Common Vulnerabilities and Exposures (CVE)
CVE-2026-29053
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
CVE-2026-29052
The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cross-Site Scripting (XSS) vulnerability in ...
CVE-2026-23767
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmi...
CVE-2026-30777
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized...
CVE-2026-27982
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a craft...
CVE-2026-3072
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mla_update_compat_fields_action() function in all versions up to, and including, 3.33. This makes i...
CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.co...
CVE-2026-3544
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2026-3539
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security ...
CVE-2026-3537
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-3540
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2026-3538
Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-3536
Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-20017
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid admin...
CVE-2026-20063
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid admin...