CVEs from 2026
Total
13,533
critical
critical 1,163
high
high 4,145
medium
medium 4,137
low
low 440
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34046 | high | 8.8 | 8.8 | 2mo ago | Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check | |||
| CVE-2026-24068 | high | 8.8 | 8.8 | 2mo ago | The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to… | |||
| CVE-2026-4861 | high | 8.8 | 8.8 | 2mo ago | A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-… | |||
| CVE-2026-4826 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. Thi… | |||
| CVE-2026-32484 | high | 8.8 | 8.8 | 2mo ago | Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26. | |||
| CVE-2026-4781 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Execut… | |||
| CVE-2026-4780 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Perform… | |||
| CVE-2026-4779 | high | 8.8 | 8.8 | 2mo ago | A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP G… | |||
| CVE-2026-22559 | high | 8.8 | 8.8 | 2mo ago | An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affecte… | |||
| CVE-2026-31847 | high | 8.8 | 8.8 | 2mo ago | Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST re… | |||
| CVE-2026-4570 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manip… | |||
| CVE-2026-4566 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-bas… | |||
| CVE-2026-4558 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassph… | |||
| CVE-2026-4554 | high | 8.8 | 8.8 | 2mo ago | A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in comman… | |||
| CVE-2026-4533 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Statu… | |||
| CVE-2026-4529 | high | 8.8 | 8.8 | 2mo ago | A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. … | |||
| CVE-2026-4475 | high | 8.8 | 8.8 | 2mo ago | A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded cred… | |||
| CVE-2026-4465 | high | 8.8 | 8.8 | 2mo ago | A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formSysCmd. Executing a manipulation of the argument sysCmd can lead to os command inject… | |||
| CVE-2026-4342 | high | 8.8 | 8.8 | 2mo ago | ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx | |||
| CVE-2026-25445 | high | 8.8 | 8.8 | 2mo ago | Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0. | |||
| CVE-2026-23246 | high | 8.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is taken from the ML Reconfiguration element (contro… | |||
| CVE-2026-21672 | high | 8.8 | 8.8 | 3mo ago | A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. | |||
| CVE-2026-3972 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcp… | |||
| CVE-2026-31844 | high | 8.8 | 8.8 | 3mo ago | An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter u… | |||
| CVE-2026-28806 | high | 8.8 | 8.8 | 3mo ago | Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device b… | |||
| CVE-2026-3854 | high | 8.8 | 8.8 | 3mo ago | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on t… | |||
| CVE-2026-3288 | high | 8.8 | 8.8 | 3mo ago | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary c… | |||
| CVE-2026-3806 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q caus… | |||
| CVE-2026-3800 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument imag… | |||
| CVE-2026-3797 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File… | |||
| CVE-2026-3793 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This ma… | |||
| CVE-2026-3792 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of t… | |||
| CVE-2026-3791 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulati… | |||
| CVE-2026-3790 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_details.php of the component POST Paramet… | |||
| CVE-2026-3789 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java o… | |||
| CVE-2026-3788 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpe… | |||
| CVE-2026-3786 | high | 8.8 | 8.8 | 3mo ago | A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulatio… | |||
| CVE-2026-3785 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of … | |||
| CVE-2026-3771 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads… | |||
| CVE-2026-3770 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carr… | |||
| CVE-2026-3767 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument… | |||
| CVE-2026-3756 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The manipulation of the argument stock_name… | |||
| CVE-2026-3755 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /check_customer_details.php of the component POST Handler. Executing a ma… | |||
| CVE-2026-3754 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /add_stock.php. Performing a manipulation of the argument cost results in sql … | |||
| CVE-2026-3753 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /add_sales_print.php. Such manipulation of the argument … | |||
| CVE-2026-3749 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java … | |||
| CVE-2026-3748 | high | 8.8 | 8.8 | 3mo ago | A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the compo… | |||
| CVE-2026-3745 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack … | |||
| CVE-2026-3725 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/… | |||
| CVE-2026-3724 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patien… | |||
| CVE-2026-22471 | high | 8.8 | 8.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecomm… | |||
| CVE-2026-3292 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argum… | |||
| CVE-2026-3270 | high | 8.8 | 8.8 | 3mo ago | PSI Probe vulnerable to Server-Side Request Forgery | |||
| CVE-2026-3265 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipul… | |||
| CVE-2026-3264 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Ex… | |||
| CVE-2026-3262 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulati… | |||
| CVE-2026-3150 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher… | |||
| CVE-2026-3149 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a ma… | |||
| CVE-2026-3102 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulati… | |||
| CVE-2026-3101 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be ex… | |||
| CVE-2026-3067 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/uti… | |||
| CVE-2026-3066 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformU… | |||
| CVE-2026-3065 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performin… | |||
| CVE-2026-3064 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler… | |||
| CVE-2026-2697 | high | 8.8 | 8.8 | 3mo ago | An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. | |||
| CVE-2026-2979 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Sche… | |||
| CVE-2026-2978 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the comp… | |||
| CVE-2026-2977 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component S… | |||
| CVE-2026-2956 | high | 8.8 | 8.8 | 3mo ago | A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command inje… | |||
| CVE-2026-2930 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of t… | |||
| CVE-2026-2824 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulatio… | |||
| CVE-2026-2823 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component webmggnt. Perf… | |||
| CVE-2026-2822 | high | 8.8 | 8.8 | 3mo ago | A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backen… | |||
| CVE-2026-0974 | high | 8.8 | 8.8 | 3mo ago | The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'i… | |||
| CVE-2026-2623 | high | 8.8 | 8.8 | 3mo ago | A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the co… | |||
| CVE-2026-2617 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of… | |||
| CVE-2026-2563 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the componen… | |||
| CVE-2026-2562 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of th… | |||
| CVE-2026-2561 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation r… | |||
| CVE-2026-2535 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_channel. The manipulation of the argum… | |||
| CVE-2026-2534 | high | 8.8 | 8.8 | 3mo ago | A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of th… | |||
| CVE-2026-2530 | high | 8.8 | 8.8 | 3mo ago | A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injec… | |||
| CVE-2026-2526 | high | 8.8 | 8.8 | 3mo ago | A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in co… | |||
| CVE-2026-2218 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID cause… | |||
| CVE-2026-2194 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely… | |||
| CVE-2026-2178 | high | 8.8 | 8.8 | 4mo ago | xcode-mcp-server vulnerable to Command Injection | |||
| CVE-2026-2169 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command i… | |||
| CVE-2026-2168 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injectio… | |||
| CVE-2026-2167 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr result… | |||
| CVE-2026-2146 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Perfo… | |||
| CVE-2026-2141 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.… | |||
| CVE-2026-2135 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames … | |||
| CVE-2026-2131 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remo… | |||
| CVE-2026-2107 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\wareh… | |||
| CVE-2026-2106 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the fi… | |||
| CVE-2026-2105 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\ma… | |||
| CVE-2026-2079 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src… | |||
| CVE-2026-2078 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\wa… | |||
| CVE-2026-2077 | high | 8.8 | 8.8 | 4mo ago | A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset… | |||
| CVE-2026-2076 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\rep… |