CVEs from 2026
Total
13,475
critical
critical 1,177
high
high 4,294
medium
medium 4,165
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45626 | medium | 6.3 | 6.3 | 13d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is … | |||
| CVE-2026-8786 | medium | 6.3 | 6.3 | 14d ago | A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component… | |||
| CVE-2026-8777 | medium | 6.3 | 6.3 | 14d ago | A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulatio… | |||
| CVE-2026-8774 | medium | 6.3 | 6.3 | 14d ago | A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command… | |||
| CVE-2026-8754 | medium | 6.3 | 6.3 | 14d ago | AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py | |||
| CVE-2026-8753 | medium | 6.3 | 6.3 | 14d ago | A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph… | |||
| CVE-2026-8747 | medium | 6.3 | 6.3 | 14d ago | A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipu… | |||
| CVE-2026-8743 | medium | 6.3 | 6.3 | 14d ago | A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in … | |||
| CVE-2026-8740 | medium | 6.3 | 6.3 | 14d ago | A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirectiv… | |||
| CVE-2026-8735 | medium | 6.3 | 6.3 | 14d ago | A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulat… | |||
| CVE-2026-8733 | medium | 6.3 | 6.3 | 15d ago | A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based … | |||
| CVE-2026-33380 | medium | 6.3 | 6.3 | 18d ago | A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vul… | |||
| CVE-2026-2695 | medium | 6.3 | 6.3 | 18d ago | A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users… | |||
| CVE-2026-35555 | medium | 6.3 | 6.3 | 19d ago | PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups. | |||
| CVE-2026-34664 | medium | 6.3 | 6.3 | 19d ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sy… | |||
| CVE-2026-40133 | medium | 6.3 | 6.3 | 20d ago | Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact o… | |||
| CVE-2026-44337 | medium | 6.3 | 6.3 | 20d ago | PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries | |||
| CVE-2026-8231 | medium | 6.3 | 6.3 | 21d ago | A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql inject… | |||
| CVE-2026-8217 | medium | 6.3 | 6.3 | 22d ago | A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation … | |||
| CVE-2026-8193 | medium | 6.3 | 6.3 | 22d ago | A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead … | |||
| CVE-2026-8185 | medium | 6.3 | 6.3 | 22d ago | A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authe… | |||
| CVE-2026-44284 | medium | 6.3 | 6.3 | 23d ago | FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int… | |||
| CVE-2026-42451 | medium | 6.3 | 6.3 | 23d ago | Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java… | |||
| CVE-2026-42344 | medium | 6.3 | 6.3 | 23d ago | FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim… | |||
| CVE-2026-42180 | medium | 6.3 | 6.3 | 23d ago | Lemmy has SSRF in /api/v3/post via Webmention dispatch | |||
| CVE-2026-8127 | medium | 6.3 | 6.3 | 24d ago | A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper… | |||
| CVE-2026-8125 | medium | 6.3 | 6.3 | 24d ago | A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parame… | |||
| CVE-2026-8116 | medium | 6.3 | 6.3 | 24d ago | A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument m… | |||
| CVE-2026-8114 | medium | 6.3 | 6.3 | 24d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation… | |||
| CVE-2026-40214 | medium | 6.3 | 6.3 | 24d ago | OpenStack Cyborg's Accelerator Request (ARQ) API does not enforce project ownership at any layer | |||
| CVE-2026-8097 | medium | 6.3 | 6.3 | 24d ago | A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injec… | |||
| CVE-2026-42879 | medium | 6.3 | 6.3 | 24d ago | FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images | |||
| CVE-2026-8081 | medium | 6.3 | 6.3 | 24d ago | A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_tools.go of the component API… | |||
| CVE-2026-43582 | medium | 6.3 | 6.3 | 25d ago | OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding | |||
| CVE-2026-8010 | medium | 6.3 | 6.3 | 25d ago | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c… | |||
| CVE-2026-7977 | medium | 6.3 | 6.3 | 25d ago | Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7971 | medium | 6.3 | 6.3 | 25d ago | Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-6420 | medium | 6.3 | 6.3 | 25d ago | Keylime has a hardcoded attestation challenge nonce that allows replay attacks | |||
| CVE-2026-7844 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file l… | |||
| CVE-2026-7822 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injectio… | |||
| CVE-2026-7783 | medium | 6.3 | 6.3 | 27d ago | A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component… | |||
| CVE-2026-7782 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The mani… | |||
| CVE-2026-7746 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the… | |||
| CVE-2026-7745 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql i… | |||
| CVE-2026-7744 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injecti… | |||
| CVE-2026-7743 | medium | 6.3 | 6.3 | 27d ago | A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid le… | |||
