CVEs from 2026
Total
14,697
critical
critical 1,323
high
high 4,976
medium
medium 4,753
low
low 501
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 660
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9498 | medium | 6.3 | 6.3 | 11d ago | A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument De… | |||
| CVE-2026-9497 | medium | 6.3 | 6.3 | 11d ago | A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deseriali… | |||
| CVE-2026-9483 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results … | |||
| CVE-2026-9484 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file class… | |||
| CVE-2026-9473 | medium | 6.3 | 6.3 | 11d ago | A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manip… | |||
| CVE-2026-9468 | medium | 6.3 | 6.3 | 11d ago | A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/inde… | |||
| CVE-2026-9472 | medium | 6.3 | 6.3 | 11d ago | A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src… | |||
| CVE-2026-9451 | medium | 6.3 | 6.3 | 11d ago | A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulatio… | |||
| CVE-2026-9450 | medium | 6.3 | 6.3 | 11d ago | A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql inje… | |||
| CVE-2026-9449 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possibl… | |||
| CVE-2026-9445 | medium | 6.3 | 6.3 | 12d ago | A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulati… | |||
| CVE-2026-9441 | medium | 6.3 | 6.3 | 12d ago | A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing … | |||
| CVE-2026-9440 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulat… | |||
| CVE-2026-9439 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is poss… | |||
| CVE-2026-9437 | medium | 6.3 | 6.3 | 12d ago | A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The at… | |||
| CVE-2026-9424 | medium | 6.3 | 6.3 | 12d ago | A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulatio… | |||
| CVE-2026-9420 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to la… | |||
| CVE-2026-9412 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access c… | |||
| CVE-2026-9411 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler… | |||
| CVE-2026-9402 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argum… | |||
| CVE-2026-9400 | medium | 6.3 | 6.3 | 12d ago | A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of th… | |||
| CVE-2026-9379 | medium | 6.3 | 6.3 | 12d ago | A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argume… | |||
| CVE-2026-9378 | medium | 6.3 | 6.3 | 12d ago | A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument… | |||
| CVE-2026-9376 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Execut… | |||
| CVE-2026-9374 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a mani… | |||
| CVE-2026-9363 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a ma… | |||
| CVE-2026-9362 | medium | 6.3 | 6.3 | 13d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting … | |||
| CVE-2026-9361 | medium | 6.3 | 6.3 | 13d ago | A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument s… | |||
| CVE-2026-9359 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulati… | |||
| CVE-2026-9347 | medium | 6.3 | 6.3 | 13d ago | A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mas… | |||
| CVE-2026-9343 | medium | 6.3 | 6.3 | 13d ago | A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argu… | |||
| CVE-2026-9342 | medium | 6.3 | 6.3 | 13d ago | A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o… | |||
| CVE-2026-9305 | medium | 6.3 | 6.3 | 13d ago | A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. Th… | |||
| CVE-2026-9302 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of … | |||
| CVE-2026-9301 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. Th… | |||
| CVE-2026-9300 | medium | 6.3 | 6.3 | 13d ago | A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be e… | |||
| CVE-2026-9298 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory… | |||
| CVE-2026-9297 | medium | 6.3 | 6.3 | 13d ago | A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of th… | |||
| CVE-2026-9299 | medium | 6.3 | 6.3 | 13d ago | A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memo… | |||
| CVE-2026-9296 | medium | 6.3 | 6.3 | 14d ago | A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument… | |||
| CVE-2026-39828 | medium | 6.3 | 6.3 | 15d ago | When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as forc… | |||
| CVE-2026-1816 | medium | 6.3 | 6.3 | 15d ago | Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Appli… | |||
| CVE-2026-20206 | medium | 6.3 | 6.3 | 16d ago | A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the Browse… | |||
| CVE-2026-43619 | medium | 6.3 | 6.3 | 17d ago | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat … | |||
| CVE-2026-44408 | medium | 6.3 | 6.3 | 18d ago | There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface. | |||
| CVE-2026-0964 | medium | 6.3 | 6.3 | 18d ago | Moderate: libssh security update | |||
| CVE-2026-45626 | medium | 6.3 | 6.3 | 18d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is … | |||
| CVE-2026-8786 | medium | 6.3 | 6.3 | 19d ago | A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component… | |||
| CVE-2026-8777 | medium | 6.3 | 6.3 | 19d ago | A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulatio… | |||
