026-5542 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation o… | |||
| CVE-2026-5541 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipu… | |||
| CVE-2026-5539 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firs… | |||
| CVE-2026-5533 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Han… | |||
| CVE-2026-5529 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipul… | |||
| CVE-2026-28736 | medium | 4.3 | 4.3 | 2mo ago | Focalboard doesn't validate file ownership when serving uploaded files | |||
| CVE-2026-5321 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-… | |||
| CVE-2026-5319 | medium | 4.3 | 4.3 | 2mo ago | A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads t… | |||
| CVE-2026-5318 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation … | |||
| CVE-2026-5313 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to deni… | |||
| CVE-2026-5240 | medium | 4.3 | 4.3 | 2mo ago | A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads … |