CVEs from 2026
Total
14,792
critical
critical 1,335
high
high 5,008
medium
medium 4,832
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7041 | low | 3.7 | 3.7 | 1mo ago | A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation… | |||
| CVE-2026-7020 | low | 3.7 | 3.7 | 1mo ago | Ollama is Vulnerable to Path Traversal | |||
| CVE-2026-6986 | low | 3.7 | 3.7 | 1mo ago | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Han… | |||
| CVE-2026-42040 | low | 3.7 | 3.7 | 1mo ago | Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams | |||
| CVE-2026-41333 | low | 3.7 | 3.7 | 1mo ago | OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting | |||
| CVE-2026-40279 | low | 3.7 | 3.7 | 2mo ago | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes … | |||
| CVE-2026-6610 | low | 3.7 | 3.7 | 2mo ago | A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipula… | |||
| CVE-2026-40194 | low | 3.7 | 3.7 | 2mo ago | phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals() | |||
| CVE-2026-5682 | low | 3.7 | 3.7 | 2mo ago | A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation lea… | |||
| CVE-2026-5622 | low | 3.7 | 3.7 | 2mo ago | A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component J… | |||
| CVE-2026-5413 | low | 3.7 | 3.7 | 2mo ago | A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argum… | |||
| CVE-2026-5360 | low | 3.7 | 3.7 | 2mo ago | A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. Thi… | |||
| CVE-2026-4831 | low | 3.7 | 3.7 | 2mo ago | A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protecte… | |||
| CVE-2026-4588 | low | 3.7 | 3.7 | 3mo ago | A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-le… | |||
| CVE-2026-4115 | low | 3.7 | 3.7 | 3mo ago | A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verific… | |||
| CVE-2026-4045 | low | 3.7 | 3.7 | 3mo ago | A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_email can lead to observable re… | |||
| CVE-2026-3963 | low | 3.7 | 3.7 | 3mo ago | A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component A… | |||
| CVE-2026-2968 | low | 3.7 | 3.7 | 3mo ago | A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handle… | |||
| CVE-2026-2967 | low | 3.7 | 3.7 | 3mo ago | A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulat… | |||
| CVE-2026-2966 | low | 3.7 | 3.7 | 3mo ago | A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipu… | |||
| CVE-2026-2215 | low | 3.7 | 3.7 | 4mo ago | A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of th… | |||
| CVE-2026-11330 | low | 3.6 | 3.6 | 2d ago | A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the c… | |||
| CVE-2026-11329 | low | 3.6 | 3.6 | 2d ago | A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of… | |||
| CVE-2026-10813 | low | 3.6 | 3.6 | 3d ago | A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can… | |||
| CVE-2026-10812 | low | 3.6 | 3.6 | 3d ago | A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. … | |||
| CVE-2026-10804 | low | 3.6 | 3.6 | 3d ago | A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation l… | |||
| CVE-2026-10803 | low | 3.6 | 3.6 | 3d ago | A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipu… | |||
| CVE-2026-10801 | low | 3.6 | 3.6 | 3d ago | A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache K… | |||
| CVE-2026-10800 | low | 3.6 | 3.6 | 3d ago | A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHash… | |||
| CVE-2026-10775 | low | 3.6 | 3.6 | 3d ago | A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service.… | |||
| CVE-2026-10766 | low | 3.6 | 3.6 | 3d ago | A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Han… | |||
| CVE-2026-41962 | low | 3.6 | 3.6 | 23d ago | Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-10567 | low | 3.5 | 3.5 | 5d ago | A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the com… | |||
| CVE-2026-45266 | low | 3.5 | 3.5 | 6d ago | Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-… | |||
| CVE-2026-45159 | low | 3.5 | 3.5 | 6d ago | Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with… | |||
| CVE-2026-10264 | low | 3.5 | 3.5 | 6d ago | A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint… | |||
| CVE-2026-10247 | low | 3.5 | 3.5 | 6d ago | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The ma… | |||
| CVE-2026-10246 | low | 3.5 | 3.5 | 6d ago | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/mai… | |||
| CVE-2026-10245 | low | 3.5 | 3.5 | 6d ago | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create_supplier of the file /ShowForm/create_supplier/main. Executing a manipul… | |||
| CVE-2026-10244 | low | 3.5 | 3.5 | 6d ago | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/… | |||
| CVE-2026-10234 | low | 3.5 | 3.5 | 6d ago | A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results i… | |||
| CVE-2026-10228 | low | 3.5 | 3.5 | 6d ago | A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_chec… | |||
| CVE-2026-48191 | low | 3.5 | 3.5 | 6d ago | An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA an… | |||
| CVE-2026-48190 | low | 3.5 | 3.5 | 6d ago | An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be… | |||
| CVE-2026-42448 | low | 3.5 | 3.5 | 12d ago | Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed | |||
| CVE-2026-9485 | low | 3.5 | 3.5 | 12d ago | A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument … | |||
