CVEs from 2026
Total
13,468
critical
critical 1,176
high
high 4,290
medium
medium 4,163
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6378 | medium | 6.4 | 6.4 | 29d ago | The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to i… | |||
| CVE-2026-6127 | medium | 6.4 | 6.4 | 1mo ago | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. This is due to insufficient… | |||
| CVE-2026-41174 | medium | 6.4 | 6.4 | 1mo ago | Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding | |||
| CVE-2026-3346 | medium | 6.4 | 6.4 | 1mo ago | IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus al… | |||
| CVE-2026-4805 | medium | 6.4 | 6.4 | 1mo ago | The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundle… | |||
| CVE-2026-6809 | medium | 6.4 | 6.4 | 1mo ago | The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sa… | |||
| CVE-2026-6725 | medium | 6.4 | 6.4 | 1mo ago | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all versions up to, and incl… | |||
| CVE-2026-6551 | medium | 6.4 | 6.4 | 1mo ago | The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to,… | |||
| CVE-2026-4752 | medium | 6.4 | 6.4 | 2mo ago | Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329. | |||
| CVE-2026-1410 | medium | 6.4 | 6.4 | 4mo ago | A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attac… | |||
| CVE-2026-10182 | medium | 6.3 | 6.3 | 2h ago | A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee … | |||
| CVE-2026-10180 | medium | 6.3 | 6.3 | 2h ago | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection.… | |||
| CVE-2026-10176 | medium | 6.3 | 6.3 | 4h ago | A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injec… | |||
| CVE-2026-10177 | medium | 6.3 | 6.3 | 5h ago | A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads … | |||
| CVE-2026-10175 | medium | 6.3 | 6.3 | 5h ago | A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipul… | |||
| CVE-2026-10174 | medium | 6.3 | 6.3 | 5h ago | A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-comm… | |||
| CVE-2026-10172 | medium | 6.3 | 6.3 | 6h ago | A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php… | |||
| CVE-2026-10170 | medium | 6.3 | 6.3 | 7h ago | A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone ca… | |||
| CVE-2026-10168 | medium | 6.3 | 6.3 | 9h ago | A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file appl… | |||
| CVE-2026-10166 | medium | 6.3 | 6.3 | 10h ago | A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of t… | |||
| CVE-2026-10152 | medium | 6.3 | 6.3 | 18h ago | A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.ja… | |||
| CVE-2026-10127 | medium | 6.3 | 6.3 | 21h ago | A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the … | |||
| CVE-2026-9831 | medium | 6.3 | 6.3 | 2d ago | A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with… | |||
| CVE-2026-44287 | medium | 6.3 | 6.3 | 2d ago | FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.t… | |||
| CVE-2026-10101 | medium | 6.3 | 6.3 | 2d ago | ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterR… | |||
| CVE-2026-10064 | medium | 6.3 | 6.3 | 2d ago | A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name r… | |||
| CVE-2026-10061 | medium | 6.3 | 6.3 | 2d ago | A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The atta… | |||
| CVE-2026-10060 | medium | 6.3 | 6.3 | 2d ago | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to comma… | |||
| CVE-2026-9989 | medium | 6.3 | 6.3 | 3d ago | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High) | |||
| CVE-2026-49093 | medium | 6.3 | 6.3 | 3d ago | Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server t… | |||
| CVE-2026-46416 | medium | 6.3 | 6.3 | 4d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for mult… | |||
| CVE-2026-47270 | medium | 6.3 | 6.3 | 4d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage… | |||
| CVE-2026-47274 | medium | 6.3 | 6.3 | 4d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rathe… | |||
| CVE-2026-2254 | medium | 6.3 | 6.3 | 5d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notficatio… | |||
| CVE-2026-9607 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results … | |||
| CVE-2026-30498 | medium | 6.3 | 6.3 | 5d ago | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0. | |||
| CVE-2026-9581 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can … | |||
| CVE-2026-9579 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument u… | |||
| CVE-2026-27331 | medium | 6.3 | 6.3 | 5d ago | Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5. | |||
| CVE-2026-9565 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handle… | |||
| CVE-2026-9542 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_i… | |||
| CVE-2026-9534 | medium | 6.3 | 6.3 | 5d ago | A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the arg… | |||
| CVE-2026-9533 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a mani… | |||
| CVE-2026-9532 | medium | 6.3 | 6.3 | 5d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Su… | |||
| CVE-2026-9531 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the arg… | |||
| CVE-2026-9524 | medium | 6.3 | 6.3 | 5d ago | A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522_Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportPa… | |||
| CVE-2026-9515 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation… | |||
| CVE-2026-9514 | medium | 6.3 | 6.3 | 6d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation … | |||
