Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,161 - 11,180 of 14,604 CVEs
CVE-2026-27488 MEDIUM - 7.3

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19.

Vendor: npm
Product: openclaw
Published: Feb 20, 2026
Source: GitHub
CVE-2026-27485 MEDIUM - 4.4

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory c...

Vendor: npm
Product: openclaw
Published: Feb 20, 2026
Source: GitHub
CVE-2025-62326 MEDIUM - 6.1

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.

Vendor: HCLSoftware
Product: Digital Experience
Published: Feb 20, 2026
Source: NVD
CVE-2026-2852 MEDIUM - 6.3

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The ma...

Vendor: yeqifu
Product: warehouse
Published: Feb 20, 2026
Source: NVD
CVE-2019-25445 MEDIUM - 6.1

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript in...

Vendor: Phpscriptsmall
Product: Fiverr Clone Script
Published: Feb 20, 2026
Source: NVD
CVE-2026-2851 MEDIUM - 6.3

A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the component Inport End...

Vendor: yeqifu
Product: warehouse
Published: Feb 20, 2026
Source: NVD
CVE-2026-2850 MEDIUM - 6.3

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint. Pe...

Vendor: yeqifu
Product: warehouse
Published: Feb 20, 2026
Source: NVD
CVE-2026-27480 MEDIUM - 5.3

Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames, ...

Vendor: rust
Product: static-web-server
Published: Feb 20, 2026
Source: GitHub
CVE-2026-2849 MEDIUM - 5.4

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\CacheController.java of the component Cache Sync ...

Vendor: yeqifu
Product: warehouse
Published: Feb 20, 2026
Source: NVD
CVE-2026-27506 MEDIUM - 6.1

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow (user_settings.php submitting to admin/update_user.php). Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and image_url, which ...

Vendor: sa2blv
Product: SVXportal
Published: Feb 20, 2026
Source: NVD
CVE-2026-27505 MEDIUM - 6.1

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

Vendor: sa2blv
Product: SVXportal
Published: Feb 20, 2026
Source: NVD
CVE-2026-27504 MEDIUM - 6.1

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowing...

Vendor: sa2blv
Product: SVXportal
Published: Feb 20, 2026
Source: NVD
CVE-2026-27503 MEDIUM - 6.1

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowin...

Vendor: sa2blv
Product: SVXportal
Published: Feb 20, 2026
Source: NVD
CVE-2026-27502 MEDIUM - 6.1

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute arbi...

Vendor: sa2blv
Product: SVXportal
Published: Feb 20, 2026
Source: NVD
CVE-2026-26745 MEDIUM - 5.3

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or paramete...

Vendor: opensourcepos
Product: open_source_point_of_sale
Published: Feb 20, 2026
Source: NVD
CVE-2026-26100 MEDIUM - 5.5

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

Vendor: Owl
Product: opds
Published: Feb 20, 2026
Source: NVD
CVE-2026-26099 MEDIUM - 5.5

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

Vendor: Owl
Product: opds
Published: Feb 20, 2026
Source: NVD
CVE-2026-26098 MEDIUM - 5.5

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

Vendor: Owl
Product: opds
Published: Feb 20, 2026
Source: NVD
CVE-2026-26097 MEDIUM - 5.5

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

Vendor: Owl
Product: opds
Published: Feb 20, 2026
Source: NVD
CVE-2026-26096 MEDIUM - 5.5

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

Vendor: Owl
Product: opds
Published: Feb 20, 2026
Source: NVD