8.8
CVE-2026-27168 - SAIL: Heap-based Buffer Overflow in Sail-codecs-xwd
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io-โฆ
8.3
CVE-2026-27203 - eBay API MCP Server Affected by Environment Variable Injection
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env file with new tokensโฆ
8.8
CVE-2026-27202 - GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.
8.7
CVE-2026-27161 - Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories
GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these protections are silently ignorโฆ
6.9
CVE-2026-27147 - GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)
GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed maliciouโฆ
7.1
CVE-2026-27146 - GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads
GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victimโs browser. The rโฆ
8.1
CVE-2026-27134 - Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS user autentโฆ
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted certโฆ
5.3
CVE-2019-25454 - phpMoAdmin 1.1.5 Stored Cross-Site Scripting via collection Parameter
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection creatioโฆ
5.1
CVE-2019-25453 - phpMoAdmin 1.1.5 Reflected Cross-Site Scripting via moadmin.php
phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute arbitrary code in users'โฆ
5.3
CVE-2019-25451 - phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection โฆ