CVEs from 2026
Total
13,296
critical
critical 1,107
high
high 3,912
medium
medium 3,963
low
low 413
% Critical
8.3%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 298
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-5569 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper a… | |
| CVE-2026-5562 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation lea… | |
| CVE-2026-5526 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation result… | |
| CVE-2026-23450 | critical | 9.8 | 9.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_… | |
| CVE-2026-5368 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the… | |
| CVE-2026-5334 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This … | |
| CVE-2026-5333 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host res… | |
| CVE-2026-5244 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pu… | |
| CVE-2026-34159 | critical | 9.8 | 9.8 | 2mo ago | llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthentica… | |
| CVE-2026-5257 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulati… | |
| CVE-2026-5256 | critical | 9.8 | 9.8 | 2mo ago | A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument… | |
| CVE-2026-5183 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead… | |
| CVE-2026-5176 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provid… | |
| CVE-2026-5035 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en… | |
| CVE-2026-5034 | critical | 9.8 | 9.8 | 2mo ago | A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation… | |
| CVE-2026-5033 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The … | |
| CVE-2026-5030 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipul… | |
| CVE-2026-5020 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The ma… | |
| CVE-2026-5019 | critical | 9.8 | 9.8 | 2mo ago | A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parame… | |
| CVE-2026-5018 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulat… | |
| CVE-2026-5017 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manip… | |
| CVE-2026-4965 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performin… | |
| CVE-2026-22738 | critical | 9.8 | 9.8 | 2mo ago | Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key | |
| CVE-2026-4908 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of … | |
| CVE-2026-4809 | critical | 9.8 | 9.8 | 2mo ago | plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling… | |
| CVE-2026-4850 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of… | |
| CVE-2026-4698 | critical | 9.8 | 9.8 | 2mo ago | Important: thunderbird security update | |
| CVE-2026-4784 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argum… | |
| CVE-2026-31851 | critical | 9.8 | 9.8 | 2mo ago | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authent… | |
| CVE-2026-31848 | critical | 9.8 | 9.8 | 2mo ago | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the e… | |
| CVE-2026-4581 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the ar… | |
| CVE-2026-4580 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulati… | |
| CVE-2026-4579 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the ar… | |
| CVE-2026-29796 | critical | 9.8 | 9.8 | 2mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… | |
| CVE-2026-25192 | critical | 9.8 | 9.8 | 2mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… | |
| CVE-2026-4499 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be laun… | |
| CVE-2026-4497 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command in… | |
| CVE-2026-4473 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment_action.php. The manipulation of the argume… | |
| CVE-2026-4472 | critical | 9.8 | 9.8 | 2mo ago | A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulatio… | |
| CVE-2026-4471 | critical | 9.8 | 9.8 | 2mo ago | A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin_edit_employee.php. Executing a manipulation of the argume… | |
| CVE-2026-4470 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a … | |
| CVE-2026-4469 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_edit_menu_action.php. Such … | |
| CVE-2026-3548 | critical | 9.8 | 9.8 | 2mo ago | Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string… | |
| CVE-2026-27542 | critical | 9.8 | 9.8 | 2mo ago | Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege Escalation.This issue affects Woocommerce… | |
| CVE-2026-4319 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the ar… | |
| CVE-2026-4228 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the file /goform/set_wifi. The manipulation results in command injection. It is possible to launch the… | |
| CVE-2026-4223 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads t… | |
| CVE-2026-4210 | critical | 9.8 | 9.8 | 2mo ago | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, D… | |
| CVE-2026-4209 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |
| CVE-2026-4207 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |
| CVE-2026-4206 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, … | |
| CVE-2026-4205 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |
| CVE-2026-4204 | critical | 9.8 | 9.8 | 2mo ago | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-… | |
| CVE-2026-4203 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-… | |
| CVE-2026-4197 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, … | |
| CVE-2026-4196 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |
| CVE-2026-4195 | critical | 9.8 | 9.8 | 2mo ago | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-… | |
| CVE-2026-4194 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-… | |
| CVE-2026-4180 | critical | 9.8 | 9.8 | 2mo ago | A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id le… | |
| CVE-2026-32746 | critical | 9.8 | 9.8 | 3mo ago | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | |
| CVE-2026-4014 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulat… | |
| CVE-2026-3981 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID resu… | |
| CVE-2026-3980 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_… | |
| CVE-2026-1524 | critical | 9.8 | 9.8 | 3mo ago | An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or mo… | |
| CVE-2026-30903 | critical | 9.8 | 9.8 | 3mo ago | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. | |
| CVE-2026-3944 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql in… | |
| CVE-2026-27842 | critical | 9.8 | 9.8 | 3mo ago | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. | |
| CVE-2026-24448 | critical | 9.8 | 9.8 | 3mo ago | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. | |
| CVE-2026-29515 | critical | 9.8 | 9.8 | 3mo ago | MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send a… | |
| CVE-2026-3843 | critical | 9.8 | 9.8 | 3mo ago | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially cra… | |
| CVE-2026-30930 | critical | 9.8 | 9.8 | 3mo ago | Glances has SQL Injection via Process Names in TimescaleDB Export | |
| CVE-2026-23240 | critical | 9.8 | 9.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync… | |
| CVE-2026-3818 | critical | 9.8 | 9.8 | 3mo ago | A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql inje… | |
| CVE-2026-3813 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_… | |
| CVE-2026-3795 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path tr… | |
| CVE-2026-3794 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper auth… | |
| CVE-2026-3765 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql i… | |
| CVE-2026-3762 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The m… | |
| CVE-2026-3760 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. Performing a manipulation of the argument seme res… | |
| CVE-2026-3759 | critical | 9.8 | 9.8 | 3mo ago | A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm lead… | |
| CVE-2026-3758 | critical | 9.8 | 9.8 | 3mo ago | A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument I… | |
| CVE-2026-3757 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm… | |
| CVE-2026-3747 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument su… | |
| CVE-2026-3746 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of th… | |
| CVE-2026-3744 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql i… | |
| CVE-2026-3740 | critical | 9.8 | 9.8 | 3mo ago | A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_… | |
| CVE-2026-3736 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulati… | |
| CVE-2026-3735 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulati… | |
| CVE-2026-3730 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performi… | |
| CVE-2026-3723 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno … | |
| CVE-2026-3709 | critical | 9.8 | 9.8 | 3mo ago | A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username … | |
| CVE-2026-3708 | critical | 9.8 | 9.8 | 3mo ago | A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argu… | |
| CVE-2026-3705 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno … | |
| CVE-2026-3696 | critical | 9.8 | 9.8 | 3mo ago | A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a ma… | |
| CVE-2026-26288 | critical | 9.8 | 9.8 | 3mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… | |
| CVE-2026-26051 | critical | 9.8 | 9.8 | 3mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… | |
| CVE-2026-22552 | critical | 9.8 | 9.8 | 3mo ago | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co… | |
| CVE-2026-28474 | critical | 9.8 | 9.8 | 3mo ago | Nextcloud Talk allowlist bypass via actor.name display name spoofing | |
| CVE-2026-2743 | critical | 9.8 | 9.8 | 3mo ago | Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 … | |
| CVE-2026-22417 | critical | 9.8 | 9.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through < 3.1.11. |