CVE-2026-39479 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39477 - Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorr

CVE-2026-39476 - Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting

CVE-2026-39475 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39473 - Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History sim

CVE-2026-39469 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softacul

CVE-2026-39466 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-39464 - Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction &

CVE-2026-33088 - Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an a

CVE-2026-25776 - Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an a

CVE-2026-1396 - The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-4655 - The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-4654 - The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Inse

CVE-2026-4483 - An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utili

CVE-2026-4330 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorizat

CVE-2026-5508 - The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wow

CVE-2026-5506 - The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` s

CVE-2026-5169 - The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-5167 - The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vul

CVE-2026-4871 - The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-4808 - The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads d

CVE-2026-4338 - The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowe

CVE-2026-4141 - The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-3781 - The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' para

CVE-2026-3618 - The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-3594 - The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in

CVE-2026-3535 - The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to m

CVE-2026-3480 - The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to an

CVE-2026-3477 - The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions

CVE-2026-3142 - The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored C

CVE-2026-2838 - The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2025-1794 - The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded S

CVE-2026-5083 - Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is gen

CVE-2026-5082 - Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure sessi

CVE-2026-3311 - The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCom

CVE-2026-33273 - Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If

CVE-2026-27787 - Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is

CVE-2026-24913 - SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exp

CVE-2026-4785 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-4341 - The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri

CVE-2026-4333 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-4299 - The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions

CVE-2026-4003 - The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User

CVE-2026-3646 - The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authoriz

CVE-2026-3600 - The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-annou

CVE-2026-3513 - The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2026-3239 - The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2026-4379 - The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `g

CVE-2026-2988 - The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'po

CVE-2026-5726 - ASDA-Soft Stack-based Buffer Overflow Vulnerability

CVE-2026-1163 - An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. Th

CVE-2026-3499 - The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPres

CVE-2026-3296 - The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to,

CVE-2026-33810 - When verifying a certificate chain containing excluded DNS constraints, these constraints are not co

CVE-2026-32289 - Context was not properly tracked across template branches for JS template literals, leading to possi

CVE-2026-32288 - tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive con

CVE-2026-32283 - If one side of the TLS connection sends multiple key update messages post-handshake in a single reco

CVE-2026-32282 - On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in pro

CVE-2026-32281 - Validating certificate chains which use policies is unexpectedly inefficient when certificates in th

CVE-2026-32280 - During chain building, the amount of work that is done is not correctly limited when a large number

CVE-2026-27144 - The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface

CVE-2026-27143 - Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. A

CVE-2026-27140 - SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrar

CVE-2025-14732 - The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to

CVE-2026-4788 - IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that co

CVE-2026-3357 - IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbit

CVE-2026-1346 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-1343 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-5747 - An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.

CVE-2026-4406 - The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form

CVE-2026-4401 - The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `action

CVE-2026-4394 - The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit C

CVE-2026-2263 - The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to

CVE-2026-1342 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-4656 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-39936 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-39935 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2025-20628 - An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Id

CVE-2026-4065 - The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of dat

CVE-2026-39937 - Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia

CVE-2026-39934 - Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Med

CVE-2026-39933 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-39847 - Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, th

CVE-2026-39846 - SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another

CVE-2026-35568 - MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0

CVE-2026-35406 - Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a t

CVE-2026-34781 - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C

CVE-2026-34765 - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C

CVE-2026-34582 - Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed App

CVE-2026-34580 - Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known ha

CVE-2026-34371 - LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name fie

CVE-2026-34079 - Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching f

CVE-2026-34078 - Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak p

CVE-2026-31790 - Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can

CVE-2026-31789 - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a

CVE-2026-28390 - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientIn

CVE-2026-28389 - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a

CVE-2026-28388 - Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL po

CVE-2026-28387 - Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication

CVE-2026-28386 - Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VA

CVE-2026-39401 - Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.11

CVE-2026-39400 - Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.11

CVE-2026-39397 - @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior

CVE-2026-35533 - mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mis

CVE-2026-34080 - xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerabi

CVE-2026-34045 - Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an

CVE-2026-33439 - Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatf

CVE-2026-32712 - Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter

CVE-2026-29181 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value bagga

CVE-2026-27949 - Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified i

CVE-2026-5741 - A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is t

CVE-2026-5739 - A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the funct

CVE-2026-3566 - Rejected reason: After further discussion, the issue was determined to not meet the criteria for CVE

CVE-2026-39841 - Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikim

CVE-2026-39840 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-39839 - Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikim

CVE-2026-39838 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-39837 - Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiW

CVE-2026-39395 - Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3,

CVE-2026-39382 - dbt enables data analysts and engineers to transform their data using the same practices that softwa

