CVEs from 2026
Total
13,512
critical
critical 1,163
high
high 4,146
medium
medium 4,137
low
low 440
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44284 | medium | 6.3 | 6.3 | 21d ago | FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int… | |||
| CVE-2026-42451 | medium | 6.3 | 6.3 | 21d ago | Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java… | |||
| CVE-2026-42344 | medium | 6.3 | 6.3 | 21d ago | FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim… | |||
| CVE-2026-42180 | medium | 6.3 | 6.3 | 21d ago | Lemmy has SSRF in /api/v3/post via Webmention dispatch | |||
| CVE-2026-8127 | medium | 6.3 | 6.3 | 22d ago | A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper… | |||
| CVE-2026-8125 | medium | 6.3 | 6.3 | 22d ago | A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parame… | |||
| CVE-2026-8116 | medium | 6.3 | 6.3 | 22d ago | A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument m… | |||
| CVE-2026-8114 | medium | 6.3 | 6.3 | 22d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation… | |||
| CVE-2026-40214 | medium | 6.3 | 6.3 | 22d ago | OpenStack Cyborg's Accelerator Request (ARQ) API does not enforce project ownership at any layer | |||
| CVE-2026-8097 | medium | 6.3 | 6.3 | 22d ago | A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injec… | |||
| CVE-2026-42879 | medium | 6.3 | 6.3 | 22d ago | FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images | |||
| CVE-2026-8081 | medium | 6.3 | 6.3 | 22d ago | A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_tools.go of the component API… | |||
| CVE-2026-43582 | medium | 6.3 | 6.3 | 23d ago | OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding | |||
| CVE-2026-8010 | medium | 6.3 | 6.3 | 23d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7977 | medium | 6.3 | 6.3 | 23d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7971 | medium | 6.3 | 6.3 | 23d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-6420 | medium | 6.3 | 6.3 | 24d ago | Keylime has a hardcoded attestation challenge nonce that allows replay attacks | |||
| CVE-2026-7844 | medium | 6.3 | 6.3 | 24d ago | A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file l… | |||
| CVE-2026-7822 | medium | 6.3 | 6.3 | 25d ago | A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injectio… | |||
| CVE-2026-7783 | medium | 6.3 | 6.3 | 25d ago | A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component… | |||
| CVE-2026-7782 | medium | 6.3 | 6.3 | 25d ago | A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The mani… | |||
| CVE-2026-7746 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the… | |||
| CVE-2026-7745 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql i… | |||
| CVE-2026-7744 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injecti… | |||
| CVE-2026-7743 | medium | 6.3 | 6.3 | 26d ago | A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid le… | |||
| CVE-2026-7742 | medium | 6.3 | 6.3 | 26d ago | A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead t… | |||
| CVE-2026-7741 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql… | |||
| CVE-2026-7738 | medium | 6.3 | 6.3 | 26d ago | @puchunjie/doc-tools-mcp has a Path Traversal Issue | |||
| CVE-2026-7725 | medium | 6.3 | 6.3 | 26d ago | Prefect Git Argument Injection in GitRepository Pull Steps | |||
| CVE-2026-7732 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload… | |||
| CVE-2026-7731 | medium | 6.3 | 6.3 | 26d ago | A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_ST… | |||
| CVE-2026-7730 | medium | 6.3 | 6.3 | 26d ago | A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the … | |||
| CVE-2026-7729 | medium | 6.3 | 6.3 | 26d ago | A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the … | |||
| CVE-2026-7728 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argu… | |||
| CVE-2026-7721 | medium | 6.3 | 6.3 | 26d ago | A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTi… | |||
| CVE-2026-7720 | medium | 6.3 | 6.3 | 26d ago | A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This… | |||
| CVE-2026-7718 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation … | |||
| CVE-2026-7716 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument d… | |||
| CVE-2026-7715 | medium | 6.3 | 6.3 | 26d ago | A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the … | |||
| CVE-2026-7713 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo… | |||
| CVE-2026-7712 | medium | 6.3 | 6.3 | 26d ago | A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is poss… | |||
| CVE-2026-7709 | medium | 6.3 | 6.3 | 26d ago | A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation… | |||
| CVE-2026-7705 | medium | 6.3 | 6.3 | 26d ago | A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argum… | |||
| CVE-2026-7700 | medium | 6.3 | 6.3 | 27d ago | A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterC… | |||
| CVE-2026-7699 | medium | 6.3 | 6.3 | 27d ago | A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argum… | |||
| CVE-2026-7696 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. T… | |||
