CVEs from 2026
Total
14,069
critical
critical 1,237
high
high 4,656
medium
medium 4,449
low
low 490
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4596 | medium | 5.4 | 5.4 | 2mo ago | A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to… | |||
| CVE-2026-4542 | medium | 5.4 | 5.4 | 2mo ago | A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the ar… | |||
| CVE-2026-33331 | medium | 5.4 | 5.4 | 3mo ago | oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI d… | |||
| CVE-2026-4324 | medium | 5.4 | 5.4 | 3mo ago | Katello: Denial of Service and potential information disclosure via SQL injection | |||
| CVE-2026-32587 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2… | |||
| CVE-2026-32417 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9. | |||
| CVE-2026-32391 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4. | |||
| CVE-2026-32388 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2. | |||
| CVE-2026-32331 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.… | |||
| CVE-2026-23942 | medium | 5.4 | 5.4 | 3mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program fil… | |||
| CVE-2026-2376 | medium | 5.4 | 5.4 | 3mo ago | A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the applicat… | |||
| CVE-2026-30964 | medium | 5.4 | 5.4 | 3mo ago | Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation | |||
| CVE-2026-3819 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Manageme… | |||
| CVE-2026-3766 | medium | 5.4 | 5.4 | 3mo ago | A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the… | |||
| CVE-2026-3761 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing … | |||
| CVE-2026-3743 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site script… | |||
| CVE-2026-3742 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in cro… | |||
| CVE-2026-3741 | medium | 5.4 | 5.4 | 3mo ago | A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads… | |||
| CVE-2026-3721 | medium | 5.4 | 5.4 | 3mo ago | A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/doma… | |||
| CVE-2026-3720 | medium | 5.4 | 5.4 | 3mo ago | A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-fo… | |||
| CVE-2026-27411 | medium | 5.4 | 5.4 | 3mo ago | Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9. | |||
| CVE-2026-24351 | medium | 5.4 | 5.4 | 3mo ago | PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visi… | |||
| CVE-2026-24350 | medium | 5.4 | 5.4 | 3mo ago | PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks th… | |||
| CVE-2026-3171 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipu… | |||
| CVE-2026-3050 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argumen… | |||
| CVE-2026-2972 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.… | |||
| CVE-2026-2947 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component U… | |||
| CVE-2026-2946 | medium | 5.4 | 5.4 | 3mo ago | A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java o… | |||
| CVE-2026-2864 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.j… | |||
| CVE-2026-2863 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java… | |||
| CVE-2026-2622 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/Articl… | |||
| CVE-2026-2557 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation r… | |||
| CVE-2026-2551 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the a… | |||
| CVE-2026-2224 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argume… | |||
| CVE-2026-2201 | medium | 5.4 | 5.4 | 4mo ago | A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanage… | |||
| CVE-2026-2145 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipul… | |||
| CVE-2026-2064 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such … | |||
| CVE-2026-1700 | medium | 5.4 | 5.4 | 4mo ago | A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message caus… | |||
| CVE-2026-1598 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Informatio… | |||
| CVE-2026-1489 | medium | 5.4 | 5.4 | 4mo ago | A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode st… | |||
| CVE-2026-1421 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. The attack … | |||
| CVE-2026-24631 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: fro… | |||
| CVE-2026-24622 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolk… | |||
| CVE-2026-24595 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: fro… | |||
| CVE-2026-24587 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX… | |||
| CVE-2026-24581 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-24570 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a thro… | |||
| CVE-2026-24561 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a… | |||
| CVE-2026-24560 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2026-24551 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official P… | |||
| CVE-2026-24548 | medium | 5.4 | 5.4 | 4mo ago | Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91. | |||
| CVE-2026-24540 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate G… | |||
| CVE-2026-24384 | medium | 5.4 | 5.4 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from … | |||
| CVE-2026-24381 | medium | 5.4 | 5.4 | 4mo ago | Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2. | |||
