CVEs from 2026
Total
14,697
critical
critical 1,323
high
high 4,976
medium
medium 4,753
low
low 501
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 660
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3763 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scr… | |||
| CVE-2026-3702 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page … | |||
| CVE-2026-20070 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenti… | |||
| CVE-2026-3455 | medium | 6.1 | 6.1 | 3mo ago | mailparser vulnerable to Cross-site Scripting | |||
| CVE-2026-3412 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site… | |||
| CVE-2026-3302 | medium | 6.1 | 6.1 | 3mo ago | A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing… | |||
| CVE-2026-3070 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filena… | |||
| CVE-2026-3054 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotel… | |||
| CVE-2026-3049 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The… | |||
| CVE-2026-3043 | medium | 6.1 | 6.1 | 3mo ago | A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to… | |||
| CVE-2026-3028 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This man… | |||
| CVE-2026-3027 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the… | |||
| CVE-2026-2971 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the compone… | |||
| CVE-2026-2547 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element is the function AgentDashboard of the file /otrs/index.pl. Performing a manipulation of the argument Subaction results i… | |||
| CVE-2026-2546 | medium | 6.1 | 6.1 | 4mo ago | A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross… | |||
| CVE-2026-2545 | medium | 6.1 | 6.1 | 4mo ago | A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross… | |||
| CVE-2026-2242 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The atta… | |||
| CVE-2026-2241 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must b… | |||
| CVE-2026-2240 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read.… | |||
| CVE-2026-2160 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_packa… | |||
| CVE-2026-2159 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Execut… | |||
| CVE-2026-2154 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patien… | |||
| CVE-2026-2153 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can l… | |||
| CVE-2026-2150 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulati… | |||
| CVE-2026-2149 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.ph… | |||
| CVE-2026-1970 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redi… | |||
| CVE-2026-1411 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It i… | |||
| CVE-2026-21933 | medium | 6.1 | 6.1 | 5mo ago | RHSA-2026:4832: java-1.8.0-ibm security update (Important) | |||
| CVE-2026-1135 | medium | 6.1 | 6.1 | 5mo ago | A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in … | |||
| CVE-2026-1134 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross … | |||
| CVE-2026-0858 | medium | 6.1 | 6.1 | 5mo ago | PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams | |||
| CVE-2026-22610 | medium | 6.1 | 6.1 | 5mo ago | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cros… | |||
| CVE-2026-0642 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name r… | |||
| CVE-2026-0588 | medium | 6.1 | 6.1 | 5mo ago | A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the … | |||
| CVE-2026-0586 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulati… | |||
| CVE-2026-0580 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results … | |||
| CVE-2026-25623 | medium | 6.0 | 6.0 | 2h ago | An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators c… | |||
| CVE-2026-25622 | medium | 6.0 | 6.0 | 2h ago | A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logg… | |||
| CVE-2026-25621 | medium | 6.0 | 6.0 | 2h ago | A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects versi… | |||
| CVE-2026-25620 | medium | 6.0 | 6.0 | 2h ago | An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely… | |||
| CVE-2026-0857 | medium | 6.0 | 6.0 | 16d ago | Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: thr… | |||
| CVE-2026-8052 | medium | 6.0 | 6.0 | 24d ago | HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack | |||
| CVE-2026-6959 | medium | 6.0 | 6.0 | 24d ago | HashiCorp Nomad vulnerable to symlink attack | |||
| CVE-2026-41125 | medium | 6.0 | 6.0 | 25d ago | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), bluepla… | |||
| CVE-2026-45005 | medium | 6.0 | 6.0 | 25d ago | OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload | |||
| CVE-2026-41689 | medium | 6.0 | 6.0 | 29d ago | Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for ever… | |||
| CVE-2026-2379 | medium | 5.9 | 5.9 | 4h ago | On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain a… | |||
| CVE-2026-11238 | medium | 5.9 | 5.9 | 22h ago | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information … | |||
| CVE-2026-50219 | medium | 5.9 | 5.9 | 2d ago | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation.… | |||
| CVE-2026-36616 | medium | 5.9 | 5.9 | 3d ago | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware… | |||
| CVE-2026-36610 | medium | 5.9 | 5.9 | 3d ago | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-mid… | |||
| CVE-2026-25861 | medium | 5.9 | 5.9 | 3d ago | QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password ha… | |||
