CVEs from 2026
Total
14,003
critical
critical 1,216
high
high 4,577
medium
medium 4,408
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 503
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6256 | medium | 6.4 | 6.4 | 21d ago | The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficie… | |||
| CVE-2026-6247 | medium | 6.4 | 6.4 | 21d ago | The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due… | |||
| CVE-2026-6237 | medium | 6.4 | 6.4 | 21d ago | The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient inp… | |||
| CVE-2026-5715 | medium | 6.4 | 6.4 | 21d ago | The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insuffic… | |||
| CVE-2026-5340 | medium | 6.4 | 6.4 | 21d ago | The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input … | |||
| CVE-2026-4920 | medium | 6.4 | 6.4 | 21d ago | The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization … | |||
| CVE-2026-4859 | medium | 6.4 | 6.4 | 21d ago | The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 du… | |||
| CVE-2026-2300 | medium | 6.4 | 6.4 | 21d ago | The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. This is due to the use of regex-base… | |||
| CVE-2026-41591 | medium | 6.4 | 6.4 | 25d ago | Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping | |||
| CVE-2026-7650 | medium | 6.4 | 6.4 | 25d ago | The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode in all versions up to, and includi… | |||
| CVE-2026-7475 | medium | 6.4 | 6.4 | 25d ago | The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sky-custom-scripts` custom post type in all versions up to, and including, 3.3.2. This is due to the custom p… | |||
| CVE-2026-5341 | medium | 6.4 | 6.4 | 25d ago | The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `strava_nmr_connect` shortcode in all versions up to, and including, 1.0.14 due to insuffi… | |||
| CVE-2026-20169 | medium | 6.4 | 6.4 | 27d ago | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a r… | |||
| CVE-2026-7457 | medium | 6.4 | 6.4 | 27d ago | The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profi… | |||
| CVE-2026-6672 | medium | 6.4 | 6.4 | 27d ago | The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to… | |||
| CVE-2026-43876 | medium | 6.4 | 6.4 | 28d ago | AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to Channel Subscribers | |||
| CVE-2026-5159 | medium | 6.4 | 6.4 | 29d ago | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, … | |||
| CVE-2026-4665 | medium | 6.4 | 6.4 | 29d ago | The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, 2.7.10. This is due to the … | |||
| CVE-2026-2948 | medium | 6.4 | 6.4 | 29d ago | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() fun… | |||
| CVE-2026-6255 | medium | 6.4 | 6.4 | 29d ago | The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owls_wrapper' shortcode in all versions up to, and including, 2.1.1 due to … | |||
| CVE-2026-5505 | medium | 6.4 | 6.4 | 29d ago | The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sani… | |||
| CVE-2026-4730 | medium | 6.4 | 6.4 | 29d ago | The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'chartid' shortcode attribute in all v… | |||
| CVE-2026-2868 | medium | 6.4 | 6.4 | 29d ago | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and includi… | |||
| CVE-2026-0703 | medium | 6.4 | 6.4 | 1mo ago | The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all versions up to, and includ… | |||
| CVE-2026-6916 | medium | 6.4 | 6.4 | 1mo ago | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sg_content_number_prefix' param… | |||
| CVE-2026-4658 | medium | 6.4 | 6.4 | 1mo ago | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in th… | |||
| CVE-2026-7209 | medium | 6.4 | 6.4 | 1mo ago | The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to in… | |||
| CVE-2026-6378 | medium | 6.4 | 6.4 | 1mo ago | The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to i… | |||
| CVE-2026-6127 | medium | 6.4 | 6.4 | 1mo ago | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. This is due to insufficient… | |||
| CVE-2026-41174 | medium | 6.4 | 6.4 | 1mo ago | Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding | |||
| CVE-2026-3346 | medium | 6.4 | 6.4 | 1mo ago | IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus al… | |||
| CVE-2026-4805 | medium | 6.4 | 6.4 | 1mo ago | The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundle… | |||
| CVE-2026-6809 | medium | 6.4 | 6.4 | 1mo ago | The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sa… | |||
| CVE-2026-6725 | medium | 6.4 | 6.4 | 1mo ago | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all versions up to, and incl… | |||
| CVE-2026-6551 | medium | 6.4 | 6.4 | 1mo ago | The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to,… | |||
| CVE-2026-4752 | medium | 6.4 | 6.4 | 2mo ago | Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329. | |||
| CVE-2026-1410 | medium | 6.4 | 6.4 | 4mo ago | A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attac… | |||
| CVE-2026-7299 | medium | 6.3 | 6.3 | 56 min ago | Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a … | |||
| CVE-2026-10581 | medium | 6.3 | 6.3 | 13h ago | A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side … | |||
| CVE-2026-10568 | medium | 6.3 | 6.3 | 14h ago | A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection.… | |||
| CVE-2026-10559 | medium | 6.3 | 6.3 | 15h ago | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to fil… | |||
| CVE-2026-10558 | medium | 6.3 | 6.3 | 15h ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in fi… | |||
| CVE-2026-10550 | medium | 6.3 | 6.3 | 15h ago | A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argum… | |||
| CVE-2026-10302 | medium | 6.3 | 6.3 | 17h ago | A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the argument ID can lead to sql … | |||
| CVE-2026-10297 | medium | 6.3 | 6.3 | 18h ago | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It … | |||
| CVE-2026-10296 | medium | 6.3 | 6.3 | 18h ago | A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Usernam… | |||
