CVE-2026-34626 - Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Impr

CVE-2026-34622 - Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Impr

CVE-2026-27291 - InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerabil

CVE-2026-27286 - InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vuln

CVE-2026-27285 - InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vuln

CVE-2026-27284 - InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerabili

CVE-2026-27283 - InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability th

CVE-2026-27238 - InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vuln

CVE-2026-22692 - October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions

CVE-2026-5713 - The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "pyt

CVE-2026-4832 - CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to s

CVE-2026-39815 - A improper neutralization of special elements used in an sql command ('sql injection') vulnerability

CVE-2026-39814 - A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 thr

CVE-2026-39813 - A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSand

CVE-2026-39812 - A improper neutralization of input during web page generation ('cross-site scripting') vulnerability

CVE-2026-39811 - A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.

CVE-2026-39810 - A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 m

CVE-2026-39809 - A improper neutralization of special elements used in an sql command ('sql injection') vulnerability

CVE-2026-39808 - A improper neutralization of special elements used in an os command ('os command injection') vulnera

CVE-2026-38533 - An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows

CVE-2026-38532 - A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of

CVE-2026-38530 - A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of W

CVE-2026-38529 - A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Kr

CVE-2026-38528 - Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parame

CVE-2026-38527 - A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM

CVE-2026-38526 - An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul

CVE-2026-2405 - CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troublesho

CVE-2026-2404 - CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection

CVE-2026-2403 - CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Ev

CVE-2026-2402 - CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would al

CVE-2026-2401 - CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause conf

CVE-2026-2400 - CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could

CVE-2026-2399 - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability

CVE-2026-27316 - A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, F

CVE-2026-25691 - A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fo

CVE-2026-23708 - A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR Pa

CVE-2026-22828 - A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, Fort

CVE-2026-22576 - A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7

CVE-2026-22574 - A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7

CVE-2026-22573 - An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in F

CVE-2026-22155 - A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 thr

CVE-2026-22154 - An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit

CVE-2026-21742 - A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 thr

CVE-2026-21741 - An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fort

CVE-2025-68649 - An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in F

CVE-2025-65136 - In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/ad

CVE-2025-65135 - In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists

CVE-2025-65134 - In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability

CVE-2025-65133 - A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580.

CVE-2025-65132 - alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/e

CVE-2025-63939 - Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Manag

CVE-2025-61886 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit

CVE-2025-61848 - An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit

CVE-2025-61624 - An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerabi

CVE-2025-59809 - A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR Paa

CVE-2025-53847 - A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3

CVE-2024-23104 - An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6

CVE-2026-4914 - Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain l

CVE-2026-4913 - Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote auth

CVE-2026-4369 - A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete con

CVE-2026-4345 - A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Store

CVE-2026-4344 - A maliciously crafted HTML payload in a component name, when displayed during the delete confirmatio

CVE-2026-37980 - A flaw was found in Keycloak, specifically in the organization selection login page. A remote attack

CVE-2026-37602 - SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file

CVE-2026-37601 - SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file

CVE-2026-37600 - SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file

CVE-2026-37598 - SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (

CVE-2026-37597 - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection

CVE-2026-37596 - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection

CVE-2026-37595 - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection

CVE-2026-37594 - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection

CVE-2026-37593 - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection

CVE-2026-37592 - Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/

CVE-2026-37591 - Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file

CVE-2026-37590 - SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file

CVE-2026-37589 - SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file

CVE-2026-30480 - A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-2

CVE-2025-69993 - Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bind

CVE-2025-69893 - A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed

CVE-2025-61260 - A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution th

CVE-2026-31049 - An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code

CVE-2025-8095 - The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been

CVE-2025-7389 - A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authe

CVE-2026-5307 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-2450 - .NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Pri

CVE-2024-9168 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-2449 - Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in

CVE-2026-2332 - In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are u

CVE-2026-24069 - Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing dis

CVE-2025-13822 - MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not prote

CVE-2026-4109 - The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPres

CVE-2026-33929 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apac

CVE-2026-33892 - A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V

CVE-2026-31924 - Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls l

CVE-2026-31923 - Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due

CVE-2026-31908 - Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configu

CVE-2026-27668 - A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All

CVE-2026-25654 - A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not

CVE-2026-24032 - A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected ap

CVE-2025-40745 - A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter

CVE-2026-2582 - The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode executi

CVE-2026-3017 - The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPres

CVE-2026-4479 - The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to

CVE-2026-4059 - The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_q

CVE-2026-40315 - PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vuln

CVE-2026-40313 - PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows

CVE-2026-40289 - PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of prais

CVE-2026-40288 - PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of prais

CVE-2026-40287 - PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code

CVE-2026-1607 - The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-6264 - A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote co

CVE-2026-6227 - The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` paramet

CVE-2026-4388 - The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Ma

CVE-2026-34984 - External Secrets Operator reads information from a third-party service and automatically injects the

CVE-2026-4365 - The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing cap

CVE-2026-4352 - The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT)

CVE-2026-39426 - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross

CVE-2026-39425 - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross

CVE-2026-39419 - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated u

CVE-2026-34225 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. V

CVE-2026-39424 - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export fe

CVE-2026-39423 - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Inject

CVE-2026-39422 - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross

CVE-2026-39421 - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox esca

CVE-2026-39420 - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sand

CVE-2026-39418 - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network pr

CVE-2026-34264 - During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns spec

