CVEs from 2026
Total
13,320
critical
critical 1,107
high
high 3,937
medium
medium 3,983
low
low 416
% Critical
8.3%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-5629 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in s… | |
| CVE-2026-5628 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The ma… | |
| CVE-2026-5614 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-… | |
| CVE-2026-5613 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buff… | |
| CVE-2026-5612 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can… | |
| CVE-2026-5611 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results i… | |
| CVE-2026-5610 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-ba… | |
| CVE-2026-5609 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation … | |
| CVE-2026-5608 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffe… | |
| CVE-2026-5605 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based bu… | |
| CVE-2026-5604 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Perfo… | |
| CVE-2026-5567 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulatio… | |
| CVE-2026-5550 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The… | |
| CVE-2026-5548 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument … | |
| CVE-2026-5547 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is poss… | |
| CVE-2026-35029 | high | 8.8 | 8.8 | 2mo ago | LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint | |
| CVE-2026-5474 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Per… | |
| CVE-2026-23462 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2cap_conn reference when user->remove ca… | |
| CVE-2026-23461 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user After commit ab4eedb790ca ("Bluetooth: L2CAP: Fix corrupted list in… | |
| CVE-2026-5355 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command … | |
| CVE-2026-5354 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead t… | |
| CVE-2026-5353 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command inject… | |
| CVE-2026-5352 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command inject… | |
| CVE-2026-5351 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injec… | |
| CVE-2026-5339 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of th… | |
| CVE-2026-5317 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be pe… | |
| CVE-2026-5315 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulati… | |
| CVE-2026-5314 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation resul… | |
| CVE-2026-5272 | high | 8.8 | 8.8 | 2mo ago | Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-5184 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command i… | |
| CVE-2026-5178 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argum… | |
| CVE-2026-5177 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of … | |
| CVE-2026-5154 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argum… | |
| CVE-2026-5153 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command inj… | |
| CVE-2026-5105 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Perform… | |
| CVE-2026-5104 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip le… | |
| CVE-2026-5103 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes … | |
| CVE-2026-5102 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handl… | |
| CVE-2026-5101 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of … | |
| CVE-2026-34046 | high | 8.8 | 8.8 | 2mo ago | Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check | |
| CVE-2026-24068 | high | 8.8 | 8.8 | 2mo ago | The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to… | |
| CVE-2026-4861 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-… | |
| CVE-2026-4826 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. Thi… | |
| CVE-2026-32484 | high | 8.8 | 8.8 | 2mo ago | Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26. | |
| CVE-2026-4781 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Execut… | |
| CVE-2026-4780 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Perform… | |
| CVE-2026-4779 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP G… | |
| CVE-2026-22559 | high | 8.8 | 8.8 | 2mo ago | An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affecte… | |
| CVE-2026-31847 | high | 8.8 | 8.8 | 2mo ago | Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST re… | |
| CVE-2026-4570 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manip… | |
| CVE-2026-4566 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-bas… | |
| CVE-2026-4558 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassph… | |
| CVE-2026-4554 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in comman… | |
| CVE-2026-4533 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Statu… | |
| CVE-2026-4529 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. … | |
| CVE-2026-4475 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded cred… | |
| CVE-2026-4465 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command inject… | |
| CVE-2026-4342 | high | 8.8 | 8.8 | 2mo ago | ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx | |
| CVE-2026-25445 | high | 8.8 | 8.8 | 2mo ago | Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0. | |
| CVE-2026-23246 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is taken from the ML Reconfiguration element (contro… | |
| CVE-2026-21672 | high | 8.8 | 8.8 | 3mo ago | A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. | |
| CVE-2026-3972 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcp… | |
| CVE-2026-31844 | high | 8.8 | 8.8 | 3mo ago | An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter u… | |
| CVE-2026-28806 | high | 8.8 | 8.8 | 3mo ago | Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device b… | |
| CVE-2026-3854 | high | 8.8 | 8.8 | 3mo ago | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on t… | |
| CVE-2026-3288 | high | 8.8 | 8.8 | 3mo ago | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary c… | |
| CVE-2026-3806 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q caus… | |
| CVE-2026-3800 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument imag… | |
| CVE-2026-3797 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File… | |
| CVE-2026-3793 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This ma… | |
| CVE-2026-3792 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of t… | |
| CVE-2026-3791 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulati… | |
| CVE-2026-3790 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_details.php of the component POST Paramet… | |
| CVE-2026-3789 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java o… | |
| CVE-2026-3788 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpe… | |
| CVE-2026-3786 | high | 8.8 | 8.8 | 3mo ago | A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulatio… | |
| CVE-2026-3785 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of … | |
| CVE-2026-3771 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads… | |
| CVE-2026-3770 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carr… | |
| CVE-2026-3767 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument… | |
| CVE-2026-3756 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The manipulation of the argument stock_name… | |
| CVE-2026-3755 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /check_customer_details.php of the component POST Handler. Executing a ma… | |
| CVE-2026-3754 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /add_stock.php. Performing a manipulation of the argument cost results in sql … | |
| CVE-2026-3753 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /add_sales_print.php. Such manipulation of the argument … | |
| CVE-2026-3749 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java … | |
| CVE-2026-3748 | high | 8.8 | 8.8 | 3mo ago | A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the compo… | |
| CVE-2026-3745 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack … | |
| CVE-2026-3725 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/… | |
| CVE-2026-3724 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patien… | |
| CVE-2026-22471 | high | 8.8 | 8.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecomm… | |
| CVE-2026-3292 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argum… | |
| CVE-2026-3270 | high | 8.8 | 8.8 | 3mo ago | PSI Probe vulnerable to Server-Side Request Forgery | |
| CVE-2026-3265 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipul… | |
| CVE-2026-3264 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Ex… | |
| CVE-2026-3262 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulati… | |
| CVE-2026-3150 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher… | |
| CVE-2026-3149 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a ma… | |
| CVE-2026-3102 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulati… | |
| CVE-2026-3101 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be ex… | |
| CVE-2026-3067 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/uti… |