| CVE-2026-10286 | medium | 6.3 | 6.3 | 22h ago | A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results in sql injection. The attack ma… | |||
| CVE-2026-45283 | medium | 6.3 | 6.3 | 22h ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ow… | |||
| CVE-2026-10283 | medium | 6.3 | 6.3 | 22h ago | A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote… | |||
| CVE-2026-10279 | medium | 6.3 | 6.3 | 22h ago | A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pan… | |||
| CVE-2026-10278 | medium | 6.3 | 6.3 | 22h ago | A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argum… | |||
| CVE-2026-10277 | medium | 6.3 | 6.3 | 22h ago | A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP G… | |||
| CVE-2026-10276 | medium | 6.3 | 6.3 | 22h ago | A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bu… | |||
| CVE-2026-45157 | medium | 6.3 | 6.3 | 1d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of… | |||
| CVE-2026-10274 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the comp… | |||
| CVE-2026-10271 | medium | 6.3 | 6.3 | 1d ago | A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint.… | |||
| CVE-2026-10269 | medium | 6.3 | 6.3 | 1d ago | A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The … | |||
| CVE-2026-10265 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_topic.php. Such manipulation of the argument… | |||
| CVE-2026-10258 | medium | 6.3 | 6.3 | 1d ago | A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add_sub_topic.php. This manipulation of the argument topic_id causes s… | |||
| CVE-2026-10257 | medium | 6.3 | 6.3 | 1d ago | A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update_ss_img.php. The manipulation of the argument to… | |||
| CVE-2026-10256 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save_comment.php. The manipulation of the argument Name leads to sql… | |||
| CVE-2026-25599 | medium | 6.3 | 6.3 | 1d ago | Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that ena… | |||
| CVE-2026-10242 | medium | 6.3 | 6.3 | 1d ago | A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topic_id causes sql inj… | |||
| CVE-2026-10241 | medium | 6.3 | 6.3 | 1d ago | A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the comp… | |||
| CVE-2026-10240 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side … | |||
| CVE-2026-10239 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request … | |||
| CVE-2026-10235 | medium | 6.3 | 6.3 | 1d ago | A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument… | |||
| CVE-2026-10217 | medium | 6.3 | 6.3 | 2d ago | A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts_config.go of the component RoleAdmin Gateway. This manipul… | |||
| CVE-2026-10223 | medium | 6.3 | 6.3 | 2d ago | A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The a… | |||
| CVE-2026-10212 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads… | |||
| CVE-2026-10211 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py. This manipulation causes i… | |||
| CVE-2026-10210 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation… | |||
| CVE-2026-10209 | medium | 6.3 | 6.3 | 2d ago | A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The mani… | |||
| CVE-2026-10205 | medium | 6.3 | 6.3 | 2d ago | A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to un… | |||
| CVE-2026-10204 | medium | 6.3 | 6.3 | 2d ago | A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the c… | |||
| CVE-2026-10203 | medium | 6.3 | 6.3 | 2d ago | A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the comp… | |||
| CVE-2026-10202 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the com… | |||
| CVE-2026-10194 | medium | 6.3 | 6.3 | 2d ago | A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp… | |||
| CVE-2026-10193 | medium | 6.3 | 6.3 | 2d ago | A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the c… | |||
| CVE-2026-10182 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee … | |||
| CVE-2026-10180 | medium | 6.3 | 6.3 | 2d ago | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection.… | |||
| CVE-2026-10176 | medium | 6.3 | 6.3 | 2d ago | A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injec… | |||
| CVE-2026-10177 | medium | 6.3 | 6.3 | 2d ago | A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads … | |||
| CVE-2026-10175 | medium | 6.3 | 6.3 | 2d ago | A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipul… | |||
| CVE-2026-10174 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-comm… | |||
| CVE-2026-10172 | medium | 6.3 | 6.3 | 2d ago | A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php… | |||
| CVE-2026-10170 | medium | 6.3 | 6.3 | 2d ago | A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone ca… | |||
| CVE-2026-10168 | medium | 6.3 | 6.3 | 3d ago | A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file appl… | |||
| CVE-2026-10166 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of t… | |||
| CVE-2026-10152 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.ja… | |||
| CVE-2026-10127 | medium | 6.3 | 6.3 | 3d ago | A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the … | |||
| CVE-2026-9831 | medium | 6.3 | 6.3 | 4d ago | A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with… | |||
| CVE-2026-44287 | medium | 6.3 | 6.3 | 4d ago | FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.t… | |||
| CVE-2026-10101 | medium | 6.3 | 6.3 | 4d ago | ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterR… | |||
| CVE-2026-10064 | medium | 6.3 | 6.3 | 4d ago | A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name r… | |||
| CVE-2026-10061 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The atta… | |||
| CVE-2026-10060 | medium | 6.3 | 6.3 | 4d ago | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to comma… | |||
| CVE-2026-9989 | medium | 6.3 | 6.3 | 5d ago | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High) | |||
| CVE-2026-46416 | medium | 6.3 | 6.3 | 6d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for mult… | |||
| CVE-2026-47270 | medium | 6.3 | 6.3 | 6d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage… |