CVEs from 2026
Total
14,122
critical
critical 1,246
high
high 4,695
medium
medium 4,475
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48190 | low | 3.5 | 3.5 | 3d ago | An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be… | |||
| CVE-2026-42448 | low | 3.5 | 3.5 | 9d ago | Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed | |||
| CVE-2026-9485 | low | 3.5 | 3.5 | 9d ago | A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument … | |||
| CVE-2026-9471 | low | 3.5 | 3.5 | 10d ago | A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation… | |||
| CVE-2026-9414 | low | 3.5 | 3.5 | 10d ago | A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice … | |||
| CVE-2026-48832 | low | 3.5 | 3.5 | 10d ago | action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability. | |||
| CVE-2026-9395 | low | 3.5 | 3.5 | 10d ago | A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentia… | |||
| CVE-2026-9357 | low | 3.5 | 3.5 | 11d ago | A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack r… | |||
| CVE-2026-4643 | low | 3.5 | 3.5 | 17d ago | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server … | |||
| CVE-2026-45316 | low | 3.5 | 3.5 | 19d ago | Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) | |||
| CVE-2026-45803 | low | 3.5 | 3.5 | 20d ago | `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie… | |||
| CVE-2026-45781 | low | 3.5 | 3.5 | 20d ago | MCP Registry: OCI validator skips ownership check on upstream rate limits | |||
| CVE-2026-7471 | low | 3.5 | 3.5 | 21d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control o… | |||
| CVE-2026-8232 | low | 3.5 | 3.5 | 25d ago | A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The ma… | |||
| CVE-2026-7677 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic… | |||
| CVE-2026-7501 | low | 3.5 | 3.5 | 1mo ago | A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument p… | |||
| CVE-2026-41663 | low | 3.5 | 3.5 | 1mo ago | Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send | |||
| CVE-2026-7390 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the arg… | |||
| CVE-2026-7222 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the compo… | |||
| CVE-2026-7110 | low | 3.5 | 3.5 | 1mo ago | A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cro… | |||
| CVE-2026-7021 | low | 3.5 | 3.5 | 1mo ago | A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the arg… | |||
| CVE-2026-6990 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descriçã… | |||
| CVE-2026-6745 | low | 3.5 | 3.5 | 1mo ago | Bagisto affected by Cross-site Scripting | |||
| CVE-2026-6743 | low | 3.5 | 3.5 | 1mo ago | A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated rem… | |||
| CVE-2026-6648 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripti… | |||
| CVE-2026-6633 | low | 3.5 | 3.5 | 2mo ago | A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Exte… | |||
| CVE-2026-6619 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePrevie… | |||
| CVE-2026-6600 | low | 3.5 | 3.5 | 2mo ago | A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of … | |||
| CVE-2026-6593 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cros… | |||
| CVE-2026-6592 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulatio… | |||
| CVE-2026-6493 | low | 3.5 | 3.5 | 2mo ago | A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component… | |||
| CVE-2026-6486 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manip… | |||
| CVE-2026-6216 | low | 3.5 | 3.5 | 2mo ago | DbGate has cross site scripting via the SVG Icon String Handler component | |||
| CVE-2026-6162 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdat… | |||
| CVE-2026-6106 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the co… | |||
| CVE-2026-5810 | low | 3.5 | 3.5 | 2mo ago | A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argume… | |||
| CVE-2026-5806 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cro… | |||
| CVE-2026-35679 | low | 3.5 | 3.5 | 2mo ago | Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was someti… | |||
| CVE-2026-5568 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scrip… | |||
| CVE-2026-5370 | low | 3.5 | 3.5 | 2mo ago | Krayin CRM is vulnerable to Cross-site Scripting (XSS) | |||
| CVE-2026-5325 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create … | |||
| CVE-2026-5254 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component… | |||
| CVE-2026-5253 | low | 3.5 | 3.5 | 2mo ago | A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component edi… | |||
| CVE-2026-5252 | low | 3.5 | 3.5 | 2mo ago | A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation … | |||
| CVE-2026-5249 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulatio… | |||
| CVE-2026-4995 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message E… | |||
| CVE-2026-4994 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The mani… | |||
| CVE-2026-4973 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulatio… | |||
| CVE-2026-4969 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert Handler. The manipulation of the a… | |||
| CVE-2026-32984 | low | 3.5 | 3.5 | 2mo ago | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulne… | |||
| CVE-2026-4835 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface.… | |||
