CVEs from 2026
Total
13,307
critical
critical 1,106
high
high 3,925
medium
medium 3,978
low
low 415
% Critical
8.3%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-1740 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipu… | |
| CVE-2026-1701 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argumen… | |
| CVE-2026-1688 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument … | |
| CVE-2026-1595 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipulation of the argument student_id results… | |
| CVE-2026-1594 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of… | |
| CVE-2026-1593 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipu… | |
| CVE-2026-1590 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sq… | |
| CVE-2026-1589 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch caus… | |
| CVE-2026-1552 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The a… | |
| CVE-2026-1547 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in comma… | |
| CVE-2026-1546 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component … | |
| CVE-2026-1545 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can… | |
| CVE-2026-1535 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID… | |
| CVE-2026-1534 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes s… | |
| CVE-2026-1533 | critical | 9.8 | 9.8 | 4mo ago | A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results i… | |
| CVE-2026-1443 | critical | 9.8 | 9.8 | 4mo ago | A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argumen… | |
| CVE-2026-1423 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to un… | |
| CVE-2026-1422 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a m… | |
| CVE-2026-1414 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the com… | |
| CVE-2026-1413 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the compo… | |
| CVE-2026-1412 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the co… | |
| CVE-2026-22586 | critical | 9.8 | 9.8 | 4mo ago | Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allow… | |
| CVE-2026-1202 | critical | 9.8 | 9.8 | 4mo ago | A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the… | |
| CVE-2026-1179 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid … | |
| CVE-2026-1178 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipu… | |
| CVE-2026-1177 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component HTTP GET Parameter Handler. Executing a… | |
| CVE-2026-1176 | critical | 9.8 | 9.8 | 4mo ago | A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results … | |
| CVE-2026-1160 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argum… | |
| CVE-2026-1159 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.php. Executing a manipulation of the argum… | |
| CVE-2026-1152 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument c… | |
| CVE-2026-1133 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the… | |
| CVE-2026-1132 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of th… | |
| CVE-2026-1131 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument cat… | |
| CVE-2026-1130 | critical | 9.8 | 9.8 | 4mo ago | A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the arg… | |
| CVE-2026-1129 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argum… | |
| CVE-2026-1125 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enabl… | |
| CVE-2026-1124 | critical | 9.8 | 9.8 | 4mo ago | A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. … | |
| CVE-2026-1123 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument I… | |
| CVE-2026-1122 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument… | |
| CVE-2026-1121 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID… | |
| CVE-2026-1120 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the… | |
| CVE-2026-1119 | critical | 9.8 | 9.8 | 4mo ago | A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activ… | |
| CVE-2026-1118 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title result… | |
| CVE-2026-1107 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argu… | |
| CVE-2026-1105 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The at… | |
| CVE-2026-1062 | critical | 9.8 | 9.8 | 4mo ago | A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes serv… | |
| CVE-2026-1061 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation o… | |
| CVE-2026-1059 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The … | |
| CVE-2026-0852 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the arg… | |
| CVE-2026-0851 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument tx… | |
| CVE-2026-0821 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-… | |
| CVE-2026-0732 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The atta… | |
| CVE-2026-0700 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the arg… | |
| CVE-2026-22189 | critical | 9.8 | 9.8 | 5mo ago | The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. W… | |
| CVE-2026-0643 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of th… | |
| CVE-2026-0607 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to s… | |
| CVE-2026-0606 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument I… | |
| CVE-2026-0605 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument… | |
| CVE-2026-0597 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRe… | |
| CVE-2026-0592 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component U… | |
| CVE-2026-0591 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Ha… | |
| CVE-2026-0590 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter… | |
| CVE-2026-0585 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. … | |
| CVE-2026-0584 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argu… | |
| CVE-2026-0583 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The man… | |
| CVE-2026-0582 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to … | |
| CVE-2026-0581 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipula… | |
| CVE-2026-0579 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. … | |
| CVE-2026-0578 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manip… | |
| CVE-2026-0577 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing a ma… | |
| CVE-2026-0576 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler.… | |
| CVE-2026-0575 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the compone… | |
| CVE-2026-0570 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql i… | |
| CVE-2026-0569 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql in… | |
| CVE-2026-0568 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injectio… | |
| CVE-2026-0567 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql inj… | |
| CVE-2026-0566 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image le… | |
| CVE-2026-0565 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del c… | |
| CVE-2026-0546 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. T… | |
| CVE-2026-0544 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injec… | |
| CVE-2026-8953 | critical | 9.6 | 9.6 | 2d ago | RHSA-2026:21378: firefox security update (Important) | |
| CVE-2026-8959 | critical | 9.6 | 9.6 | 2d ago | Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | |
| CVE-2026-39821 | critical | 9.6 | 9.6 | 6d ago | Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna | |
| CVE-2026-8670 | critical | 9.6 | 9.6 | 6d ago | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1. | |
| CVE-2026-2587 | critical | 9.6 | 9.6 | 9d ago | A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and eval… | |
| CVE-2026-2611 | critical | 9.6 | 9.6 | 9d ago | In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests fr… | |
| CVE-2026-7321 | critical | 9.6 | 9.6 | 10d ago | Important: thunderbird security update | |
| CVE-2026-8580 | critical | 9.6 | 9.6 | 14d ago | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2026-8511 | critical | 9.6 | 9.6 | 14d ago | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |
| CVE-2026-44482 | critical | 9.6 | 9.6 | 14d ago | soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app… | |
| CVE-2026-44547 | critical | 9.6 | 9.6 | 16d ago | ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/publ… | |
| CVE-2026-34659 | critical | 9.6 | 9.6 | 16d ago | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current … | |
| CVE-2026-42048 | critical | 9.6 | 9.6 | 16d ago | Langflow Knowledge Bases API is Vulnerable to Path Traversal | |
| CVE-2026-8043 | critical | 9.6 | 9.6 | 16d ago | External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to … | |
| CVE-2026-34263 | critical | 9.6 | 9.6 | 17d ago | Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to hi… | |
| CVE-2026-34260 | critical | 9.6 | 9.6 | 17d ago | SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applica… | |
| CVE-2026-43899 | critical | 9.6 | 9.6 | 17d ago | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerabl… | |
| CVE-2026-44336 | critical | 9.6 | 9.6 | 20d ago | PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection | |
| CVE-2026-43944 | critical | 9.6 | 9.6 | 21d ago | Electerm users can run dangrous code through link or command line | |
| CVE-2026-43941 | critical | 9.6 | 9.6 | 21d ago | Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click |