CVEs from 2026
Total
14,038
critical
critical 1,233
high
high 4,637
medium
medium 4,444
low
low 484
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28685 | medium | — | 5.5 | 3mo ago | Kimai's API invoice endpoint missing customer-level access control (IDOR) | |||
| CVE-2026-23238 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if… | |||
| CVE-2026-1642 | medium | — | 5.5 | 3mo ago | RHSA-2026:5581: nginx:1.24 security update (Moderate) | |||
| CVE-2026-23097 | medium | — | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Hol… | |||
| CVE-2026-3392 | medium | 5.5 | 5.5 | 3mo ago | A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The a… | |||
| CVE-2026-3391 | medium | 5.5 | 5.5 | 3mo ago | A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack… | |||
| CVE-2026-3390 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation le… | |||
| CVE-2026-3389 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer… | |||
| CVE-2026-3388 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolle… | |||
| CVE-2026-3387 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null point… | |||
| CVE-2026-3385 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking loc… | |||
| CVE-2026-3384 | medium | 5.5 | 5.5 | 3mo ago | A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscrip… | |||
| CVE-2026-3383 | medium | 5.5 | 5.5 | 3mo ago | A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation … | |||
| CVE-2026-3382 | medium | 5.5 | 5.5 | 3mo ago | A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Perfo… | |||
| CVE-2026-3293 | medium | 5.5 | 5.5 | 3mo ago | Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner | |||
| CVE-2026-3284 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in intege… | |||
| CVE-2026-2887 | medium | 5.5 | 5.5 | 3mo ago | A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrol… | |||
| CVE-2026-2869 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The … | |||
| CVE-2026-2703 | medium | 5.5 | 5.5 | 3mo ago | A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XL… | |||
| CVE-2026-2657 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads t… | |||
| CVE-2026-23229 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin … | |||
| CVE-2026-23228 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), th… | |||
| CVE-2026-23220 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths The problem occurs when a signed request fails smb2… | |||
| CVE-2026-0861 | medium | — | 5.5 | 4mo ago | Moderate: glibc security update | |||
| CVE-2026-0915 | medium | — | 5.5 | 4mo ago | RHSA-2026:4772: glibc security update (Moderate) | |||
| CVE-2026-22998 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when hos… | |||
| CVE-2026-23157 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 … | |||
| CVE-2026-23151 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are … | |||
| CVE-2026-23141 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item w… | |||
| CVE-2026-21340 | medium | 5.5 | 5.5 | 4mo ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se… | |||
| CVE-2026-2259 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Pars… | |||
| CVE-2026-2258 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to… | |||
| CVE-2026-1998 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be l… | |||
| CVE-2026-1991 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null poin… | |||
| CVE-2026-1979 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after fr… | |||
| CVE-2026-23026 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original … | |||
| CVE-2026-1532 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of… | |||
| CVE-2026-22795 | medium | 5.5 | 5.5 | 4mo ago | Important: openssl security update | |||
| CVE-2026-22977 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sock_recv_errqueue skbuff_fclone_cache was created without defining a usercopy region, … | |||
| CVE-2026-22976 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset `qfq_class->leaf_qdisc->q.qlen > 0` does not… | |||
| CVE-2026-22188 | medium | 5.5 | 5.5 | 5mo ago | The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy … | |||
| CVE-2026-21968 | medium | — | 5.5 | 5mo ago | RHSA-2026:6435: mariadb:10.11 security update (Moderate) | |||
| CVE-2026-23205 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 1. server: directories are exported read-only 2. client: mount -… | |||
| CVE-2026-23146 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work hci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling hci_u… | |||
| CVE-2026-33244 | medium | 5.4 | 5.4 | 19h ago | React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` header value can permit Cros… | |||
| CVE-2026-9522 | medium | 5.4 | 5.4 | 20h ago | Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery sca… | |||
| CVE-2026-34460 | medium | 5.4 | 5.4 | 20h ago | NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization co… | |||
| CVE-2026-49782 | medium | 5.4 | 5.4 | 22h ago | Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from… | |||
| CVE-2026-27351 | medium | 5.4 | 5.4 | 22h ago | Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2. | |||
| CVE-2026-5191 | medium | 5.4 | 5.4 | 1d ago | The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insu… | |||
| CVE-2026-24755 | medium | 5.4 | 5.4 | 2d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permi… | |||
| CVE-2026-24754 | medium | 5.4 | 5.4 | 2d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code… | |||
| CVE-2026-10285 | medium | 5.4 | 5.4 | 2d ago | A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.p… | |||
