7.5
CVE-2026-35467 - Private Key stored as extractable in browser IndexeDB
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
6.1
CVE-2026-35466 - Stored XSS via unsanitized input from remote service
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
9.3
CVE-2024-14034 - Hirschmann HiEOS Authentication Bypass via HTTP Management Module
Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication β¦
7.8
CVE-2023-7343 - Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File
HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploitβ¦
8.5
CVE-2026-34931 - hoppscotch: Improper loopback redirect_uri validation in device-login flow
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.
5.4
CVE-2026-34848 - hoppscotch: Stored XSS in team member overflow tooltip via display name
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the team member overflow tooltip via display name. This issue has been patched in version 2026.3.0.
8.5
CVE-2026-34932 - hoppscotch: Stored XSS via mock server responses on backend origin
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0.
4.7
CVE-2026-34847 - hoppscotch: Open redirect via `/enter?redirect=`
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to construct a URL and redirect the user without proper validation. This issue has been patched in versiβ¦
10
CVE-2026-34838 - Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettβ¦
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar objecβ¦
8.7
CVE-2026-34834 - Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings viβ¦