CVEs from 2026
Total
14,769
critical
critical 1,335
high
high 5,011
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33569 | medium | 6.5 | 6.5 | 2mo ago | Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device. | |||
| CVE-2026-23777 | medium | 6.5 | 6.5 | 2mo ago | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1… | |||
| CVE-2026-41313 | medium | 6.5 | 6.5 | 2mo ago | pypdf: Possible long runtimes for wrong size values in incremental mode | |||
| CVE-2026-41312 | medium | 6.5 | 6.5 | 2mo ago | pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM | |||
| CVE-2026-3861 | medium | 6.5 | 6.5 | 2mo ago | LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards whe… | |||
| CVE-2026-6364 | medium | 6.5 | 6.5 | 2mo ago | Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security se… | |||
| CVE-2026-20081 | medium | 6.5 | 6.5 | 2mo ago | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attack… | |||
| CVE-2026-20078 | medium | 6.5 | 6.5 | 2mo ago | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attack… | |||
| CVE-2026-20061 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit… | |||
| CVE-2026-32151 | medium | 6.5 | 6.5 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-27925 | medium | 6.5 | 6.5 | 2mo ago | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network. | |||
| CVE-2026-26155 | medium | 6.5 | 6.5 | 2mo ago | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | |||
| CVE-2026-38533 | medium | 6.5 | 6.5 | 2mo ago | An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and acco… | |||
| CVE-2026-22576 | medium | 6.5 | 6.5 | 2mo ago | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all v… | |||
| CVE-2026-22574 | medium | 6.5 | 6.5 | 2mo ago | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all v… | |||
| CVE-2026-22573 | medium | 6.5 | 6.5 | 2mo ago | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all… | |||
| CVE-2026-21742 | medium | 6.5 | 6.5 | 2mo ago | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3… | |||
| CVE-2026-34264 | medium | 6.5 | 6.5 | 2mo ago | During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the… | |||
| CVE-2026-27679 | medium | 6.5 | 6.5 | 2mo ago | Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prop… | |||
| CVE-2026-31280 | medium | 6.5 | 6.5 | 2mo ago | An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames. | |||
| CVE-2026-6111 | medium | 6.5 | 6.5 | 2mo ago | MetaGPT affected by server-side request forgery in metagpt/utils/common.py | |||
| CVE-2026-5412 | medium | 6.5 | 6.5 | 2mo ago | Juju: CloudSpec method leaking cloud credentials | |||
| CVE-2026-5460 | medium | 6.5 | 6.5 | 2mo ago | A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the in… | |||
| CVE-2026-5778 | medium | 6.5 | 6.5 | 2mo ago | Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication… | |||
| CVE-2026-5263 | medium | 6.5 | 6.5 | 2mo ago | URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf cert… | |||
| CVE-2026-5329 | medium | 6.5 | 6.5 | 2mo ago | Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an au… | |||
| CVE-2026-5919 | medium | 6.5 | 6.5 | 2mo ago | Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a … | |||
| CVE-2026-2377 | medium | 6.5 | 6.5 | 2mo ago | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary… | |||
| CVE-2026-39651 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a t… | |||
| CVE-2026-39641 | medium | 6.5 | 6.5 | 2mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4. | |||
| CVE-2026-39639 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include C… | |||
| CVE-2026-39633 | medium | 6.5 | 6.5 | 2mo ago | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9. | |||
| CVE-2026-39488 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2. | |||
| CVE-2026-35454 | medium | 6.5 | 6.5 | 2mo ago | Code Extension Marketplace: Zip Slip Path Traversal | |||
| CVE-2026-34061 | medium | 6.5 | 6.5 | 2mo ago | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an ele… | |||
| CVE-2026-25773 | medium | 6.5 | 6.5 | 2mo ago | Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements | |||
| CVE-2026-35549 | medium | 6.5 | 6.5 | 2mo ago | An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user a… | |||
| CVE-2026-35038 | medium | 6.5 | 6.5 | 2mo ago | Signal K Server: Arbitrary Prototype Read via `from` Field Bypass | |||
| CVE-2026-5330 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component… | |||
| CVE-2026-5316 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is p… | |||
| CVE-2026-25834 | medium | 6.5 | 6.5 | 2mo ago | Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | |||
| CVE-2026-34531 | medium | 6.5 | 6.5 | 2mo ago | Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client | |||
| CVE-2026-4964 | medium | 6.5 | 6.5 | 2mo ago | A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the comp… | |||
| CVE-2026-4958 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the com… | |||
| CVE-2026-33693 | medium | 6.5 | 6.5 | 2mo ago | Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() | |||
| CVE-2026-4825 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of… | |||
| CVE-2026-32541 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premm… | |||
