CVE-2026-34899 - Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edi

CVE-2026-34896 - Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maint

CVE-2026-34197 - Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i

CVE-2026-33227 - Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Cli

CVE-2026-28810 - Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_

CVE-2026-3177 - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin

CVE-2026-5465 - The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Inse

CVE-2026-4079 - The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is con

CVE-2026-1900 - The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that all

CVE-2026-1114 - In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper acc

CVE-2025-15611 - The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_po

CVE-2026-1839 - A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows

CVE-2025-65116 - Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Ma

CVE-2025-65115 - Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desk

CVE-2026-0740 - The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to m

CVE-2026-20446 - In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to

CVE-2026-20433 - In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20432 - In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20431 - In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of

CVE-2026-5719 - A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown fu

CVE-2025-13044 - IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local u

CVE-2026-5705 - A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerabi

CVE-2026-5692 - A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGam

CVE-2026-5691 - A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s

CVE-2026-5690 - A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function

CVE-2026-5689 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the f

CVE-2026-5688 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the

CVE-2026-5709 - Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.1

CVE-2026-5708 - Unsanitized control of user-modifiable attributes in the session creation component in AWS Research

CVE-2026-5707 - Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and

CVE-2026-5687 - A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatSt

CVE-2026-5686 - A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the funct

CVE-2026-5685 - A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat

CVE-2026-5684 - A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fr

CVE-2026-35475 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken

CVE-2026-35474 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in

CVE-2026-35473 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w

CVE-2026-35471 - goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after

CVE-2026-35454 - The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.

CVE-2026-35452 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/clien

CVE-2026-35450 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpe

CVE-2026-35449 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagn

CVE-2026-35448 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin

CVE-2026-35444 - SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in s

CVE-2026-35442 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, a

CVE-2026-35441 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, D

CVE-2026-35413 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, w

CVE-2026-35412 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, D

CVE-2026-35411 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, D

CVE-2026-35410 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, a

CVE-2026-35409 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a

CVE-2026-35408 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, D

CVE-2026-35404 - Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey

CVE-2026-22675 - OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability

CVE-2026-5683 - A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function

CVE-2026-35472 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w

CVE-2026-35399 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allow

CVE-2026-35398 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w

CVE-2026-35396 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w

CVE-2026-35395 - WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para inst

CVE-2026-35394 - Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open

CVE-2026-35393 - goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload director

CVE-2026-35392 - goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go

CVE-2026-35391 - Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getCl

CVE-2026-35390 - Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the rever

CVE-2026-35389 - Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME si

CVE-2026-35213 - @hapi/content provided HTTP Content-* headers parsing. All versions of @hapi/content through 6.0.0 a

CVE-2026-35208 - lichess.org is the forever free, adless and open source chess server. Any approved streamer can inje

CVE-2026-34972 - OpenFGA is a high-performance and flexible authorization/permission engine built for developers and

CVE-2025-54601 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exyno

CVE-2026-5682 - A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an u

CVE-2026-5681 - A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown f

CVE-2026-5679 - A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted e

CVE-2026-35459 - pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, p

CVE-2026-35203 - ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cp

CVE-2026-35201 - Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before

CVE-2026-35200 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-35199 - SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to befor

CVE-2026-35197 - dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye templa

CVE-2026-35187 - pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, t

CVE-2026-35185 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-st

CVE-2026-35184 - EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerab

CVE-2026-35183 - Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerab

CVE-2026-35182 - Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check

CVE-2026-35181 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configurat

CVE-2026-35180 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization end

CVE-2026-35179 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher p

CVE-2026-35178 - Workbench is a suite of tools for administrators and developers to interact with Salesforce.com orga

CVE-2026-35176 - openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read

CVE-2026-35172 - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distr

CVE-2026-35170 - openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read

CVE-2026-35022 - Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in auth

CVE-2026-35021 - Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the

CVE-2026-35020 - Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the

CVE-2025-57834 - An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850,

CVE-2025-54602 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2025-54328 - An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980

CVE-2026-5678 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the

CVE-2026-5677 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the functi

CVE-2026-5676 - A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the functio

CVE-2026-33817 - Rejected reason: CVE confirmed to be a false positive

CVE-2026-0049 - In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due

CVE-2025-58349 - An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980,

CVE-2025-54324 - An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980

CVE-2025-48651 - In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be re

CVE-2026-5675 - A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknow

CVE-2026-5672 - A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this iss

CVE-2026-5671 - A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291

CVE-2026-35470 - OpenSTAManager is an open source management software for technical assistance and invoicing. Prior t

CVE-2026-35209 - defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5,

CVE-2026-35177 - Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's

CVE-2026-35175 - Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using

CVE-2026-35174 - Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability

CVE-2026-35173 - Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issu

CVE-2026-35171 - Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging confi

CVE-2026-35167 - Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() meth

CVE-2026-35166 - Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default

CVE-2026-35164 - Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in

CVE-2026-35052 - D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data st

CVE-2026-35050 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35047 - Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CK

CVE-2026-35046 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-35045 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-35044 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-35043 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-30613 - An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth

CVE-2025-61166 - An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious

CVE-2025-59440 - An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 98

CVE-2025-57835 - An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980

CVE-2026-5670 - A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e62

CVE-2026-5669 - A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291

CVE-2026-5668 - A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4

CVE-2026-35042 - fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not

CVE-2026-35039 - fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a

CVE-2026-35037 - Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, t

CVE-2026-35036 - Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, E

CVE-2026-35035 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-35030 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.