| CVE-2026-48682 | medium | 5.9 | 5.9 | 3d ago | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4… | |||
| CVE-2026-10584 | medium | 5.9 | 5.9 | 3d ago | Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests … | |||
| CVE-2026-28116 | medium | 5.9 | 5.9 | 3d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/… | |||
| CVE-2026-0075 | medium | 5.9 | 5.9 | 4d ago | In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed.… | |||
| CVE-2026-0061 | medium | 5.9 | 5.9 | 4d ago | In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege wit… | |||
| CVE-2026-45691 | medium | 5.9 | 5.9 | 4d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful … | |||
| CVE-2026-45690 | medium | 5.9 | 5.9 | 4d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta… | |||
| CVE-2026-43625 | medium | 5.9 | 5.9 | 4d ago | CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp a… | |||
| CVE-2026-49270 | medium | 5.9 | 5.9 | 5d ago | Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurabl… | |||
| CVE-2026-49267 | medium | 5.9 | 5.9 | 5d ago | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_s… | |||
| CVE-2026-41017 | medium | 5.9 | 5.9 | 5d ago | Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy … | |||
| CVE-2026-47741 | medium | 5.9 | 5.9 | 7d ago | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Un… | |||
| CVE-2026-46538 | medium | 5.9 | 5.9 | 9d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id onl… | |||
| CVE-2026-45027 | medium | 5.9 | 5.9 | 9d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorith… | |||
| CVE-2026-8606 | medium | 5.9 | 5.9 | 10d ago | A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security… | |||
| CVE-2026-48850 | medium | 5.9 | 5.9 | 11d ago | PuTTY 0.72 before 0.84 has a double free in RSA KEX. | |||
| CVE-2026-42626 | medium | 5.9 | 5.9 | 14d ago | HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can… | |||
| CVE-2026-48249 | medium | 5.9 | 5.9 | 15d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing … | |||
| CVE-2026-48248 | medium | 5.9 | 5.9 | 15d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound H… | |||
| CVE-2026-48247 | medium | 5.9 | 5.9 | 15d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbou… | |||
| CVE-2026-48246 | medium | 5.9 | 5.9 | 15d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTT… | |||
| CVE-2026-44061 | medium | 5.9 | 5.9 | 16d ago | Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | |||
| CVE-2026-9100 | medium | 5.9 | 5.9 | 16d ago | The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads t… | |||
| CVE-2026-5947 | medium | 5.9 | 5.9 | 16d ago | Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. … | |||
| CVE-2026-44608 | medium | 5.9 | 5.9 | 17d ago | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'… | |||
| CVE-2026-41470 | medium | 5.9 | 5.9 | 17d ago | LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attack… | |||
| CVE-2026-32134 | medium | 5.9 | 5.9 | 17d ago | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br… | |||
| CVE-2026-40355 | medium | 5.9 | 5.9 | 18d ago | RHSA-2026:16799: krb5 security update (Important) | |||
| CVE-2026-40356 | medium | 5.9 | 5.9 | 18d ago | RHSA-2026:16799: krb5 security update (Important) | |||
| CVE-2026-45681 | medium | 5.9 | 5.9 | 18d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer bu… | |||
| CVE-2026-41968 | medium | 5.9 | 5.9 | 22d ago | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-41967 | medium | 5.9 | 5.9 | 22d ago | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-41961 | medium | 5.9 | 5.9 | 22d ago | Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-6811 | medium | 5.9 | 5.9 | 22d ago | Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is… | |||
| CVE-2026-42597 | medium | 5.9 | 5.9 | 22d ago | Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme | |||
| CVE-2026-33381 | medium | 5.9 | 5.9 | 23d ago | When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this. | |||
| CVE-2026-44577 | medium | 5.9 | 5.9 | 23d ago | Next.js has a Denial of Service in the Image Optimization API | |||
| CVE-2026-44572 | medium | 5.9 | 5.9 | 23d ago | Next.js's Middleware / Proxy redirects can be cache-poisoned | |||
| CVE-2026-6253 | medium | 5.9 | 5.9 | 23d ago | curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for differ… | |||
| CVE-2026-4873 | medium | 5.9 | 5.9 | 23d ago | A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SM… | |||
| CVE-2026-42545 | medium | 5.9 | 5.9 | 24d ago | Granian vulnerable to DoS via WSGI response header panic | |||
| CVE-2026-43930 | medium | 5.9 | 5.9 | 24d ago | parse-server: MFA SMS one-time password accepted twice under concurrent login | |||
| CVE-2026-8261 | medium | 5.9 | 5.9 | 26d ago | A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attac… | |||
| CVE-2026-42225 | medium | 5.9 | 5.9 | 29d ago | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid o… | |||
| CVE-2026-39817 | medium | 5.9 | 5.9 | 29d ago | The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su… | |||
| CVE-2026-41484 | medium | 5.9 | 5.9 | 1mo ago | OneCollector exporter reads unbounded HTTP response bodies | |||
| CVE-2026-41483 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry.Resources.Azure has an unbounded HTTP response body read | |||
| CVE-2026-5119 | medium | 5.9 | 5.9 | 1mo ago | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network… |