9.2
CVE-2026-27452 - ASN.1 TypeScript Library: Decoding an INTEGER could leak the underlying ArrayBuffer
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.
9.3
CVE-2026-27471 - ERP: Document access through endpoints due to missing validation
ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1.
5.3
CVE-2026-2863 - feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal
A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has beeβ¦
6.9
CVE-2026-2861 - Foswiki Changes/Viewfile/Oops information disclosure
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versionβ¦
9.4
CVE-2026-27212 - Swiper has a Prototype Pollution Vulnerability
Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf() function is used to check whether user provided iβ¦
6.5
CVE-2026-26047 - Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service
A denial-of-service vulnerability was identified in Moodleβs TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade perfβ¦
7.2
CVE-2026-26046 - Moodle: moodle: improper input sanitization in tex filter administration setting
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could β¦
7.2
CVE-2026-26045 - Moodle: moodle: improper validation in file restore functionality leading to remote code execution
A flaw was identified in Moodleβs backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available toβ¦
9.1
CVE-2026-27211 - Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process privileges) when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted QCβ¦
5.3
CVE-2026-27210 - Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting β¦