CVEs from 2026
Total
14,443
critical
critical 1,274
high
high 4,904
medium
medium 4,598
low
low 500
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4509 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black … | |||
| CVE-2026-4507 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql inj… | |||
| CVE-2026-4506 | medium | 6.3 | 6.3 | 3mo ago | MindSQL is vulnerable to Code Injection through its ask_db function | |||
| CVE-2026-4505 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.… | |||
| CVE-2026-4500 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to i… | |||
| CVE-2026-4485 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Searc… | |||
| CVE-2026-4476 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a mani… | |||
| CVE-2026-4308 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side req… | |||
| CVE-2026-4241 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_c… | |||
| CVE-2026-4234 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tab… | |||
| CVE-2026-4230 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to … | |||
| CVE-2026-4215 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java… | |||
| CVE-2026-4192 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command inje… | |||
| CVE-2026-4185 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box.… | |||
| CVE-2026-4173 | medium | 6.3 | 6.3 | 3mo ago | A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updatePr… | |||
| CVE-2026-4171 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/… | |||
| CVE-2026-3992 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the ar… | |||
| CVE-2026-3968 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Su… | |||
| CVE-2026-3967 | medium | 6.3 | 6.3 | 3mo ago | A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/act… | |||
| CVE-2026-3966 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/med… | |||
| CVE-2026-3965 | medium | 6.3 | 6.3 | 3mo ago | @whyour/qinglong: manipulation of the argument command leads to protection mechanism failure | |||
| CVE-2026-3961 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py… | |||
| CVE-2026-3958 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulatio… | |||
| CVE-2026-3955 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpo… | |||
| CVE-2026-3739 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAcc… | |||
| CVE-2026-3738 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improp… | |||
| CVE-2026-3737 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipu… | |||
| CVE-2026-3733 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulati… | |||
| CVE-2026-3697 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Ex… | |||
| CVE-2026-3683 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manip… | |||
| CVE-2026-3682 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads t… | |||
| CVE-2026-3681 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-… | |||
| CVE-2026-3680 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation resu… | |||
| CVE-2026-3672 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The a… | |||
| CVE-2026-3616 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation … | |||
| CVE-2026-28230 | medium | 6.3 | 6.3 | 3mo ago | SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transac… | |||
| CVE-2026-3209 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper … | |||
| CVE-2026-2985 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a m… | |||
| CVE-2026-2963 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the … | |||
| CVE-2026-2860 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeControl… | |||
| CVE-2026-2852 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse… | |||
| CVE-2026-2849 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repo… | |||
| CVE-2026-2819 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workf… | |||
| CVE-2026-2676 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component … | |||
| CVE-2026-2665 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. P… | |||
| CVE-2026-2663 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the co… | |||
| CVE-2026-2560 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview … | |||
| CVE-2026-2558 | medium | 6.3 | 6.3 | 4mo ago | A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request for… | |||
| CVE-2026-2556 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoi… | |||
| CVE-2026-2553 | medium | 6.3 | 6.3 | 4mo ago | A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POS… | |||
| CVE-2026-2548 | medium | 6.3 | 6.3 | 4mo ago | A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead … | |||
| CVE-2026-2536 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. … | |||
| CVE-2026-2074 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation le… | |||
| CVE-2026-1977 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component v… | |||
| CVE-2026-1623 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injecti… | |||
| CVE-2026-1601 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileNam… | |||
| CVE-2026-1218 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Perform… | |||
| CVE-2026-1126 | medium | 6.3 | 6.3 | 5mo ago | A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\… | |||
| CVE-2026-0843 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Suc… | |||
| CVE-2026-0842 | medium | 6.3 | 6.3 | 5mo ago | A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The a… | |||
| CVE-2026-0055 | medium | 6.2 | 6.2 | 4d ago | In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to lo… | |||
| CVE-2026-0046 | medium | 6.2 | 6.2 | 4d ago | In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no… | |||
| CVE-2026-8594 | medium | 6.2 | 6.2 | 6d ago | Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters (such… | |||
| CVE-2026-42328 | medium | 6.2 | 6.2 | 9d ago | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on … | |||
| CVE-2026-23679 | medium | 6.2 | 6.2 | 9d ago | libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla… | |||
| CVE-2026-2237 | medium | 6.2 | 6.2 | 9d ago | A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive inf… | |||
| CVE-2026-48696 | medium | 6.2 | 6.2 | 11d ago | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. | |||
| CVE-2026-42627 | medium | 6.2 | 6.2 | 14d ago | In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based … | |||
| CVE-2026-36189 | medium | 6.2 | 6.2 | 15d ago | Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial… | |||
| CVE-2026-38719 | medium | 6.2 | 6.2 | 18d ago | OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A c… | |||
| CVE-2026-41969 | medium | 6.2 | 6.2 | 21d ago | Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-34688 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34680 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp… | |||
| CVE-2026-34679 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34678 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34677 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34673 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34672 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker c… | |||
| CVE-2026-34671 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp… | |||
| CVE-2026-34670 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34669 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34668 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34667 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker c… | |||
| CVE-2026-34666 | medium | 6.2 | 6.2 | 24d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-42045 | medium | 6.2 | 6.2 | 24d ago | LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution | |||
| CVE-2026-41614 | medium | 6.2 | 6.2 | 24d ago | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-40380 | medium | 6.2 | 6.2 | 24d ago | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | |||
| CVE-2026-43666 | medium | 6.2 | 6.2 | 26d ago | visionOS 26.5 | |||
| CVE-2026-28897 | medium | 6.2 | 6.2 | 26d ago | visionOS 26.5 | |||
| CVE-2026-43653 | medium | 6.2 | 6.2 | 26d ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on … | |||
| CVE-2026-28950 | medium | 6.2 | 6.2 | 26d ago | iOS 18.7.8 and iPadOS 18.7.8 | |||
| CVE-2026-28977 | medium | 6.2 | 6.2 | 26d ago | visionOS 26.5 | |||
| CVE-2026-28985 | medium | 6.2 | 6.2 | 26d ago | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to … | |||
| CVE-2026-42199 | medium | 6.2 | 6.2 | 28d ago | Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior | |||
| CVE-2026-35902 | medium | 6.2 | 6.2 | 1mo ago | The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication paramete… | |||
| CVE-2026-6386 | medium | 6.2 | 6.2 | 2mo ago | In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the pres… | |||
| CVE-2026-32072 | medium | 6.2 | 6.2 | 2mo ago | Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-28833 | medium | 6.2 | 6.2 | 2mo ago | visionOS 26.4 | |||
| CVE-2026-50235 | medium | 6.1 | 6.1 | 1h ago | Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attacke… | |||
| CVE-2026-50230 | medium | 6.1 | 6.1 | 1h ago | Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code throug… |