CVEs from 2026
Total
14,086
critical
critical 1,240
high
high 4,673
medium
medium 4,451
low
low 486
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35061 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | |||
| CVE-2026-33093 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | |||
| CVE-2026-32648 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device. | |||
| CVE-2026-6491 | medium | 5.3 | 5.3 | 2mo ago | A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such… | |||
| CVE-2026-24749 | medium | 5.3 | 5.3 | 2mo ago | Silverstripe Assets Module has a DBFile::getURL() permission bypass | |||
| CVE-2026-40778 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: … | |||
| CVE-2026-40742 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: fr… | |||
| CVE-2026-28421 | medium | 5.3 | 5.3 | 2mo ago | Important: vim security update | |||
| CVE-2026-33829 | medium | 4.3 | 5.3 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-6219 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulati… | |||
| CVE-2026-5504 | medium | 5.3 | 5.3 | 2mo ago | A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfS… | |||
| CVE-2026-5772 | medium | 5.3 | 5.3 | 2mo ago | A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * e… | |||
| CVE-2026-5833 | medium | 5.3 | 5.3 | 2mo ago | awwaiid mcp-server-taskwarrior vulnerable to command injection | |||
| CVE-2026-5890 | medium | 5.3 | 5.3 | 2mo ago | Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severit… | |||
| CVE-2026-39716 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8. | |||
| CVE-2026-39713 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly … | |||
| CVE-2026-39712 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a th… | |||
| CVE-2026-39706 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a throug… | |||
| CVE-2026-39704 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access C… | |||
| CVE-2026-39701 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | |||
| CVE-2026-39700 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32. | |||
| CVE-2026-39698 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects T… | |||
| CVE-2026-39697 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-39694 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Si… | |||
| CVE-2026-39689 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from … | |||
| CVE-2026-39688 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profil… | |||
| CVE-2026-39687 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rap… | |||
| CVE-2026-39686 | medium | 5.3 | 5.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PD… | |||
| CVE-2026-39682 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: fr… | |||
| CVE-2026-39680 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet … | |||
| CVE-2026-39678 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sy… | |||
| CVE-2026-39676 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a… | |||
| CVE-2026-39675 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from… | |||
| CVE-2026-39672 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… | |||
| CVE-2026-39669 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3. | |||
| CVE-2026-39664 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2. | |||
| CVE-2026-39662 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security … | |||
| CVE-2026-39658 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pand… | |||
| CVE-2026-39657 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n… | |||
| CVE-2026-39652 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: fro… | |||
| CVE-2026-39650 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: … | |||
| CVE-2026-39648 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7. | |||
| CVE-2026-39644 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from… | |||
| CVE-2026-39628 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <… | |||
| CVE-2026-39626 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | |||
| CVE-2026-39624 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3. | |||
| CVE-2026-39616 | medium | 5.3 | 5.3 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |||
| CVE-2026-39612 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9. | |||
| CVE-2026-39609 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0… | |||
| CVE-2026-39605 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: fro… | |||
| CVE-2026-39602 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a thr… | |||
| CVE-2026-39585 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booktics: from n/a through 1.0.16. | |||
| CVE-2026-39563 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a th… | |||
| CVE-2026-39561 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7. | |||
| CVE-2026-39535 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display… | |||
| CVE-2026-39520 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18. | |||
| CVE-2026-39365 | medium | 5.3 | 5.3 | 2mo ago | Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling | |||
| CVE-2026-35484 | medium | 5.3 | 5.3 | 2mo ago | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file o… | |||
| CVE-2026-5621 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulatio… | |||
| CVE-2026-5619 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipu… | |||
| CVE-2026-5603 | medium | 5.3 | 5.3 | 2mo ago | @elgentos/magento2-dev-mcp vulnerable to command injection | |||
| CVE-2026-5602 | medium | 5.3 | 5.3 | 2mo ago | @nor2/heim-mcp vulnerable to command injection | |||
| CVE-2026-5527 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Pr… | |||
| CVE-2026-3184 | medium | 5.3 | 5.3 | 2mo ago | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A … | |||
| CVE-2026-5342 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipu… | |||
| CVE-2026-5323 | medium | 5.3 | 5.3 | 2mo ago | a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function | |||
| CVE-2026-5236 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of t… | |||
| CVE-2026-5235 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation … | |||
| CVE-2026-5215 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-5186 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation cause… | |||
| CVE-2026-5185 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipula… | |||
| CVE-2026-5125 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument gi… | |||
| CVE-2026-5023 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the … | |||
| CVE-2026-5007 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulatio… | |||
| CVE-2026-27860 | medium | 5.3 | 5.3 | 2mo ago | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure… | |||
| CVE-2026-27859 | medium | 5.3 | 5.3 | 2mo ago | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU … | |||
| CVE-2026-0394 | medium | 5.3 | 5.3 | 2mo ago | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the dom… | |||
| CVE-2026-2100 | medium | 5.3 | 5.3 | 2mo ago | A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters se… | |||
| CVE-2026-32497 | medium | 5.3 | 5.3 | 2mo ago | Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45. | |||
| CVE-2026-32492 | medium | 5.3 | 5.3 | 2mo ago | Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1. | |||
| CVE-2026-28838 | medium | 5.3 | 5.3 | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-4733 | medium | 5.3 | 5.3 | 2mo ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | |||
| CVE-2026-28809 | medium | 5.3 | 5.3 | 2mo ago | esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages | |||
| CVE-2026-4603 | medium | 5.3 | 5.3 | 2mo ago | jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations | |||
| CVE-2026-4530 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument D… | |||
| CVE-2026-4496 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of th… | |||
| CVE-2026-1005 | medium | 5.3 | 5.3 | 3mo ago | Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authenticati… | |||
| CVE-2026-28070 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2. | |||
| CVE-2026-33221 | medium | 5.3 | 5.3 | 3mo ago | Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-… | |||
| CVE-2026-32565 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Rel… | |||
| CVE-2026-32586 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooC… | |||
| CVE-2026-4216 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. … | |||
| CVE-2026-4199 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command inj… | |||
| CVE-2026-4198 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command inj… | |||
| CVE-2026-32438 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education:… | |||
| CVE-2026-32437 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= … | |||
| CVE-2026-32436 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a throu… | |||
| CVE-2026-32435 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4… | |||
| CVE-2026-32434 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4. | |||
| CVE-2026-32427 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from … |