CVEs from 2026
Total
14,769
critical
critical 1,335
high
high 5,011
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40431 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication… | |||
| CVE-2026-23865 | medium | 5.3 | 5.3 | 2mo ago | OpenJDK 17 vulnerabilities | |||
| CVE-2026-41354 | medium | 5.3 | 5.3 | 2mo ago | OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders | |||
| CVE-2026-41351 | medium | 5.3 | 5.3 | 2mo ago | OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding | |||
| CVE-2026-41345 | medium | 5.3 | 5.3 | 2mo ago | OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by… | |||
| CVE-2026-41343 | medium | 5.3 | 5.3 | 2mo ago | OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification | |||
| CVE-2026-41337 | medium | 5.3 | 5.3 | 2mo ago | OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection | |||
| CVE-2026-41335 | medium | 5.3 | 5.3 | 2mo ago | OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability | |||
| CVE-2026-41332 | medium | 5.3 | 5.3 | 2mo ago | OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override | |||
| CVE-2026-2708 | medium | 5.3 | 5.3 | 2mo ago | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each hea… | |||
| CVE-2026-40894 | medium | 5.3 | 5.3 | 2mo ago | OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers | |||
| CVE-2026-40891 | medium | 5.3 | 5.3 | 2mo ago | OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling | |||
| CVE-2026-41182 | medium | 5.3 | 5.3 | 2mo ago | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redacti… | |||
| CVE-2026-35345 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continue… | |||
| CVE-2026-35061 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | |||
| CVE-2026-33093 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | |||
| CVE-2026-32648 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device. | |||
| CVE-2026-6491 | medium | 5.3 | 5.3 | 2mo ago | A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such… | |||
| CVE-2026-24749 | medium | 5.3 | 5.3 | 2mo ago | Silverstripe Assets Module has a DBFile::getURL() permission bypass | |||
| CVE-2026-40778 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: … | |||
| CVE-2026-40742 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: fr… | |||
| CVE-2026-28421 | medium | 5.3 | 5.3 | 2mo ago | Important: vim security update | |||
| CVE-2026-33829 | medium | 4.3 | 5.3 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-6219 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulati… | |||
| CVE-2026-33551 | medium | 5.3 | 5.3 | 2mo ago | An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application… | |||
| CVE-2026-5504 | medium | 5.3 | 5.3 | 2mo ago | A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfS… | |||
| CVE-2026-5772 | medium | 5.3 | 5.3 | 2mo ago | A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * e… | |||
| CVE-2026-5833 | medium | 5.3 | 5.3 | 2mo ago | awwaiid mcp-server-taskwarrior vulnerable to command injection | |||
| CVE-2026-5890 | medium | 5.3 | 5.3 | 2mo ago | Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severit… | |||
| CVE-2026-39716 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8. | |||
| CVE-2026-39713 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly … | |||
| CVE-2026-39712 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a th… | |||
| CVE-2026-39706 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a throug… | |||
| CVE-2026-39704 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access C… | |||
| CVE-2026-39701 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | |||
| CVE-2026-39700 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32. | |||
| CVE-2026-39698 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects T… | |||
| CVE-2026-39697 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-39694 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Si… | |||
| CVE-2026-39689 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from … | |||
| CVE-2026-39688 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profil… | |||
| CVE-2026-39687 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rap… | |||
| CVE-2026-39686 | medium | 5.3 | 5.3 | 2mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PD… | |||
| CVE-2026-39682 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: fr… | |||
| CVE-2026-39680 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet … | |||
| CVE-2026-39678 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sy… | |||
| CVE-2026-39676 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a… | |||
| CVE-2026-39675 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from… | |||
| CVE-2026-39672 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… | |||
| CVE-2026-39669 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3. | |||
| CVE-2026-39664 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2. | |||
| CVE-2026-39662 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security … | |||
| CVE-2026-39658 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pand… | |||
| CVE-2026-39657 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n… | |||
| CVE-2026-39652 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: fro… | |||
| CVE-2026-39650 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: … | |||
| CVE-2026-39648 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7. | |||
| CVE-2026-39644 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from… | |||
| CVE-2026-39628 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <… | |||
| CVE-2026-39626 | medium | 5.3 | 5.3 | 2mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | |||
| CVE-2026-39624 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3. | |||
| CVE-2026-39616 | medium | 5.3 | 5.3 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue… | |||
| CVE-2026-39612 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9. | |||
| CVE-2026-39609 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0… | |||
| CVE-2026-39605 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: fro… | |||
| CVE-2026-39602 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a thr… | |||
| CVE-2026-39585 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booktics: from n/a through 1.0.16. | |||
| CVE-2026-39563 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a th… | |||
| CVE-2026-39561 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7. | |||
| CVE-2026-39535 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display… | |||
| CVE-2026-39520 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18. | |||
| CVE-2026-39365 | medium | 5.3 | 5.3 | 2mo ago | Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling | |||
| CVE-2026-35484 | medium | 5.3 | 5.3 | 2mo ago | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file o… | |||
| CVE-2026-5621 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulatio… | |||
| CVE-2026-5619 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipu… | |||
| CVE-2026-5603 | medium | 5.3 | 5.3 | 2mo ago | @elgentos/magento2-dev-mcp vulnerable to command injection | |||
| CVE-2026-5602 | medium | 5.3 | 5.3 | 2mo ago | @nor2/heim-mcp vulnerable to command injection | |||
| CVE-2026-5527 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Pr… | |||
| CVE-2026-3184 | medium | 5.3 | 5.3 | 2mo ago | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A … | |||
| CVE-2026-5342 | medium | 5.3 | 5.3 | 2mo ago | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipu… | |||
| CVE-2026-5323 | medium | 5.3 | 5.3 | 2mo ago | a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function | |||
| CVE-2026-5236 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of t… | |||
| CVE-2026-5235 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation … | |||
| CVE-2026-5215 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72… | |||
| CVE-2026-5186 | medium | 5.3 | 5.3 | 2mo ago | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation cause… | |||
| CVE-2026-5185 | medium | 5.3 | 5.3 | 2mo ago | A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipula… | |||
| CVE-2026-5125 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument gi… | |||
| CVE-2026-5023 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the … | |||
| CVE-2026-5007 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulatio… | |||
| CVE-2026-27860 | medium | 5.3 | 5.3 | 2mo ago | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure… | |||
| CVE-2026-27859 | medium | 5.3 | 5.3 | 2mo ago | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU … | |||
| CVE-2026-0394 | medium | 5.3 | 5.3 | 2mo ago | Dovecot regression | |||
| CVE-2026-2100 | medium | 5.3 | 5.3 | 2mo ago | A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters se… | |||
| CVE-2026-32497 | medium | 5.3 | 5.3 | 2mo ago | Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45. | |||
| CVE-2026-32492 | medium | 5.3 | 5.3 | 2mo ago | Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1. | |||
| CVE-2026-28838 | medium | 5.3 | 5.3 | 3mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-4733 | medium | 5.3 | 5.3 | 3mo ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | |||
| CVE-2026-28809 | medium | 5.3 | 5.3 | 3mo ago | esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages | |||
| CVE-2026-4603 | medium | 5.3 | 5.3 | 3mo ago | jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations | |||
| CVE-2026-4530 | medium | 5.3 | 5.3 | 3mo ago | A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument D… |