CVEs from 2026
Total
14,214
critical
critical 1,262
high
high 4,737
medium
medium 4,541
low
low 495
% Critical
8.9%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42744 | medium | 6.5 | 6.5 | 8d ago | Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a … | |||
| CVE-2026-42732 | medium | 6.5 | 6.5 | 8d ago | Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a thr… | |||
| CVE-2026-42725 | medium | 6.5 | 6.5 | 8d ago | Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Contr… | |||
| CVE-2026-42726 | medium | 6.5 | 6.5 | 8d ago | Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects … | |||
| CVE-2026-48968 | medium | 6.5 | 6.5 | 8d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.… | |||
| CVE-2026-48877 | medium | 6.5 | 6.5 | 8d ago | Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0. | |||
| CVE-2026-40849 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. … | |||
| CVE-2026-40848 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can resul… | |||
| CVE-2026-40847 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This ca… | |||
| CVE-2026-40846 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can re… | |||
| CVE-2026-40845 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT comma… | |||
| CVE-2026-40844 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can… | |||
| CVE-2026-40843 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can … | |||
| CVE-2026-40842 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. … | |||
| CVE-2026-40841 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command.… | |||
| CVE-2026-40840 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT co… | |||
| CVE-2026-40839 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT co… | |||
| CVE-2026-40838 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT comma… | |||
| CVE-2026-40837 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT comm… | |||
| CVE-2026-40835 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT comm… | |||
| CVE-2026-40832 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command… | |||
| CVE-2026-40831 | medium | 6.5 | 6.5 | 9d ago | An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can resu… | |||
| CVE-2026-3279 | medium | 6.5 | 6.5 | 9d ago | The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `downgrade_jquery_version()` function in all versions… | |||
| CVE-2026-44596 | medium | — | 6.5 | 9d ago | Yamcs has No Rate Limiting on Authentication Endpoint | |||
| CVE-2026-44595 | medium | — | 6.5 | 9d ago | Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints | |||
| CVE-2026-8961 | medium | 6.5 | 6.5 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-8388 | medium | 6.5 | 6.5 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-38930 | medium | 6.5 | 6.5 | 9d ago | OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the … | |||
| CVE-2026-42568 | medium | — | 6.5 | 9d ago | Yamcs Vulnerable to LDAP Injection in LdapAuthModule | |||
| CVE-2026-9603 | medium | 6.5 | 6.5 | 9d ago | A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument I… | |||
| CVE-2026-48710 | medium | 6.5 | 6.5 | 9d ago | Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks | |||
| CVE-2026-44213 | medium | 6.5 | 6.5 | 9d ago | The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sendi… | |||
| CVE-2026-44788 | medium | 6.5 | 6.5 | 9d ago | SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious ar… | |||
| CVE-2026-47672 | medium | 6.5 | 6.5 | 9d ago | epa4all-client: Unauthenticated REST API for Patient Record Writes | |||
| CVE-2026-44836 | medium | 6.5 | 6.5 | 9d ago | view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls… | |||
| CVE-2026-24197 | medium | 6.5 | 6.5 | 9d ago | NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lea… | |||
| CVE-2026-24182 | medium | 6.5 | 6.5 | 9d ago | NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service. | |||
| CVE-2026-48685 | medium | 6.5 | 6.5 | 9d ago | FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_… | |||
| CVE-2026-48684 | medium | 6.5 | 6.5 | 9d ago | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.… | |||
| CVE-2026-48683 | medium | 6.5 | 6.5 | 9d ago | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template bra… | |||
| CVE-2026-43934 | medium | 6.5 | 6.5 | 9d ago | e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by othe… | |||
| CVE-2026-40564 | medium | 6.5 | 6.5 | 9d ago | Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so th… | |||
| CVE-2026-41401 | medium | 6.5 | 6.5 | 9d ago | libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. At… | |||
| CVE-2026-46620 | medium | 6.5 | 6.5 | 9d ago | e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check… | |||
| CVE-2026-27427 | medium | 6.5 | 6.5 | 9d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18. | |||
| CVE-2026-4795 | medium | 6.5 | 6.5 | 10d ago | A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00(ACPS.2)C0, GS1200-8v3 firmware versions through 1.00(ACPT.2)C0, GS1200-5HPv3 firmware versions through 1.00(A… | |||
| CVE-2026-45435 | medium | 6.5 | 6.5 | 10d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a thr… | |||
| CVE-2026-45217 | medium | 6.5 | 6.5 | 10d ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Ga… | |||
| CVE-2026-42763 | medium | 6.5 | 6.5 | 10d ago | Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20. | |||
| CVE-2026-43828 | medium | 6.5 | 6.5 | 10d ago | Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommen… | |||
| CVE-2026-43827 | medium | 6.5 | 6.5 | 10d ago | Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1… | |||