| CVE-2026-9513 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulat… | |||
| CVE-2026-9512 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performin… | |||
| CVE-2026-42776 | medium | 6.3 | 6.3 | 6d ago | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a throu… | |||
| CVE-2026-9511 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu… | |||
| CVE-2026-9498 | medium | 6.3 | 6.3 | 6d ago | A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument De… | |||
| CVE-2026-9497 | medium | 6.3 | 6.3 | 6d ago | A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deseriali… | |||
| CVE-2026-9483 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results … | |||
| CVE-2026-9484 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file class… | |||
| CVE-2026-9473 | medium | 6.3 | 6.3 | 6d ago | A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manip… | |||
| CVE-2026-9468 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/inde… | |||
| CVE-2026-9472 | medium | 6.3 | 6.3 | 6d ago | A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src… | |||
| CVE-2026-9451 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulatio… | |||
| CVE-2026-9450 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql inje… | |||
| CVE-2026-9449 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possibl… | |||
| CVE-2026-9445 | medium | 6.3 | 6.3 | 6d ago | A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulati… | |||
| CVE-2026-9441 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing … | |||
| CVE-2026-9440 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulat… | |||
| CVE-2026-9439 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is poss… | |||
| CVE-2026-9437 | medium | 6.3 | 6.3 | 6d ago | A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The at… | |||
| CVE-2026-9424 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulatio… | |||
| CVE-2026-9420 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to la… | |||
| CVE-2026-9412 | medium | 6.3 | 6.3 | 7d ago | A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access c… | |||
| CVE-2026-9411 | medium | 6.3 | 6.3 | 7d ago | A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler… | |||
| CVE-2026-9402 | medium | 6.3 | 6.3 | 7d ago | A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argum… | |||
| CVE-2026-9400 | medium | 6.3 | 6.3 | 7d ago | A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of th… | |||
| CVE-2026-9379 | medium | 6.3 | 6.3 | 7d ago | A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argume… | |||
| CVE-2026-9378 | medium | 6.3 | 6.3 | 7d ago | A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument… | |||
| CVE-2026-9376 | medium | 6.3 | 6.3 | 7d ago | A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Execut… | |||
| CVE-2026-9374 | medium | 6.3 | 6.3 | 7d ago | A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a mani… | |||
| CVE-2026-9363 | medium | 6.3 | 6.3 | 7d ago | A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a ma… | |||
| CVE-2026-9362 | medium | 6.3 | 6.3 | 7d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting … | |||
| CVE-2026-9361 | medium | 6.3 | 6.3 | 7d ago | A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument s… | |||
| CVE-2026-9359 | medium | 6.3 | 6.3 | 7d ago | A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulati… | |||
| CVE-2026-9347 | medium | 6.3 | 6.3 | 8d ago | A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mas… | |||
| CVE-2026-9343 | medium | 6.3 | 6.3 | 8d ago | A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argu… | |||
| CVE-2026-9342 | medium | 6.3 | 6.3 | 8d ago | A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o… | |||
| CVE-2026-9305 | medium | 6.3 | 6.3 | 8d ago | A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. Th… | |||
| CVE-2026-9302 | medium | 6.3 | 6.3 | 8d ago | A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of … | |||
| CVE-2026-9301 | medium | 6.3 | 6.3 | 8d ago | A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. Th… | |||
| CVE-2026-9300 | medium | 6.3 | 6.3 | 8d ago | A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be e… | |||
| CVE-2026-9298 | medium | 6.3 | 6.3 | 8d ago | A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory… | |||
| CVE-2026-9297 | medium | 6.3 | 6.3 | 8d ago | A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of th… | |||
| CVE-2026-9299 | medium | 6.3 | 6.3 | 8d ago | A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memo… | |||
| CVE-2026-9296 | medium | 6.3 | 6.3 | 8d ago | A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument… | |||
| CVE-2026-39828 | medium | 6.3 | 6.3 | 9d ago | When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as forc… | |||
| CVE-2026-1816 | medium | 6.3 | 6.3 | 10d ago | Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Appli… | |||
| CVE-2026-20206 | medium | 6.3 | 6.3 | 11d ago | A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the Browse… | |||
| CVE-2026-43619 | medium | 6.3 | 6.3 | 12d ago | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat … | |||
| CVE-2026-44408 | medium | 6.3 | 6.3 | 12d ago | There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface. | |||
| CVE-2026-0964 | medium | 6.3 | 6.3 | 13d ago | Moderate: libssh security update | |||
| CVE-2026-45626 | medium | 6.3 | 6.3 | 13d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is … | |||
| CVE-2026-8786 | medium | 6.3 | 6.3 | 13d ago | A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component… |