CVEs from 2026
Total
14,078
critical
critical 1,229
high
high 4,627
medium
medium 4,434
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3961 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py… | |||
| CVE-2026-3958 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulatio… | |||
| CVE-2026-3955 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpo… | |||
| CVE-2026-3739 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAcc… | |||
| CVE-2026-3738 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improp… | |||
| CVE-2026-3737 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipu… | |||
| CVE-2026-3733 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulati… | |||
| CVE-2026-3697 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Ex… | |||
| CVE-2026-3683 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manip… | |||
| CVE-2026-3682 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads t… | |||
| CVE-2026-3681 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-… | |||
| CVE-2026-3680 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation resu… | |||
| CVE-2026-3672 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The a… | |||
| CVE-2026-3616 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation … | |||
| CVE-2026-28230 | medium | 6.3 | 6.3 | 3mo ago | SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transac… | |||
| CVE-2026-3209 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper … | |||
| CVE-2026-2985 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a m… | |||
| CVE-2026-2963 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the … | |||
| CVE-2026-2860 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeControl… | |||
| CVE-2026-2852 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse… | |||
| CVE-2026-2849 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repo… | |||
| CVE-2026-2819 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workf… | |||
| CVE-2026-2676 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component … | |||
| CVE-2026-2665 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. P… | |||
| CVE-2026-2663 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the co… | |||
| CVE-2026-2560 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview … | |||
| CVE-2026-2558 | medium | 6.3 | 6.3 | 4mo ago | A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request for… | |||
| CVE-2026-2556 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoi… | |||
| CVE-2026-2553 | medium | 6.3 | 6.3 | 4mo ago | A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POS… | |||
| CVE-2026-2548 | medium | 6.3 | 6.3 | 4mo ago | A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead … | |||
| CVE-2026-2536 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. … | |||
| CVE-2026-2074 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation le… | |||
| CVE-2026-1977 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component v… | |||
| CVE-2026-1623 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injecti… | |||
| CVE-2026-1601 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileNam… | |||
| CVE-2026-1218 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Perform… | |||
| CVE-2026-1126 | medium | 6.3 | 6.3 | 5mo ago | A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\… | |||
| CVE-2026-0843 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Suc… | |||
| CVE-2026-0842 | medium | 6.3 | 6.3 | 5mo ago | A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The a… | |||
| CVE-2026-0055 | medium | 6.2 | 6.2 | 1d ago | In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to lo… | |||
| CVE-2026-0046 | medium | 6.2 | 6.2 | 1d ago | In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no… | |||
| CVE-2026-0009 | medium | 6.2 | 6.2 | 1d ago | In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti… | |||
| CVE-2026-8594 | medium | 6.2 | 6.2 | 3d ago | Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters (such… | |||
| CVE-2026-42328 | medium | 6.2 | 6.2 | 6d ago | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on … | |||
| CVE-2026-23679 | medium | 6.2 | 6.2 | 6d ago | libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla… | |||
| CVE-2026-2237 | medium | 6.2 | 6.2 | 7d ago | A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive inf… | |||
| CVE-2026-48696 | medium | 6.2 | 6.2 | 8d ago | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. | |||
| CVE-2026-42627 | medium | 6.2 | 6.2 | 11d ago | In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based … | |||
| CVE-2026-36189 | medium | 6.2 | 6.2 | 12d ago | Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial… | |||
| CVE-2026-38719 | medium | 6.2 | 6.2 | 15d ago | OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A c… | |||
| CVE-2026-41969 | medium | 6.2 | 6.2 | 19d ago | Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-34688 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34680 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp… | |||
| CVE-2026-34679 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34678 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34677 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34673 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34672 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker c… | |||
| CVE-2026-34671 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp… | |||
| CVE-2026-34670 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34669 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34668 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34667 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker c… | |||
| CVE-2026-34666 | medium | 6.2 | 6.2 | 21d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-42045 | medium | 6.2 | 6.2 | 21d ago | LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution | |||
| CVE-2026-41614 | medium | 6.2 | 6.2 | 21d ago | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-40380 | medium | 6.2 | 6.2 | 21d ago | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | |||
| CVE-2026-43666 | medium | 6.2 | 6.2 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28985 | medium | 6.2 | 6.2 | 23d ago | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to … | |||
| CVE-2026-28977 | medium | 6.2 | 6.2 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28950 | medium | 6.2 | 6.2 | 23d ago | iOS 18.7.8 and iPadOS 18.7.8 | |||
| CVE-2026-28897 | medium | 6.2 | 6.2 | 23d ago | visionOS 26.5 | |||
| CVE-2026-43653 | medium | 6.2 | 6.2 | 23d ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on … | |||
| CVE-2026-42199 | medium | 6.2 | 6.2 | 25d ago | Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior | |||
| CVE-2026-35902 | medium | 6.2 | 6.2 | 1mo ago | The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication paramete… | |||
| CVE-2026-6386 | medium | 6.2 | 6.2 | 1mo ago | In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the pres… | |||
| CVE-2026-32072 | medium | 6.2 | 6.2 | 2mo ago | Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-28833 | medium | 6.2 | 6.2 | 2mo ago | visionOS 26.4 | |||
| CVE-2026-40713 | medium | 6.1 | 6.1 | 6h ago | Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerabilit… | |||
| CVE-2026-2425 | medium | 6.1 | 6.1 | 14h ago | The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input … | |||
| CVE-2026-1451 | medium | 6.1 | 6.1 | 14h ago | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escapi… | |||
| CVE-2026-1450 | medium | 6.1 | 6.1 | 14h ago | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output esc… | |||
| CVE-2026-10510 | medium | 6.1 | 6.1 | 20h ago | Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute ar… | |||
| CVE-2026-42253 | medium | 6.1 | 6.1 | 2d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies … | |||
| CVE-2026-5071 | medium | 6.1 | 6.1 | 4d ago | The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socke… | |||
| CVE-2026-49384 | medium | 6.1 | 6.1 | 4d ago | In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible | |||
| CVE-2026-49380 | medium | 6.1 | 6.1 | 4d ago | In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible | |||
| CVE-2026-49375 | medium | 6.1 | 6.1 | 4d ago | In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page | |||
| CVE-2026-36324 | medium | 6.1 | 6.1 | 4d ago | SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of user supplied input in the user registration functionality in register.php. | |||
| CVE-2026-9646 | medium | 6.1 | 6.1 | 5d ago | A reflected cross-site scripting issue exists in URL handling. | |||
| CVE-2026-47328 | medium | 6.1 | 6.1 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug… | |||
| CVE-2026-45307 | medium | 6.1 | 6.1 | 5d ago | Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is_safe_url() helper used to validate post-login redirect targets applied urlj… | |||
| CVE-2026-7660 | medium | 6.1 | 6.1 | 6d ago | The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sani… | |||
| CVE-2026-44681 | medium | 6.1 | 6.1 | 6d ago | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authoriza… | |||
| CVE-2026-44475 | medium | 6.1 | 6.1 | 6d ago | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored va… | |||
| CVE-2026-49102 | medium | 6.1 | 6.1 | 6d ago | Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain). | |||
| CVE-2026-47119 | medium | 6.1 | 6.1 | 6d ago | Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the im… | |||
| CVE-2026-3349 | medium | 6.1 | 6.1 | 7d ago | The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insuffic… | |||
| CVE-2026-8906 | medium | 6.1 | 6.1 | 7d ago | The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This ma… | |||
| CVE-2026-3001 | medium | 6.1 | 6.1 | 7d ago | The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output… |