| CVE-2026-24574 | medium | 6.5 | 6.5 | 10d ago | Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through … | |||
| CVE-2026-48846 | medium | 6.5 | 6.5 | 10d ago | In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information di… | |||
| CVE-2026-48845 | medium | 6.5 | 6.5 | 10d ago | In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information discl… | |||
| CVE-2026-47076 | medium | 6.5 | 6.5 | 10d ago | SSRF allowlist bypass via percent-encoded host in hackney | |||
| CVE-2026-5222 | medium | 6.5 | 6.5 | 10d ago | Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary na… | |||
| CVE-2026-4915 | medium | 6.5 | 6.5 | 11d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an … | |||
| CVE-2026-41863 | medium | 6.5 | 6.5 | 11d ago | Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the int… | |||
| CVE-2026-9351 | medium | 6.5 | 6.5 | 12d ago | A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file… | |||
| CVE-2026-9354 | medium | 6.5 | 6.5 | 12d ago | A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument … | |||
| CVE-2026-42827 | medium | 6.5 | 6.5 | 13d ago | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-41069 | medium | 6.5 | 6.5 | 13d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS.… | |||
| CVE-2026-39969 | medium | 6.5 | 6.5 | 13d ago | TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint (POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook) does not verify the x-hub… | |||
| CVE-2026-39966 | medium | 6.5 | 6.5 | 13d ago | TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block… | |||
| CVE-2026-36227 | medium | 6.5 | 6.5 | 13d ago | Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter | |||
| CVE-2026-28444 | medium | 6.5 | 6.5 | 13d ago | Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verify… | |||
| CVE-2026-25680 | medium | 6.5 | 6.5 | 13d ago | Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. | |||
| CVE-2026-5755 | medium | 6.5 | 6.5 | 13d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, whic… | |||
| CVE-2026-5072 | medium | 6.5 | 6.5 | 14d ago | A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to se… | |||
| CVE-2026-39827 | medium | 6.5 | 6.5 | 14d ago | An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users.… | |||
| CVE-2026-8435 | medium | 6.5 | 6.5 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4… | |||
| CVE-2026-8140 | medium | 6.5 | 6.5 | 14d ago | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/<remoteId>. The download() method in concrete/controllers/single_page/dash… | |||
| CVE-2026-39593 | medium | 6.5 | 6.5 | 14d ago | Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10. | |||
| CVE-2026-0393 | medium | 6.5 | 6.5 | 14d ago | The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerabil… | |||
| CVE-2026-45254 | medium | 6.5 | 6.5 | 14d ago | In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an… | |||
| CVE-2026-42396 | medium | 6.5 | 6.5 | 14d ago | Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | |||
| CVE-2026-44054 | medium | 6.5 | 6.5 | 15d ago | Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect m… | |||
| CVE-2026-2734 | medium | 6.5 | 6.5 | 15d ago | In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authenticati… | |||
| CVE-2026-9149 | medium | 6.5 | 6.5 | 15d ago | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. T… | |||
| CVE-2026-9150 | medium | 6.5 | 6.5 | 15d ago | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could … | |||
| CVE-2026-40102 | medium | 6.5 | 6.5 | 15d ago | Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without vali… | |||
| CVE-2026-9136 | medium | 6.5 | 6.5 | 15d ago | A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the … | |||
| CVE-2026-9122 | medium | 6.5 | 6.5 | 15d ago | Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium … | |||
| CVE-2026-20240 | medium | 6.5 | 6.5 | 15d ago | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, … | |||
| CVE-2026-20239 | medium | 6.5 | 6.5 | 15d ago | In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_… | |||
| CVE-2026-20238 | medium | 6.5 | 6.5 | 15d ago | In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations… | |||
| CVE-2026-44923 | medium | 6.5 | 6.5 | 15d ago | SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges. | |||
| CVE-2026-21836 | medium | 6.5 | 6.5 | 15d ago | The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to retur… | |||
| CVE-2026-27405 | medium | 6.5 | 6.5 | 15d ago | Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9. | |||
| CVE-2026-24573 | medium | 6.5 | 6.5 | 15d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0. | |||
| CVE-2026-8685 | medium | 6.5 | 6.5 | 16d ago | The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on… | |||
| CVE-2026-6072 | medium | 6.5 | 6.5 | 16d ago | The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin prote… | |||
| CVE-2026-34233 | medium | 6.5 | 6.5 | 16d ago | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenti… | |||
| CVE-2026-32814 | medium | 6.5 | 6.5 | 16d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to … | |||
| CVE-2026-32739 | medium | 6.5 | 6.5 | 16d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1… | |||
| CVE-2026-8096 | medium | 6.5 | 6.5 | 16d ago | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not p… | |||
| CVE-2026-32738 | medium | 6.5 | 6.5 | 16d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und… | |||
| CVE-2026-8706 | medium | 6.5 | 6.5 | 16d ago | Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-… | |||
| CVE-2026-8971 | medium | 6.5 | 6.5 | 16d ago | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-8951 | medium | 6.5 | 6.5 | 16d ago | Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. |