8.5
CVE-2026-26095 - Incorrect Permission Assignment for Critical Resource in Owl opds
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
8.7
CVE-2026-26093 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.
5.1
CVE-2026-27505 - SVXportal <= 2.5 admin/user_action.php Stored XSS
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and β¦
5.1
CVE-2026-27504 - SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowinβ¦
5.1
CVE-2026-27503 - SVXportal <= 2.5 admin/log.php Search Reflected XSS
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowiβ¦
9.2
CVE-2026-2333 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.
5.1
CVE-2026-27502 - SVXportal <= 2.5 log.php Search Reflected XSS
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute arbβ¦
5.1
CVE-2025-15583 - detronetdip E-commerce function.php get_safe_value cross site scripting
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be uβ¦
5.3
CVE-2025-15582 - detronetdip E-commerce Product Management Update authorization
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploiβ¦
6.2
CVE-2026-1842 - HyperCloud Improper Refresh Token Validation and Access Token Invalidation Allows Long-Term Unauthoβ¦
HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one year), an authenticated β¦