CVE-2026-35523 - Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vu

CVE-2026-32588 - Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise quer

CVE-2026-27315 - Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information,

CVE-2026-27314 - Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator all

CVE-2026-23696 - Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the fo

CVE-2026-22683 - Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows u

CVE-2025-70844 - yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScrip

CVE-2025-14944 - The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up

CVE-2025-14821 - A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security down

CVE-2024-36058 - The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injec

CVE-2026-5745 - A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing l

CVE-2026-5359 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-4931 - Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt posit

CVE-2026-35571 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates

CVE-2026-35567 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason:

CVE-2026-35566 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39319. Reason:

CVE-2026-35534 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting

CVE-2026-35526 - Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's We

CVE-2026-35521 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35520 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35519 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35518 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35517 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35516 - LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update an

CVE-2026-35515 - Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStr

CVE-2026-35492 - Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in ke

CVE-2026-35491 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35490 - changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login

CVE-2026-35489 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-35488 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-35487 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35486 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-33816 - Memory-safety vulnerability in github.com/jackc/pgx/v5.

CVE-2026-33815 - Memory-safety vulnerability in github.com/jackc/pgx/v5.

CVE-2026-30460 - Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE

CVE-2026-1079 - A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions

CVE-2026-1078 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automatio

CVE-2025-52908 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2025-24819 - Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validatio

CVE-2025-24818 - Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralizat

CVE-2025-24817 - Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralizat

CVE-2024-36057 - Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leadi

CVE-2026-5384 - An issue that could allow a credential to be updated and used for a task from outside of the authori

CVE-2026-5383 - An issue that could allow access to Explorer groups from outside of the authorized organization scop

CVE-2026-5382 - An issue that could expose records outside of the authorized organization scope through the MCP endp

CVE-2026-5381 - An issue that could expose task information outside of the authorized organization scope has been re

CVE-2026-5380 - An issue that could allow an authorized user to view the clear-text secrets for a subset of credenti

CVE-2026-5379 - An issue that allowed MCP agents to access certificate information from outside of their authorized

CVE-2026-5378 - An issue that allowed administrators to create and update users outside of their authorized organiza

CVE-2026-5376 - An issue that could prevent session inactivity timeouts from triggering due to automatic page reload

CVE-2026-5375 - An issue that could allow a user with access to a credential to view sensitive fields through an API

CVE-2026-5374 - An issue that allowed MCP agents to access remediation and asset information from outside of the aut

CVE-2026-5373 - An issue that allowed all-organization administrators to promote accounts to superuser status has be

CVE-2026-5372 - An issue that allowed a SQL injection attack vector related to saved queries (introduced in version

CVE-2026-4740 - A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluste

CVE-2026-4292 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changel

CVE-2026-4277 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissio

CVE-2026-3902 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest`

CVE-2026-35485 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35484 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35483 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35481 - Rejected reason: Further research determined the issue does not satisfy the assignment rules.

CVE-2026-35480 - go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batte

CVE-2026-35464 - pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 adde

CVE-2026-35463 - pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, t

CVE-2026-35462 - Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with a

CVE-2026-35461 - Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webho

CVE-2026-35460 - Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional e

CVE-2026-35458 - Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/r

CVE-2026-35457 - libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.

CVE-2026-35405 - libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.

CVE-2026-33034 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests

CVE-2026-33033 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartPar

CVE-2026-30079 - In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE

CVE-2026-24660 - A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Co

CVE-2026-24450 - An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw

CVE-2026-21413 - A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of Lib

CVE-2026-20911 - A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw

CVE-2026-20889 - A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Co

CVE-2026-20884 - An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit

CVE-2025-62818 - An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990,

CVE-2025-52909 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2026-5627 - A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9

CVE-2026-35554 - A race condition in the Apache Kafka Java producer client’s buffer pool management can cause message

CVE-2026-5735 - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evi

CVE-2026-5734 - Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thun

CVE-2026-5733 - Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Fir

CVE-2026-5732 - Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability

CVE-2026-5731 - Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Fi

CVE-2026-3466 - Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 bef

CVE-2026-33866 - MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved m

CVE-2026-33865 - MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLm

CVE-2026-32144 - Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows O

CVE-2026-28808 - Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to

CVE-2026-23818 - A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Pr

CVE-2026-22679 - Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code exec

CVE-2026-22666 - Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerabili

CVE-2025-39666 - Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 befo

CVE-2021-4473 - Tianxin Internet Behavior Management System contains a command injection vulnerability in the Report

CVE-2026-31842 - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensi

CVE-2026-4420 - Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An aut

CVE-2026-34904 - Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allow

CVE-2026-34903 - Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured

CVE-2026-34899 - Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edi

CVE-2026-34896 - Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maint

CVE-2026-34197 - Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i

CVE-2026-33227 - Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Cli

CVE-2026-28810 - Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_

CVE-2026-3177 - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin

CVE-2026-5465 - The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Inse

CVE-2026-4079 - The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is con

CVE-2026-1900 - The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that all

CVE-2026-1114 - In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper acc

CVE-2025-15611 - The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_po

CVE-2026-1839 - A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows

CVE-2025-65116 - Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Ma

CVE-2025-65115 - Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desk

CVE-2026-0740 - The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to m

CVE-2026-20446 - In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to

CVE-2026-20433 - In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20432 - In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20431 - In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of

