CVEs from 2026
Total
13,939
critical
critical 1,209
high
high 4,531
medium
medium 4,385
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6601 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation o… | |||
| CVE-2026-6598 | medium | 4.3 | 4.3 | 1mo ago | Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint | |||
| CVE-2026-6591 | medium | 4.3 | 4.3 | 1mo ago | A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argum… | |||
| CVE-2026-6590 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in… | |||
| CVE-2026-6589 | medium | 4.3 | 4.3 | 1mo ago | A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery… | |||
| CVE-2026-6564 | medium | 4.3 | 4.3 | 1mo ago | A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is … | |||
| CVE-2026-40486 | medium | 4.3 | 4.3 | 2mo ago | Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate | |||
| CVE-2026-6487 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument pa… | |||
| CVE-2026-6362 | medium | 4.3 | 4.3 | 2mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: H… | |||
| CVE-2026-6298 | medium | 4.3 | 4.3 | 2mo ago | Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-40786 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <=… | |||
| CVE-2026-40729 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D M… | |||
| CVE-2026-40728 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a th… | |||
| CVE-2026-34262 | medium | 4.3 | 4.3 | 2mo ago | Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | |||
| CVE-2026-6159 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such ma… | |||
| CVE-2026-6150 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross s… | |||
| CVE-2026-33118 | medium | 4.3 | 4.3 | 2mo ago | Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||
| CVE-2026-6035 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipu… | |||
| CVE-2026-6034 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the a… | |||
| CVE-2026-6032 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in c… | |||
| CVE-2026-5448 | medium | 4.3 | 4.3 | 2mo ago | X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. Th… | |||
| CVE-2026-5826 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can… | |||
| CVE-2026-5825 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid resul… | |||
| CVE-2026-5911 | medium | 4.3 | 4.3 | 2mo ago | Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-5867 | medium | 4.3 | 4.3 | 2mo ago | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-39653 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This is… | |||
| CVE-2026-39627 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266. | |||
| CVE-2026-39592 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n… | |||
| CVE-2026-39572 | medium | 4.3 | 4.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Ret… | |||
| CVE-2026-39566 | medium | 4.3 | 4.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects Dire… | |||
| CVE-2026-39565 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a t… | |||
| CVE-2026-39506 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a th… | |||
| CVE-2026-39477 | medium | 4.3 | 4.3 | 2mo ago | Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2… | |||
| CVE-2026-39469 | medium | 4.3 | 4.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from … | |||
| CVE-2026-5705 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such m… | |||
| CVE-2026-5671 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/delete_batch.… | |||
| CVE-2026-5630 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cr… | |||
| CVE-2026-5625 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interfa… | |||
| CVE-2026-5624 | medium | 4.3 | 4.3 | 2mo ago | A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack m… | |||
| CVE-2026-5615 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argume… | |||
| CVE-2026-5572 | medium | 4.3 | 4.3 | 2mo ago | A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can … | |||
| CVE-2026-5542 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation o… | |||
| CVE-2026-5541 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipu… | |||
| CVE-2026-5539 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firs… | |||
| CVE-2026-5533 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Han… | |||
| CVE-2026-5529 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipul… | |||
| CVE-2026-28736 | medium | 4.3 | 4.3 | 2mo ago | Focalboard doesn't validate file ownership when serving uploaded files | |||
| CVE-2026-5321 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-… | |||
| CVE-2026-5319 | medium | 4.3 | 4.3 | 2mo ago | A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads t… | |||
| CVE-2026-5318 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation … | |||
| CVE-2026-5313 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to deni… | |||
| CVE-2026-5240 | medium | 4.3 | 4.3 | 2mo ago | A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads … | |||
| CVE-2026-5157 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the ar… | |||
| CVE-2026-5031 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the a… | |||
| CVE-2026-5015 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename cause… | |||
| CVE-2026-4992 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulati… | |||
| CVE-2026-4971 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried… | |||
| CVE-2026-4968 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The… | |||
| CVE-2026-4898 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the ar… | |||
| CVE-2026-4877 | medium | 4.3 | 4.3 | 2mo ago | A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page result… | |||
| CVE-2026-4848 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function of the file /admin/extend/list.html. Executing a manipulation of the argument Name can lead to cros… | |||
| CVE-2026-4847 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results i… | |||
| CVE-2026-4846 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknown function of the file channel/admin.Account/autoReply.html. Such manipulation of the argument keyw… | |||
| CVE-2026-4845 | medium | 4.3 | 4.3 | 2mo ago | A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the file /admin/Member/index.html. This manipulation of the argument Search causes cross site scripting. I… | |||
| CVE-2026-28861 | medium | 4.3 | 4.3 | 2mo ago | Safari 26.4 | |||
| CVE-2026-33326 | medium | 4.3 | 4.3 | 2mo ago | @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix) | |||
| CVE-2026-4563 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detai… | |||
| CVE-2026-4557 | medium | 4.3 | 4.3 | 2mo ago | A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in c… | |||
| CVE-2026-4510 | medium | 4.3 | 4.3 | 2mo ago | A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipu… | |||
| CVE-2026-32736 | medium | 4.3 | 4.3 | 3mo ago | The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference (IDOR) vulnerability in versions of the wiki prior to 1.0.0 exposes … | |||
| CVE-2026-4307 | medium | 4.3 | 4.3 | 3mo ago | A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path trav… | |||
| CVE-2026-4233 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation… | |||
| CVE-2026-32461 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simp… | |||
| CVE-2026-32408 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23. | |||
| CVE-2026-32394 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pu… | |||
| CVE-2026-32386 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.… | |||
| CVE-2026-3993 | medium | 4.3 | 4.3 | 3mo ago | A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the… | |||
| CVE-2026-3990 | medium | 4.3 | 4.3 | 3mo ago | A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argum… | |||
| CVE-2026-3982 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of t… | |||
| CVE-2026-3962 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning-W… | |||
| CVE-2026-3951 | medium | 4.3 | 4.3 | 3mo ago | A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Resp… | |||
| CVE-2026-29773 | medium | 4.3 | 4.3 | 3mo ago | Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding in github.com/kubewarden/kubewarden-controller | |||
| CVE-2026-2919 | medium | 4.3 | 4.3 | 3mo ago | Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the… | |||
| CVE-2026-28080 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through 3.0.9… | |||
| CVE-2026-3610 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL … | |||
| CVE-2026-3286 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/i… | |||
| CVE-2026-3268 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttribute… | |||
| CVE-2026-3188 | medium | 4.3 | 4.3 | 3mo ago | A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a m… | |||
| CVE-2026-3186 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the compo… | |||
| CVE-2026-2943 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of th… | |||
| CVE-2026-27056 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <=… | |||
| CVE-2026-25387 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optim… | |||
| CVE-2026-2704 | medium | 4.3 | 4.3 | 3mo ago | A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the compone… | |||
| CVE-2026-2683 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipul… | |||
| CVE-2026-2658 | medium | 4.3 | 4.3 | 3mo ago | A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation resu… | |||
| CVE-2026-2216 | medium | 4.3 | 4.3 | 4mo ago | A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to p… | |||
| CVE-2026-2111 | medium | 4.3 | 4.3 | 4mo ago | A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Mod… | |||
| CVE-2026-1835 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation leads to cross-site request forgery. The attack is poss… | |||
| CVE-2026-20704 | medium | 4.3 | 4.3 | 4mo ago | Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed. | |||
| CVE-2026-1745 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the a… |