| CVE-2026-9471 | low | 3.5 | 3.5 | 13d ago | A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation… | |||
| CVE-2026-9414 | low | 3.5 | 3.5 | 13d ago | A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice … | |||
| CVE-2026-48832 | low | 3.5 | 3.5 | 13d ago | action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability. | |||
| CVE-2026-9395 | low | 3.5 | 3.5 | 13d ago | A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentia… | |||
| CVE-2026-9357 | low | 3.5 | 3.5 | 14d ago | A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack r… | |||
| CVE-2026-4643 | low | 3.5 | 3.5 | 20d ago | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server … | |||
| CVE-2026-45316 | low | 3.5 | 3.5 | 22d ago | Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) | |||
| CVE-2026-45803 | low | 3.5 | 3.5 | 23d ago | `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie… | |||
| CVE-2026-45781 | low | 3.5 | 3.5 | 23d ago | MCP Registry: OCI validator skips ownership check on upstream rate limits | |||
| CVE-2026-7471 | low | 3.5 | 3.5 | 24d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control o… | |||
| CVE-2026-8232 | low | 3.5 | 3.5 | 28d ago | A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The ma… | |||
| CVE-2026-7677 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic… | |||
| CVE-2026-7501 | low | 3.5 | 3.5 | 1mo ago | A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument p… | |||
| CVE-2026-41663 | low | 3.5 | 3.5 | 1mo ago | Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send | |||
| CVE-2026-7390 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the arg… | |||
| CVE-2026-7222 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the compo… | |||
| CVE-2026-7110 | low | 3.5 | 3.5 | 1mo ago | A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cro… | |||
| CVE-2026-7021 | low | 3.5 | 3.5 | 1mo ago | A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the arg… | |||
| CVE-2026-6990 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descriçã… | |||
| CVE-2026-6745 | low | 3.5 | 3.5 | 2mo ago | Bagisto affected by Cross-site Scripting | |||
| CVE-2026-6743 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated rem… | |||
| CVE-2026-6648 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripti… | |||
| CVE-2026-6633 | low | 3.5 | 3.5 | 2mo ago | A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Exte… | |||
| CVE-2026-6619 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePrevie… | |||
| CVE-2026-6600 | low | 3.5 | 3.5 | 2mo ago | A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of … | |||
| CVE-2026-6593 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cros… | |||
| CVE-2026-6592 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulatio… | |||
| CVE-2026-6493 | low | 3.5 | 3.5 | 2mo ago | A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component… | |||
| CVE-2026-6486 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manip… | |||
| CVE-2026-6216 | low | 3.5 | 3.5 | 2mo ago | DbGate has cross site scripting via the SVG Icon String Handler component | |||
| CVE-2026-6162 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdat… | |||
| CVE-2026-6106 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the co… | |||
| CVE-2026-5810 | low | 3.5 | 3.5 | 2mo ago | A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argume… | |||
| CVE-2026-5806 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cro… | |||
| CVE-2026-35679 | low | 3.5 | 3.5 | 2mo ago | Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was someti… | |||
| CVE-2026-5568 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scrip… | |||
| CVE-2026-5370 | low | 3.5 | 3.5 | 2mo ago | Krayin CRM is vulnerable to Cross-site Scripting (XSS) | |||
| CVE-2026-5325 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create … | |||
| CVE-2026-5254 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component… | |||
| CVE-2026-5253 | low | 3.5 | 3.5 | 2mo ago | A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component edi… | |||
| CVE-2026-5252 | low | 3.5 | 3.5 | 2mo ago | A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation … | |||
| CVE-2026-5249 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulatio… | |||
| CVE-2026-4995 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message E… | |||
| CVE-2026-4994 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The mani… | |||
| CVE-2026-4973 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulatio… | |||
| CVE-2026-4969 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert Handler. The manipulation of the a… | |||
| CVE-2026-32984 | low | 3.5 | 3.5 | 2mo ago | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulne… | |||
| CVE-2026-4835 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface.… | |||
| CVE-2026-4495 | low | 3.5 | 3.5 | 3mo ago | A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the file src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java. The manipulation results i… | |||
| CVE-2026-4494 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross s… | |||
| CVE-2026-4355 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of … | |||
| CVE-2026-4354 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of … | |||
| CVE-2026-4239 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object pr… | |||
| CVE-2026-4186 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This man… |