CVEs from 2026
Total
13,940
critical
critical 1,209
high
high 4,532
medium
medium 4,385
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1735 | medium | 4.3 | 4.3 | 4mo ago | A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is… | |||
| CVE-2026-1733 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id… | |||
| CVE-2026-1600 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-… | |||
| CVE-2026-1599 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Che… | |||
| CVE-2026-1549 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component Plugi… | |||
| CVE-2026-24636 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar … | |||
| CVE-2026-24627 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a… | |||
| CVE-2026-24598 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage … | |||
| CVE-2026-24596 | medium | 4.3 | 4.3 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts … | |||
| CVE-2026-24588 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewe… | |||
| CVE-2026-24580 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2026-24579 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This is… | |||
| CVE-2026-24578 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login… | |||
| CVE-2026-24571 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a t… | |||
| CVE-2026-24569 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library F… | |||
| CVE-2026-24567 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Ord… | |||
| CVE-2026-24564 | medium | 4.3 | 4.3 | 4mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <… | |||
| CVE-2026-24563 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.2.1. | |||
| CVE-2026-24543 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Compa… | |||
| CVE-2026-24541 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Em… | |||
| CVE-2026-24535 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Level… | |||
| CVE-2026-24534 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <… | |||
| CVE-2026-24532 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This … | |||
| CVE-2026-24524 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.8. | |||
| CVE-2026-24522 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through … | |||
| CVE-2026-24387 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Qu… | |||
| CVE-2026-24386 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue … | |||
| CVE-2026-24377 | medium | 4.3 | 4.3 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue … | |||
| CVE-2026-24371 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Every… | |||
| CVE-2026-24358 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And … | |||
| CVE-2026-24357 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a thro… | |||
| CVE-2026-24353 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from… | |||
| CVE-2026-22481 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This is… | |||
| CVE-2026-22472 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder:… | |||
| CVE-2026-22468 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolut… | |||
| CVE-2026-22458 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1… | |||
| CVE-2026-22450 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3. | |||
| CVE-2026-22359 | medium | 4.3 | 4.3 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a… | |||
| CVE-2026-1153 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack … | |||
| CVE-2026-0674 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Campaign Monitor fo… | |||
| CVE-2026-21429 | medium | 4.3 | 4.3 | 5mo ago | Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publicati… | |||
| CVE-2026-9986 | medium | 4.2 | 4.2 | 5d ago | Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via … | |||
| CVE-2026-48522 | medium | 4.2 | 4.2 | 5d ago | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registe… | |||
| CVE-2026-46424 | medium | 4.2 | 4.2 | 6d ago | Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate… | |||
| CVE-2026-9689 | medium | 4.2 | 4.2 | 6d ago | A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote at… | |||
| CVE-2026-44067 | medium | 4.2 | 4.2 | 12d ago | A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via… | |||
| CVE-2026-44065 | medium | 4.2 | 4.2 | 12d ago | An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data. | |||
| CVE-2026-44063 | medium | 4.2 | 4.2 | 12d ago | An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted fil… | |||
| CVE-2026-9110 | medium | 4.2 | 4.2 | 13d ago | Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML pag… | |||
| CVE-2026-8784 | medium | 4.2 | 4.2 | 15d ago | A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack r… | |||
| CVE-2026-8584 | medium | 4.2 | 4.2 | 19d ago | Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page… | |||
| CVE-2026-8564 | medium | 4.2 | 4.2 | 19d ago | Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-44991 | medium | 4.2 | 4.2 | 22d ago | OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners | |||
| CVE-2026-8021 | medium | 4.2 | 4.2 | 27d ago | Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafte… | |||