CVE-2026-34262 - Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

CVE-2026-34261 - Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authen

CVE-2026-34257 - Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated a

CVE-2026-34256 - Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an a

CVE-2026-40164 - jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used

CVE-2026-39417 - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete

CVE-2026-34069 - nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the A

CVE-2026-33948 - jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain

CVE-2026-27683 - SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject mal

CVE-2026-27681 - Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business

CVE-2026-27679 - Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Stru

CVE-2026-27678 - Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Struc

CVE-2026-27677 - Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), a

CVE-2026-27676 - Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Struct

CVE-2026-27675 - SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could a

CVE-2026-27674 - Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an

CVE-2026-27673 - Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authentic

CVE-2026-27672 - The Material Master application does not enforce authorization checks for authenticated users when e

CVE-2026-24318 - Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Pl

CVE-2026-0512 - Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF

CVE-2026-6203 - The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions u

CVE-2026-5086 - Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example,

CVE-2026-39979 - jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the

CVE-2026-39956 - jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the

CVE-2026-6224 - A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue

CVE-2026-6220 - A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function Se

CVE-2026-4786 - Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be by

CVE-2026-40312 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-40311 - ImageMagick is free and open-source software used for editing and manipulating digital images. Versi

CVE-2026-40310 - ImageMagick is free and open-source software used for editing and manipulating digital images. Versi

CVE-2026-40183 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-40169 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-34238 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-33947 - jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath

CVE-2026-33908 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-33905 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-33902 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-22566 - An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play

CVE-2026-22565 - An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Pl

CVE-2026-22564 - An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play

CVE-2026-22563 - A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious

CVE-2026-22562 - A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability

CVE-2026-6219 - A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function ch

CVE-2026-6218 - A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the fun

CVE-2026-6216 - A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function o

CVE-2026-33901 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-33900 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-33899 - ImageMagick is free and open-source software used for editing and manipulating digital images. In ve

CVE-2026-33740 - EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below,

CVE-2026-33659 - EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below,

CVE-2026-32272 - Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injec

CVE-2026-32271 - Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 th

CVE-2026-31280 - An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorize

CVE-2026-26460 - A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application f

CVE-2025-70936 - Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager mo

CVE-2025-51414 - In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered

CVE-2026-6215 - A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServer

CVE-2026-6202 - A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown fun

CVE-2026-6201 - A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknow

CVE-2026-33657 - EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below hav

CVE-2026-33534 - EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below hav

CVE-2026-32605 - nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the A

CVE-2026-32270 - Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 th

CVE-2026-31048 - An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code

CVE-2026-6200 - A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebty

CVE-2026-6199 - A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file

CVE-2026-6198 - A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticS

CVE-2026-6197 - A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset

CVE-2026-40044 - Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execu

CVE-2026-40043 - Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allo

CVE-2026-40042 - Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated att

CVE-2026-40041 - Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform ar

CVE-2026-40040 - Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to u

CVE-2026-40039 - Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to a

CVE-2026-40038 - Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute a

CVE-2026-29955 - The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to c

CVE-2026-6196 - A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the

CVE-2026-6195 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by thi

CVE-2026-6194 - A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is

CVE-2026-6100 - Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.G

CVE-2026-32316 - jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1

CVE-2026-28291 - simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1

CVE-2025-3756 - A vulnerability exists in the command handling of the IEC 61850 communication stack included in the

CVE-2026-6193 - A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an

CVE-2026-6192 - A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_i

CVE-2026-6191 - A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an u

CVE-2026-6190 - A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element i

CVE-2026-6189 - A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affect

CVE-2026-39940 - ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places

CVE-2026-36952 - Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/

CVE-2026-36950 - Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_

CVE-2026-36948 - Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/v

CVE-2026-33555 - An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received

CVE-2026-23891 - Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31

CVE-2026-6231 - The bson_validate function may return early on specific inputs and incorrectly report success. This

CVE-2026-6188 - A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unkn

CVE-2026-6187 - A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue a

CVE-2026-6186 - A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerabilit

CVE-2026-6184 - A weakness has been identified in code-projects Simple Content Management System 1.0. This affects a

CVE-2026-36938 - Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/ro

CVE-2026-36937 - Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/re

CVE-2026-34188 - Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command In

CVE-2026-34186 - Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injectio

CVE-2026-30813 - Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injectio

CVE-2026-30812 - Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site S

CVE-2026-30811 - Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpo

CVE-2026-30809 - Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command In

CVE-2026-30806 - Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command In

CVE-2026-30804 - Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file

CVE-2025-69627 - Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementati

CVE-2025-69624 - Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScr

CVE-2025-66769 - A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denia

CVE-2025-63743 - Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up an

CVE-2025-31991 - Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity

CVE-2026-6183 - A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected

CVE-2026-6182 - A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by th

CVE-2026-36945 - Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection

CVE-2026-36944 - Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection

CVE-2026-36943 - Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection

CVE-2026-36942 - Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms

CVE-2026-36941 - Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms

CVE-2026-33858 - Dag Authors, who normally should not be able to execute code in the webserver context could craft XC

CVE-2026-31283 - In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the t