CVE-2026-10639 - In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo

CVE-2026-10638 - subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed

CVE-2026-10637 - subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_

CVE-2026-10636 - In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface

CVE-2026-0647 - An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server

CVE-2026-0646 - A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handl

CVE-2025-14272 - A security issue was identified in Pavilion due to improper authorization enforcement in API endpoin

CVE-2025-13036 - An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continu

CVE-2025-11694 - A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequen

CVE-2024-22447 - Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulner

CVE-2026-9507 - A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows

CVE-2026-53900 - Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects

CVE-2026-53899 - Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a mali

CVE-2026-12330 - Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in

CVE-2026-12329 - Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.1

CVE-2026-12328 - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefo

CVE-2026-12327 - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbir

CVE-2026-12326 - Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of

CVE-2026-12325 - Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152,

CVE-2026-12324 - Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed i

CVE-2026-12323 - Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Th

CVE-2026-12322 - Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thu

CVE-2026-12321 - JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox

CVE-2026-12320 - Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 15

CVE-2026-12319 - Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15

CVE-2026-12318 - Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Fir

CVE-2026-12317 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderb

CVE-2026-12316 - Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Th

CVE-2026-12315 - Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firef

CVE-2026-12314 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12313 - Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerabi

CVE-2026-12312 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12311 - Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerabi

CVE-2026-12310 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12309 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12308 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12307 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12306 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12305 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12304 - Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Fire

CVE-2026-12303 - Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This

CVE-2026-12302 - Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firef

CVE-2026-12301 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderb

CVE-2026-12300 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderb

CVE-2026-12299 - JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, F

CVE-2026-12298 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12297 - Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability

CVE-2026-12296 - Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefo

CVE-2026-12295 - Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefo

CVE-2026-12294 - Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox E

CVE-2026-12293 - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Th

CVE-2026-12292 - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 15

CVE-2026-12291 - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firef

CVE-2026-12290 - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR

CVE-2026-12289 - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 1

CVE-2026-8484 - A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size

CVE-2026-40750 - Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store al

CVE-2026-12225 - syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an auth

CVE-2026-10829 - A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series v

CVE-2026-10828 - A format string vulnerability has been found in the "alias" parameter of the Serial Param configurat

CVE-2026-8442 - The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions u

CVE-2026-8176 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-5416 - Due to the improper neutralization of special elements used in a name parameter a low privileged rem

CVE-2026-54198 - Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.

CVE-2026-54197 - Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.

CVE-2026-54191 - Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.

CVE-2026-54190 - Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.

CVE-2026-52715 - Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

CVE-2026-52714 - Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.

CVE-2026-52712 - Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.

CVE-2026-52711 - Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.

CVE-2026-49774 - Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station al

CVE-2026-49772 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-40809 - Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Conf

CVE-2026-39581 - Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.

CVE-2026-39574 - Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.

CVE-2026-39490 - Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.

CVE-2026-39437 - Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <

CVE-2026-2381 - The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modificati

CVE-2026-10825 - A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and han

CVE-2025-68045 - Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.

CVE-2026-8444 - The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]'

CVE-2026-46331 - In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial CO

CVE-2026-10093 - The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Store

CVE-2025-9912 - Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation

CVE-2026-9187 - The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post delet

CVE-2026-8443 - The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 's

CVE-2026-6933 - The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing auth

CVE-2026-5149 - The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and

CVE-2026-50255 - Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and ea

CVE-2026-10780 - The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versi

CVE-2026-10635 - On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core

CVE-2025-10262 - Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format v

CVE-2026-6964 - The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all v

CVE-2026-7273 - A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versi

CVE-2026-42014 - A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Securi

CVE-2026-1767 - A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracke

CVE-2026-1766 - A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifical

CVE-2026-1765 - A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tr

CVE-2026-1764 - A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When proce

CVE-2026-42989 - Improper link resolution before file access ('link following') in Winlogon allows an authorized atta

CVE-2026-42987 - Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a

CVE-2026-42986 - Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l

CVE-2026-42985 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42984 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-42983 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-42981 - Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacke

CVE-2026-42980 - Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev

CVE-2026-42979 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42978 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42977 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42974 - Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacke

CVE-2026-42973 - Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos

CVE-2026-42972 - Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized a

CVE-2026-42971 - Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos

CVE-2026-42970 - Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos

CVE-2026-42969 - Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos

CVE-2026-42968 - Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose informatio

CVE-2026-42916 - Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev

CVE-2026-42915 - Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny servi

CVE-2026-42914 - Windows Kerberos Denial of Service Vulnerability

CVE-2026-42913 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42912 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42911 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-42910 - Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate

CVE-2026-42909 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42908 - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a net

CVE-2026-42907 - Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att

CVE-2026-42906 - Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att

CVE-2026-42905 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-42904 - Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges o

CVE-2026-42903 - Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a ne

CVE-2026-42902 - Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges lo

CVE-2026-42837 - Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele

CVE-2026-42836 - Concurrent execution using shared resource with improper synchronization ('race condition') in Funct

CVE-2026-42835 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-42829 - Improper access control in Windows Administrator Protection allows an authorized attacker to bypass

CVE-2026-42828 - Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele

CVE-2026-42771 - Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a craft

CVE-2026-42770 - Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key i

CVE-2026-42769 - Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key upd

CVE-2026-42768 - Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style at

CVE-2026-42767 - Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a N

CVE-2026-42766 - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer derefer

CVE-2026-42765 - Issue summary: When a partial-chain certificate verification is enabled together with OCSP response

CVE-2026-42764 - Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dere

CVE-2026-42599 - Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to

CVE-2026-42573 - Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DO

CVE-2026-42570 - Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't

CVE-2026-42567 - Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an int

CVE-2026-41108 - Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privile

CVE-2026-41098 - Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack

CVE-2026-41092 - Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges loca

CVE-2026-40409 - Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-40404 - Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-40376 - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privilege

CVE-2026-40371 - Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises)

CVE-2026-3088 - Unauthenticated users on the local network can cause the router to become unavailable by sending spe

CVE-2026-38615 - DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

CVE-2026-35188 - Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response thr

CVE-2026-34692 - Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based C

CVE-2026-34335 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-34183 - Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with

CVE-2026-34182 - Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input val

CVE-2026-34181 - Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files th

CVE-2026-34180 - Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content

CVE-2026-33828 - Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges

CVE-2026-33113 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-32193 - Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Ku

CVE-2026-28301 - A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to

CVE-2026-26142 - Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute c

CVE-2026-24181 - NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index

CVE-2026-24180 - NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffe

CVE-2026-22926 - Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.

CVE-2026-0420 - An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud

CVE-2026-0419 - Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit releas

CVE-2026-0418 - Insufficient configuration management in the listed devices allows authenticated administrators conn

CVE-2026-0417 - Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated admin

CVE-2026-0416 - An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an

CVE-2026-0415 - Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated admini

CVE-2026-0414 - Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated admini

CVE-2026-0413 - A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models al

CVE-2026-0412 - Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band

CVE-2026-0411 - An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could al

CVE-2026-0410 - Authenticated administrators connected to the local network can gain elevated access to the router

CVE-2026-0409 - A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traf

CVE-2026-8045 - CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause

CVE-2026-8025 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability i

CVE-2026-49948 - Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability

CVE-2026-49938 - A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2

CVE-2026-25089 - A improper neutralization of special elements used in an os command ('os command injection') vulnera

CVE-2026-24065 - Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerab

CVE-2026-24064 - Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerab

CVE-2026-10727 - An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions

CVE-2026-10523 - An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R1

CVE-2026-10520 - An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versi

CVE-2025-67862 - An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerabili

CVE-2026-9279 - Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an a

CVE-2026-7486 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability i

CVE-2026-52907 - In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off

CVE-2026-52906 - In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being

CVE-2026-52905 - In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-pow

CVE-2026-52904 - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device le

CVE-2026-49762 - Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allo

CVE-2026-47901 - Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject

CVE-2026-47900 - Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaSc

CVE-2026-47899 - The Electron preload script in Logseq exposes an API method that allows the renderer process to invo

CVE-2026-46332 - In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound b

CVE-2026-46330 - In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP

CVE-2026-46329 - In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem

CVE-2026-46328 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix

CVE-2026-46327 - In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_su

CVE-2026-46326 - In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix

CVE-2026-46325 - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conver

CVE-2026-11793 - A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c c

CVE-2026-11792 - A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the cr

CVE-2026-11790 - A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce

CVE-2026-11789 - A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer

CVE-2026-11788 - A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocati

CVE-2026-11787 - A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start

CVE-2026-11786 - A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when p

CVE-2026-11785 - A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handl

CVE-2026-46324 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_

CVE-2026-46323 - In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skb

CVE-2026-46322 - In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb fai

CVE-2026-46321 - In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame r

CVE-2026-46320 - In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths i

CVE-2026-46319 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release

CVE-2026-46318 - In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hu

CVE-2026-46317 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmu

CVE-2026-46316 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the

CVE-2026-2638 - A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 thro

CVE-2026-11764 - When creating an export of all reusable media, the secrets of connected gift cards were included in

CVE-2017-20251 - WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that al

CVE-2017-20250 - Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers

CVE-2017-20249 - Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attack

CVE-2017-20248 - Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attack

CVE-2017-20247 - WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthen

CVE-2017-20246 - KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenti

CVE-2017-20245 - Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthent

CVE-2017-20244 - Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthent

CVE-2017-20243 - WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerab

CVE-2016-20065 - Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unaut

CVE-2016-20064 - WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers

CVE-2016-20063 - Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated user

CVE-2016-20062 - Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthent

CVE-2026-49742 - Backend users with file download permissions were able to download files from the fallback storage o

CVE-2026-49741 - Backend users with write access to the form_definition database table were able to directly create,

CVE-2026-49740 - TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP

CVE-2026-49738 - The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix compa