8.7
CVE-2026-3692 - Unintended command execution during report generation in Progress Flowmon
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.
5.1
CVE-2026-5332 - Xiaopi Panel WAF Firewall demo.php cross site scripting
A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available aβ¦
9.1
CVE-2026-2701 - RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
9.8
CVE-2026-2699 - EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
5.1
CVE-2026-5331 - OpenCart Extension Installer installer.php path traversal
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilizedβ¦
0.0
CVE-2026-35382 -
Voluntarily withdrawn
6.5
CVE-2026-34890 - WordPress MSTW League Manager plugin <= 2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark OβDonnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10.
6.9
CVE-2026-5330 - SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control
A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controβ¦
5.3
CVE-2026-5328 - shsuishang modulithshop ProductItemDao ProductIndexServiceImpl.java listItem sql injection
A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing aβ¦
8.1
CVE-2026-4636 - Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to vicβ¦
A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resouβ¦