CVE-2026-35029 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.

CVE-2026-34992 - Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.

CVE-2026-34989 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34986 - Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards

CVE-2026-34981 - The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileServi

CVE-2026-34977 - Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a us

CVE-2026-34976 - Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin muta

CVE-2026-34975 - Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header inject

CVE-2026-34841 - Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a

CVE-2026-34783 - Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal v

CVE-2026-31313 - An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of F

CVE-2026-5704 - A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious

CVE-2026-5666 - A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some

CVE-2026-5665 - A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this

CVE-2026-34982 - Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypas

CVE-2026-34969 - Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth

CVE-2026-34951 - Workbench is a suite of tools for administrators and developers to interact with Salesforce.com orga

CVE-2026-34950 - fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMa

CVE-2026-34940 - KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() f

CVE-2026-34764 - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C

CVE-2026-34756 - vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.

CVE-2026-34755 - vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.

CVE-2026-34753 - vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19

CVE-2026-34589 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34588 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34444 - Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is

CVE-2026-34402 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason:

CVE-2026-34380 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34379 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34378 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34217 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability ex

CVE-2026-34211 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains

CVE-2026-34208 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to

CVE-2026-34148 - Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1

CVE-2026-33752 - curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to

CVE-2026-33727 - Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.

CVE-2026-33405 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-31354 - Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module o

CVE-2026-31353 - An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS

CVE-2026-31352 - An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Fe

CVE-2026-31351 - An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of F

CVE-2026-31350 - An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attacker

CVE-2026-21382 - Memory Corruption when handling power management requests with improperly sized input/output buffers

CVE-2026-21381 - Transient DOS when receiving a service data frame with excessive length during device matching over

CVE-2026-21380 - Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

CVE-2026-21378 - Memory Corruption when accessing an output buffer without validating its size during IOCTL processin

CVE-2026-21376 - Memory Corruption when accessing an output buffer without validating its size during IOCTL processin

CVE-2026-21375 - Memory Corruption when accessing an output buffer without validating its size during IOCTL processin

CVE-2026-21374 - Memory Corruption when processing auxiliary sensor input/output control commands with insufficient b

CVE-2026-21373 - Memory Corruption when accessing an output buffer without validating its size during IOCTL processin

CVE-2026-21372 - Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

CVE-2026-21371 - Memory Corruption when retrieving output buffer with insufficient size validation.

CVE-2026-21367 - Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes durin

CVE-2025-47400 - Cryptographic issue while copying data to a destination buffer without validating its size.

CVE-2025-47392 - Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

CVE-2025-47391 - Memory corruption while processing a frame request from user.

CVE-2025-47390 - Memory corruption while preprocessing IOCTL request in JPEG driver.

CVE-2025-47389 - Memory corruption when buffer copy operation fails due to integer overflow during attestation report

CVE-2025-47374 - Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal hand

CVE-2024-14032 - Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileg

CVE-2026-5664 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-30078. Reason:

CVE-2026-5663 - A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnR

CVE-2026-5661 - A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component N

CVE-2026-34897 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-34885 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-33540 - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pu

CVE-2026-33510 - Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerab

CVE-2026-33406 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-33404 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-33403 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-32602 - Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.

CVE-2026-31153 - A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arb

CVE-2026-31151 - An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verificatio

CVE-2026-31150 - Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shippi

CVE-2026-31067 - A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Ag

CVE-2026-31066 - UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDate

CVE-2026-31065 - UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand pa

CVE-2026-31063 - UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools p

CVE-2026-31062 - UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename para

CVE-2026-31061 - UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timesta

CVE-2026-31060 - UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes p

CVE-2026-31059 - A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive Hi

CVE-2026-31058 - UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRan

CVE-2026-31053 - A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(

CVE-2026-29047 - GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, a

CVE-2026-26263 - GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenti

CVE-2026-26027 - GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenti

CVE-2026-26026 - GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template inje

CVE-2026-25932 - GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticat

CVE-2026-5660 - A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted elem

CVE-2026-5659 - A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.l

CVE-2026-30078 - OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or

CVE-2026-3524 - Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authori

CVE-2026-5650 - A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is

CVE-2026-5649 - A vulnerability has been found in code-projects Online Application System for Admission 1.0. This is

CVE-2026-5648 - A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown

CVE-2026-5647 - A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of

CVE-2026-5646 - A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this iss

CVE-2026-5645 - A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerabilit

CVE-2026-5673 - A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AV

CVE-2026-5644 - A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e

CVE-2026-5643 - A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291

CVE-2026-5642 - A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291

CVE-2026-5641 - A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is

CVE-2026-5640 - A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected elemen

CVE-2026-5639 - A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown funct

CVE-2026-5638 - A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown

CVE-2026-5637 - A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerabilit

CVE-2026-37977 - A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) h

CVE-2026-5636 - A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unk

CVE-2026-5635 - A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by th

CVE-2026-5634 - A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerabili