CVE-2016-20062 - Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthent

CVE-2026-49742 - Backend users with file download permissions were able to download files from the fallback storage o

CVE-2026-49741 - Backend users with write access to the form_definition database table were able to directly create,

CVE-2026-49740 - TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP

CVE-2026-49738 - The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix compa

CVE-2026-47352 - Authenticated backend users were able to retrieve file metadata via several Backend API routes witho

CVE-2026-47351 - Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without prope

CVE-2026-47350 - Backend users were able to move records to a different page without having edit permissions on the s

CVE-2026-47349 - Backend users with access to the Recycler module were able to restore soft-deleted records on pages

CVE-2026-47348 - Editors with access to create or modify page content were able to include HTML markup in page titles

CVE-2026-47347 - Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to op

CVE-2026-47346 - Backend users with file write permissions were able to upload form definition files with mixed-case

CVE-2026-47343 - Non-privileged backend users with file mount access were able to perform write operations (move, del

CVE-2026-11607 - Backend users with access to the Form Framework were able to use files not ending in .form.yaml as f

CVE-2026-52902 - A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directiv

CVE-2026-4058 - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrat

CVE-2026-46749 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected ap

CVE-2026-46748 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected sy

CVE-2026-46747 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected ap

CVE-2026-46746 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application

CVE-2026-41031 - A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Bui

CVE-2026-24349 - A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC

CVE-2026-10731 - SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ fun

CVE-2025-40808 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP

CVE-2025-10263 - Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Co

CVE-2026-8677 - The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is

CVE-2026-8599 - The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for Word

CVE-2026-8365 - The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Executi

CVE-2026-7542 - The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in vers

CVE-2026-6899 - Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs

CVE-2026-49818 - The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destinat

CVE-2026-46315 - In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid i

CVE-2026-34905 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This iss

CVE-2026-34033 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apach

CVE-2026-34031 - Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects

CVE-2026-33582 - Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects

CVE-2026-28262 - Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Acces

CVE-2026-25699 - Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. T

CVE-2026-25688 - Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects

CVE-2026-11616 - The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in v

CVE-2009-10007 - Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixatio

CVE-2026-9698 - DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were

CVE-2026-5068 - A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host du

CVE-2026-44083 - An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagi

CVE-2026-41986 - Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability

CVE-2026-41985 - UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerab

CVE-2026-41984 - UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerab

CVE-2026-41983 - DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may a

CVE-2026-41982 - Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerabilit

CVE-2026-41981 - Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnera

CVE-2026-41977 - DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affe

CVE-2026-41976 - Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vul

CVE-2026-41974 - Permission control vulnerability in service notifications. Impact: Successful exploitation of this v

CVE-2026-41973 - Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may

CVE-2026-41972 - Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability m

CVE-2025-62858 - A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.

CVE-2026-8981 - The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_h

CVE-2026-5067 - A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket u

CVE-2026-4986 - The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal we

CVE-2026-41539 - A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system

CVE-2026-11572 - Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command In

CVE-2026-9662 - The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all v

CVE-2026-9185 - The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Control

CVE-2026-8977 - The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-8940 - The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8910 - The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8909 - The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

CVE-2026-8907 - The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up

CVE-2026-8904 - The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin

CVE-2026-8902 - The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver

CVE-2026-8895 - The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's

CVE-2026-8883 - The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-8882 - The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-8880 - The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'b

CVE-2026-8841 - The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-8499 - The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP

CVE-2026-7662 - The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '

CVE-2026-41980 - Permission control vulnerability in the file preview module. Impact: Successful exploitation of this

CVE-2026-41979 - Permission control vulnerability in the print module. Impact: Successful exploitation of this vulner

CVE-2026-41978 - Permission control vulnerability in the clone module. Impact: Successful exploitation of this vulner

CVE-2026-41975 - Permission management vulnerability in the network management module. Impact: Successful exploitatio

CVE-2026-41855 - In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageCon

CVE-2026-41854 - Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate

CVE-2026-41853 - Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected

CVE-2026-41852 - A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argu

CVE-2026-41851 - Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnera

CVE-2026-41850 - Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerabl

CVE-2026-41849 - An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (

CVE-2026-41848 - Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attack

CVE-2026-41847 - Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.

CVE-2026-41846 - Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyl

CVE-2026-41845 - Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code

CVE-2026-41844 - A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name

CVE-2026-41843 - Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static r

CVE-2026-41842 - Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving

CVE-2026-41841 - Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving

CVE-2026-41840 - Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multip

CVE-2026-41839 - A WebFlux application with a compromised subdomain (for example, compromised via cross-site scriptin

CVE-2026-41838 - IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, w

CVE-2026-41720 - Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a

CVE-2026-41715 - In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Ne

CVE-2026-41710 - An attacker can craft a large number of unique requests that trigger a failure, exhausting the capac

CVE-2026-41007 - Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker

CVE-2026-41006 - Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JS

CVE-2026-40984 - In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a

CVE-2026-40983 - In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a

CVE-2026-26236 - A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can

CVE-2026-11623 - A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free o

CVE-2026-11603 - The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site S

CVE-2026-10738 - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Foo

CVE-2026-10553 - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v

CVE-2026-10024 - The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'b

CVE-2026-7556 - The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-5714 - The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘

CVE-2026-11621 - A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpl

CVE-2026-11620 - A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function

CVE-2026-11619 - A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown

CVE-2026-11618 - A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function pr

CVE-2026-10862 - The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion b

CVE-2026-8795 - A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velocir

CVE-2026-44757 - SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially craft

CVE-2026-44755 - SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending par

CVE-2026-44754 - The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (OD

CVE-2026-44751 - Application server ABAP does not perform necessary authorization checks for an authenticated user al

CVE-2026-44750 - SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for au

CVE-2026-44748 - SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal

CVE-2026-44746 - Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet

CVE-2026-44744 - SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module com

CVE-2026-44743 - Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business O

CVE-2026-40128 - SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a

CVE-2026-27671 - Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP

CVE-2026-24315 - SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls o

CVE-2026-11701 - Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote

CVE-2026-11700 - Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had

CVE-2026-11699 - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacke

CVE-2026-11698 - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacke

CVE-2026-11697 - Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a

CVE-2026-11696 - Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote atta

CVE-2026-11695 - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote

CVE-2026-11694 - Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker w

CVE-2026-11693 - Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote at

CVE-2026-11692 - Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker w

CVE-2026-11691 - Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103

CVE-2026-11690 - Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remo

CVE-2026-11689 - Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remo

CVE-2026-11688 - Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attack

CVE-2026-11687 - Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to

CVE-2026-11686 - Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103

CVE-2026-11685 - Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed

CVE-2026-11684 - Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote

CVE-2026-11683 - Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to ex

CVE-2026-11682 - Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a re

CVE-2026-11681 - Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker

CVE-2026-11680 - Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacke

CVE-2026-11679 - Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attack

CVE-2026-11678 - Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who ha

CVE-2026-11677 - Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had co

CVE-2026-11676 - Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 1

CVE-2026-11675 - Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who ha

CVE-2026-11674 - Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to e

CVE-2026-11673 - Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker

CVE-2026-11672 - Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote att

CVE-2026-11671 - Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to p

CVE-2026-11670 - Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute

CVE-2026-11669 - Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote at

CVE-2026-11668 - Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a re

CVE-2026-11667 - Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who

CVE-2026-11666 - Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed

CVE-2026-11665 - Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote atta

CVE-2026-11664 - Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to pot

CVE-2026-11663 - Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had co

CVE-2026-11662 - Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to exe

CVE-2026-11661 - Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacke

CVE-2026-11660 - Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103

CVE-2026-11659 - Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker t

CVE-2026-11658 - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 al

CVE-2026-11657 - Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker

CVE-2026-11656 - Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who con

CVE-2026-11655 - Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker

CVE-2026-11654 - Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote att

CVE-2026-11653 - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote

CVE-2026-11652 - Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who

CVE-2026-11651 - Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to exec

CVE-2026-11650 - Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute a

CVE-2026-11649 - Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute a

CVE-2026-11648 - Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote at

CVE-2026-11647 - Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote atta

CVE-2026-11646 - Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker

CVE-2026-11645 - Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacke

CVE-2026-11644 - Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who co

CVE-2026-11643 - Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execut

CVE-2026-11642 - Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who ha

CVE-2026-11641 - Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote att

CVE-2026-11640 - Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who ha

CVE-2026-11639 - Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attac

CVE-2026-11638 - Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to pot

CVE-2026-11637 - Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to

CVE-2026-11636 - Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote atta

CVE-2026-11635 - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacke

CVE-2026-11634 - Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attac

CVE-2026-11633 - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacke

CVE-2026-11632 - Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who co

CVE-2026-11631 - Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker

CVE-2026-11630 - Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to p

CVE-2026-11629 - Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potent

CVE-2026-11628 - Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potenti

CVE-2026-9669 - bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught th

CVE-2026-44541 - Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5,

CVE-2026-40215 - A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attacker

CVE-2026-11585 - A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an

CVE-2026-49141 - WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine

CVE-2026-47345 - Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the

CVE-2026-47344 - When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not

CVE-2026-46484 - Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Head

CVE-2026-40519 - Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticate

CVE-2026-35058 - Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6

CVE-2026-11584 - A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unk

CVE-2026-11583 - A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects a

CVE-2026-11582 - A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is

CVE-2026-52778 - YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability e

CVE-2026-46490 - samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template su

CVE-2026-46486 - MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find

CVE-2026-11559 - A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of th

CVE-2026-11558 - A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is

CVE-2026-11557 - A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function f

CVE-2026-11393 - Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI be

CVE-2026-10787 - Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated l

CVE-2026-10786 - Improper access control in the ticketing integration settings in Devolutions Server allows an authen

CVE-2026-10544 - Improper neutralization of special elements in the built-in PAM provider password rotation templates

CVE-2026-8913 - A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 du

CVE-2026-11556 - A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWrit

CVE-2026-11555 - A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown pro

CVE-2026-11554 - A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown cod

CVE-2026-11553 - A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function form

CVE-2026-11552 - A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and

CVE-2026-48507 - Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows

CVE-2026-46481 - OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigg

CVE-2026-46314 - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync

CVE-2026-46313 - In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error po

CVE-2026-46312 - In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags

CVE-2026-46311 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to

CVE-2026-46310 - In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL

CVE-2026-46309 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PA

CVE-2026-46308 - In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-aft

CVE-2026-46307 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access arra

CVE-2026-46306 - In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect

CVE-2026-46305 - In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: os_dep: avo

CVE-2026-46304 - In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq

CVE-2026-46303 - In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE c

CVE-2026-46302 - In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens o