CVEs from 2026
Total
14,243
critical
critical 1,265
high
high 4,749
medium
medium 4,561
low
low 495
% Critical
8.9%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7718 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation … | |||
| CVE-2026-7716 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument d… | |||
| CVE-2026-7715 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the … | |||
| CVE-2026-7713 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo… | |||
| CVE-2026-7712 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is poss… | |||
| CVE-2026-7709 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation… | |||
| CVE-2026-7705 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argum… | |||
| CVE-2026-7700 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterC… | |||
| CVE-2026-7699 | medium | 6.3 | 6.3 | 1mo ago | A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argum… | |||
| CVE-2026-7696 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. T… | |||
| CVE-2026-7692 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS re… | |||
| CVE-2026-7691 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command lea… | |||
| CVE-2026-7687 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser… | |||
| CVE-2026-7683 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserNam… | |||
| CVE-2026-7682 | medium | 6.3 | 6.3 | 1mo ago | A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPU… | |||
| CVE-2026-7678 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoView… | |||
| CVE-2026-7672 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.jav… | |||
| CVE-2026-7653 | medium | 6.3 | 6.3 | 1mo ago | A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing … | |||
| CVE-2026-7642 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation o… | |||
| CVE-2026-7629 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a… | |||
| CVE-2026-7628 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. … | |||
| CVE-2026-7627 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. … | |||
| CVE-2026-7605 | medium | 6.3 | 6.3 | 1mo ago | A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMu… | |||
| CVE-2026-7604 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Su… | |||
| CVE-2026-7603 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This mani… | |||
| CVE-2026-7602 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation… | |||
| CVE-2026-7600 | medium | 6.3 | 6.3 | 1mo ago | yii2-mcp-server has a Command Injection Issue | |||
| CVE-2026-7599 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Perf… | |||
| CVE-2026-7597 | medium | 6.3 | 6.3 | 1mo ago | mem0ai mem0 has an Improper Input Validation Issue | |||
| CVE-2026-7595 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config… | |||
| CVE-2026-7591 | medium | 6.3 | 6.3 | 1mo ago | A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Perf… | |||
| CVE-2026-7510 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulati… | |||
| CVE-2026-7508 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulat… | |||
| CVE-2026-7469 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in comm… | |||
| CVE-2026-7447 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/le… | |||
| CVE-2026-7445 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP … | |||
| CVE-2026-7410 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument… | |||
| CVE-2026-7392 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of … | |||
| CVE-2026-7391 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument … | |||
| CVE-2026-7305 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl… | |||
| CVE-2026-7291 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can… | |||
| CVE-2026-7290 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.jav… | |||
| CVE-2026-24231 | medium | 6.3 | 6.3 | 1mo ago | NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL refere… | |||
| CVE-2026-7268 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argum… | |||
| CVE-2026-7267 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument ID causes sql injection. The attac… | |||
| CVE-2026-7266 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the arg… | |||
| CVE-2026-7265 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of… | |||
| CVE-2026-7264 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of t… | |||
| CVE-2026-7229 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manip… | |||
| CVE-2026-7196 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql inject… | |||
| CVE-2026-7150 | medium | 6.3 | 6.3 | 1mo ago | auto-favicon has a Server-Side Request Forgery issue | |||
| CVE-2026-7148 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack … | |||
| CVE-2026-7143 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q lea… | |||
| CVE-2026-7142 | medium | 6.3 | 6.3 | 1mo ago | Wooey has an Incorrect Privilege Assignment issue | |||
| CVE-2026-7118 | medium | 6.3 | 6.3 | 1mo ago | A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argu… | |||
| CVE-2026-7117 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token c… | |||
| CVE-2026-7115 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads t… | |||
| CVE-2026-7114 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection… | |||
| CVE-2026-7107 | medium | 6.3 | 6.3 | 1mo ago | A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestri… | |||
| CVE-2026-7093 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performin… | |||
| CVE-2026-7092 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argumen… | |||
| CVE-2026-7091 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper au… | |||
| CVE-2026-7084 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. T… | |||
| CVE-2026-7044 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can … | |||
| CVE-2026-7043 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The … | |||
| CVE-2026-6991 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Exec… | |||
| CVE-2026-6981 | medium | 6.3 | 6.3 | 1mo ago | A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connect_stream_endpoint/sync_agents of the file AiraHub.py of th… | |||
| CVE-2026-6979 | medium | 6.3 | 6.3 | 1mo ago | A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes serve… | |||
| CVE-2026-35374 | medium | 6.3 | 6.3 | 1mo ago | uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition | |||
| CVE-2026-6799 | medium | 6.3 | 6.3 | 1mo ago | A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component E… | |||
| CVE-2026-6744 | medium | 6.3 | 6.3 | 1mo ago | Bagisto affected by Server-Side Request Forgery | |||
| CVE-2026-31370 | medium | 6.3 | 6.3 | 2mo ago | Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-6649 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to serv… | |||
| CVE-2026-6634 | medium | 6.3 | 6.3 | 2mo ago | Memos has an Incorrect Privilege Assignment issue | |||
| CVE-2026-6628 | medium | 6.3 | 6.3 | 2mo ago | A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argume… | |||
| CVE-2026-6626 | medium | 6.3 | 6.3 | 2mo ago | Cockpit has NoSQL Injection Through Content Aggregation Pipelines | |||
| CVE-2026-6620 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of t… | |||
| CVE-2026-6618 | medium | 6.3 | 6.3 | 2mo ago | A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedTool… | |||
| CVE-2026-6617 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of … | |||
| CVE-2026-6616 | medium | 6.3 | 6.3 | 2mo ago | A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpag… | |||
| CVE-2026-6614 | medium | 6.3 | 6.3 | 2mo ago | A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file supera… | |||
| CVE-2026-6613 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipu… | |||
| CVE-2026-6612 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of… | |||
| CVE-2026-6609 | medium | 6.3 | 6.3 | 2mo ago | A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper a… | |||
| CVE-2026-6599 | medium | 6.3 | 6.3 | 2mo ago | Langflow vulnerable to injection | |||
| CVE-2026-6587 | medium | 6.3 | 6.3 | 2mo ago | RAGAS has SSRF via Multi-Modal Faithfulness Collections Module | |||
| CVE-2026-6586 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoi… | |||
| CVE-2026-6576 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Int… | |||
| CVE-2026-6573 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of t… | |||
| CVE-2026-6571 | medium | 6.3 | 6.3 | 2mo ago | A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipul… | |||
| CVE-2026-6497 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the compon… | |||
| CVE-2026-6489 | medium | 6.3 | 6.3 | 2mo ago | A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Backg… | |||
| CVE-2026-6488 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request P… | |||
| CVE-2026-6215 | medium | 6.3 | 6.3 | 2mo ago | A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulatio… | |||
| CVE-2026-6202 | medium | 6.3 | 6.3 | 2mo ago | A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection… | |||
| CVE-2026-6191 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead… | |||
| CVE-2026-6190 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name re… | |||
| CVE-2026-6143 | medium | 6.3 | 6.3 | 2mo ago | A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. … | |||
| CVE-2026-6141 | medium | 6.3 | 6.3 | 2mo ago | A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lea… | |||
| CVE-2026-6125 | medium | 6.3 | 6.3 | 2mo ago | Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression |