CVE-2026-6483 - A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function st

CVE-2026-5131 - GREENmod uses named pipes for communication between plugins, the web portal, and the system service,

CVE-2026-35153 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th

CVE-2026-35074 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th

CVE-2026-35073 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th

CVE-2026-35072 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th

CVE-2026-23779 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions

CVE-2026-23776 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions

CVE-2026-6494 - A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injecti

CVE-2026-6439 - The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and

CVE-2026-23778 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions

CVE-2026-23775 - Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Releas

CVE-2025-36568 - Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LT

CVE-2025-15625 - Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in

CVE-2025-15624 - Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In

CVE-2025-15623 - Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In

CVE-2025-15622 - Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Archit

CVE-2026-6451 - The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery

CVE-2026-40002 - Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigge

CVE-2026-33392 - In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

CVE-2026-23853 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions

CVE-2026-6443 - The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in ver

CVE-2026-6441 - The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and includin

CVE-2026-4659 - The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via t

CVE-2026-6482 - The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack t

CVE-2026-6421 - A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown

CVE-2026-5797 - The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in ve

CVE-2026-35496 - A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an adm

CVE-2026-34018 - An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to exe

CVE-2026-21719 - An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with

CVE-2026-6080 - The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.

CVE-2026-5807 - Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedl

CVE-2026-5502 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori

CVE-2026-5427 - The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and includin

CVE-2026-5234 - The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions

CVE-2026-4853 - The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leadi

CVE-2026-3330 - The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'st

CVE-2026-5052 - Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-

CVE-2026-4666 - The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the

CVE-2026-4525 - If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorizati

CVE-2026-3605 - An authenticated user with access to a kvv2 path through a policy containing a glob may be able to d

CVE-2026-5231 - The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_sou

CVE-2026-5162 - The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-4817 - The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulner

CVE-2026-3488 - The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to,

CVE-2026-40922 - SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a pr

CVE-2026-40265 - Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset downloa

CVE-2026-40263 - Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoin

CVE-2026-40262 - Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset deliver

CVE-2026-40260 - pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XM

CVE-2026-22734 - Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user a

CVE-2026-40322 - SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid

CVE-2026-40318 - SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api

CVE-2026-40259 - SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api

CVE-2026-40255 - AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs

CVE-2026-40253 - openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and bel

CVE-2024-58343 - Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified

CVE-2026-41113 - sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts

CVE-2026-40308 - My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_

CVE-2026-40249 - free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the

CVE-2026-40248 - free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the

CVE-2026-40247 - free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the

CVE-2026-40246 - free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the

CVE-2026-40170 - ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_par

CVE-2026-39313 - mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 a

CVE-2026-35469 - spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and bel

CVE-2026-34164 - Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0,

CVE-2026-33472 - Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 c

CVE-2026-40901 - DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below shi

CVE-2026-40900 - DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con

CVE-2026-40899 - DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con

CVE-2026-33207 - DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con

CVE-2026-33122 - DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con

CVE-2025-54502 - Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a

CVE-2026-6442 - Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed s

CVE-2026-33121 - DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con

CVE-2026-33084 - DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con

CVE-2025-54510 - A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticate

CVE-2025-43937 - Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information in

CVE-2025-43935 - Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release

CVE-2023-20585 - Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges

CVE-2026-41082 - In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach

CVE-2026-33083 - DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con

CVE-2026-33082 - DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQ

CVE-2026-2336 - A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user

CVE-2026-27820 - zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3

CVE-2026-24749 - The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior

CVE-2025-43883 - Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or excepti

CVE-2026-41080 - libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML

CVE-2025-36579 - Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthentica

CVE-2026-5426 - Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to F

CVE-2026-37100 - An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmwar

CVE-2026-6409 - A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of unt

CVE-2026-3324 - Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on

CVE-2026-37347 - SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the

CVE-2026-37346 - SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the

CVE-2026-37345 - SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil

CVE-2026-37344 - SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil

CVE-2026-37343 - SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil

CVE-2026-37342 - SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil

CVE-2026-37341 - SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil

CVE-2026-37340 - SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /

CVE-2026-37339 - SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /

CVE-2026-37338 - SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /

CVE-2026-37337 - SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /

CVE-2026-37336 - SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /

CVE-2026-33804 - @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated F

CVE-2026-30656 - A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job

CVE-2026-30459 - An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated att

CVE-2026-2840 - The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to

CVE-2026-6410 - @fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled

CVE-2026-6270 - @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child pl

CVE-2026-5785 - Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions fro

CVE-2026-4160 - The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo

CVE-2026-31987 - JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Use

CVE-2026-6414 - @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before fil

CVE-2026-5968 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-31843 - The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a

CVE-2025-15621 - Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client do

CVE-2026-3489 - The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable

CVE-2026-3369 - The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cr

CVE-2026-3155 - The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in

CVE-2025-12624 - Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identi

CVE-2025-6024 - The authentication endpoint fails to encode user-supplied input before rendering it in the web page,

CVE-2024-8010 - The component accepts XML input through the publisher without disabling external entity resolution.

CVE-2024-4867 - The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validat

CVE-2024-10242 - The authentication endpoint fails to adequately validate user-supplied input before reflecting it ba

CVE-2026-23772 - Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper

CVE-2024-2374 - The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configu

CVE-2026-0718 - The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vu

CVE-2025-14868 - The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path

CVE-2026-41035 - In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,

CVE-2026-41034 - ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conver

CVE-2026-41030 - In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on

CVE-2026-3995 - The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' s

CVE-2026-3876 - The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_e

CVE-2026-3875 - The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs

CVE-2026-3861 - LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where op

CVE-2026-3355 - The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scri

CVE-2026-1620 - The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all

CVE-2026-1572 - The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of

CVE-2025-13364 - The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for

CVE-2026-5050 - The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Ver

CVE-2026-3773 - The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the

CVE-2026-3614 - The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.

CVE-2026-3599 - The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' p

CVE-2026-3596 - The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versi

CVE-2026-3595 - The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versi

CVE-2026-3581 - The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versi

CVE-2026-3551 - The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-22619 - Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, w

CVE-2026-22618 - A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP

CVE-2026-22617 - Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a n

CVE-2026-40118 - UDP Console provided by Arcserve contains an incorrectly specified destination in a communication ch

CVE-2026-22616 - Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the

CVE-2026-22615 - Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is po

CVE-2023-5872 - In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate proje

CVE-2023-3634 - In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker coul

CVE-2026-5070 - The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text

CVE-2026-4032 - The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' pa

CVE-2026-3878 - The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_option

CVE-2026-6351 - MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat

CVE-2026-6350 - MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing

CVE-2026-6349 - The  iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticat

CVE-2026-6348 - WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing

CVE-2026-41015 - radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name

CVE-2026-3885 - The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2026-3428 - A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center

CVE-2026-1880 - An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update

CVE-2026-40962 - FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encrypt

CVE-2026-40505 - MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing

CVE-2026-40504 - Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec f

CVE-2026-3299 - The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin

CVE-2026-40960 - Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least on

CVE-2026-40959 - Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.

CVE-2026-40503 - OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gatew

CVE-2026-40502 - OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote ga

CVE-2026-5363 - Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow

CVE-2026-4880 - The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)

CVE-2026-40947 - Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an u

CVE-2026-40245 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Ver

CVE-2026-40193 - maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vul

CVE-2026-4949 - The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C

CVE-2026-40316 - OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git

CVE-2026-40192 - Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-

CVE-2026-40179 - Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1

CVE-2026-39350 - Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1

CVE-2026-6388 - A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to

CVE-2026-40500 - ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the

CVE-2026-1711 - Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerabil

CVE-2026-1564 - Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a use

CVE-2026-6398 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-40261 - Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain

CVE-2026-40186 - ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit

CVE-2026-40176 - Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain

CVE-2026-40173 - Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthen

CVE-2026-22676 - Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows lo

CVE-2026-6385 - A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specia

CVE-2026-6384 - A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `R

CVE-2026-6364 - Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obt

CVE-2026-6363 - Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potential

CVE-2026-6362 - Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to poten

CVE-2026-6361 - Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote

CVE-2026-6360 - Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to p

CVE-2026-6359 - Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacke

CVE-2026-6358 - Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker t

CVE-2026-6319 - Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote atta

CVE-2026-6318 - Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execu

CVE-2026-6317 - Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute

CVE-2026-6316 - Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut

CVE-2026-6315 - Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote a

CVE-2026-6314 - Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha

CVE-2026-6313 - Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote at

CVE-2026-6312 - Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remo

CVE-2026-6311 - Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a rem

CVE-2026-6310 - Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had co

CVE-2026-6309 - Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had com

CVE-2026-6308 - Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who c

CVE-2026-6307 - Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to exe

CVE-2026-6306 - Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to

CVE-2026-6305 - Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to

CVE-2026-6304 - Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha

CVE-2026-6303 - Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execu

CVE-2026-6302 - Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut

CVE-2026-6301 - Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to exe

CVE-2026-6300 - Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute

CVE-2026-6299 - Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to ex

CVE-2026-6298 - Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to o

CVE-2026-6297 - Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged

CVE-2026-6296 - Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to

CVE-2026-40919 - A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plug

CVE-2026-40918 - A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can le

CVE-2026-40917 - A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function

CVE-2026-40916 - A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decod

CVE-2026-40915 - A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the F

CVE-2026-39857 - ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain

CVE-2026-35569 - ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain

CVE-2026-33889 - ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain

CVE-2026-33888 - ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain

CVE-2026-33877 - ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain

CVE-2026-21727 - --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /stat

CVE-2026-21726 - The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single

CVE-2025-41118 - Pyroscope is an open-source continuous profiling database. The database supports various storage bac

CVE-2026-6383 - A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization

CVE-2026-6245 - A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() fu

CVE-2026-5189 - CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3

CVE-2026-4857 - IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8

CVE-2026-40256 - Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation

CVE-2026-39845 - Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not util

CVE-2026-34632 - Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that cou