CVEs from 2026
Total
14,797
critical
critical 1,335
high
high 5,010
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1416 | low | 3.3 | 3.3 | 4mo ago | A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null poin… | |||
| CVE-2026-1415 | low | 3.3 | 3.3 | 4mo ago | A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to… | |||
| CVE-2026-44220 | low | 3.2 | 3.2 | 26d ago | ciguard: discover_pipeline_files follows symlinks out of scan root | |||
| CVE-2026-45362 | low | 3.2 | 3.2 | 26d ago | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. | |||
| CVE-2026-43969 | low | 3.2 | 3.2 | 27d ago | cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1 | |||
| CVE-2026-31369 | low | 3.2 | 3.2 | 2mo ago | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | |||
| CVE-2026-48102 | low | 3.1 | 3.1 | 2d ago | 7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parse… | |||
| CVE-2026-11251 | low | 3.1 | 3.1 | 2d ago | Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control v… | |||
| CVE-2026-11247 | low | 3.1 | 3.1 | 2d ago | Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severi… | |||
| CVE-2026-11244 | low | 3.1 | 3.1 | 2d ago | Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy… | |||
| CVE-2026-11240 | low | 3.1 | 3.1 | 2d ago | Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted … | |||
| CVE-2026-7666 | low | 3.1 | 3.1 | 4d ago | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a … | |||
| CVE-2026-35193 | low | 3.1 | 3.1 | 4d ago | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requ… | |||
| CVE-2026-10705 | low | 3.1 | 3.1 | 4d ago | A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resourc… | |||
| CVE-2026-10565 | low | 3.1 | 3.1 | 5d ago | A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a mani… | |||
| CVE-2026-45426 | low | 3.1 | 3.1 | 6d ago | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against … | |||
| CVE-2026-40963 | low | 3.1 | 3.1 | 6d ago | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated U… | |||
| CVE-2026-9991 | low | 3.1 | 3.1 | 10d ago | Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-9959 | low | 3.1 | 3.1 | 10d ago | Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9950 | low | 3.1 | 3.1 | 10d ago | Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a… | |||
| CVE-2026-9944 | low | 3.1 | 3.1 | 10d ago | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec… | |||
| CVE-2026-9920 | low | 3.1 | 3.1 | 10d ago | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chr… | |||
| CVE-2026-10011 | low | 3.1 | 3.1 | 10d ago | Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Ch… | |||
| CVE-2026-49009 | low | 3.1 | 3.1 | 11d ago | Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. | |||
| CVE-2026-47715 | low | 3.1 | 3.1 | 12d ago | Bugsink: Issue event views can show an event from another project if its UUID is known | |||
| CVE-2026-47716 | low | 3.1 | 3.1 | 12d ago | Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known | |||
| CVE-2026-48851 | low | 3.1 | 3.1 | 13d ago | PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session. | |||
| CVE-2026-9398 | low | 3.1 | 3.1 | 14d ago | A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass b… | |||
| CVE-2026-9394 | low | 3.1 | 3.1 | 14d ago | A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to w… | |||
| CVE-2026-39967 | low | 3.1 | 3.1 | 16d ago | TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user a… | |||
| CVE-2026-9249 | low | 3.1 | 3.1 | 16d ago | Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : * D… | |||
| CVE-2026-44057 | low | 3.1 | 3.1 | 17d ago | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authen… | |||
| CVE-2026-7836 | low | 3.1 | 3.1 | 17d ago | An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification v… | |||
| CVE-2026-7835 | low | 3.1 | 3.1 | 17d ago | A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string pro… | |||
| CVE-2026-44070 | low | 3.1 | 3.1 | 17d ago | An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character convers… | |||
| CVE-2026-0968 | low | 3.1 | 3.1 | 19d ago | Moderate: libssh security update | |||
| CVE-2026-8741 | low | 3.1 | 3.1 | 21d ago | A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manip… | |||
| CVE-2026-8579 | low | 3.1 | 3.1 | 24d ago | Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write… | |||
| CVE-2026-8578 | low | 3.1 | 3.1 | 24d ago | Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro… | |||
| CVE-2026-8572 | low | 3.1 | 3.1 | 24d ago | Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft… | |||
| CVE-2026-8568 | low | 3.1 | 3.1 | 24d ago | Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Ch… | |||
| CVE-2026-8556 | low | 3.1 | 3.1 | 24d ago | Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-8554 | low | 3.1 | 3.1 | 24d ago | Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted H… | |||
| CVE-2026-8553 | low | 3.1 | 3.1 | 24d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Ch… | |||
| CVE-2026-8545 | low | 3.1 | 3.1 | 24d ago | Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromi… | |||
| CVE-2026-8536 | low | 3.1 | 3.1 | 24d ago | Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation v… | |||
| CVE-2026-8022 | low | 3.1 | 3.1 | 1mo ago | Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted … | |||
| CVE-2026-8017 | low | 3.1 | 3.1 | 1mo ago | Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-7968 | low | 3.1 | 3.1 | 1mo ago | Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafte… | |||
| CVE-2026-7966 | low | 3.1 | 3.1 | 1mo ago | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c… | |||
