CVE-2026-8888

Same vendor

• CVE-2026-8889 — Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist ... (7.5 HIGH)
• CVE-2026-8881 — Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption (7.5 HIGH)
• CVE-2026-8879 — Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerCon... (7.5 HIGH)
• CVE-2026-8878 — Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensiti... (7.5 HIGH)
• CVE-2026-8876 — Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js (7.3 HIGH)

Same CWE

• CVE-2026-41729 — Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-pat... (8.1 HIGH)
• CVE-2026-41719 — A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query met... (6.4 MEDIUM)
• CVE-2026-41717 — Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability (8.1 HIGH)
• CVE-2026-42567 — Svelte is a performance oriented web framework
• CVE-2026-41848 — Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which... (3.7 LOW)