| CVE-2026-7996 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML … | |||
| CVE-2026-7993 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of t… | |||
| CVE-2026-7989 | medium | 4.2 | 4.2 | 27d ago | Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted H… | |||
| CVE-2026-7964 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via… | |||
| CVE-2026-7952 | medium | 4.2 | 4.2 | 27d ago | Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a c… | |||
| CVE-2026-7947 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted H… | |||
| CVE-2026-7943 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a cr… | |||
| CVE-2026-7934 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in Popup Blocker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restriction… | |||
| CVE-2026-7912 | medium | 4.2 | 4.2 | 27d ago | Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. … | |||
| CVE-2026-43883 | medium | 4.2 | 4.2 | 28d ago | AVideo: IDOR in PayPalYPT Plugin Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements | |||
| CVE-2026-5107 | medium | 4.2 | 4.2 | 2mo ago | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation le… | |||
| CVE-2026-2010 | medium | 4.2 | 4.2 | 4mo ago | A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/lo… | |||
| CVE-2026-0598 | medium | 4.2 | 4.2 | 4mo ago | A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the … | |||
| CVE-2026-1409 | medium | 4.2 | 4.2 | 4mo ago | A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper … | |||
| CVE-2026-1408 | medium | 4.2 | 4.2 | 4mo ago | A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password… | |||
| CVE-2026-1407 | medium | 4.2 | 4.2 | 4mo ago | A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unknown part of the component UART Interface. Performing a manipulation results in information disclos… | |||
| CVE-2026-10052 | medium | 4.1 | 4.1 | 4d ago | A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endp… | |||
| CVE-2026-48136 | medium | 4.1 | 4.1 | 7d ago | When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Comp… | |||
| CVE-2026-2813 | medium | 4.1 | 4.1 | 13d ago | ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitati… | |||
| CVE-2026-8736 | medium | 4.1 | 4.1 | 16d ago | A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Perfor… | |||
| CVE-2026-1163 | medium | 4.1 | 4.1 | 2mo ago | parisneo/lollms has an insufficient session expiration vulnerability | |||
| CVE-2026-28581 | medium | 4.0 | 4.0 | 15h ago | In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileg… | |||
| CVE-2026-10099 | medium | 4.0 | 4.0 | 4d ago | XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending u… | |||
| CVE-2026-21785 | medium | 4.0 | 4.0 | 6d ago | A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass i… | |||
| CVE-2026-44430 | medium | 4.0 | 4.0 | 19d ago | MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist | |||
| CVE-2026-43968 | medium | 4.0 | 4.0 | 22d ago | ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values | |||
| CVE-2026-28882 | medium | 4.0 | 4.0 | 23d ago | visionOS 26.4 | |||
| CVE-2026-42798 | medium | 4.0 | 4.0 | 1mo ago | Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. | |||
| CVE-2026-41403 | medium | 4.0 | 4.0 | 1mo ago | OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled | |||
| CVE-2026-5507 | medium | 4.0 | 4.0 | 2mo ago | When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary… | |||
| CVE-2026-28826 | medium | 4.0 | 4.0 | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-30963 | low | 3.9 | 3.9 | 5d ago | Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate … | |||
| CVE-2026-44069 | low | 3.9 | 3.9 | 12d ago | An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption vi… | |||
| CVE-2026-27964 | low | 3.9 | 3.9 | 26d ago | FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation | |||
| CVE-2026-10299 | low | 3.8 | 3.8 | 14h ago | A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument … | |||
| CVE-2026-40528 | low | 3.8 | 3.8 | 4d ago | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memor… | |||
| CVE-2026-40510 | low | 3.8 | 3.8 | 4d ago | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trig… | |||
| CVE-2026-6816 | low | 3.8 | 3.8 | 5d ago | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins… | |||
| CVE-2026-44410 | low | 3.8 | 3.8 | 7d ago | This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out ma… | |||
| CVE-2026-6334 | low | 3.8 | 3.8 | 15d ago | Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow | |||
| CVE-2026-6923 | low | 3.8 | 3.8 | 19d ago | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | |||
| CVE-2026-33585 | low | 3.8 | 3.8 | 20d ago | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.… | |||
| CVE-2026-44459 | low | 3.8 | 3.8 | 20d ago | Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify() | |||
| CVE-2026-34094 | low | 3.8 | 3.8 | 22d ago | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | |||
| CVE-2026-44987 | low | 3.8 | 3.8 | 25d ago | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th… | |||
| CVE-2026-4222 | low | 3.8 | 3.8 | 3mo ago | A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of t… |