| CVE-2026-4495 | low | 3.5 | 3.5 | 3mo ago | A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the file src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java. The manipulation results i… | |||
| CVE-2026-4494 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross s… | |||
| CVE-2026-4355 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of … | |||
| CVE-2026-4354 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of … | |||
| CVE-2026-4239 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object pr… | |||
| CVE-2026-4186 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This man… | |||
| CVE-2026-4166 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in c… | |||
| CVE-2026-3984 | low | 3.5 | 3.5 | 3mo ago | A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation o… | |||
| CVE-2026-3983 | low | 3.5 | 3.5 | 3mo ago | A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argume… | |||
| CVE-2026-3946 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site… | |||
| CVE-2026-2825 | low | 3.5 | 3.5 | 3mo ago | A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross si… | |||
| CVE-2026-2709 | low | 3.5 | 3.5 | 4mo ago | A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulatio… | |||
| CVE-2026-1406 | low | 3.5 | 3.5 | 4mo ago | A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of… | |||
| CVE-2026-1161 | low | 3.5 | 3.5 | 5mo ago | A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. Th… | |||
| CVE-2026-1136 | low | 3.5 | 3.5 | 5mo ago | A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This… | |||
| CVE-2026-0824 | low | 3.5 | 3.5 | 5mo ago | QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting | |||
| CVE-2026-34685 | low | 3.4 | 3.4 | 22d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec… | |||
| CVE-2026-40131 | low | 3.4 | 3.4 | 23d ago | SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi… | |||
| CVE-2026-42195 | low | 3.4 | 3.4 | 26d ago | draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut… | |||
| CVE-2026-44405 | low | 3.4 | 3.4 | 29d ago | Paramiko rsakey.py allows the SHA-1 algorithm | |||
| CVE-2026-10722 | low | 3.3 | 3.3 | 18h ago | A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipul… | |||
| CVE-2026-10528 | low | 3.3 | 3.3 | 2d ago | A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the c… | |||
| CVE-2026-10298 | low | 3.3 | 3.3 | 2d ago | A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null point… | |||
| CVE-2026-10295 | low | 3.3 | 3.3 | 2d ago | A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a mani… | |||
| CVE-2026-28586 | low | 3.3 | 3.3 | 2d ago | In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution pri… | |||
| CVE-2026-0056 | low | 3.3 | 3.3 | 2d ago | In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed.… | |||
| CVE-2026-0050 | low | 3.3 | 3.3 | 2d ago | In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional … | |||
| CVE-2026-0016 | low | 3.3 | 3.3 | 2d ago | In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disc… | |||
| CVE-2026-45277 | low | 3.3 | 3.3 | 3d ago | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can req… | |||
| CVE-2026-10268 | low | 3.3 | 3.3 | 3d ago | A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer… | |||
| CVE-2026-10267 | low | 3.3 | 3.3 | 3d ago | A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attackin… | |||
| CVE-2026-10233 | low | 3.3 | 3.3 | 3d ago | A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MD… | |||
| CVE-2026-10201 | low | 3.3 | 3.3 | 3d ago | A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a ma… | |||
| CVE-2026-10199 | low | 3.3 | 3.3 | 3d ago | A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null po… | |||
| CVE-2026-10198 | low | 3.3 | 3.3 | 3d ago | A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipul… | |||
| CVE-2026-10197 | low | 3.3 | 3.3 | 3d ago | A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handle… | |||
| CVE-2026-49383 | low | 3.3 | 3.3 | 6d ago | In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible | |||
| CVE-2026-45324 | low | 3.3 | 3.3 | 6d ago | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vul… | |||
| CVE-2026-45613 | low | 3.3 | 3.3 | 6d ago | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76c… | |||
| CVE-2026-47337 | low | 3.3 | 3.3 | 7d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local u… | |||
| CVE-2026-47336 | low | 3.3 | 3.3 | 7d ago | Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and… | |||
| CVE-2026-47330 | low | 3.3 | 3.3 | 7d ago | Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unpri… | |||
| CVE-2026-47329 | low | 3.3 | 3.3 | 7d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user a… | |||
| CVE-2026-47327 | low | 3.3 | 3.3 | 7d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c… | |||
| CVE-2026-48156 | low | 3.3 | 3.3 | 7d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams w… | |||
| CVE-2026-9572 | low | 3.3 | 3.3 | 9d ago | A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t… | |||
| CVE-2026-9567 | low | 3.3 | 3.3 | 9d ago | A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointe… | |||
| CVE-2026-9530 | low | 3.3 | 3.3 | 9d ago | A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani… | |||
| CVE-2026-9529 | low | 3.3 | 3.3 | 9d ago | A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulati… |