8.4

CVSS4.0

CVE-2026-26099 - Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:54 p.m. πŸ”„ Last Modified: April 17, 2026, 5:30 p.m.

8.4

CVSS4.0

CVE-2026-26098 - Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:54 p.m. πŸ”„ Last Modified: April 17, 2026, 5:30 p.m.

8.4

CVSS4.0

CVE-2026-26097 - Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:53 p.m. πŸ”„ Last Modified: April 17, 2026, 5:30 p.m.

8.5

CVSS4.0

CVE-2026-26096 - Incorrect Permission Assignment for Critical Resource in Owl opds

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:52 p.m. πŸ”„ Last Modified: April 17, 2026, 5:30 p.m.

8.5

CVSS4.0

CVE-2026-26095 - Incorrect Permission Assignment for Critical Resource in Owl opds

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:51 p.m. πŸ”„ Last Modified: April 18, 2026, 11:30 a.m.

8.7

CVSS4.0

CVE-2026-26093 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:49 p.m. πŸ”„ Last Modified: April 17, 2026, 5:30 p.m.

5.1

CVSS4.0

CVE-2026-27505 - SVXportal <= 2.5 admin/user_action.php Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and …

πŸ“… Published: Feb. 20, 2026, 4:49 p.m. πŸ”„ Last Modified: April 18, 2026, 11:30 a.m.

5.1

CVSS4.0

CVE-2026-27504 - SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowin…

πŸ“… Published: Feb. 20, 2026, 4:48 p.m. πŸ”„ Last Modified: April 17, 2026, 5:30 p.m.

5.1

CVSS4.0

CVE-2026-27503 - SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute, allowi…

πŸ“… Published: Feb. 20, 2026, 4:48 p.m. πŸ”„ Last Modified: April 17, 2026, 5:30 p.m.

9.2

CVSS4.0

CVE-2026-2333 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

πŸ“… Published: Feb. 20, 2026, 4:48 p.m. πŸ”„ Last Modified: April 17, 2026, 5:30 p.m.
Total resulsts: 347402
Page 1332 of 34,741
Β« previous page Β» next page
Filters