CVEs from 2026
Total
13,579
critical
critical 1,160
high
high 4,134
medium
medium 4,128
low
low 438
% Critical
8.5%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 405
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1410 | medium | 6.4 | 6.4 | 4mo ago | A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attac… | |||
| CVE-2026-10101 | medium | 6.3 | 6.3 | 4h ago | ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterR… | |||
| CVE-2026-10064 | medium | 6.3 | 6.3 | 4h ago | A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name r… | |||
| CVE-2026-10061 | medium | 6.3 | 6.3 | 6h ago | A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The atta… | |||
| CVE-2026-10060 | medium | 6.3 | 6.3 | 6h ago | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to comma… | |||
| CVE-2026-9989 | medium | 6.3 | 6.3 | 21h ago | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High) | |||
| CVE-2026-49093 | medium | 6.3 | 6.3 | 1d ago | Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server t… | |||
| CVE-2026-46416 | medium | 6.3 | 6.3 | 2d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for mult… | |||
| CVE-2026-47270 | medium | 6.3 | 6.3 | 2d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage… | |||
| CVE-2026-47274 | medium | 6.3 | 6.3 | 2d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rathe… | |||
| CVE-2026-2254 | medium | 6.3 | 6.3 | 3d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notficatio… | |||
| CVE-2026-9607 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results … | |||
| CVE-2026-30498 | medium | 6.3 | 6.3 | 3d ago | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0. | |||
| CVE-2026-9581 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can … | |||
| CVE-2026-9579 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument u… | |||
| CVE-2026-27331 | medium | 6.3 | 6.3 | 3d ago | Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5. | |||
| CVE-2026-9565 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handle… | |||
| CVE-2026-9542 | medium | 6.3 | 6.3 | 3d ago | A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_i… | |||
| CVE-2026-9534 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the arg… | |||
| CVE-2026-9533 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a mani… | |||
| CVE-2026-9532 | medium | 6.3 | 6.3 | 4d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Su… | |||
| CVE-2026-9531 | medium | 6.3 | 6.3 | 4d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the arg… | |||
| CVE-2026-9524 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522_Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportPa… | |||
| CVE-2026-9515 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation… | |||
| CVE-2026-9514 | medium | 6.3 | 6.3 | 4d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation … | |||
| CVE-2026-9513 | medium | 6.3 | 6.3 | 4d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulat… | |||
| CVE-2026-9512 | medium | 6.3 | 6.3 | 4d ago | A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performin… | |||
| CVE-2026-42776 | medium | 6.3 | 6.3 | 4d ago | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a throu… | |||
| CVE-2026-9511 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu… | |||
| CVE-2026-9498 | medium | 6.3 | 6.3 | 4d ago | A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument De… | |||
| CVE-2026-9497 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deseriali… | |||
| CVE-2026-9483 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results … | |||
| CVE-2026-9484 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file class… | |||
| CVE-2026-9473 | medium | 6.3 | 6.3 | 4d ago | A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manip… | |||
| CVE-2026-9468 | medium | 6.3 | 6.3 | 4d ago | A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/inde… | |||
| CVE-2026-9472 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src… | |||
| CVE-2026-9451 | medium | 6.3 | 6.3 | 4d ago | A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulatio… | |||
| CVE-2026-9450 | medium | 6.3 | 6.3 | 4d ago | A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql inje… | |||
| CVE-2026-9449 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possibl… | |||
| CVE-2026-9445 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulati… | |||
| CVE-2026-9441 | medium | 6.3 | 6.3 | 4d ago | A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing … | |||
| CVE-2026-9440 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulat… | |||
| CVE-2026-9439 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is poss… | |||
| CVE-2026-9437 | medium | 6.3 | 6.3 | 5d ago | A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The at… | |||
| CVE-2026-9424 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulatio… | |||
| CVE-2026-9420 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to la… | |||
| CVE-2026-9412 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access c… | |||
| CVE-2026-9411 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler… | |||
| CVE-2026-9402 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argum… | |||