| CVE-2026-8774 | medium | 6.3 | 6.3 | 19d ago | A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command… | |||
| CVE-2026-8754 | medium | 6.3 | 6.3 | 19d ago | AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py | |||
| CVE-2026-8753 | medium | 6.3 | 6.3 | 19d ago | A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph… | |||
| CVE-2026-8747 | medium | 6.3 | 6.3 | 19d ago | A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipu… | |||
| CVE-2026-8743 | medium | 6.3 | 6.3 | 20d ago | A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in … | |||
| CVE-2026-8740 | medium | 6.3 | 6.3 | 20d ago | A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirectiv… | |||
| CVE-2026-8735 | medium | 6.3 | 6.3 | 20d ago | A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulat… | |||
| CVE-2026-8733 | medium | 6.3 | 6.3 | 20d ago | A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based … | |||
| CVE-2026-33380 | medium | 6.3 | 6.3 | 23d ago | A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vul… | |||
| CVE-2026-2695 | medium | 6.3 | 6.3 | 23d ago | A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users… | |||
| CVE-2026-35555 | medium | 6.3 | 6.3 | 24d ago | PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups. | |||
| CVE-2026-34664 | medium | 6.3 | 6.3 | 24d ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sy… | |||
| CVE-2026-41610 | medium | 6.3 | 6.3 | 24d ago | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2026-40133 | medium | 6.3 | 6.3 | 25d ago | Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact o… | |||
| CVE-2026-44337 | medium | 6.3 | 6.3 | 25d ago | PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries | |||
| CVE-2026-8231 | medium | 6.3 | 6.3 | 27d ago | A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql inject… | |||
| CVE-2026-8217 | medium | 6.3 | 6.3 | 27d ago | A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation … | |||
| CVE-2026-8193 | medium | 6.3 | 6.3 | 27d ago | A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead … | |||
| CVE-2026-8185 | medium | 6.3 | 6.3 | 27d ago | A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authe… | |||
| CVE-2026-44284 | medium | 6.3 | 6.3 | 28d ago | FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int… | |||
| CVE-2026-42451 | medium | 6.3 | 6.3 | 28d ago | Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java… | |||
| CVE-2026-42344 | medium | 6.3 | 6.3 | 28d ago | FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim… | |||
| CVE-2026-42180 | medium | 6.3 | 6.3 | 28d ago | Lemmy has SSRF in /api/v3/post via Webmention dispatch | |||
| CVE-2026-8127 | medium | 6.3 | 6.3 | 29d ago | A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper… | |||
| CVE-2026-8125 | medium | 6.3 | 6.3 | 29d ago | A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parame… | |||
| CVE-2026-8116 | medium | 6.3 | 6.3 | 29d ago | A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument m… | |||
| CVE-2026-8114 | medium | 6.3 | 6.3 | 29d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation… | |||
| CVE-2026-40214 | medium | 6.3 | 6.3 | 29d ago | In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), da… | |||
| CVE-2026-8097 | medium | 6.3 | 6.3 | 29d ago | A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injec… | |||
| CVE-2026-42879 | medium | 6.3 | 6.3 | 29d ago | FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload func… | |||
| CVE-2026-8081 | medium | 6.3 | 6.3 | 29d ago | A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_tools.go of the component API… | |||
| CVE-2026-43582 | medium | 6.3 | 6.3 | 1mo ago | OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding | |||
| CVE-2026-8010 | medium | 6.3 | 6.3 | 1mo ago | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c… | |||
| CVE-2026-7977 | medium | 6.3 | 6.3 | 1mo ago | Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7971 | medium | 6.3 | 6.3 | 1mo ago | Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-6420 | medium | 6.3 | 6.3 | 1mo ago | Keylime has a hardcoded attestation challenge nonce that allows replay attacks | |||
| CVE-2026-7844 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file l… | |||
| CVE-2026-7822 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injectio… | |||
| CVE-2026-7783 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component… | |||
| CVE-2026-7782 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The mani… | |||
| CVE-2026-7746 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the… | |||
| CVE-2026-7745 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql i… | |||
| CVE-2026-7744 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injecti… | |||
| CVE-2026-7743 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid le… | |||
| CVE-2026-7742 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead t… | |||
| CVE-2026-7741 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql… | |||
| CVE-2026-7738 | medium | 6.3 | 6.3 | 1mo ago | @puchunjie/doc-tools-mcp has a Path Traversal Issue | |||
| CVE-2026-7725 | medium | 6.3 | 6.3 | 1mo ago | Prefect Git Argument Injection in GitRepository Pull Steps | |||
| CVE-2026-7732 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload… | |||
| CVE-2026-7731 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_ST… | |||
| CVE-2026-7730 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the … |