CVEs from 2026
Total
14,381
critical
critical 1,269
high
high 4,878
medium
medium 4,570
low
low 496
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4476 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a mani… | |||
| CVE-2026-4308 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side req… | |||
| CVE-2026-4241 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_c… | |||
| CVE-2026-4234 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tab… | |||
| CVE-2026-4230 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to … | |||
| CVE-2026-4215 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java… | |||
| CVE-2026-4192 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command inje… | |||
| CVE-2026-4185 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box.… | |||
| CVE-2026-4173 | medium | 6.3 | 6.3 | 3mo ago | A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updatePr… | |||
| CVE-2026-4171 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/… | |||
| CVE-2026-3992 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the ar… | |||
| CVE-2026-3968 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Su… | |||
| CVE-2026-3967 | medium | 6.3 | 6.3 | 3mo ago | A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/act… | |||
| CVE-2026-3966 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/med… | |||
| CVE-2026-3965 | medium | 6.3 | 6.3 | 3mo ago | @whyour/qinglong: manipulation of the argument command leads to protection mechanism failure | |||
| CVE-2026-3961 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py… | |||
| CVE-2026-3958 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulatio… | |||
| CVE-2026-3955 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpo… | |||
| CVE-2026-3739 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAcc… | |||
| CVE-2026-3738 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improp… | |||
| CVE-2026-3737 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipu… | |||
| CVE-2026-3733 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulati… | |||
| CVE-2026-3697 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Ex… | |||
| CVE-2026-3683 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manip… | |||
| CVE-2026-3682 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads t… | |||
| CVE-2026-3681 | medium | 6.3 | 6.3 | 3mo ago | A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-… | |||
| CVE-2026-3680 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation resu… | |||
| CVE-2026-3672 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The a… | |||
| CVE-2026-3616 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation … | |||
| CVE-2026-28230 | medium | 6.3 | 6.3 | 3mo ago | SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transac… | |||
| CVE-2026-3209 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper … | |||
| CVE-2026-2985 | medium | 6.3 | 6.3 | 3mo ago | A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a m… | |||
| CVE-2026-2963 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the … | |||
| CVE-2026-2860 | medium | 6.3 | 6.3 | 3mo ago | A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeControl… | |||
| CVE-2026-2852 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse… | |||
| CVE-2026-2849 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repo… | |||
| CVE-2026-2819 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workf… | |||
| CVE-2026-2676 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component … | |||
| CVE-2026-2665 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. P… | |||
| CVE-2026-2663 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the co… | |||
| CVE-2026-2560 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview … | |||
| CVE-2026-2558 | medium | 6.3 | 6.3 | 4mo ago | A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request for… | |||
| CVE-2026-2556 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoi… | |||
| CVE-2026-2553 | medium | 6.3 | 6.3 | 4mo ago | A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POS… | |||
| CVE-2026-2548 | medium | 6.3 | 6.3 | 4mo ago | A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead … | |||
| CVE-2026-2536 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. … | |||
| CVE-2026-2074 | medium | 6.3 | 6.3 | 4mo ago | A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation le… | |||
| CVE-2026-1977 | medium | 6.3 | 6.3 | 4mo ago | A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component v… | |||
| CVE-2026-1623 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injecti… | |||
| CVE-2026-1601 | medium | 6.3 | 6.3 | 4mo ago | A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileNam… | |||
| CVE-2026-1218 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Perform… | |||
| CVE-2026-1126 | medium | 6.3 | 6.3 | 5mo ago | A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\… | |||
| CVE-2026-0843 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Suc… | |||
| CVE-2026-0842 | medium | 6.3 | 6.3 | 5mo ago | A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The a… | |||
| CVE-2026-0055 | medium | 6.2 | 6.2 | 3d ago | In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to lo… | |||
| CVE-2026-0046 | medium | 6.2 | 6.2 | 3d ago | In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no… | |||
| CVE-2026-8594 | medium | 6.2 | 6.2 | 6d ago | Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters (such… | |||
| CVE-2026-42328 | medium | 6.2 | 6.2 | 9d ago | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on … | |||
| CVE-2026-23679 | medium | 6.2 | 6.2 | 9d ago | libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla… | |||
| CVE-2026-2237 | medium | 6.2 | 6.2 | 9d ago | A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive inf… | |||
| CVE-2026-48696 | medium | 6.2 | 6.2 | 10d ago | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. | |||
| CVE-2026-42627 | medium | 6.2 | 6.2 | 14d ago | In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based … | |||
| CVE-2026-36189 | medium | 6.2 | 6.2 | 15d ago | Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial… | |||
| CVE-2026-38719 | medium | 6.2 | 6.2 | 18d ago | OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A c… | |||
| CVE-2026-41969 | medium | 6.2 | 6.2 | 21d ago | Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-34688 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34680 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp… | |||
| CVE-2026-34679 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34678 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34677 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34673 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo… | |||
| CVE-2026-34672 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker c… | |||
| CVE-2026-34671 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp… | |||
| CVE-2026-34670 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34669 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34668 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-34667 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker c… | |||
| CVE-2026-34666 | medium | 6.2 | 6.2 | 23d ago | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit … | |||
| CVE-2026-42045 | medium | 6.2 | 6.2 | 24d ago | LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution | |||
| CVE-2026-41614 | medium | 6.2 | 6.2 | 24d ago | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-40380 | medium | 6.2 | 6.2 | 24d ago | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | |||
| CVE-2026-28897 | medium | 6.2 | 6.2 | 25d ago | visionOS 26.5 | |||
| CVE-2026-28977 | medium | 6.2 | 6.2 | 25d ago | visionOS 26.5 | |||
| CVE-2026-28950 | medium | 6.2 | 6.2 | 25d ago | iOS 18.7.8 and iPadOS 18.7.8 | |||
| CVE-2026-43666 | medium | 6.2 | 6.2 | 25d ago | visionOS 26.5 | |||
| CVE-2026-43653 | medium | 6.2 | 6.2 | 25d ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on … | |||
| CVE-2026-28985 | medium | 6.2 | 6.2 | 25d ago | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to … | |||
| CVE-2026-42199 | medium | 6.2 | 6.2 | 27d ago | Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior | |||
| CVE-2026-35902 | medium | 6.2 | 6.2 | 1mo ago | The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication paramete… | |||
| CVE-2026-6386 | medium | 6.2 | 6.2 | 1mo ago | In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the pres… | |||
| CVE-2026-32072 | medium | 6.2 | 6.2 | 2mo ago | Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-28833 | medium | 6.2 | 6.2 | 2mo ago | visionOS 26.4 | |||
| CVE-2026-21826 | medium | 6.1 | 6.1 | 19 min ago | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected … | |||
| CVE-2026-21825 | medium | 6.1 | 6.1 | 19 min ago | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser. | |||
| CVE-2026-8916 | medium | 6.1 | 6.1 | 21h ago | Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. | |||
| CVE-2026-49510 | medium | 6.1 | 6.1 | 21h ago | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. | |||
| CVE-2026-47320 | medium | 6.1 | 6.1 | 21h ago | Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: befo… | |||
| CVE-2026-47319 | medium | 6.1 | 6.1 | 21h ago | Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. | |||
| CVE-2026-47318 | medium | 6.1 | 6.1 | 21h ago | Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. | |||
| CVE-2026-47306 | medium | 6.1 | 6.1 | 21h ago | Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945. |