CVEs from 2026
Total
14,770
critical
critical 1,334
high
high 4,998
medium
medium 4,817
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10176 | medium | 6.3 | 6.3 | 6d ago | A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injec… | |||
| CVE-2026-10177 | medium | 6.3 | 6.3 | 6d ago | A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads … | |||
| CVE-2026-10175 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipul… | |||
| CVE-2026-10174 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-comm… | |||
| CVE-2026-10172 | medium | 6.3 | 6.3 | 6d ago | A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php… | |||
| CVE-2026-10170 | medium | 6.3 | 6.3 | 6d ago | A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone ca… | |||
| CVE-2026-10168 | medium | 6.3 | 6.3 | 6d ago | A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file appl… | |||
| CVE-2026-10166 | medium | 6.3 | 6.3 | 6d ago | A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of t… | |||
| CVE-2026-10152 | medium | 6.3 | 6.3 | 7d ago | A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.ja… | |||
| CVE-2026-10127 | medium | 6.3 | 6.3 | 7d ago | A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the … | |||
| CVE-2026-9831 | medium | 6.3 | 6.3 | 8d ago | A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with… | |||
| CVE-2026-44287 | medium | 6.3 | 6.3 | 8d ago | FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.t… | |||
| CVE-2026-10101 | medium | 6.3 | 6.3 | 8d ago | ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterR… | |||
| CVE-2026-9989 | medium | 6.3 | 6.3 | 8d ago | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High) | |||
| CVE-2026-46416 | medium | 6.3 | 6.3 | 10d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for mult… | |||
| CVE-2026-47270 | medium | 6.3 | 6.3 | 10d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage… | |||
| CVE-2026-47274 | medium | 6.3 | 6.3 | 10d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rathe… | |||
| CVE-2026-2254 | medium | 6.3 | 6.3 | 10d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notficatio… | |||
| CVE-2026-9607 | medium | 6.3 | 6.3 | 10d ago | A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results … | |||
| CVE-2026-30498 | medium | 6.3 | 6.3 | 10d ago | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0. | |||
| CVE-2026-9581 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can … | |||
| CVE-2026-9579 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument u… | |||
| CVE-2026-27331 | medium | 6.3 | 6.3 | 11d ago | Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5. | |||
| CVE-2026-9565 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handle… | |||
| CVE-2026-9542 | medium | 6.3 | 6.3 | 11d ago | A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_i… | |||
| CVE-2026-9534 | medium | 6.3 | 6.3 | 11d ago | A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the arg… | |||
| CVE-2026-9533 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a mani… | |||
| CVE-2026-9532 | medium | 6.3 | 6.3 | 11d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Su… | |||
| CVE-2026-9531 | medium | 6.3 | 6.3 | 11d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the arg… | |||
| CVE-2026-9524 | medium | 6.3 | 6.3 | 11d ago | A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522_Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportPa… | |||
| CVE-2026-9515 | medium | 6.3 | 6.3 | 11d ago | A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation… | |||
| CVE-2026-9514 | medium | 6.3 | 6.3 | 11d ago | A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation … | |||
| CVE-2026-9513 | medium | 6.3 | 6.3 | 11d ago | A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulat… | |||
| CVE-2026-9512 | medium | 6.3 | 6.3 | 11d ago | A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performin… | |||
| CVE-2026-42776 | medium | 6.3 | 6.3 | 11d ago | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a throu… | |||
| CVE-2026-9511 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu… | |||
| CVE-2026-9498 | medium | 6.3 | 6.3 | 12d ago | A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument De… | |||
| CVE-2026-9497 | medium | 6.3 | 6.3 | 12d ago | A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deseriali… | |||
| CVE-2026-9483 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results … | |||
| CVE-2026-9484 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file class… | |||
| CVE-2026-9473 | medium | 6.3 | 6.3 | 12d ago | A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manip… | |||
| CVE-2026-9468 | medium | 6.3 | 6.3 | 12d ago | A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/inde… | |||
| CVE-2026-9472 | medium | 6.3 | 6.3 | 12d ago | A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src… | |||
| CVE-2026-9451 | medium | 6.3 | 6.3 | 12d ago | A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulatio… | |||
| CVE-2026-9450 | medium | 6.3 | 6.3 | 12d ago | A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql inje… | |||
| CVE-2026-9449 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possibl… | |||
| CVE-2026-9445 | medium | 6.3 | 6.3 | 12d ago | A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulati… | |||
| CVE-2026-9441 | medium | 6.3 | 6.3 | 12d ago | A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing … | |||
| CVE-2026-9440 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulat… | |||
| CVE-2026-9439 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is poss… | |||
| CVE-2026-9437 | medium | 6.3 | 6.3 | 12d ago | A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The at… | |||
| CVE-2026-9424 | medium | 6.3 | 6.3 | 12d ago | A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulatio… | |||
| CVE-2026-9420 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to la… | |||
| CVE-2026-9412 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access c… | |||
| CVE-2026-9411 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler… | |||
| CVE-2026-9402 | medium | 6.3 | 6.3 | 12d ago | A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argum… | |||
| CVE-2026-9400 | medium | 6.3 | 6.3 | 12d ago | A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of th… | |||
| CVE-2026-9379 | medium | 6.3 | 6.3 | 13d ago | A weakness has been identified in Edimax BR-6675nD 1.12. This impacts the function formWpsStart of the file /goform/formWpsStart of the component POST Request Handler. This manipulation of the argume… | |||
| CVE-2026-9378 | medium | 6.3 | 6.3 | 13d ago | A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument… | |||
| CVE-2026-9376 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Execut… | |||
| CVE-2026-9374 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a mani… | |||
| CVE-2026-9363 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a ma… | |||
| CVE-2026-9362 | medium | 6.3 | 6.3 | 13d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting … | |||
| CVE-2026-9361 | medium | 6.3 | 6.3 | 13d ago | A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument s… | |||
| CVE-2026-9359 | medium | 6.3 | 6.3 | 13d ago | A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulati… | |||
| CVE-2026-9347 | medium | 6.3 | 6.3 | 13d ago | A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mas… | |||
| CVE-2026-9343 | medium | 6.3 | 6.3 | 13d ago | A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component webs. This manipulation of the argu… | |||
| CVE-2026-9342 | medium | 6.3 | 6.3 | 14d ago | A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o… | |||
| CVE-2026-9305 | medium | 6.3 | 6.3 | 14d ago | A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. Th… | |||
| CVE-2026-9302 | medium | 6.3 | 6.3 | 14d ago | A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of … | |||
| CVE-2026-9301 | medium | 6.3 | 6.3 | 14d ago | A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. Th… | |||
| CVE-2026-9300 | medium | 6.3 | 6.3 | 14d ago | A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be e… | |||
| CVE-2026-9298 | medium | 6.3 | 6.3 | 14d ago | A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory… | |||
| CVE-2026-9297 | medium | 6.3 | 6.3 | 14d ago | A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of th… | |||
| CVE-2026-9299 | medium | 6.3 | 6.3 | 14d ago | A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memo… | |||
| CVE-2026-9296 | medium | 6.3 | 6.3 | 14d ago | A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument… | |||
| CVE-2026-39828 | medium | 6.3 | 6.3 | 15d ago | When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as forc… | |||
| CVE-2026-1816 | medium | 6.3 | 6.3 | 16d ago | Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Appli… | |||
| CVE-2026-20206 | medium | 6.3 | 6.3 | 17d ago | A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the Browse… | |||
| CVE-2026-43619 | medium | 6.3 | 6.3 | 17d ago | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat … | |||
| CVE-2026-44408 | medium | 6.3 | 6.3 | 18d ago | There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface. | |||
| CVE-2026-0964 | medium | 6.3 | 6.3 | 18d ago | Moderate: libssh security update | |||
| CVE-2026-45626 | medium | 6.3 | 6.3 | 19d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is … | |||
| CVE-2026-8786 | medium | 6.3 | 6.3 | 19d ago | A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component… | |||
| CVE-2026-8777 | medium | 6.3 | 6.3 | 19d ago | A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulatio… | |||
| CVE-2026-8774 | medium | 6.3 | 6.3 | 19d ago | A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command… | |||
| CVE-2026-8754 | medium | 6.3 | 6.3 | 20d ago | AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py | |||
| CVE-2026-8753 | medium | 6.3 | 6.3 | 20d ago | A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph… | |||
| CVE-2026-8747 | medium | 6.3 | 6.3 | 20d ago | A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipu… | |||
| CVE-2026-8743 | medium | 6.3 | 6.3 | 20d ago | A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in … | |||
| CVE-2026-8740 | medium | 6.3 | 6.3 | 20d ago | A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirectiv… | |||
| CVE-2026-8735 | medium | 6.3 | 6.3 | 20d ago | A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulat… | |||
| CVE-2026-8733 | medium | 6.3 | 6.3 | 20d ago | A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based … | |||
| CVE-2026-33380 | medium | 6.3 | 6.3 | 24d ago | A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vul… | |||
| CVE-2026-2695 | medium | 6.3 | 6.3 | 24d ago | A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated users… | |||
| CVE-2026-35555 | medium | 6.3 | 6.3 | 25d ago | PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups. | |||
| CVE-2026-34664 | medium | 6.3 | 6.3 | 25d ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sy… | |||
| CVE-2026-41610 | medium | 6.3 | 6.3 | 25d ago | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2026-40133 | medium | 6.3 | 6.3 | 25d ago | Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact o… | |||
| CVE-2026-44337 | medium | 6.3 | 6.3 | 26d ago | PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries |