CVEs from 2026
Total
14,770
critical
critical 1,335
high
high 5,012
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4496 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of th… | |||
| CVE-2026-1005 | medium | 5.3 | 5.3 | 3mo ago | Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authenticati… | |||
| CVE-2026-28070 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2. | |||
| CVE-2026-33221 | medium | 5.3 | 5.3 | 3mo ago | Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-… | |||
| CVE-2026-32565 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Rel… | |||
| CVE-2026-2575 | medium | 5.3 | 5.3 | 3mo ago | A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding.… | |||
| CVE-2026-32586 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooC… | |||
| CVE-2026-4216 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. … | |||
| CVE-2026-4199 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command inj… | |||
| CVE-2026-4198 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command inj… | |||
| CVE-2026-32438 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education:… | |||
| CVE-2026-32437 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= … | |||
| CVE-2026-32436 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a throu… | |||
| CVE-2026-32435 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4… | |||
| CVE-2026-32434 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4. | |||
| CVE-2026-32427 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from … | |||
| CVE-2026-32421 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a throu… | |||
| CVE-2026-32413 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager… | |||
| CVE-2026-32410 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Cu… | |||
| CVE-2026-32409 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects F… | |||
| CVE-2026-32404 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor:… | |||
| CVE-2026-32397 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through … | |||
| CVE-2026-32396 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13. | |||
| CVE-2026-32395 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2026-32383 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2. | |||
| CVE-2026-32347 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe… | |||
| CVE-2026-32346 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through… | |||
| CVE-2026-32345 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from… | |||
| CVE-2026-32332 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9. | |||
| CVE-2026-31916 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post S… | |||
| CVE-2026-31915 | medium | 5.3 | 5.3 | 3mo ago | Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6. | |||
| CVE-2026-23943 | medium | 5.3 | 5.3 | 3mo ago | Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advert… | |||
| CVE-2026-4016 | medium | 5.3 | 5.3 | 3mo ago | A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipula… | |||
| CVE-2026-4015 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lea… | |||
| CVE-2026-3994 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File… | |||
| CVE-2026-3979 | medium | 5.3 | 5.3 | 3mo ago | A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local… | |||
| CVE-2026-3964 | medium | 5.3 | 5.3 | 3mo ago | A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the ar… | |||
| CVE-2026-3959 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The … | |||
| CVE-2026-2742 | medium | 5.3 | 5.3 | 3mo ago | Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash | |||
| CVE-2026-3713 | medium | 5.3 | 5.3 | 3mo ago | A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of … | |||
| CVE-2026-3707 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_h… | |||
| CVE-2026-3675 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation… | |||
| CVE-2026-3674 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipula… | |||
| CVE-2026-3670 | medium | 5.3 | 5.3 | 3mo ago | A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The… | |||
| CVE-2026-3669 | medium | 5.3 | 5.3 | 3mo ago | A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authori… | |||
| CVE-2026-3667 | medium | 5.3 | 5.3 | 3mo ago | A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation resul… | |||
| CVE-2026-28132 | medium | 5.3 | 5.3 | 3mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects … | |||
| CVE-2026-2896 | medium | 5.3 | 5.3 | 4mo ago | funadmin has Incorrect Privilege Assignment in its Configuration Handler | |||
| CVE-2026-2851 | medium | 5.3 | 5.3 | 4mo ago | A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repo… | |||
| CVE-2026-27066 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Securit… | |||
| CVE-2026-25370 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a … | |||
| CVE-2026-25006 | medium | 5.3 | 5.3 | 4mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4. | |||
| CVE-2026-23548 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a … | |||
| CVE-2026-23543 | medium | 5.3 | 5.3 | 4mo ago | Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issu… | |||
| CVE-2026-2672 | medium | 5.3 | 5.3 | 4mo ago | A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Pe… | |||
| CVE-2026-22796 | medium | 5.3 | 5.3 | 4mo ago | Important: openssl security update | |||
| CVE-2026-24633 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue … | |||
| CVE-2026-24619 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2026-24615 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a thro… | |||
| CVE-2026-24613 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |||
| CVE-2026-24612 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <=… | |||
| CVE-2026-24607 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a… | |||
| CVE-2026-24606 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: … | |||
| CVE-2026-24604 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… | |||
| CVE-2026-24603 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Lev… | |||
| CVE-2026-24583 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This i… | |||
| CVE-2026-24577 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a th… | |||
| CVE-2026-24568 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0. | |||
| CVE-2026-24562 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product R… | |||
| CVE-2026-24559 | medium | 5.3 | 5.3 | 5mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration … | |||
| CVE-2026-24556 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.… | |||
| CVE-2026-24539 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección … | |||
| CVE-2026-24536 | medium | 5.3 | 5.3 | 5mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affect… | |||
| CVE-2026-24530 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a t… | |||
| CVE-2026-24525 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: fro… | |||
| CVE-2026-24523 | medium | 5.3 | 5.3 | 5mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue aff… | |||
| CVE-2026-24380 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime:… | |||
| CVE-2026-24368 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | |||
| CVE-2026-24366 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2026-23974 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5. | |||
| CVE-2026-22469 | medium | 5.3 | 5.3 | 5mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a throu… | |||
| CVE-2026-22447 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1. | |||
| CVE-2026-22445 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a throu… | |||
| CVE-2026-22348 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Co… | |||
| CVE-2026-1196 | medium | 5.3 | 5.3 | 5mo ago | MineAdmin May Expose Sensitive Information to an Unauthorized Actor | |||
| CVE-2026-22486 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9. | |||
| CVE-2026-40001 | medium | 5.2 | 5.2 | 1mo ago | There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traver… | |||
| CVE-2026-42077 | medium | 5.2 | 5.2 | 1mo ago | Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations | |||
| CVE-2026-41662 | medium | 5.2 | 5.2 | 1mo ago | Admidio Missing Minimum Administrator Check in Role Membership Removal | |||
| CVE-2026-35244 | medium | 5.2 | 5.2 | 2mo ago | Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.24.0.000. Easily exploita… | |||
| CVE-2026-3503 | medium | 5.2 | 5.2 | 3mo ago | Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cry… | |||
| CVE-2026-11276 | medium | 5.1 | 5.1 | 3d ago | Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. (Ch… | |||
| CVE-2026-47271 | medium | 5.1 | 5.1 | 11d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(dat… | |||
| CVE-2026-2607 | medium | 5.1 | 5.1 | 11d ago | IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied M… | |||
| CVE-2026-8672 | medium | 5.1 | 5.1 | 16d ago | Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0. | |||
| CVE-2026-5091 | medium | 5.1 | 5.1 | 17d ago | Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess… | |||
| CVE-2026-23868 | medium | 5.1 | 5.1 | 20d ago | Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult b… | |||
| CVE-2026-42371 | medium | 5.1 | 5.1 | 1mo ago | uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | |||
| CVE-2026-40337 | medium | 5.1 | 5.1 | 2mo ago | The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task… | |||
| CVE-2026-6654 | medium | 5.1 | 5.1 | 2mo ago | Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. |