CVEs from 2026
Total
14,084
critical
critical 1,231
high
high 4,630
medium
medium 4,443
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43878 | medium | 6.1 | 6.1 | 28d ago | Video: Reflected XSS in plugin/Meet/iframe.php via Unescaped user and pass Parameters in JavaScript String Literal | |||
| CVE-2026-38432 | medium | 6.1 | 6.1 | 28d ago | ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript co… | |||
| CVE-2026-34002 | medium | 6.1 | 6.1 | 28d ago | A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit … | |||
| CVE-2026-6704 | medium | 6.1 | 6.1 | 29d ago | The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitizati… | |||
| CVE-2026-6702 | medium | 6.1 | 6.1 | 29d ago | The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admi… | |||
| CVE-2026-6696 | medium | 6.1 | 6.1 | 29d ago | The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'first_name', 'last_name', and 'phone' parameters on the plugin's sign-up admin page in… | |||
| CVE-2026-42230 | medium | 6.1 | 6.1 | 29d ago | n8n has Open Redirect in MCP OAuth Consent Flow | |||
| CVE-2026-42144 | medium | 6.1 | 6.1 | 29d ago | CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory all… | |||
| CVE-2026-42138 | medium | 6.1 | 6.1 | 29d ago | Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/fi… | |||
| CVE-2026-38669 | medium | 6.1 | 6.1 | 29d ago | wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog. | |||
| CVE-2026-7371 | medium | 6.1 | 6.1 | 1mo ago | Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar… | |||
| CVE-2026-42366 | medium | 6.1 | 6.1 | 1mo ago | Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar… | |||
| CVE-2026-36763 | medium | 6.1 | 6.1 | 1mo ago | A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted… | |||
| CVE-2026-36761 | medium | 6.1 | 6.1 | 1mo ago | A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into th… | |||
| CVE-2026-38940 | medium | 6.1 | 6.1 | 1mo ago | Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component | |||
| CVE-2026-38939 | medium | 6.1 | 6.1 | 1mo ago | Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component | |||
| CVE-2026-41661 | medium | 6.1 | 6.1 | 1mo ago | Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion | |||
| CVE-2026-2902 | medium | 6.1 | 6.1 | 1mo ago | The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all… | |||
| CVE-2026-37750 | medium | 6.1 | 6.1 | 1mo ago | A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the uns… | |||
| CVE-2026-41915 | medium | 6.1 | 6.1 | 1mo ago | OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant) | |||
| CVE-2026-41391 | medium | 6.1 | 6.1 | 1mo ago | OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic | |||
| CVE-2026-41373 | medium | 6.1 | 6.1 | 1mo ago | OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides | |||
| CVE-2026-40979 | medium | 6.1 | 6.1 | 1mo ago | Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory | |||
| CVE-2026-7233 | medium | 6.1 | 6.1 | 1mo ago | A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulatio… | |||
| CVE-2026-29971 | medium | 6.1 | 6.1 | 1mo ago | A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without pro… | |||
| CVE-2026-41472 | medium | 6.1 | 6.1 | 1mo ago | CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows una… | |||
| CVE-2026-41426 | medium | 6.1 | 6.1 | 1mo ago | pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malforme… | |||
| CVE-2026-41430 | medium | 6.1 | 6.1 | 1mo ago | Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS… | |||
| CVE-2026-41240 | medium | 6.1 | 6.1 | 1mo ago | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TA… | |||
| CVE-2026-6019 | medium | 6.1 | 6.1 | 1mo ago | http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the gen… | |||
| CVE-2026-6835 | medium | 6.1 | 6.1 | 1mo ago | The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result … | |||
| CVE-2026-33812 | medium | 6.1 | 6.1 | 1mo ago | Parsing a malicious font file can cause excessive memory allocation. | |||
| CVE-2026-33436 | medium | 6.1 | 6.1 | 2mo ago | Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML … | |||
| CVE-2026-20059 | medium | 6.1 | 6.1 | 2mo ago | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. T… | |||
| CVE-2026-33822 | medium | 6.1 | 6.1 | 2mo ago | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-32196 | medium | 6.1 | 6.1 | 2mo ago | Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-32088 | medium | 6.1 | 6.1 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical a… | |||
| CVE-2026-26169 | medium | 6.1 | 6.1 | 2mo ago | Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | |||
| CVE-2026-35667 | medium | 6.1 | 6.1 | 2mo ago | OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts` | |||
| CVE-2026-35404 | medium | 6.1 | 6.1 | 2mo ago | Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() w… | |||
| CVE-2026-22675 | medium | 6.1 | 6.1 | 2mo ago | OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User… | |||
| CVE-2026-5467 | medium | 6.1 | 6.1 | 2mo ago | Casdoor vulnerable to Open Redirect | |||
| CVE-2026-5332 | medium | 6.1 | 6.1 | 2mo ago | A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cros… | |||
| CVE-2026-30526 | medium | 6.1 | 6.1 | 2mo ago | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The ap… | |||
| CVE-2026-5255 | medium | 6.1 | 6.1 | 2mo ago | A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argumen… | |||
| CVE-2026-30567 | medium | 6.1 | 6.1 | 2mo ago | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize … | |||