CVE-2026-5719 - A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown fu

CVE-2025-13044 - IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local u

CVE-2026-5705 - A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerabi

CVE-2026-5692 - A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGam

CVE-2026-5691 - A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s

CVE-2026-5690 - A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function

CVE-2026-5689 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the f

CVE-2026-5688 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the

CVE-2026-5709 - Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.1

CVE-2026-5708 - Unsanitized control of user-modifiable attributes in the session creation component in AWS Research

CVE-2026-5707 - Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and

CVE-2026-5687 - A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatSt

CVE-2026-5686 - A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the funct

CVE-2026-5685 - A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat

CVE-2026-5684 - A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fr

CVE-2026-35475 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken

CVE-2026-35474 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in

CVE-2026-35473 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w

CVE-2026-35471 - goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after

CVE-2026-35454 - The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.

CVE-2026-35452 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/clien

CVE-2026-35450 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpe

CVE-2026-35449 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagn

CVE-2026-35448 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin

CVE-2026-35444 - SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in s

CVE-2026-35442 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, a

CVE-2026-35441 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, D

CVE-2026-35413 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, w

CVE-2026-35412 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, D

CVE-2026-35411 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, D

CVE-2026-35410 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, a

CVE-2026-35409 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a

CVE-2026-35408 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, D

CVE-2026-35404 - Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey

CVE-2026-22675 - OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability

CVE-2026-5683 - A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function

CVE-2026-35472 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w

CVE-2026-35399 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allow

CVE-2026-35398 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w

CVE-2026-35396 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w

CVE-2026-35395 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para inst

CVE-2026-35394 - Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open

CVE-2026-35393 - goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload director

CVE-2026-35392 - goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go

CVE-2026-35391 - Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getCl

CVE-2026-35390 - Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the rever

CVE-2026-35389 - Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME si

CVE-2026-35213 - @hapi/content provided HTTP Content-* headers parsing. All versions of @hapi/content through 6.0.0 a

CVE-2026-35208 - lichess.org is the forever free, adless and open source chess server. Any approved streamer can inje

CVE-2026-34972 - OpenFGA is a high-performance and flexible authorization/permission engine built for developers and

CVE-2025-54601 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exyno

CVE-2026-5682 - A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an u

CVE-2026-5681 - A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown f

CVE-2026-5679 - A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted e

CVE-2026-35459 - pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, p

CVE-2026-35203 - ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cp

CVE-2026-35201 - Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before

CVE-2026-35200 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-35199 - SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to befor

CVE-2026-35197 - dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye templa

CVE-2026-35187 - pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, t

CVE-2026-35185 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-st

CVE-2026-35184 - EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerab

CVE-2026-35183 - Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerab

CVE-2026-35182 - Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check

CVE-2026-35181 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configurat

CVE-2026-35180 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization end

CVE-2026-35179 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher p

CVE-2026-35178 - Workbench is a suite of tools for administrators and developers to interact with Salesforce.com orga

CVE-2026-35176 - openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read

CVE-2026-35172 - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distr

CVE-2026-35170 - openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read

CVE-2026-35022 - Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in auth

CVE-2026-35021 - Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the

CVE-2026-35020 - Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the

CVE-2025-57834 - An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850,

CVE-2025-54602 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2025-54328 - An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980

CVE-2026-5678 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the

CVE-2026-5677 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the functi

CVE-2026-5676 - A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the functio

CVE-2026-33817 - Rejected reason: CVE confirmed to be a false positive

CVE-2026-0049 - In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due

CVE-2025-58349 - An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980,

CVE-2025-54324 - An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980

CVE-2025-48651 - In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be re

CVE-2026-5675 - A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknow

CVE-2026-5672 - A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this iss

CVE-2026-5671 - A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291

CVE-2026-35470 - OpenSTAManager is an open source management software for technical assistance and invoicing. Prior t

CVE-2026-35209 - defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5,

CVE-2026-35177 - Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's

CVE-2026-35175 - Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using

CVE-2026-35174 - Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability

CVE-2026-35173 - Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issu

CVE-2026-35171 - Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging confi

CVE-2026-35167 - Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() meth

CVE-2026-35166 - Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default

CVE-2026-35164 - Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in

CVE-2026-35052 - D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data st

CVE-2026-35050 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35047 - Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CK

CVE-2026-35046 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-35045 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-35044 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-35043 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-30613 - An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth

CVE-2025-61166 - An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious

CVE-2025-59440 - An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 98

CVE-2025-57835 - An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980

CVE-2026-5670 - A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e62

CVE-2026-5669 - A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291

CVE-2026-5668 - A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4

CVE-2026-35042 - fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not

CVE-2026-35039 - fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a

CVE-2026-35037 - Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, t

CVE-2026-35036 - Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, E

CVE-2026-35035 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-35030 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.

CVE-2026-35029 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.

CVE-2026-34992 - Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.

CVE-2026-34989 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34986 - Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards

CVE-2026-34981 - The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileServi

CVE-2026-34977 - Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a us

CVE-2026-34976 - Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin muta

CVE-2026-34975 - Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header inject

CVE-2026-34841 - Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a