| CVE-2026-7965 | low | 3.1 | 3.1 | 1mo ago | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft… | |||
| CVE-2026-7959 | low | 3.1 | 3.1 | 1mo ago | Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.… | |||
| CVE-2026-7954 | low | 3.1 | 3.1 | 1mo ago | Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security… | |||
| CVE-2026-7949 | low | 3.1 | 3.1 | 1mo ago | Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromi… | |||
| CVE-2026-7945 | low | 3.1 | 3.1 | 1mo ago | Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT… | |||
| CVE-2026-7944 | low | 3.1 | 3.1 | 1mo ago | Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via … | |||
| CVE-2026-7937 | low | 3.1 | 3.1 | 1mo ago | Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c… | |||
| CVE-2026-7909 | low | 3.1 | 3.1 | 1mo ago | Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa… | |||
| CVE-2026-22741 | low | 3.1 | 3.1 | 1mo ago | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. | |||
| CVE-2026-7360 | low | 3.1 | 3.1 | 1mo ago | Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c… | |||
| CVE-2026-7351 | low | 3.1 | 3.1 | 1mo ago | Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium se… | |||
| CVE-2026-41488 | low | 3.1 | 3.1 | 1mo ago | langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding | |||
| CVE-2026-6611 | low | 3.1 | 3.1 | 2mo ago | A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulatio… | |||
| CVE-2026-6312 | low | 3.1 | 3.1 | 2mo ago | Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML p… | |||
| CVE-2026-4590 | low | 3.1 | 3.1 | 3mo ago | A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the compo… | |||
| CVE-2026-4584 | low | 3.1 | 3.1 | 3mo ago | A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmissi… | |||
| CVE-2026-4477 | low | 3.1 | 3.1 | 3mo ago | A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-code… | |||
| CVE-2026-3668 | low | 3.1 | 3.1 | 3mo ago | A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access… | |||
| CVE-2026-3465 | low | 3.1 | 3.1 | 3mo ago | A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the a… | |||
| CVE-2026-3193 | low | 3.1 | 3.1 | 3mo ago | A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be perform… | |||
| CVE-2026-2702 | low | 3.1 | 3.1 | 4mo ago | A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials.… | |||
| CVE-2026-1743 | low | 3.1 | 3.1 | 4mo ago | A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The mani… | |||
| CVE-2026-21947 | low | 3.1 | 3.1 | 5mo ago | Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with netwo… | |||
| CVE-2026-1197 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in… | |||
| CVE-2026-44072 | low | 3.0 | 3.0 | 17d ago | Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor … | |||
| CVE-2026-44218 | low | 3.0 | 3.0 | 26d ago | ciguard: Container image runs as root (no USER directive) | |||
| CVE-2026-44916 | low | 3.0 | 3.0 | 1mo ago | In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing. | |||
| CVE-2026-32684 | low | 2.9 | 2.9 | 26d ago | The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information. | |||
| CVE-2026-24515 | low | 2.9 | 2.9 | 5mo ago | In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | |||
| CVE-2026-41963 | low | 2.8 | 2.8 | 23d ago | Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-9088 | low | 2.7 | 2.7 | 2d ago | A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This… | |||
| CVE-2026-44367 | low | 2.7 | 2.7 | 5d ago | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling… | |||
| CVE-2026-10078 | low | 2.7 | 2.7 | 9d ago | A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL que… | |||
| CVE-2026-30963 | low | 2.7 | 2.7 | 10d ago | Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate … | |||
| CVE-2026-8477 | low | 2.7 | 2.7 | 16d ago | Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensit… | |||
| CVE-2026-8492 | low | 2.7 | 2.7 | 19d ago | The GTranslate module provides a language switcher widget for Drupal sites. The module’s widget JavaScript did not sufficiently validate that document.currentScript referred to the executing script … | |||
| CVE-2026-5511 | low | 2.7 | 2.7 | 19d ago | In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. … | |||
| CVE-2026-45076 | low | 2.7 | 2.7 | 24d ago | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h… | |||
| CVE-2026-2900 | low | 2.7 | 2.7 | 24d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention w… | |||
| CVE-2026-41659 | low | 2.7 | 2.7 | 1mo ago | Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment | |||
| CVE-2026-6408 | low | 2.7 | 2.7 | 2mo ago | Tanium addressed an information disclosure vulnerability in Tanium Server. | |||
| CVE-2026-6392 | low | 2.7 | 2.7 | 2mo ago | Tanium addressed an information disclosure vulnerability in Threat Response. | |||
| CVE-2026-3307 | low | 2.7 | 2.7 | 2mo ago | An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated b… | |||
| CVE-2026-6597 | low | 2.7 | 2.7 | 2mo ago | A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flo… | |||
| CVE-2026-6570 | low | 2.7 | 2.7 | 2mo ago | A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argum… | |||
| CVE-2026-36942 | low | 2.7 | 2.7 | 2mo ago | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php. | |||
| CVE-2026-36946 | low | 2.7 | 2.7 | 2mo ago | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | |||
| CVE-2026-36874 | low | 2.7 | 2.7 | 2mo ago | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php. | |||
| CVE-2026-39510 | low | 2.7 | 2.7 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control S… | |||
| CVE-2026-4957 | low | 2.7 | 2.7 | 2mo ago | A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This mani… |