| CVE-2026-32535 | medium | 6.5 | 6.5 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS … | |||
| CVE-2026-32533 | medium | 6.5 | 6.5 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: f… | |||
| CVE-2026-32527 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control … | |||
| CVE-2026-32514 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= … | |||
| CVE-2026-32483 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Emai… | |||
| CVE-2026-27046 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through… | |||
| CVE-2026-25469 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Via… | |||
| CVE-2026-25465 | medium | 6.5 | 6.5 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affe… | |||
| CVE-2026-25455 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect… | |||
| CVE-2026-25454 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1. | |||
| CVE-2026-25430 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Se… | |||
| CVE-2026-25390 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n… | |||
| CVE-2026-25365 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a t… | |||
| CVE-2026-25339 | medium | 6.5 | 6.5 | 2mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms:… | |||
| CVE-2026-25327 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects … | |||
| CVE-2026-25034 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: fr… | |||
| CVE-2026-24987 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a thr… | |||
| CVE-2026-24376 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from … | |||
| CVE-2026-23972 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |||
| CVE-2026-3119 | medium | 6.5 | 6.5 | 2mo ago | Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction sig… | |||
| CVE-2026-28863 | medium | 6.5 | 6.5 | 3mo ago | visionOS 26.4 | |||
| CVE-2026-20657 | medium | 6.5 | 6.5 | 3mo ago | visionOS 26.4 | |||
| CVE-2026-33658 | medium | 6.5 | 6.5 | 3mo ago | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte … | |||
| CVE-2026-4778 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. T… | |||
| CVE-2026-4777 | medium | 6.5 | 6.5 | 3mo ago | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulat… | |||
| CVE-2026-4749 | medium | 6.5 | 6.5 | 3mo ago | NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0. | |||
| CVE-2026-31849 | medium | 6.5 | 6.5 | 3mo ago | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a … | |||
| CVE-2026-31846 | medium | 6.5 | 6.5 | 3mo ago | Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device informa… | |||
| CVE-2026-4572 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request … | |||
| CVE-2026-4571 | medium | 6.5 | 6.5 | 3mo ago | A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP P… | |||
| CVE-2026-4569 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manip… | |||
| CVE-2026-4568 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulati… | |||
| CVE-2026-32896 | medium | 6.5 | 6.5 | 3mo ago | OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) | |||
| CVE-2026-32663 | medium | 6.5 | 6.5 | 3mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-27649 | medium | 6.5 | 6.5 | 3mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-32941 | medium | 6.5 | 6.5 | 3mo ago | Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver | |||
| CVE-2026-32889 | medium | 6.5 | 6.5 | 3mo ago | Denial of service via non-terminating SYLT frame parsing loop in tinytag | |||
| CVE-2026-32022 | medium | 6.5 | 6.5 | 3mo ago | OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass) | |||
| CVE-2026-4426 | medium | 6.5 | 6.5 | 3mo ago | libarchive vulnerabilities | |||
| CVE-2026-27397 | medium | 6.5 | 6.5 | 3mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This is… | |||
| CVE-2026-0708 | medium | 6.5 | 6.5 | 3mo ago | A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can… | |||
| CVE-2026-28522 | medium | 6.5 | 6.5 | 3mo ago | arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP p… | |||
| CVE-2026-32451 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a th… | |||
| CVE-2026-32398 | medium | 6.5 | 6.5 | 3mo ago | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This… | |||
| CVE-2026-2673 | medium | 6.5 | 6.5 | 3mo ago | Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword.… | |||
| CVE-2026-32237 | medium | 6.5 | 6.5 | 3mo ago | @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint | |||
| CVE-2026-21670 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | |||
| CVE-2026-21668 | medium | 6.5 | 6.5 | 3mo ago | A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | |||
| CVE-2026-3954 | medium | 6.5 | 6.5 | 3mo ago | A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the ar… | |||
| CVE-2026-1471 | medium | 6.5 | 6.5 | 3mo ago | Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after resta… | |||
| CVE-2026-3784 | medium | 6.5 | 6.5 | 3mo ago | curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a … | |||
| CVE-2026-30973 | medium | 6.5 | 6.5 | 3mo ago | @appium/support has a Zip Slip arbitrary file write in its ZIP extraction | |||
| CVE-2026-3816 | medium | 6.5 | 6.5 | 3mo ago | A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderPa… |