| CVE-2026-9400 | medium | 6.3 | 6.3 | 5d ago | A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of th… | |||
| CVE-2026-9379 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argume… | |||
| CVE-2026-9378 | medium | 6.3 | 6.3 | 5d ago | A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument… | |||
| CVE-2026-9376 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Execut… | |||
| CVE-2026-9374 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a mani… | |||
| CVE-2026-9363 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a ma… | |||
| CVE-2026-9362 | medium | 6.3 | 6.3 | 6d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting … | |||
| CVE-2026-9361 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument s… | |||
| CVE-2026-9359 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulati… | |||
| CVE-2026-9347 | medium | 6.3 | 6.3 | 6d ago | A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mas… | |||
| CVE-2026-9343 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argu… | |||
| CVE-2026-9342 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o… | |||
| CVE-2026-9305 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. Th… | |||
| CVE-2026-9302 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of … | |||
| CVE-2026-9301 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. Th… | |||
| CVE-2026-9300 | medium | 6.3 | 6.3 | 6d ago | A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be e… | |||
| CVE-2026-9298 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory… | |||
| CVE-2026-9297 | medium | 6.3 | 6.3 | 6d ago | A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of th… | |||
| CVE-2026-9299 | medium | 6.3 | 6.3 | 6d ago | A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memo… | |||
| CVE-2026-9296 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument… | |||
| CVE-2026-39828 | medium | 6.3 | 6.3 | 8d ago | When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as forc… | |||
| CVE-2026-1816 | medium | 6.3 | 6.3 | 8d ago | Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Appli… | |||
| CVE-2026-20206 | medium | 6.3 | 6.3 | 9d ago | A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the Browse… | |||
| CVE-2026-43619 | medium | 6.3 | 6.3 | 10d ago | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat … | |||
| CVE-2026-44408 | medium | 6.3 | 6.3 | 10d ago | There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface. | |||
| CVE-2026-0964 | medium | 6.3 | 6.3 | 11d ago | Moderate: libssh security update | |||
| CVE-2026-45626 | medium | 6.3 | 6.3 | 11d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is … | |||
| CVE-2026-8786 | medium | 6.3 | 6.3 | 12d ago | A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component… | |||
| CVE-2026-8777 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulatio… | |||
| CVE-2026-8774 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command… | |||
| CVE-2026-8754 | medium | 6.3 | 6.3 | 12d ago | AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py | |||
| CVE-2026-8753 | medium | 6.3 | 6.3 | 12d ago | A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph… | |||
| CVE-2026-8747 | medium | 6.3 | 6.3 | 12d ago | A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipu… | |||
| CVE-2026-8743 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in … | |||
| CVE-2026-8740 | medium | 6.3 | 6.3 | 12d ago | A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirectiv… | |||
| CVE-2026-8735 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulat… | |||
| CVE-2026-8733 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based … | |||
| CVE-2026-33380 | medium | 6.3 | 6.3 | 16d ago | A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vul… | |||
| CVE-2026-2695 | medium | 6.3 | 6.3 | 16d ago | A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users… | |||
| CVE-2026-35555 | medium | 6.3 | 6.3 | 17d ago | PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups. | |||
| CVE-2026-34664 | medium | 6.3 | 6.3 | 17d ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sy… | |||
| CVE-2026-40133 | medium | 6.3 | 6.3 | 18d ago | Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact o… | |||
| CVE-2026-44337 | medium | 6.3 | 6.3 | 18d ago | PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries | |||
| CVE-2026-8231 | medium | 6.3 | 6.3 | 20d ago | A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql inject… | |||
| CVE-2026-8217 | medium | 6.3 | 6.3 | 20d ago | A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation … | |||
| CVE-2026-8193 | medium | 6.3 | 6.3 | 20d ago | A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead … | |||
| CVE-2026-8185 | medium | 6.3 | 6.3 | 20d ago | A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authe… | |||
| CVE-2026-44284 | medium | 6.3 | 6.3 | 21d ago | FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int… | |||
| CVE-2026-42451 | medium | 6.3 | 6.3 | 21d ago | Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java… | |||
| CVE-2026-42344 | medium | 6.3 | 6.3 | 21d ago | FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim… | |||
| CVE-2026-42180 | medium | 6.3 | 6.3 | 21d ago | Lemmy has SSRF in /api/v3/post via Webmention dispatch |