CVEs from 2026
Total
14,539
critical
critical 1,284
high
high 4,929
medium
medium 4,658
low
low 502
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 558
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6256 | medium | 6.4 | 6.4 | 24d ago | The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficie… | |||
| CVE-2026-6247 | medium | 6.4 | 6.4 | 24d ago | The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due… | |||
| CVE-2026-6237 | medium | 6.4 | 6.4 | 24d ago | The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient inp… | |||
| CVE-2026-5715 | medium | 6.4 | 6.4 | 24d ago | The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insuffic… | |||
| CVE-2026-5340 | medium | 6.4 | 6.4 | 24d ago | The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input … | |||
| CVE-2026-4920 | medium | 6.4 | 6.4 | 24d ago | The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization … | |||
| CVE-2026-4859 | medium | 6.4 | 6.4 | 24d ago | The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 du… | |||
| CVE-2026-2300 | medium | 6.4 | 6.4 | 24d ago | The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. This is due to the use of regex-base… | |||
| CVE-2026-41591 | medium | 6.4 | 6.4 | 28d ago | Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping | |||
| CVE-2026-7650 | medium | 6.4 | 6.4 | 28d ago | The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode in all versions up to, and includi… | |||
| CVE-2026-7475 | medium | 6.4 | 6.4 | 28d ago | The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sky-custom-scripts` custom post type in all versions up to, and including, 3.3.2. This is due to the custom p… | |||
| CVE-2026-5341 | medium | 6.4 | 6.4 | 28d ago | The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `strava_nmr_connect` shortcode in all versions up to, and including, 1.0.14 due to insuffi… | |||
| CVE-2026-20169 | medium | 6.4 | 6.4 | 1mo ago | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a r… | |||
| CVE-2026-7457 | medium | 6.4 | 6.4 | 1mo ago | The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profi… | |||
| CVE-2026-6672 | medium | 6.4 | 6.4 | 1mo ago | The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to… | |||
| CVE-2026-43876 | medium | 6.4 | 6.4 | 1mo ago | AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to Channel Subscribers | |||
| CVE-2026-5159 | medium | 6.4 | 6.4 | 1mo ago | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, … | |||
| CVE-2026-4665 | medium | 6.4 | 6.4 | 1mo ago | The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, 2.7.10. This is due to the … | |||
| CVE-2026-2948 | medium | 6.4 | 6.4 | 1mo ago | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() fun… | |||
| CVE-2026-6255 | medium | 6.4 | 6.4 | 1mo ago | The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owls_wrapper' shortcode in all versions up to, and including, 2.1.1 due to … | |||
| CVE-2026-5505 | medium | 6.4 | 6.4 | 1mo ago | The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sani… | |||
| CVE-2026-4730 | medium | 6.4 | 6.4 | 1mo ago | The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'chartid' shortcode attribute in all v… | |||
| CVE-2026-2868 | medium | 6.4 | 6.4 | 1mo ago | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and includi… | |||
| CVE-2026-0703 | medium | 6.4 | 6.4 | 1mo ago | The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all versions up to, and includ… | |||
| CVE-2026-6916 | medium | 6.4 | 6.4 | 1mo ago | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sg_content_number_prefix' param… | |||
| CVE-2026-4658 | medium | 6.4 | 6.4 | 1mo ago | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in th… | |||
| CVE-2026-7209 | medium | 6.4 | 6.4 | 1mo ago | The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to in… | |||
| CVE-2026-6378 | medium | 6.4 | 6.4 | 1mo ago | The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to i… | |||
| CVE-2026-6127 | medium | 6.4 | 6.4 | 1mo ago | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. This is due to insufficient… | |||
| CVE-2026-41174 | medium | 6.4 | 6.4 | 1mo ago | Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding | |||
| CVE-2026-3346 | medium | 6.4 | 6.4 | 1mo ago | IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus al… | |||
| CVE-2026-4805 | medium | 6.4 | 6.4 | 1mo ago | The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundle… | |||
| CVE-2026-6809 | medium | 6.4 | 6.4 | 1mo ago | The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sa… | |||
| CVE-2026-6725 | medium | 6.4 | 6.4 | 1mo ago | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all versions up to, and incl… | |||
| CVE-2026-6551 | medium | 6.4 | 6.4 | 1mo ago | The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to,… | |||
| CVE-2026-4752 | medium | 6.4 | 6.4 | 2mo ago | Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329. | |||
| CVE-2026-24316 | medium | 6.4 | 6.4 | 3mo ago | SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnera… | |||
| CVE-2026-24309 | medium | 6.4 | 6.4 | 3mo ago | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the datab… | |||
| CVE-2026-1410 | medium | 6.4 | 6.4 | 4mo ago | A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attac… | |||
| CVE-2026-11339 | medium | 6.3 | 6.3 | 42 min ago | A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in … | |||
| CVE-2026-11336 | medium | 6.3 | 6.3 | 2h ago | A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file … | |||
| CVE-2026-11335 | medium | 6.3 | 6.3 | 3h ago | A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /… | |||
| CVE-2026-11333 | medium | 6.3 | 6.3 | 3h ago | A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unkno… | |||
| CVE-2026-11308 | medium | 6.3 | 6.3 | 18h ago | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a craf… | |||
| CVE-2026-10876 | medium | 6.3 | 6.3 | 18h ago | A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper… | |||
