CVEs from 2026
Total
14,770
critical
critical 1,335
high
high 5,012
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32510 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3. | |||
| CVE-2026-32509 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4. | |||
| CVE-2026-32508 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8. | |||
| CVE-2026-32507 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4. | |||
| CVE-2026-32506 | medium | 5.4 | 5.4 | 2mo ago | Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7. | |||
| CVE-2026-3591 | medium | 5.4 | 5.4 | 2mo ago | A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperl… | |||
| CVE-2026-4626 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to c… | |||
| CVE-2026-4596 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to… | |||
| CVE-2026-4542 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the ar… | |||
| CVE-2026-33331 | medium | 5.4 | 5.4 | 3mo ago | oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI d… | |||
| CVE-2026-4324 | medium | 5.4 | 5.4 | 3mo ago | Katello: Denial of Service and potential information disclosure via SQL injection | |||
| CVE-2026-32587 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2… | |||
| CVE-2026-32417 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9. | |||
| CVE-2026-32391 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4. | |||
| CVE-2026-32388 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2. | |||
| CVE-2026-32331 | medium | 5.4 | 5.4 | 3mo ago | Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.… | |||
| CVE-2026-23942 | medium | 5.4 | 5.4 | 3mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program fil… | |||
| CVE-2026-2376 | medium | 5.4 | 5.4 | 3mo ago | A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the applicat… | |||
| CVE-2026-30964 | medium | 5.4 | 5.4 | 3mo ago | Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation | |||
| CVE-2026-3819 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Manageme… | |||
| CVE-2026-3766 | medium | 5.4 | 5.4 | 3mo ago | A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the… | |||
| CVE-2026-3761 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing … | |||
| CVE-2026-3743 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site script… | |||
| CVE-2026-3742 | medium | 5.4 | 5.4 | 3mo ago | A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in cro… | |||
| CVE-2026-3741 | medium | 5.4 | 5.4 | 3mo ago | A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads… | |||
| CVE-2026-3721 | medium | 5.4 | 5.4 | 3mo ago | A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/doma… | |||
| CVE-2026-3720 | medium | 5.4 | 5.4 | 3mo ago | A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-fo… | |||
| CVE-2026-27411 | medium | 5.4 | 5.4 | 3mo ago | Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9. | |||
| CVE-2026-24351 | medium | 5.4 | 5.4 | 3mo ago | PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visi… | |||
| CVE-2026-24350 | medium | 5.4 | 5.4 | 3mo ago | PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks th… | |||
| CVE-2026-3171 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipu… | |||
| CVE-2026-3050 | medium | 5.4 | 5.4 | 3mo ago | A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argumen… | |||
| CVE-2026-2972 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.… | |||
| CVE-2026-2947 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component U… | |||
| CVE-2026-2946 | medium | 5.4 | 5.4 | 4mo ago | A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java o… | |||
| CVE-2026-2864 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.j… | |||
| CVE-2026-2863 | medium | 5.4 | 5.4 | 4mo ago | A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java… | |||
| CVE-2026-2622 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/Articl… | |||
| CVE-2026-2557 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation r… | |||
| CVE-2026-2551 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the a… | |||
| CVE-2026-2224 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argume… | |||
| CVE-2026-2201 | medium | 5.4 | 5.4 | 4mo ago | A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanage… | |||
| CVE-2026-2145 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipul… | |||
| CVE-2026-2064 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such … | |||
| CVE-2026-1700 | medium | 5.4 | 5.4 | 4mo ago | A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message caus… | |||
| CVE-2026-1598 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Informatio… | |||
| CVE-2026-1489 | medium | 5.4 | 5.4 | 4mo ago | A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode st… | |||
| CVE-2026-1421 | medium | 5.4 | 5.4 | 4mo ago | A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. The attack … | |||
| CVE-2026-24631 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: fro… | |||
| CVE-2026-24622 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolk… | |||
| CVE-2026-24595 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: fro… | |||