| CVE-2026-29969 | medium | 6.1 | 6.1 | 2mo ago | A cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.aspx endpoint of staffwiki v7.0.1.19219 allows attackers to execute arbitrary Javascript in the context of the user's browser via a… | |||
| CVE-2026-34071 | medium | 6.1 | 6.1 | 2mo ago | Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true re… | |||
| CVE-2026-33397 | medium | 6.1 | 6.1 | 2mo ago | Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR | |||
| CVE-2026-29934 | medium | 6.1 | 6.1 | 2mo ago | A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying… | |||
| CVE-2026-4849 | medium | 6.1 | 6.1 | 2mo ago | A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argumen… | |||
| CVE-2026-32851 | medium | 6.1 | 6.1 | 2mo ago | MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser b… | |||
| CVE-2026-4474 | medium | 6.1 | 6.1 | 3mo ago | A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_single_student_update.php. This manipulation of the argument st_name causes … | |||
| CVE-2026-22217 | medium | 6.1 | 6.1 | 3mo ago | OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL | |||
| CVE-2026-20994 | medium | 6.1 | 6.1 | 3mo ago | URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | |||
| CVE-2026-3884 | medium | 6.1 | 6.1 | 3mo ago | Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. An attacker wo… | |||
| CVE-2026-23817 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL. | |||
| CVE-2026-22614 | medium | 6.1 | 6.1 | 3mo ago | The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially r… | |||
| CVE-2026-3812 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes … | |||
| CVE-2026-3763 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scr… | |||
| CVE-2026-3702 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page … | |||
| CVE-2026-20070 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenti… | |||
| CVE-2026-3455 | medium | 6.1 | 6.1 | 3mo ago | mailparser vulnerable to Cross-site Scripting | |||
| CVE-2026-3412 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site… | |||
| CVE-2026-3302 | medium | 6.1 | 6.1 | 3mo ago | A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing… | |||
| CVE-2026-3070 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filena… | |||
| CVE-2026-3054 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotel… | |||
| CVE-2026-3049 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The… | |||
| CVE-2026-3043 | medium | 6.1 | 6.1 | 3mo ago | A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to… | |||
| CVE-2026-3028 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This man… | |||
| CVE-2026-3027 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the… | |||
| CVE-2026-2971 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the compone… | |||
| CVE-2026-2547 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element is the function AgentDashboard of the file /otrs/index.pl. Performing a manipulation of the argument Subaction results i… | |||
| CVE-2026-2546 | medium | 6.1 | 6.1 | 4mo ago | A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross… | |||
| CVE-2026-2545 | medium | 6.1 | 6.1 | 4mo ago | A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross… | |||
| CVE-2026-2242 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The atta… | |||
| CVE-2026-2241 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must b… | |||
| CVE-2026-2240 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read.… | |||
| CVE-2026-2160 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_packa… | |||
| CVE-2026-2159 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Execut… | |||
| CVE-2026-2154 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patien… | |||
| CVE-2026-2153 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can l… | |||
| CVE-2026-2150 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulati… | |||
| CVE-2026-2149 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.ph… | |||
| CVE-2026-1970 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redi… | |||
| CVE-2026-1411 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It i… | |||
| CVE-2026-21933 | medium | 6.1 | 6.1 | 4mo ago | RHSA-2026:4832: java-1.8.0-ibm security update (Important) | |||
| CVE-2026-1135 | medium | 6.1 | 6.1 | 5mo ago | A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in … | |||
| CVE-2026-1134 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross … | |||
| CVE-2026-0858 | medium | 6.1 | 6.1 | 5mo ago | PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams | |||
| CVE-2026-22610 | medium | 6.1 | 6.1 | 5mo ago | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cros… | |||
| CVE-2026-0642 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name r… | |||
| CVE-2026-0588 | medium | 6.1 | 6.1 | 5mo ago | A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the … | |||
| CVE-2026-0586 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulati… | |||
| CVE-2026-0580 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results … | |||
| CVE-2026-0857 | medium | 6.0 | 6.0 | 14d ago | Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: thr… | |||
| CVE-2026-8052 | medium | 6.0 | 6.0 | 21d ago | HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack | |||
| CVE-2026-6959 | medium | 6.0 | 6.0 | 21d ago | HashiCorp Nomad vulnerable to symlink attack | |||
| CVE-2026-41125 | medium | 6.0 | 6.0 | 22d ago | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), bluepla… | |||
| CVE-2026-45005 | medium | 6.0 | 6.0 | 22d ago | OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload |