CVEs from 2026
Total
13,362
critical
critical 1,116
high
high 3,953
medium
medium 4,013
low
low 420
% Critical
8.4%
% with KEV
0.4%
% with exploit
0.4%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-8887 | medium | 6.4 | 6.4 | 2d ago | The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listen' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization… | |
| CVE-2026-8897 | medium | 6.4 | 6.4 | 2d ago | The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 0.1.9.5 due to insufficient input sanitization and… | |
| CVE-2026-8870 | medium | 6.4 | 6.4 | 2d ago | The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insuff… | |
| CVE-2026-8702 | medium | 6.4 | 6.4 | 2d ago | The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in… | |
| CVE-2026-8842 | medium | 6.4 | 6.4 | 2d ago | The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sani… | |
| CVE-2026-8703 | medium | 6.4 | 6.4 | 2d ago | The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and ou… | |
| CVE-2026-8868 | medium | 6.4 | 6.4 | 2d ago | The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient inpu… | |
| CVE-2026-8698 | medium | 6.4 | 6.4 | 2d ago | The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the as_get_coin_shortcode(… | |
| CVE-2026-8837 | medium | 6.4 | 6.4 | 2d ago | The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'adid' Shortcode Attribute in all versions up to, and including, 1.1 due to insuffi… | |
| CVE-2026-8877 | medium | 6.4 | 6.4 | 2d ago | The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem_video' shortcode in versions up to, and including, 0.1. This is due to insufficient input … | |
| CVE-2026-9022 | medium | 6.4 | 6.4 | 2d ago | The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'url' Block Attribute in all versions up to, and including, 1.7.1 due to insufficient input sanitizatio… | |
| CVE-2026-6565 | medium | 6.4 | 6.4 | 2d ago | The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endp… | |
| CVE-2026-9104 | medium | 6.4 | 6.4 | 7d ago | The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output esc… | |
| CVE-2026-7509 | medium | 6.4 | 6.4 | 7d ago | The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attributes in all versions up to, and including, 4.0.… | |
| CVE-2026-7890 | medium | 6.4 | 6.4 | 7d ago | In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CM… | |
| CVE-2026-7887 | medium | 6.4 | 6.4 | 7d ago | For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 (suspended, banned, terminated employee) can still authenticate via OAuth and r… | |
| CVE-2026-44056 | medium | 6.4 | 6.4 | 8d ago | A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data. | |
| CVE-2026-1543 | medium | 6.4 | 6.4 | 8d ago | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitizatio… | |
| CVE-2026-9087 | medium | 6.4 | 6.4 | 8d ago | A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream… | |
| CVE-2026-2955 | medium | 6.4 | 6.4 | 9d ago | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insuffi… | |
| CVE-2026-8038 | medium | 6.4 | 6.4 | 9d ago | The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 … | |
| CVE-2026-6549 | medium | 6.4 | 6.4 | 9d ago | The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the `vc_enamad_namad`, `vc_enamad_shamed`, and `vc_enamad_custom` shortcodes… | |
| CVE-2026-6397 | medium | 6.4 | 6.4 | 9d ago | The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `cvmh-sticky` shortcode `readmoretext` attribute in versions up to and including 2.5.6. This is due to insufficien… | |
| CVE-2026-5293 | medium | 6.4 | 6.4 | 9d ago | The 診断ジェネレータ作成プラグイン (Diagnosis Generator) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing autho… | |
| CVE-2026-6415 | medium | 6.4 | 6.4 | 13d ago | The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON … | |
| CVE-2026-6646 | medium | 6.4 | 6.4 | 14d ago | The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitiz… | |
| CVE-2026-6504 | medium | 6.4 | 6.4 | 14d ago | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 1.7.1058 due to insuffic… | |
| CVE-2026-6174 | medium | 6.4 | 6.4 | 14d ago | The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and ou… | |
| CVE-2026-6252 | medium | 6.4 | 6.4 | 15d ago | The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitiza… | |
| CVE-2026-3694 | medium | 6.4 | 6.4 | 15d ago | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb_button shortcode in all versions up to, and including, 5.6.8. This is due… | |
| CVE-2026-5243 | medium | 6.4 | 6.4 | 15d ago | The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the `menu_hover_click` … | |
| CVE-2026-5361 | medium | 6.4 | 6.4 | 15d ago | The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in th… | |
| CVE-2026-3004 | medium | 6.4 | 6.4 | 16d ago | The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-slick' attribute in all versions up to, and including, 24.1.11 due to insufficient input sanitiz… | |
| CVE-2026-6962 | medium | 6.4 | 6.4 | 16d ago | The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_cog_product_cost' and 'alg_wc_cog_produc… | |
| CVE-2026-6828 | medium | 6.4 | 6.4 | 16d ago | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permission_message' parameter in … | |
| CVE-2026-7661 | medium | 6.4 | 6.4 | 16d ago | The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitiza… | |
| CVE-2026-7659 | medium | 6.4 | 6.4 | 16d ago | The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, 1.2. This is due to insufficient inp… | |
| CVE-2026-6913 | medium | 6.4 | 6.4 | 16d ago | The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization an… | |
| CVE-2026-6256 | medium | 6.4 | 6.4 | 16d ago | The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficie… | |
| CVE-2026-6247 | medium | 6.4 | 6.4 | 16d ago | The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due… | |
| CVE-2026-6237 | medium | 6.4 | 6.4 | 16d ago | The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient inp… | |
| CVE-2026-5715 | medium | 6.4 | 6.4 | 16d ago | The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insuffic… | |
| CVE-2026-5340 | medium | 6.4 | 6.4 | 16d ago | The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input … | |
| CVE-2026-4920 | medium | 6.4 | 6.4 | 16d ago | The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization … | |
| CVE-2026-4859 | medium | 6.4 | 6.4 | 16d ago | The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 du… | |
| CVE-2026-2300 | medium | 6.4 | 6.4 | 16d ago | The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. This is due to the use of regex-base… | |
| CVE-2026-41591 | medium | 6.4 | 6.4 | 20d ago | Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping | |
| CVE-2026-7650 | medium | 6.4 | 6.4 | 20d ago | The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode in all versions up to, and includi… | |
| CVE-2026-7475 | medium | 6.4 | 6.4 | 20d ago | The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sky-custom-scripts` custom post type in all versions up to, and including, 3.3.2. This is due to the custom p… | |
| CVE-2026-5341 | medium | 6.4 | 6.4 | 20d ago | The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `strava_nmr_connect` shortcode in all versions up to, and including, 1.0.14 due to insuffi… | |
| CVE-2026-20169 | medium | 6.4 | 6.4 | 22d ago | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a r… | |
| CVE-2026-7457 | medium | 6.4 | 6.4 | 23d ago | The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profi… | |
| CVE-2026-6672 | medium | 6.4 | 6.4 | 23d ago | The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to… | |
| CVE-2026-43876 | medium | 6.4 | 6.4 | 23d ago | AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to Channel Subscribers | |
| CVE-2026-5159 | medium | 6.4 | 6.4 | 24d ago | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, … | |
| CVE-2026-4665 | medium | 6.4 | 6.4 | 24d ago | The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, 2.7.10. This is due to the … | |
| CVE-2026-2948 | medium | 6.4 | 6.4 | 24d ago | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() fun… | |
| CVE-2026-6255 | medium | 6.4 | 6.4 | 24d ago | The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owls_wrapper' shortcode in all versions up to, and including, 2.1.1 due to … | |
| CVE-2026-5505 | medium | 6.4 | 6.4 | 24d ago | The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sani… | |
| CVE-2026-4730 | medium | 6.4 | 6.4 | 24d ago | The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'chartid' shortcode attribute in all v… | |
| CVE-2026-2868 | medium | 6.4 | 6.4 | 24d ago | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and includi… | |
| CVE-2026-0703 | medium | 6.4 | 6.4 | 26d ago | The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all versions up to, and includ… | |
| CVE-2026-6916 | medium | 6.4 | 6.4 | 27d ago | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sg_content_number_prefix' param… | |
| CVE-2026-4658 | medium | 6.4 | 6.4 | 27d ago | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in th… | |
| CVE-2026-7209 | medium | 6.4 | 6.4 | 27d ago | The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to in… | |
| CVE-2026-6378 | medium | 6.4 | 6.4 | 27d ago | The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to i… | |
| CVE-2026-6127 | medium | 6.4 | 6.4 | 28d ago | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. This is due to insufficient… | |
| CVE-2026-41174 | medium | 6.4 | 6.4 | 28d ago | Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding | |
| CVE-2026-3346 | medium | 6.4 | 6.4 | 28d ago | IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus al… | |
| CVE-2026-4805 | medium | 6.4 | 6.4 | 1mo ago | The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundle… | |
| CVE-2026-6809 | medium | 6.4 | 6.4 | 1mo ago | The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sa… | |
| CVE-2026-6725 | medium | 6.4 | 6.4 | 1mo ago | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all versions up to, and incl… | |
| CVE-2026-6551 | medium | 6.4 | 6.4 | 1mo ago | The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to,… | |
| CVE-2026-4752 | medium | 6.4 | 6.4 | 2mo ago | Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329. | |
| CVE-2026-1410 | medium | 6.4 | 6.4 | 4mo ago | A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attac… | |
| CVE-2026-46416 | medium | 6.3 | 6.3 | 23h ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for mult… | |
| CVE-2026-47270 | medium | 6.3 | 6.3 | 23h ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage… | |
| CVE-2026-47274 | medium | 6.3 | 6.3 | 1d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rathe… | |
| CVE-2026-2254 | medium | 6.3 | 6.3 | 2d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notficatio… | |
| CVE-2026-9607 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results … | |
| CVE-2026-30498 | medium | 6.3 | 6.3 | 2d ago | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0. | |
| CVE-2026-9581 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can … | |
| CVE-2026-9579 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument u… | |
| CVE-2026-27331 | medium | 6.3 | 6.3 | 2d ago | Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5. | |
| CVE-2026-9565 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handle… | |
| CVE-2026-9542 | medium | 6.3 | 6.3 | 2d ago | A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_i… | |
| CVE-2026-9534 | medium | 6.3 | 6.3 | 3d ago | A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the arg… | |
| CVE-2026-9533 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a mani… | |
| CVE-2026-9532 | medium | 6.3 | 6.3 | 3d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Su… | |
| CVE-2026-9531 | medium | 6.3 | 6.3 | 3d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the arg… | |
| CVE-2026-9524 | medium | 6.3 | 6.3 | 3d ago | A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522_Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportPa… | |
| CVE-2026-9515 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation… | |
| CVE-2026-9514 | medium | 6.3 | 6.3 | 3d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation … | |
| CVE-2026-9513 | medium | 6.3 | 6.3 | 3d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulat… | |
| CVE-2026-9512 | medium | 6.3 | 6.3 | 3d ago | A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performin… | |
| CVE-2026-42776 | medium | 6.3 | 6.3 | 3d ago | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a throu… | |
| CVE-2026-9511 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu… | |
| CVE-2026-9498 | medium | 6.3 | 6.3 | 3d ago | A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument De… | |
| CVE-2026-9497 | medium | 6.3 | 6.3 | 3d ago | A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deseriali… | |
| CVE-2026-9483 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results … |