CVEs from 2026
Total
14,797
critical
critical 1,335
high
high 5,010
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24197 | medium | 6.5 | 6.5 | 12d ago | NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lea… | |||
| CVE-2026-24182 | medium | 6.5 | 6.5 | 12d ago | NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service. | |||
| CVE-2026-48685 | medium | 6.5 | 6.5 | 12d ago | FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_… | |||
| CVE-2026-48684 | medium | 6.5 | 6.5 | 12d ago | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.… | |||
| CVE-2026-48683 | medium | 6.5 | 6.5 | 12d ago | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template bra… | |||
| CVE-2026-43934 | medium | 6.5 | 6.5 | 12d ago | e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by othe… | |||
| CVE-2026-40564 | medium | 6.5 | 6.5 | 12d ago | Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so th… | |||
| CVE-2026-41401 | medium | 6.5 | 6.5 | 12d ago | libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. At… | |||
| CVE-2026-46620 | medium | 6.5 | 6.5 | 12d ago | e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check… | |||
| CVE-2026-27427 | medium | 6.5 | 6.5 | 12d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18. | |||
| CVE-2026-4795 | medium | 6.5 | 6.5 | 12d ago | A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00(ACPS.2)C0, GS1200-8v3 firmware versions through 1.00(ACPT.2)C0, GS1200-5HPv3 firmware versions through 1.00(A… | |||
| CVE-2026-45435 | medium | 6.5 | 6.5 | 13d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a thr… | |||
| CVE-2026-45217 | medium | 6.5 | 6.5 | 13d ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Ga… | |||
| CVE-2026-42763 | medium | 6.5 | 6.5 | 13d ago | Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20. | |||
| CVE-2026-43828 | medium | 6.5 | 6.5 | 13d ago | Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommen… | |||
| CVE-2026-43827 | medium | 6.5 | 6.5 | 13d ago | Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1… | |||
| CVE-2026-24574 | medium | 6.5 | 6.5 | 13d ago | Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through … | |||
| CVE-2026-48846 | medium | 6.5 | 6.5 | 13d ago | In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information di… | |||
| CVE-2026-48845 | medium | 6.5 | 6.5 | 13d ago | In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information discl… | |||
| CVE-2026-47076 | medium | 6.5 | 6.5 | 13d ago | SSRF allowlist bypass via percent-encoded host in hackney | |||
| CVE-2026-5222 | medium | 6.5 | 6.5 | 13d ago | Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary na… | |||
| CVE-2026-4915 | medium | 6.5 | 6.5 | 13d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an … | |||
| CVE-2026-41863 | medium | 6.5 | 6.5 | 13d ago | Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the int… | |||
| CVE-2026-9351 | medium | 6.5 | 6.5 | 14d ago | A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file… | |||
| CVE-2026-9354 | medium | 6.5 | 6.5 | 14d ago | A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument … | |||
| CVE-2026-42827 | medium | 6.5 | 6.5 | 16d ago | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-41069 | medium | 6.5 | 6.5 | 16d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS.… | |||
| CVE-2026-39969 | medium | 6.5 | 6.5 | 16d ago | TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook) does not verify the x-hub… | |||
| CVE-2026-39966 | medium | 6.5 | 6.5 | 16d ago | TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block… | |||
| CVE-2026-36227 | medium | 6.5 | 6.5 | 16d ago | Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter | |||
| CVE-2026-28444 | medium | 6.5 | 6.5 | 16d ago | Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verify… | |||
| CVE-2026-25680 | medium | 6.5 | 6.5 | 16d ago | Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. | |||
| CVE-2026-5755 | medium | 6.5 | 6.5 | 16d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, whic… | |||
| CVE-2026-5072 | medium | 6.5 | 6.5 | 16d ago | A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to se… | |||
| CVE-2026-39827 | medium | 6.5 | 6.5 | 16d ago | An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users.… | |||
| CVE-2026-8435 | medium | 6.5 | 6.5 | 17d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4… | |||
| CVE-2026-8140 | medium | 6.5 | 6.5 | 17d ago | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/<remoteId>. The download() method in concrete/controllers/single_page/dash… | |||
| CVE-2026-39593 | medium | 6.5 | 6.5 | 17d ago | Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10. | |||
| CVE-2026-0393 | medium | 6.5 | 6.5 | 17d ago | The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerabil… | |||
| CVE-2026-45254 | medium | 6.5 | 6.5 | 17d ago | In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an… | |||
| CVE-2026-42396 | medium | 6.5 | 6.5 | 17d ago | Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | |||
| CVE-2026-44054 | medium | 6.5 | 6.5 | 17d ago | Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect m… | |||
| CVE-2026-2734 | medium | 6.5 | 6.5 | 17d ago | In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authenticati… | |||
| CVE-2026-9149 | medium | 6.5 | 6.5 | 18d ago | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. T… | |||
| CVE-2026-9150 | medium | 6.5 | 6.5 | 18d ago | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could … | |||
| CVE-2026-40102 | medium | 6.5 | 6.5 | 18d ago | Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without vali… | |||
| CVE-2026-9136 | medium | 6.5 | 6.5 | 18d ago | A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the … | |||
| CVE-2026-9122 | medium | 6.5 | 6.5 | 18d ago | Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium … | |||
