Skip to main content
CVE-2026-22919 LOW Monitor

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data. [CVSS 3.8 LOW]

XSS Tdc X401gl Firmware
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-14457 LOW PATCH Monitor

Drag and Drop Multiple File Upload for Contact Form 7 (WordPress plugin) is affected by missing authorization (CVSS 3.7).

WordPress PHP
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-0989 LOW Monitor

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. [CVSS 3.7 LOW]

Denial Of Service Libxml2 Hardened Images Jboss Core Services Openshift Container Platform +3
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-22920 LOW Monitor

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks. [CVSS 3.7 LOW]

Information Disclosure Tdc X401gl Firmware
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-0976 LOW Monitor

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. [CVSS 3.7 LOW]

Code Injection
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-0992 LOW Monitor

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. [CVSS 2.9 LOW]

Denial Of Service Hardened Images Jboss Core Services Openshift Container Platform Enterprise Linux +3
NVD VulDB
CVSS 3.1
2.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy