CVEs from 2026
Total
14,770
critical
critical 1,335
high
high 5,012
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40076 | high | 8.8 | 8.8 | 1mo ago | OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip) | |||
| CVE-2026-8016 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-8002 | high | 8.8 | 8.8 | 1mo ago | Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-8000 | high | 8.8 | 8.8 | 1mo ago | Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se… | |||
| CVE-2026-7995 | high | 8.8 | 8.8 | 1mo ago | Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Mediu… | |||
| CVE-2026-7992 | high | 8.8 | 8.8 | 1mo ago | Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute… | |||
| CVE-2026-7991 | high | 8.8 | 8.8 | 1mo ago | Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… | |||
| CVE-2026-7988 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7987 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7984 | high | 8.8 | 8.8 | 1mo ago | Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML … | |||
| CVE-2026-7980 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebAudio in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7974 | high | 8.8 | 8.8 | 1mo ago | Use after free in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7973 | high | 8.8 | 8.8 | 1mo ago | Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Med… | |||
| CVE-2026-7957 | high | 8.8 | 8.8 | 1mo ago | Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a cr… | |||
| CVE-2026-7951 | high | 8.8 | 8.8 | 1mo ago | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7940 | high | 8.8 | 8.8 | 1mo ago | Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome … | |||
| CVE-2026-7938 | high | 8.8 | 8.8 | 1mo ago | Use after free in CSS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-7930 | high | 8.8 | 8.8 | 1mo ago | Insufficient validation of untrusted input in Cookies in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-7928 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-7927 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7926 | high | 8.8 | 8.8 | 1mo ago | Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-7921 | high | 8.8 | 8.8 | 1mo ago | Use after free in Passwords in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7907 | high | 8.8 | 8.8 | 1mo ago | Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7906 | high | 8.8 | 8.8 | 1mo ago | Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7903 | high | 8.8 | 8.8 | 1mo ago | Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-7902 | high | 8.8 | 8.8 | 1mo ago | Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-7901 | high | 8.8 | 8.8 | 1mo ago | Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-7899 | high | 8.8 | 8.8 | 1mo ago | Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-7898 | high | 8.8 | 8.8 | 1mo ago | Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) | |||
| CVE-2026-7896 | high | 8.8 | 8.8 | 1mo ago | Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-41938 | high | 8.8 | 8.8 | 1mo ago | Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restricti… | |||
| CVE-2026-41934 | high | 8.8 | 8.8 | 1mo ago | Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through ins… | |||
| CVE-2026-7875 | high | 8.8 | 8.8 | 1mo ago | NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container … | |||
| CVE-2026-42503 | high | 8.8 | 8.8 | 1mo ago | gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopl… | |||
| CVE-2026-29080 | high | 8.8 | 8.8 | 1mo ago | Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API | |||
| CVE-2026-20034 | high | 8.8 | 8.8 | 1mo ago | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is… | |||
| CVE-2026-29090 | high | 8.8 | 8.8 | 1mo ago | Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API | |||
| CVE-2026-43283 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error path takes priv->rx_buf.alloc_len as the d… | |||
| CVE-2026-43249 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free against concurrent calls The xenwatch thread can race with other back-end change notification… | |||
| CVE-2026-43239 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in ->query_interfaces() It was possible for two query interface works to be concurrently trying to upd… | |||
| CVE-2026-43232 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync T-series card is being detached, the fs… | |||
| CVE-2026-43215 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifs_tcp_ses_lock to protect a lot of objects that are not just the se… | |||
| CVE-2026-43187 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size underflow… | |||
| CVE-2026-43176 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate release report content before using for RTL8922DE The commit 957eda596c76 ("wifi: rtw89: pci: validate… | |||
| CVE-2026-43172 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs (which doesn't exist in hardware) then us… | |||
| CVE-2026-43158 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block fre… | |||
| CVE-2026-43113 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to ind… | |||
| CVE-2026-43112 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a str… | |||
| CVE-2026-43110 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index… | |||
| CVE-2026-7841 | high | 8.8 | 8.8 | 1mo ago | A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server b… | |||
| CVE-2026-42843 | high | 8.8 | 8.8 | 1mo ago | Grav API Privilege Escalation to Super Admin | |||
| CVE-2026-40068 | high | 8.8 | 8.8 | 1mo ago | Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution | |||
| CVE-2026-39849 | high | 8.8 | 8.8 | 1mo ago | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline charac… | |||
| CVE-2026-42266 | high | 8.8 | 8.8 | 1mo ago | JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed… | |||
| CVE-2026-34464 | high | 8.8 | 8.8 | 1mo ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fix… | |||
| CVE-2026-34459 | high | 8.8 | 8.8 | 1mo ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilit… | |||
| CVE-2026-34458 | high | 8.8 | 8.8 | 1mo ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration re… | |||
| CVE-2026-33324 | high | 8.8 | 8.8 | 1mo ago | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que… | |||
| CVE-2026-25589 | high | 8.8 | 8.8 | 1mo ago | RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTOR… | |||
| CVE-2026-25588 | high | 8.8 | 8.8 | 1mo ago | RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE comma… | |||
| CVE-2026-25243 | high | 8.8 | 8.8 | 1mo ago | RHSA-2026:23229: redis security update (Important) | |||
| CVE-2026-23479 | high | 8.8 | 8.8 | 1mo ago | Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blo… | |||
| CVE-2026-35397 | high | 8.8 | 8.8 | 1mo ago | Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories | |||
| CVE-2026-31196 | high | 8.8 | 8.8 | 1mo ago | The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing aut… | |||
| CVE-2026-31195 | high | 8.8 | 8.8 | 1mo ago | The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authentic… | |||
| CVE-2026-6261 | high | 8.8 | 8.8 | 1mo ago | The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled… | |||
| CVE-2026-43571 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows | |||
| CVE-2026-43569 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins | |||
| CVE-2026-43531 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Workspace .env could inject OpenClaw runtime-control variables | |||
| CVE-2026-43530 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: busybox and toybox applet execution weakened exec approval binding | |||
| CVE-2026-42435 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms | |||
| CVE-2026-42434 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Sandboxed agents could escape exec routing via host=node override | |||
| CVE-2026-42606 | high | 8.8 | 8.8 | 1mo ago | AzuraCast has Password Reset Poisoning via Untrusted X-Forwarded-Host Header that Leads to Account Takeover and 2FA Bypass | |||
| CVE-2026-42605 | high | 8.8 | 8.8 | 1mo ago | AzuraCast has Path Traversal in `currentDirectory` Parameter that Enables Remote Code Execution via Media Upload | |||
| CVE-2026-42237 | high | 8.8 | 8.8 | 1mo ago | n8n has SQL Injection in Snowflake and MySQL Nodes | |||
| CVE-2026-42234 | high | 8.8 | 8.8 | 1mo ago | n8n has a Python Task Runner Sandbox Escape Vulnerability | |||
| CVE-2026-42232 | high | 8.8 | 8.8 | 1mo ago | n8n has XML Node Prototype Pollution that to RCE | |||
| CVE-2026-42231 | high | 8.8 | 8.8 | 1mo ago | n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE | |||
| CVE-2026-42229 | high | 8.8 | 8.8 | 1mo ago | n8n has SQL Injection in SeaTable Node | |||
| CVE-2026-0073 | high | 8.8 | 8.8 | 1mo ago | In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as… | |||
| CVE-2026-42375 | high | 8.8 | 8.8 | 1mo ago | D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static… | |||
| CVE-2026-42374 | high | 8.8 | 8.8 | 1mo ago | D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static… | |||
| CVE-2026-42373 | high | 8.8 | 8.8 | 1mo ago | D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… | |||
| CVE-2026-42372 | high | 8.8 | 8.8 | 1mo ago | D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… | |||
| CVE-2026-29514 | high | 8.8 | 8.8 | 1mo ago | NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or con… | |||
| CVE-2026-24072 | high | 8.8 | 8.8 | 1mo ago | Apache HTTP Server vulnerabilities | |||
| CVE-2026-7750 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The … | |||
| CVE-2026-7749 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manip… | |||
| CVE-2026-7748 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executin… | |||
| CVE-2026-7717 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Execu… | |||
| CVE-2026-42364 | high | 8.8 | 8.8 | 1mo ago | An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An… | |||
| CVE-2026-7685 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer ove… | |||
| CVE-2026-7684 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffe… | |||
| CVE-2026-7675 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid l… | |||
| CVE-2026-7674 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation… | |||
| CVE-2026-7609 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation cause… | |||
| CVE-2026-7489 | high | 8.8 | 8.8 | 1mo ago | CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | |||
| CVE-2026-7607 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads t… | |||
| CVE-2026-2052 | high | 8.8 | 8.8 | 1mo ago | The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via… | |||
| CVE-2026-7641 | high | 8.8 | 8.8 | 1mo ago | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. Thi… |