| CVE-2026-20240 | medium | 6.5 | 6.5 | 18d ago | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, … | |||
| CVE-2026-20239 | medium | 6.5 | 6.5 | 18d ago | In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_… | |||
| CVE-2026-20238 | medium | 6.5 | 6.5 | 18d ago | In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations… | |||
| CVE-2026-44923 | medium | 6.5 | 6.5 | 18d ago | SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges. | |||
| CVE-2026-21836 | medium | 6.5 | 6.5 | 18d ago | The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to retur… | |||
| CVE-2026-27405 | medium | 6.5 | 6.5 | 18d ago | Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9. | |||
| CVE-2026-24573 | medium | 6.5 | 6.5 | 18d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0. | |||
| CVE-2026-8685 | medium | 6.5 | 6.5 | 18d ago | The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on… | |||
| CVE-2026-6072 | medium | 6.5 | 6.5 | 18d ago | The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin prote… | |||
| CVE-2026-34233 | medium | 6.5 | 6.5 | 19d ago | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenti… | |||
| CVE-2026-32814 | medium | 6.5 | 6.5 | 19d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to … | |||
| CVE-2026-32739 | medium | 6.5 | 6.5 | 19d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1… | |||
| CVE-2026-46357 | medium | 6.5 | 6.5 | 19d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site crea… | |||
| CVE-2026-8096 | medium | 6.5 | 6.5 | 19d ago | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not p… | |||
| CVE-2026-32738 | medium | 6.5 | 6.5 | 19d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und… | |||
| CVE-2026-8706 | medium | 6.5 | 6.5 | 19d ago | Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-… | |||
| CVE-2026-8971 | medium | 6.5 | 6.5 | 19d ago | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-8951 | medium | 6.5 | 6.5 | 19d ago | Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. | |||
| CVE-2026-23557 | medium | 6.5 | 6.5 | 19d ago | Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will hap… | |||
| CVE-2026-37979 | medium | 6.5 | 6.5 | 19d ago | Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass | |||
| CVE-2026-45187 | medium | 6.5 | 6.5 | 19d ago | Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||
| CVE-2026-35086 | medium | 6.5 | 6.5 | 19d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to vers… | |||
| CVE-2026-31380 | medium | 6.5 | 6.5 | 19d ago | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06… | |||
| CVE-2026-31378 | medium | 6.5 | 6.5 | 19d ago | Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||
| CVE-2026-29220 | medium | 6.5 | 6.5 | 19d ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v… | |||
| CVE-2026-29207 | medium | 6.5 | 6.5 | 19d ago | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24… | |||
| CVE-2026-28733 | medium | 6.5 | 6.5 | 19d ago | in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. | |||
| CVE-2026-27737 | medium | 6.5 | 6.5 | 20d ago | BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio… | |||
| CVE-2026-45679 | medium | 6.5 | 6.5 | 20d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redi… | |||
| CVE-2026-8843 | medium | 6.5 | 6.5 | 20d ago | Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi… | |||
| CVE-2026-20685 | medium | 6.5 | 6.5 | 20d ago | An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3. | |||
| CVE-2026-45609 | medium | 6.5 | 6.5 | 20d ago | mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined… | |||
| CVE-2026-45582 | medium | 6.5 | 6.5 | 20d ago | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of … | |||
| CVE-2026-6345 | medium | 6.5 | 6.5 | 20d ago | Mattermost doesn't prevent disclosure of created user password | |||
| CVE-2026-5163 | medium | 6.5 | 6.5 | 20d ago | Mattermost doesn't verify channel membership when processing AI-assisted message rewrites | |||
| CVE-2026-3471 | medium | 6.5 | 6.5 | 20d ago | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra… | |||
| CVE-2026-3117 | medium | 6.5 | 6.5 | 20d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se… | |||
| CVE-2026-6340 | medium | 6.5 | 6.5 | 20d ago | Mattermost doesn't validate 7zip archive structure before processing | |||
| CVE-2026-2325 | medium | 6.5 | 6.5 | 20d ago | Mattermost doesn't limit the size of the request body on the start meeting API endpoint | |||
| CVE-2026-33637 | medium | 6.5 | 6.5 | 21d ago | Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping | |||
| CVE-2026-8769 | medium | 6.5 | 6.5 | 21d ago | @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue | |||
| CVE-2026-8766 | medium | 6.5 | 6.5 | 21d ago | @kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2026-8765 | medium | 6.5 | 6.5 | 21d ago | A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi… | |||
| CVE-2026-8746 | medium | 6.5 | 6.5 | 21d ago | A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation res… | |||
| CVE-2026-8745 | medium | 6.5 | 6.5 | 21d ago | A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation le… | |||
| CVE-2026-8744 | medium | 6.5 | 6.5 | 21d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing … | |||
| CVE-2026-8738 | medium | 6.5 | 6.5 | 21d ago | A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file public… | |||
| CVE-2026-8731 | medium | 6.5 | 6.5 | 21d ago | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool … | |||
| CVE-2026-8730 | medium | 6.5 | 6.5 | 21d ago | A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfI… | |||
| CVE-2026-8729 | medium | 6.5 | 6.5 | 21d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/s… | |||
| CVE-2026-8728 | medium | 6.5 | 6.5 | 21d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S… | |||
| CVE-2026-46719 | medium | 6.5 | 6.5 | 22d ago | Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject add… |