| CVE-2026-7742 | medium | 6.3 | 6.3 | 27d ago | A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead t… | |||
| CVE-2026-7741 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql… | |||
| CVE-2026-7738 | medium | 6.3 | 6.3 | 27d ago | @puchunjie/doc-tools-mcp has a Path Traversal Issue | |||
| CVE-2026-7725 | medium | 6.3 | 6.3 | 27d ago | Prefect Git Argument Injection in GitRepository Pull Steps | |||
| CVE-2026-7732 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload… | |||
| CVE-2026-7731 | medium | 6.3 | 6.3 | 27d ago | A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_ST… | |||
| CVE-2026-7730 | medium | 6.3 | 6.3 | 28d ago | A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the … | |||
| CVE-2026-7729 | medium | 6.3 | 6.3 | 28d ago | A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the … | |||
| CVE-2026-7728 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argu… | |||
| CVE-2026-7721 | medium | 6.3 | 6.3 | 28d ago | A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTi… | |||
| CVE-2026-7720 | medium | 6.3 | 6.3 | 28d ago | A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This… | |||
| CVE-2026-7718 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation … | |||
| CVE-2026-7716 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument d… | |||
| CVE-2026-7715 | medium | 6.3 | 6.3 | 28d ago | A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the … | |||
| CVE-2026-7713 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo… | |||
| CVE-2026-7712 | medium | 6.3 | 6.3 | 28d ago | A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is poss… | |||
| CVE-2026-7709 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation… | |||
| CVE-2026-7705 | medium | 6.3 | 6.3 | 28d ago | A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argum… | |||
| CVE-2026-7700 | medium | 6.3 | 6.3 | 28d ago | A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterC… | |||
| CVE-2026-7699 | medium | 6.3 | 6.3 | 28d ago | A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argum… | |||
| CVE-2026-7696 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. T… | |||
| CVE-2026-7692 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS re… | |||
| CVE-2026-7691 | medium | 6.3 | 6.3 | 28d ago | A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command lea… | |||
| CVE-2026-7687 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser… | |||
| CVE-2026-7683 | medium | 6.3 | 6.3 | 28d ago | A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserNam… | |||
| CVE-2026-7682 | medium | 6.3 | 6.3 | 28d ago | A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPU… | |||
| CVE-2026-7678 | medium | 6.3 | 6.3 | 29d ago | A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoView… | |||
| CVE-2026-7672 | medium | 6.3 | 6.3 | 29d ago | A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.jav… | |||
| CVE-2026-7653 | medium | 6.3 | 6.3 | 29d ago | A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing … | |||
| CVE-2026-7642 | medium | 6.3 | 6.3 | 29d ago | A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation o… | |||
| CVE-2026-7629 | medium | 6.3 | 6.3 | 29d ago | A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a… | |||
| CVE-2026-7628 | medium | 6.3 | 6.3 | 29d ago | A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. … | |||
| CVE-2026-7627 | medium | 6.3 | 6.3 | 29d ago | A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. … | |||
| CVE-2026-7605 | medium | 6.3 | 6.3 | 29d ago | A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMu… | |||
| CVE-2026-7604 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Su… | |||
| CVE-2026-7603 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This mani… | |||
| CVE-2026-7602 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation… | |||
| CVE-2026-7600 | medium | 6.3 | 6.3 | 1mo ago | yii2-mcp-server has a Command Injection Issue | |||
| CVE-2026-7599 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Perf… | |||
| CVE-2026-7597 | medium | 6.3 | 6.3 | 1mo ago | mem0ai mem0 has an Improper Input Validation Issue | |||
| CVE-2026-7595 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config… | |||
| CVE-2026-7591 | medium | 6.3 | 6.3 | 1mo ago | A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Perf… | |||
| CVE-2026-7510 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulati… | |||
| CVE-2026-7508 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulat… | |||
| CVE-2026-7469 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in comm… | |||
| CVE-2026-7447 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/le… | |||
| CVE-2026-7445 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP … | |||
| CVE-2026-7410 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument… | |||
| CVE-2026-7392 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of … | |||
| CVE-2026-7391 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument … | |||
| CVE-2026-7305 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl… | |||
| CVE-2026-7291 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can… | |||
| CVE-2026-7290 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.jav… | |||
| CVE-2026-24231 | medium | 6.3 | 6.3 | 1mo ago | NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL refere… |