CVE-2026-39381 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-39380 - Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter

CVE-2026-39376 - FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches

CVE-2026-39374 - Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint

CVE-2026-39373 - JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an u

CVE-2026-39371 - RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported

CVE-2026-39370 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json

CVE-2026-39369 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderRecei

CVE-2026-39368 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log call

CVE-2026-39367 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG (Electronic P

CVE-2026-39366 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler

CVE-2026-39365 - Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, t

CVE-2026-39364 - Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vi

CVE-2026-39363 - Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, i

CVE-2026-39361 - OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment

CVE-2026-39356 - Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escape

CVE-2026-39322 - PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/

CVE-2026-32864 - There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_fr

CVE-2026-32863 - There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_contex

CVE-2026-32862 - There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitReso

CVE-2026-32861 - There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LV

CVE-2026-32860 - There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LV

CVE-2025-69515 - An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the inf

CVE-2025-56015 - In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.

CVE-2025-14859 - The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to

CVE-2025-14858 - The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disc

CVE-2025-14857 - An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early v

CVE-2026-5762 - Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki

CVE-2026-5736 - A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the

CVE-2026-39360 - RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a mi

CVE-2026-39355 - Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnera

CVE-2026-39354 - Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated author

CVE-2026-39351 - Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unres

CVE-2026-39349 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-39348 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-39347 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-39346 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-39345 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-22711 - Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki

CVE-2025-71058 - Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that th

CVE-2026-39344 - ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Sit

CVE-2026-39343 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability

CVE-2026-39342 - ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via Q

CVE-2026-39341 - ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable

CVE-2026-39340 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability

CVE-2026-39339 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication byp

CVE-2026-39338 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site S

CVE-2026-39337 - ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication re

CVE-2026-39336 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting

CVE-2026-39335 - ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group r

CVE-2026-39334 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39333 - ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint

CVE-2026-39332 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripti

CVE-2026-39331 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can

CVE-2026-39330 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39329 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39328 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting

CVE-2026-39327 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39326 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39325 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39324 - Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Ses

CVE-2026-39323 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason:

CVE-2026-39321 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-39319 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection v

CVE-2026-39318 - ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection

CVE-2026-39317 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason:

CVE-2026-35576 - ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting

CVE-2026-35575 - ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting

CVE-2026-35573 - ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability

CVE-2026-35572 - ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger serv

CVE-2026-31272 - MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/

CVE-2026-31271 - megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition func

CVE-2026-24175 - NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash

CVE-2026-24174 - NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash

CVE-2026-24173 - NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash

CVE-2026-24156 - NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted da

CVE-2026-24147 - NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause

CVE-2026-24146 - NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a la

CVE-2026-22682 - OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in fi

CVE-2026-22680 - OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling

CVE-2026-4631 - Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface t

CVE-2026-39384 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212,

CVE-2026-39316 - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.

CVE-2026-39314 - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.

CVE-2026-39312 - SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier,

CVE-2026-39308 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpo

CVE-2026-39307 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feat

CVE-2026-39306 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow ext

CVE-2026-39305 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains

CVE-2026-35615 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath()

CVE-2026-35614 - Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL in

CVE-2026-35613 - coursevault-preview is a utility for previewing course material files from a configured directory. c

CVE-2026-35611 - Addressable is an alternative implementation to the URI implementation that is part of Ruby's standa

CVE-2026-35610 - PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPass

CVE-2026-35608 - QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exi

CVE-2026-35607 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35606 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35605 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35604 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35592 - pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _sa

CVE-2026-35586 - pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADM

CVE-2026-35585 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35584 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212,

CVE-2026-35583 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint

CVE-2026-35581 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class co

CVE-2026-35580 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files

CVE-2026-35578 - Rejected reason: This CVE is a duplicate of another CVE.** REJECT ** DO NOT USE THIS CANDIDATE NUMB

CVE-2026-35574 - ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting

CVE-2026-35523 - Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vu

CVE-2026-32588 - Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise quer

CVE-2026-27315 - Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information,

CVE-2026-27314 - Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator all

CVE-2026-23696 - Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the fo

CVE-2026-22683 - Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows u

CVE-2025-70844 - yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScrip

CVE-2025-14944 - The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up

CVE-2025-14821 - A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security down

CVE-2024-36058 - The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injec

CVE-2026-5745 - A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing l

CVE-2026-5359 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-4931 - Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt posit

CVE-2026-35571 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates

CVE-2026-35567 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason:

CVE-2026-35566 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39319. Reason:

CVE-2026-35534 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting

CVE-2026-35526 - Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's We

CVE-2026-35521 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35520 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35519 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35518 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte