6.9
CVE-2026-5346 - huimeicloud hm_editor image-to-base64 Endpoint mcp-server.js client.get server-side request forgery
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attackβ¦
7.8
CVE-2026-33641 - Glances Vulnerable to Command Injection via Dynamic Configuration Values
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.get_value() and is implementeβ¦
7.1
CVE-2026-33533 - Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an β¦
10
CVE-2026-32871 - FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability
FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerability β¦
5.4
CVE-2026-34974 - phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. Any user with edit_faq permission can upload a malicious SVG that execuβ¦
6.9
CVE-2026-34973 - phpMyFAQ has a LIKE Wildcard Injection in Search.php β Unescaped % and _ Metacharacters Enable Broaβ¦
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKEβ¦
6.1
CVE-2026-34729 - phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue has been patched in version 4.1.1.
5.1
CVE-2026-34823 - Endian Firewall /manage/password/web/ remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34822 - Endian Firewall /manage/ca/certificate/ new_cert_name Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
5.1
CVE-2026-34821 - Endian Firewall /manage/vpnauthentication/user/ remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.