| CVE-2026-7692 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS re… | |||
| CVE-2026-7691 | medium | 6.3 | 6.3 | 27d ago | A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command lea… | |||
| CVE-2026-7687 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser… | |||
| CVE-2026-7683 | medium | 6.3 | 6.3 | 27d ago | A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserNam… | |||
| CVE-2026-7682 | medium | 6.3 | 6.3 | 27d ago | A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPU… | |||
| CVE-2026-7678 | medium | 6.3 | 6.3 | 27d ago | A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoView… | |||
| CVE-2026-7672 | medium | 6.3 | 6.3 | 27d ago | A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.jav… | |||
| CVE-2026-7653 | medium | 6.3 | 6.3 | 27d ago | A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing … | |||
| CVE-2026-7642 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation o… | |||
| CVE-2026-7629 | medium | 6.3 | 6.3 | 28d ago | A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a… | |||
| CVE-2026-7628 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. … | |||
| CVE-2026-7627 | medium | 6.3 | 6.3 | 28d ago | A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. … | |||
| CVE-2026-7605 | medium | 6.3 | 6.3 | 28d ago | A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMu… | |||
| CVE-2026-7604 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Su… | |||
| CVE-2026-7603 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This mani… | |||
| CVE-2026-7602 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation… | |||
| CVE-2026-7600 | medium | 6.3 | 6.3 | 28d ago | yii2-mcp-server has a Command Injection Issue | |||
| CVE-2026-7599 | medium | 6.3 | 6.3 | 28d ago | A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Perf… | |||
| CVE-2026-7597 | medium | 6.3 | 6.3 | 28d ago | mem0ai mem0 has an Improper Input Validation Issue | |||
| CVE-2026-7595 | medium | 6.3 | 6.3 | 28d ago | A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config… | |||
| CVE-2026-7591 | medium | 6.3 | 6.3 | 28d ago | A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Perf… | |||
| CVE-2026-7510 | medium | 6.3 | 6.3 | 29d ago | A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulati… | |||
| CVE-2026-7508 | medium | 6.3 | 6.3 | 29d ago | A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulat… | |||
| CVE-2026-7469 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in comm… | |||
| CVE-2026-7447 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/le… | |||
| CVE-2026-7445 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP … | |||
| CVE-2026-7410 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument… | |||
| CVE-2026-7392 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of … | |||
| CVE-2026-7391 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument … | |||
| CVE-2026-7305 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl… | |||
| CVE-2026-7291 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can… | |||
| CVE-2026-7290 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.jav… | |||
| CVE-2026-24231 | medium | 6.3 | 6.3 | 1mo ago | NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL refere… | |||
| CVE-2026-7268 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argum… | |||
| CVE-2026-7267 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument ID causes sql injection. The attac… | |||
| CVE-2026-7266 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the arg… | |||
| CVE-2026-7265 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of… | |||
| CVE-2026-7264 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of t… | |||
| CVE-2026-7229 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manip… | |||
| CVE-2026-7196 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql inject… | |||
| CVE-2026-7150 | medium | 6.3 | 6.3 | 1mo ago | auto-favicon has a Server-Side Request Forgery issue | |||
| CVE-2026-7148 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack … | |||
| CVE-2026-7143 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q lea… | |||
| CVE-2026-7142 | medium | 6.3 | 6.3 | 1mo ago | Wooey has an Incorrect Privilege Assignment issue | |||
| CVE-2026-7118 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argu… | |||
| CVE-2026-7117 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token c… | |||
| CVE-2026-7115 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads t… | |||
| CVE-2026-7114 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection… | |||
| CVE-2026-7107 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestri… | |||
| CVE-2026-7093 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performin… | |||
| CVE-2026-7092 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argumen… | |||
| CVE-2026-7091 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper au… | |||
| CVE-2026-7084 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. T… | |||
| CVE-2026-7044 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can … |