| CVE-2026-10284 | medium | 5.4 | 5.4 | 2d ago | A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource… | |||
| CVE-2026-48559 | medium | 5.4 | 5.4 | 2d ago | Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metad… | |||
| CVE-2026-9309 | medium | 5.4 | 5.4 | 2d ago | Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa… | |||
| CVE-2026-9308 | medium | 5.4 | 5.4 | 2d ago | Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit… | |||
| CVE-2026-10218 | medium | 5.4 | 5.4 | 2d ago | A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution_handlers.go. Such manipulation leads to improper authorizati… | |||
| CVE-2026-10213 | medium | 5.4 | 5.4 | 2d ago | A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of t… | |||
| CVE-2026-49368 | medium | 5.4 | 5.4 | 5d ago | In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible | |||
| CVE-2026-44611 | medium | 5.4 | 5.4 | 5d ago | Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks. | |||
| CVE-2026-42951 | medium | 5.4 | 5.4 | 5d ago | An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes. | |||
| CVE-2026-34507 | medium | 5.4 | 5.4 | 5d ago | OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin comma… | |||
| CVE-2026-47694 | medium | 5.4 | 5.4 | 5d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders category_description as raw HTML in the Gallery view. A user w… | |||
| CVE-2026-9811 | medium | 5.4 | 5.4 | 5d ago | A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application f… | |||
| CVE-2026-9971 | medium | 5.4 | 5.4 | 6d ago | Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTM… | |||
| CVE-2026-45023 | medium | 5.4 | 5.4 | 6d ago | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes block… | |||
| CVE-2026-42401 | medium | 5.4 | 5.4 | 6d ago | Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which… | |||
| CVE-2026-48523 | medium | 5.4 | 5.4 | 6d ago | PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. … | |||
| CVE-2026-47761 | medium | 5.4 | 5.4 | 6d ago | TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* a… | |||
| CVE-2026-47759 | medium | 5.4 | 5.4 | 6d ago | TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style).… | |||
| CVE-2026-45718 | medium | 5.4 | 5.4 | 7d ago | Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is… | |||
| CVE-2026-4390 | medium | 5.4 | 5.4 | 7d ago | A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free… | |||
| CVE-2026-42082 | medium | 5.4 | 5.4 | 7d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AM… | |||
| CVE-2026-45335 | medium | 5.4 | 5.4 | 7d ago | WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically th… | |||
| CVE-2026-45571 | medium | 5.4 | 5.4 | 7d ago | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside… | |||
| CVE-2026-6287 | medium | 5.4 | 5.4 | 7d ago | The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks… | |||
| CVE-2026-38931 | medium | 5.4 | 5.4 | 8d ago | A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload. | |||
| CVE-2026-32389 | medium | 5.4 | 5.4 | 9d ago | Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2. | |||
| CVE-2026-24586 | medium | 5.4 | 5.4 | 9d ago | Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Newses: from n/a through 2.0.0.77. | |||
| CVE-2026-48589 | medium | 5.4 | 5.4 | 9d ago | Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value coul… | |||
| CVE-2026-44598 | medium | 5.4 | 5.4 | 9d ago | With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha… | |||
| CVE-2026-9078 | medium | 5.4 | 5.4 | 9d ago | Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portio… | |||
| CVE-2026-9438 | medium | 5.4 | 5.4 | 9d ago | A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the arg… | |||
| CVE-2026-39964 | medium | 5.4 | 5.4 | 12d ago | Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers | |||
| CVE-2026-28735 | medium | 5.4 | 5.4 | 12d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to g… | |||
| CVE-2026-9251 | medium | 5.4 | 5.4 | 12d ago | Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain ac… | |||
| CVE-2026-8381 | medium | 5.4 | 5.4 | 12d ago | A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an a… | |||
| CVE-2026-7798 | medium | 5.4 | 5.4 | 12d ago | The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions… | |||
| CVE-2026-8245 | medium | 5.4 | 5.4 | 13d ago | Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL fi… | |||
| CVE-2026-8139 | medium | 5.4 | 5.4 | 13d ago | Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnera… | |||
| CVE-2026-4929 | medium | 5.4 | 5.4 | 13d ago | Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output (shs_fie… | |||
| CVE-2026-4093 | medium | 5.4 | 5.4 | 13d ago | In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A (token display templates): When the Token module is enabled and token di… | |||
| CVE-2026-22678 | medium | 5.4 | 5.4 | 13d ago | Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attack… | |||
| CVE-2026-8203 | medium | 5.4 | 5.4 | 13d ago | Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that execute… | |||
| CVE-2026-48230 | medium | 5.4 | 5.4 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsan… | |||
| CVE-2026-48229 | medium | 5.4 | 5.4 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va… | |||
| CVE-2026-48228 | medium | 5.4 | 5.4 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v… | |||
| CVE-2026-48227 | medium | 5.4 | 5.4 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val… | |||
| CVE-2026-48226 | medium | 5.4 | 5.4 | 13d ago | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va… |