| CVE-2026-11187 | medium | 6.3 | 6.3 | 19h ago | Inappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11184 | medium | 6.3 | 6.3 | 19h ago | Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-11181 | medium | 6.3 | 6.3 | 19h ago | Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-10875 | medium | 6.3 | 6.3 | 19h ago | A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument… | |||
| CVE-2026-10874 | medium | 6.3 | 6.3 | 19h ago | A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument soc… | |||
| CVE-2026-5066 | medium | 6.3 | 6.3 | 21h ago | A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_… | |||
| CVE-2026-42538 | medium | 6.3 | 6.3 | 21h ago | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca… | |||
| CVE-2026-21404 | medium | 6.3 | 6.3 | 22h ago | NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can e… | |||
| CVE-2026-10815 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the com… | |||
| CVE-2026-10811 | medium | 6.3 | 6.3 | 1d ago | A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the ar… | |||
| CVE-2026-10809 | medium | 6.3 | 6.3 | 1d ago | A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the argument ID results in sql injec… | |||
| CVE-2026-10808 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argument ID leads to sql injection… | |||
| CVE-2026-10807 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of t… | |||
| CVE-2026-10806 | medium | 6.3 | 6.3 | 1d ago | A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_fi… | |||
| CVE-2026-10703 | medium | 6.3 | 6.3 | 3d ago | A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData… | |||
| CVE-2026-10693 | medium | 6.3 | 6.3 | 3d ago | A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. T… | |||
| CVE-2026-10690 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation … | |||
| CVE-2026-39107 | medium | 6.3 | 6.3 | 3d ago | A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI mo… | |||
| CVE-2026-10662 | medium | 6.3 | 6.3 | 3d ago | A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the compon… | |||
| CVE-2026-49943 | medium | 6.3 | 6.3 | 3d ago | CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-s… | |||
| CVE-2026-35716 | medium | 6.3 | 6.3 | 3d ago | A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1… | |||
| CVE-2026-35717 | medium | 6.3 | 6.3 | 3d ago | A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST… | |||
| CVE-2026-10581 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side … | |||
| CVE-2026-10568 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection.… | |||
| CVE-2026-10559 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to fil… | |||
| CVE-2026-10558 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in fi… | |||
| CVE-2026-10550 | medium | 6.3 | 6.3 | 4d ago | A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argum… | |||
| CVE-2026-10302 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the argument ID can lead to sql … | |||
| CVE-2026-10297 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It … | |||
| CVE-2026-10296 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Usernam… | |||
| CVE-2026-10286 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results in sql injection. The attack ma… | |||
| CVE-2026-10283 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote… | |||
| CVE-2026-10279 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pan… | |||
| CVE-2026-10278 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argum… | |||
| CVE-2026-10277 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP G… | |||
| CVE-2026-10276 | medium | 6.3 | 6.3 | 4d ago | A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bu… | |||
| CVE-2026-45157 | medium | 6.3 | 6.3 | 4d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of… | |||
| CVE-2026-10274 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the comp… | |||
| CVE-2026-10271 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint.… | |||
| CVE-2026-10269 | medium | 6.3 | 6.3 | 4d ago | A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The … | |||
| CVE-2026-10265 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_topic.php. Such manipulation of the argument… | |||
| CVE-2026-10258 | medium | 6.3 | 6.3 | 4d ago | A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add_sub_topic.php. This manipulation of the argument topic_id causes s… | |||
| CVE-2026-10257 | medium | 6.3 | 6.3 | 4d ago | A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update_ss_img.php. The manipulation of the argument to… | |||
| CVE-2026-10256 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save_comment.php. The manipulation of the argument Name leads to sql… | |||
| CVE-2026-25599 | medium | 6.3 | 6.3 | 4d ago | Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that ena… | |||
| CVE-2026-10242 | medium | 6.3 | 6.3 | 4d ago | A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topic_id causes sql inj… | |||
| CVE-2026-10241 | medium | 6.3 | 6.3 | 4d ago | A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the comp… | |||
| CVE-2026-10240 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side … | |||
| CVE-2026-10239 | medium | 6.3 | 6.3 | 4d ago | A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request … | |||
| CVE-2026-10235 | medium | 6.3 | 6.3 | 4d ago | A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument… | |||
| CVE-2026-10217 | medium | 6.3 | 6.3 | 5d ago | A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts_config.go of the component RoleAdmin Gateway. This manipul… | |||
| CVE-2026-10223 | medium | 6.3 | 6.3 | 5d ago | A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The a… | |||
| CVE-2026-10212 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads… | |||
| CVE-2026-10211 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py. This manipulation causes i… | |||
| CVE-2026-10210 | medium | 6.3 | 6.3 | 5d ago | A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation… |