Search

74,962 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM4.3CVE-2026-48016Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment6/4/2026
MEDIUM6.5CVE-2026-48014Shopware: Admin API ACL Bypass in Order State Transition Endpoints6/4/2026
MEDIUM4.3CVE-2026-48012Shopware SSO referer trust leading to an arbitrary redirect target6/4/2026
LOW3.7CVE-2026-48011Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames6/4/2026
MEDIUM6.5CVE-2026-48010Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts6/4/2026
MEDIUM6.8CVE-2026-48009Shopware: Admin Account Takeover via User Recovery Hash Exposure6/4/2026
MEDIUM6.5CVE-2026-48008Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass6/4/2026
MEDIUM4.7CVE-2026-50183WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section6/4/2026
MEDIUM6.1CVE-2026-50182WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination6/4/2026
—CVE-2026-49279WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass)6/4/2026
MEDIUM4.3CVE-2026-47696EPSS 0.02%WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint6/4/2026
MEDIUM5.4CVE-2026-47694EPSS 0.03%WWBN AVideo: Stored XSS via unescaped Gallery category description6/4/2026
MEDIUM5.3CVE-2026-47676Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths6/4/2026
MEDIUM5.3CVE-2026-47674Hono: IP Restriction bypasses static deny rules for non-canonical IPv66/4/2026
MEDIUM4.3CVE-2026-47675Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection6/4/2026
MEDIUM4.8CVE-2026-47673Hono: JWT middleware accepts any Authorization scheme, not only Bearer6/4/2026
—CVE-2026-44393An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0.6/4/2026
MEDIUM5.4CVE-2026-47671Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets6/4/2026
HIGH7.5CVE-2026-34077React Router vulnerable to Denial of Service via reflected user input in single-fetch6/4/2026
HIGH7.6CVE-2026-45337Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending6/4/2026
MEDIUM4.9CVE-2026-45057Incomplete message edit validation in matrix-sdk-ui6/4/2026
—CVE-2026-45056Sender-binding gaps in to-device messages6/4/2026
—CVE-2026-44476Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret6/4/2026
HIGH7.5CVE-2026-44496Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection6/4/2026
HIGH7.5CVE-2026-44488Allocation of Resources Without Limits or Throttling in Axios6/4/2026

← PrevPage 2 of 2999Next →