🔴 CVE-2026-7374 9.9 — CRÍTICA
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper sym...
🔴 CVE-2026-46624 9.9 — CRÍTICA
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY T...
🔴 CVE-2026-44450 9.9 — CRÍTICA
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the...
🔴 CVE-2026-42748 9.9 — CRÍTICA
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from ...
🔴 CVE-2026-42756 9.9 — CRÍTICA
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Fri...
🔴 CVE-2026-42757 9.9 — CRÍTICA
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This...
🔴 CVE-2026-9543 9.8 — CRÍTICA
A vulnerability has been found in Totolink N300RH 6.1c.1353...
🔴 CVE-2026-45247 9.8 — CRÍTICA
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code exec...
🔴 CVE-2026-48686 9.8 — CRÍTICA
FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode...
🔴 CVE-2026-35222 9.8 — CRÍTICA
Improperly validated order clauses lead to a SQL injection vulnerability in com...