Search

74,911 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM4.1CVE-2026-48013Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation6/4/2026
MEDIUM4.9CVE-2026-48015Shopware: Stored XSS via SVG file upload — no SVG sanitization6/4/2026
MEDIUM4.3CVE-2026-48016Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment6/4/2026
MEDIUM6.5CVE-2026-48014Shopware: Admin API ACL Bypass in Order State Transition Endpoints6/4/2026
MEDIUM4.3CVE-2026-48012Shopware SSO referer trust leading to an arbitrary redirect target6/4/2026
LOW3.7CVE-2026-48011Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames6/4/2026
MEDIUM6.5CVE-2026-48010Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts6/4/2026
MEDIUM6.8CVE-2026-48009Shopware: Admin Account Takeover via User Recovery Hash Exposure6/4/2026
MEDIUM6.5CVE-2026-48008Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass6/4/2026
MEDIUM4.7CVE-2026-50183WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section6/4/2026
MEDIUM6.1CVE-2026-50182WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination6/4/2026
—CVE-2026-49279WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass)6/4/2026
MEDIUM4.3CVE-2026-47696EPSS 0.02%WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint6/4/2026
MEDIUM5.4CVE-2026-47694EPSS 0.03%WWBN AVideo: Stored XSS via unescaped Gallery category description6/4/2026
MEDIUM4.9CVE-2026-45057Incomplete message edit validation in matrix-sdk-ui6/4/2026
—CVE-2026-45056Sender-binding gaps in to-device messages6/4/2026
—CVE-2026-44476Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret6/4/2026
HIGH8.8CVE-2026-49143EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler6/3/2026
MEDIUM6.5CVE-2026-49144EPSS 0.02%browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server6/3/2026
HIGH7.5CVE-2026-42342EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint6/3/2026
HIGH8.1CVE-2026-42211EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE6/3/2026
HIGH7.6CVE-2026-41234Froxlor: BIND Zone File Injection via TXT Record Content6/3/2026
—CVE-2026-40181EPSS 0.04%React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation6/3/2026
HIGH8.0CVE-2026-33245EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets6/3/2026
MEDIUM5.4CVE-2026-33244EPSS 0.03%React Router has stored XSS via unescaped Location header in prerendered redirect HTML6/3/2026

Page 1 of 2997Next →