CVEs from 2026
Total
14,137
critical
critical 1,247
high
high 4,698
medium
medium 4,485
low
low 492
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34926 | medium | 6.7 | 8.2 | 14d ago | Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl… | |||
| CVE-2026-32201 | medium | 6.5 | 8.0 | 2mo ago | Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-44376 | medium | 6.1 | 7.1 | 22d ago | CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.p… | |||
| CVE-2026-46361 | medium | 6.9 | 6.9 | 20d ago | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protect… | |||
| CVE-2026-6815 | medium | 5.9 | 6.9 | 24d ago | An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo… | |||
| CVE-2026-25210 | medium | 6.9 | 6.9 | 4mo ago | In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. | |||
| CVE-2026-0086 | medium | 6.8 | 6.8 | 3d ago | In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execu… | |||
| CVE-2026-0048 | medium | 6.8 | 6.8 | 3d ago | In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no addition… | |||
| CVE-2026-45810 | medium | 6.8 | 6.8 | 3d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticate… | |||
| CVE-2026-40510 | medium | 6.8 | 6.8 | 6d ago | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trig… | |||
| CVE-2026-9802 | medium | 6.8 | 6.8 | 7d ago | A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, w… | |||
| CVE-2026-9673 | medium | 6.8 | 6.8 | 7d ago | Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV fil… | |||
| CVE-2026-48545 | medium | 6.8 | 6.8 | 8d ago | Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across… | |||
| CVE-2026-44707 | medium | 6.8 | 6.8 | 9d ago | Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enf… | |||
| CVE-2026-39311 | medium | 6.8 | 6.8 | 15d ago | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S… | |||
| CVE-2026-20171 | medium | 6.8 | 6.8 | 15d ago | A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow a… | |||
| CVE-2026-45585 | medium | 6.8 | 6.8 | 16d ago | Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coor… | |||
| CVE-2026-35593 | medium | 6.8 | 6.8 | 16d ago | Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al… | |||
| CVE-2026-33741 | medium | 6.8 | 6.8 | 16d ago | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later… | |||
| CVE-2026-4630 | medium | 6.8 | 6.8 | 16d ago | A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtai… | |||
| CVE-2026-37982 | medium | 6.8 | 6.8 | 16d ago | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercep… | |||
| CVE-2026-41119 | medium | 6.8 | 6.8 | 17d ago | Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leadi… | |||
| CVE-2026-41970 | medium | 6.8 | 6.8 | 20d ago | Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-6008 | medium | 6.8 | 6.8 | 21d ago | Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. … | |||
| CVE-2026-44467 | medium | 6.8 | 6.8 | 22d ago | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development fea… | |||
| CVE-2026-36742 | medium | 6.8 | 6.8 | 22d ago | Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode). | |||
| CVE-2026-36738 | medium | 6.8 | 6.8 | 22d ago | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control me… | |||
| CVE-2026-24464 | medium | 6.8 | 6.8 | 22d ago | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cros… | |||
| CVE-2026-21021 | medium | 6.8 | 6.8 | 22d ago | Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity. | |||
| CVE-2026-44305 | medium | 6.8 | 6.8 | 23d ago | Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled | |||
| CVE-2026-45026 | medium | 6.8 | 6.8 | 24d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the … | |||
| CVE-2026-45025 | medium | 6.8 | 6.8 | 24d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the … | |||
| CVE-2026-42312 | medium | 6.8 | 6.8 | 24d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates … | |||
| CVE-2026-1749 | medium | 6.8 | 6.8 | 26d ago | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | |||
| CVE-2026-42291 | medium | 6.8 | 6.8 | 27d ago | SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au… | |||
| CVE-2026-40003 | medium | 6.8 | 6.8 | 29d ago | ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any … | |||
| CVE-2026-6863 | medium | 6.8 | 6.8 | 29d ago | Velocidex Velociraptor has an Incorrect Authorization issue | |||
| CVE-2026-43901 | medium | 6.8 | 6.8 | 1mo ago | wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured | |||
| CVE-2026-42194 | medium | 6.8 | 6.8 | 1mo ago | Admidio has an incomplete fix for CVE-2026-32812 (SSRF) | |||
| CVE-2026-43875 | medium | 6.8 | 6.8 | 1mo ago | AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover | |||
| CVE-2026-40934 | medium | 6.8 | 6.8 | 1mo ago | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt… | |||
| CVE-2026-41671 | medium | 6.8 | 6.8 | 1mo ago | Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation | |||
| CVE-2026-0205 | medium | 6.8 | 6.8 | 1mo ago | A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. | |||
| CVE-2026-0711 | medium | 6.8 | 6.8 | 1mo ago | A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with a… | |||
| CVE-2026-32649 | medium | 6.8 | 6.8 | 1mo ago | A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras. | |||
| CVE-2026-40970 | medium | 6.8 | 6.8 | 1mo ago | Spring Boot's Elasticsearch auto-configuration doesn't perform hostname verification when connecting to the Elasticsearch server. | |||
| CVE-2026-28525 | medium | 6.8 | 6.8 | 1mo ago | SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTT… | |||
| CVE-2026-34314 | medium | 6.8 | 6.8 | 1mo ago | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected ar… | |||
| CVE-2026-40574 | medium | 6.8 | 6.8 | 1mo ago | OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims | |||
| CVE-2026-40500 | medium | 6.8 | 6.8 | 2mo ago | ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature | |||
| CVE-2026-32223 | medium | 6.8 | 6.8 | 2mo ago | Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. | |||
| CVE-2026-32202 | medium | 4.3 | 6.8 | 2mo ago | Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-32567 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Y… | |||
| CVE-2026-32496 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue af… | |||
| CVE-2026-25328 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traver… | |||
| CVE-2026-2741 | medium | 6.8 | 6.8 | 3mo ago | Vaadin: Specially crafted ZIP archives can escape the intended extraction directory | |||
| CVE-2026-10805 | medium | 6.7 | 6.7 | 9h ago | A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A lo… | |||
| CVE-2026-20453 | medium | 6.7 | 6.7 | 3d ago | In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. U… | |||
| CVE-2026-48065 | medium | 6.7 | 6.7 | 8d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evalu… | |||
| CVE-2026-44076 | medium | 6.7 | 6.7 | 14d ago | Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path. | |||
| CVE-2026-35070 | medium | 6.7 | 6.7 | 15d ago | Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w… | |||
| CVE-2026-42919 | medium | 6.7 | 6.7 | 22d ago | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a secur… | |||
| CVE-2026-21018 | medium | 6.7 | 6.7 | 22d ago | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code. | |||
| CVE-2026-41097 | medium | 6.7 | 6.7 | 23d ago | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-32170 | medium | 6.7 | 6.7 | 23d ago | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-21530 | medium | 6.7 | 6.7 | 23d ago | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40638 | medium | 6.7 | 6.7 | 23d ago | Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this v… | |||
| CVE-2026-26946 | medium | 6.7 | 6.7 | 24d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local acce… | |||
| CVE-2026-42176 | medium | 6.7 | 6.7 | 27d ago | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to… | |||
| CVE-2026-20451 | medium | 6.7 | 6.7 | 1mo ago | In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti… | |||
| CVE-2026-20448 | medium | 6.7 | 6.7 | 1mo ago | In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System priv… | |||
| CVE-2026-20447 | medium | 6.7 | 6.7 | 1mo ago | In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privileg… | |||
| CVE-2026-25852 | medium | 6.7 | 6.7 | 1mo ago | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. | |||
| CVE-2026-7280 | medium | 6.7 | 6.7 | 1mo ago | AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitra… | |||
| CVE-2026-40977 | medium | 6.7 | 6.7 | 1mo ago | Spring Boot's PID file write follows symlinks at predictable default path | |||
| CVE-2026-41360 | medium | 6.7 | 6.7 | 1mo ago | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scri… | |||
| CVE-2026-35154 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper … | |||
| CVE-2026-26951 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflo… | |||
| CVE-2026-35153 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-35074 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-35073 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-35072 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-32176 | medium | 6.7 | 6.7 | 2mo ago | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32167 | medium | 6.7 | 6.7 | 2mo ago | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-0390 | medium | 6.7 | 6.7 | 2mo ago | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-4105 | medium | 6.7 | 6.7 | 3mo ago | A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop… | |||
| CVE-2026-21422 | medium | 6.7 | 6.7 | 3mo ago | Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentiall… | |||
| CVE-2026-22341 | medium | 6.7 | 6.7 | 3mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0. | |||
| CVE-2026-48919 | medium | 6.6 | 6.6 | 8d ago | Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation. | |||
| CVE-2026-48918 | medium | 6.6 | 6.6 | 8d ago | Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default. | |||
| CVE-2026-48917 | medium | 6.6 | 6.6 | 8d ago | Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation. | |||
| CVE-2026-48916 | medium | 6.6 | 6.6 | 8d ago | Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals. | |||
| CVE-2026-27768 | medium | 6.6 | 6.6 | 10d ago | SQL Injection affecting the Access Manager role. | |||
| CVE-2026-6366 | medium | 6.6 | 6.6 | 16d ago | Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "gadget chain" presents no direct threat, but is a … | |||
| CVE-2026-34216 | medium | 6.6 | 6.6 | 16d ago | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied requ… | |||
| CVE-2026-20905 | medium | 6.6 | 6.6 | 23d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an… | |||
| CVE-2026-20782 | medium | 6.6 | 6.6 | 23d ago | Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenti… | |||
| CVE-2026-20717 | medium | 6.6 | 6.6 | 23d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |||
| CVE-2026-35255 | medium | 6.6 | 6.6 | 29d ago | Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability… | |||
| CVE-2026-42510 | medium | 6.6 | 6.6 | 1mo ago | OpenStack Ironic is Vulnerable to Inclusion of Functionality from Untrusted Control Sphere |