| CVE-2026-24374 | medium | 5.4 | 5.4 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects Registrati… | |||
| CVE-2026-24365 | medium | 5.4 | 5.4 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce… | |||
| CVE-2026-22430 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: fro… | |||
| CVE-2026-22426 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet J… | |||
| CVE-2026-22400 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n… | |||
| CVE-2026-22398 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a … | |||
| CVE-2026-22396 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: … | |||
| CVE-2026-22393 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a … | |||
| CVE-2026-22391 | medium | 5.4 | 5.4 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a … | |||
| CVE-2026-1154 | medium | 5.4 | 5.4 | 5mo ago | A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipul… | |||
| CVE-2026-1151 | medium | 5.4 | 5.4 | 5mo ago | A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross s… | |||
| CVE-2026-1147 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manip… | |||
| CVE-2026-1146 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/api_register_pa… | |||
| CVE-2026-1106 | medium | 5.4 | 5.4 | 5mo ago | A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Co… | |||
| CVE-2026-1049 | medium | 5.4 | 5.4 | 5mo ago | A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cro… | |||
| CVE-2026-1048 | medium | 5.4 | 5.4 | 5mo ago | A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. This manipulation of the argument TicketID causes cross … | |||
| CVE-2026-0587 | medium | 5.4 | 5.4 | 5mo ago | A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the … | |||
| CVE-2026-44545 | medium | 5.3 | 5.3 | 40 min ago | daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote a… | |||
| CVE-2026-5078 | medium | 5.3 | 5.3 | 9h ago | Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characte… | |||
| CVE-2026-10650 | medium | 5.3 | 5.3 | 17h ago | A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol Hand… | |||
| CVE-2026-45289 | medium | 5.3 | 5.3 | 18h ago | CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authen… | |||
| CVE-2026-9590 | medium | 5.3 | 5.3 | 23h ago | Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without … | |||
| CVE-2026-10566 | medium | 5.3 | 5.3 | 2d ago | A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argumen… | |||
| CVE-2026-10548 | medium | 5.3 | 5.3 | 2d ago | A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the com… | |||
| CVE-2026-45543 | medium | 5.3 | 5.3 | 2d ago | Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the af… | |||
| CVE-2026-10255 | medium | 5.3 | 5.3 | 2d ago | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sell_statement of the file application/controllers/ShowForm.ph… | |||
| CVE-2026-10254 | medium | 5.3 | 5.3 | 2d ago | A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. Th… | |||
| CVE-2026-49328 | medium | 5.3 | 5.3 | 2d ago | Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal … | |||
| CVE-2026-8474 | medium | 5.3 | 5.3 | 2d ago | A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.8.0 to 4.8.15, * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the … | |||
| CVE-2026-10232 | medium | 5.3 | 5.3 | 2d ago | A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation c… | |||
| CVE-2026-10231 | medium | 5.3 | 5.3 | 2d ago | A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a… | |||
| CVE-2026-10230 | medium | 5.3 | 5.3 | 2d ago | A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::read_animations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Load… | |||
| CVE-2026-10229 | medium | 5.3 | 5.3 | 2d ago | A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation cause… | |||
| CVE-2026-10224 | medium | 5.3 | 5.3 | 2d ago | A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the… | |||
| CVE-2026-10200 | medium | 5.3 | 5.3 | 3d ago | A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in h… | |||
| CVE-2026-8382 | medium | 5.3 | 5.3 | 3d ago | The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user … | |||
| CVE-2026-48840 | medium | 5.3 | 5.3 | 5d ago | Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client. | |||
| CVE-2026-45294 | medium | 5.3 | 5.3 | 5d ago | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted… | |||
| CVE-2026-46344 | medium | 5.3 | 5.3 | 5d ago | liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT … | |||
| CVE-2026-44518 | medium | 5.3 | 5.3 | 5d ago | liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT … | |||
| CVE-2026-45352 | medium | 5.3 | 5.3 | 5d ago | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process cras… | |||
| CVE-2026-42500 | medium | 5.3 | 5.3 | 5d ago | Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. | |||
| CVE-2026-10075 | medium | 5.3 | 5.3 | 5d ago | DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulner… | |||
| CVE-2026-9189 | medium | 5.3 | 5.3 | 5d ago | The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Althou… | |||
| CVE-2026-2128 | medium | 5.3 | 5.3 | 5d ago | The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the `wo… | |||
| CVE-2026-9985 | medium | 5.3 | 5.3 | 6d ago | Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensi… |