| CVE-2026-24587 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX… | |||
| CVE-2026-24581 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-24570 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a thro… | |||
| CVE-2026-24561 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a… | |||
| CVE-2026-24560 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2026-24551 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official P… | |||
| CVE-2026-24548 | medium | 5.4 | 5.4 | 5mo ago | Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91. | |||
| CVE-2026-24540 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate G… | |||
| CVE-2026-24384 | medium | 5.4 | 5.4 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from … | |||
| CVE-2026-24381 | medium | 5.4 | 5.4 | 5mo ago | Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2. | |||
| CVE-2026-24374 | medium | 5.4 | 5.4 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects Registrati… | |||
| CVE-2026-24365 | medium | 5.4 | 5.4 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce… | |||
| CVE-2026-22430 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: fro… | |||
| CVE-2026-22426 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet J… | |||
| CVE-2026-22400 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n… | |||
| CVE-2026-22398 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a … | |||
| CVE-2026-22396 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: … | |||
| CVE-2026-22393 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a … | |||
| CVE-2026-22391 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a … | |||
| CVE-2026-1154 | medium | 5.4 | 5.4 | 5mo ago | A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipul… | |||
| CVE-2026-1151 | medium | 5.4 | 5.4 | 5mo ago | A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross s… | |||
| CVE-2026-1147 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manip… | |||
| CVE-2026-1146 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/api_register_pa… | |||
| CVE-2026-1106 | medium | 5.4 | 5.4 | 5mo ago | A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Co… | |||
| CVE-2026-1049 | medium | 5.4 | 5.4 | 5mo ago | A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cro… | |||
| CVE-2026-1048 | medium | 5.4 | 5.4 | 5mo ago | A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. This manipulation of the argument TicketID causes cross … | |||
| CVE-2026-0587 | medium | 5.4 | 5.4 | 5mo ago | A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the … | |||
| CVE-2026-11458 | medium | 5.3 | 5.3 | 13h ago | A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Ac… | |||
| CVE-2026-9016 | medium | 5.3 | 5.3 | 2d ago | The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due … | |||
| CVE-2026-8839 | medium | 5.3 | 5.3 | 2d ago | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership v… | |||
| CVE-2026-8502 | medium | 5.3 | 5.3 | 2d ago | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'retu… | |||
| CVE-2026-7792 | medium | 5.3 | 5.3 | 2d ago | The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to an… | |||
| CVE-2026-7665 | medium | 5.3 | 5.3 | 2d ago | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_mor… | |||
| CVE-2026-8608 | medium | 5.3 | 5.3 | 2d ago | The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is du… | |||
| CVE-2026-50233 | medium | 5.3 | 5.3 | 2d ago | Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonr… | |||
| CVE-2026-50589 | medium | 5.3 | 5.3 | 3d ago | In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash. | |||
| CVE-2026-11246 | medium | 5.3 | 5.3 | 3d ago | Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a c… | |||
| CVE-2026-11174 | medium | 5.3 | 5.3 | 3d ago | Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML p… | |||
| CVE-2026-11004 | medium | 5.3 | 5.3 | 3d ago | Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory … | |||
| CVE-2026-46739 | medium | 5.3 | 5.3 | 3d ago | Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional st… | |||
| CVE-2026-47707 | medium | 5.3 | 5.3 | 3d ago | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effe… | |||
| CVE-2026-47706 | medium | 5.3 | 5.3 | 3d ago | Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detecti… | |||
| CVE-2026-49077 | medium | 5.3 | 5.3 | 3d ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from… | |||
| CVE-2026-10597 | medium | 5.3 | 5.3 | 4d ago | OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address. | |||
| CVE-2026-26825 | medium | 5.3 | 5.3 | 4d ago | A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory origi… | |||
| CVE-2026-8404 | medium | 5.3 | 5.3 | 4d ago | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive… | |||
| CVE-2026-48587 | medium | 5.3 | 5.3 | 4d ago | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header va… | |||
| CVE-2026-44545 | medium | 5.3 | 5.3 | 4d ago | daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote a… | |||
| CVE-2026-5078 | medium | 5.3 | 5.3 | 5d ago | Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characte… |