CVE-2026-31282 - Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be

CVE-2026-31281 - Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM

CVE-2026-30999 - A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cau

CVE-2026-30998 - An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmp

CVE-2026-30997 - An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 all

CVE-2026-29628 - A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allow

CVE-2026-1462 - A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-con

CVE-2025-66236 - Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager

CVE-2026-36947 - Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection

CVE-2026-36946 - Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection

CVE-2026-31428 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: fix u

CVE-2026-31427 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fi

CVE-2026-31426 - In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on

CVE-2026-31425 - In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registrati

CVE-2026-31424 - In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: restrict x

CVE-2026-31423 - In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide

CVE-2026-31422 - In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_flow: fix NULL p

CVE-2026-31421 - In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL poi

CVE-2026-31420 - In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test i

CVE-2026-31419 - In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-fre

CVE-2026-31418 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logicall

CVE-2026-31417 - In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accu

CVE-2026-31416 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: accou

CVE-2026-31415 - In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6_da

CVE-2026-31414 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect:

CVE-2026-36923 - Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/booki

CVE-2026-36922 - Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/cate

CVE-2026-36920 - Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system

CVE-2026-36919 - Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/

CVE-2026-36874 - Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_stude

CVE-2026-36873 - Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin

CVE-2026-36872 - Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.

CVE-2026-34476 - Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue af

CVE-2026-6204 - LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability

CVE-2026-2728 - LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability

CVE-2026-35565 - Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Af

CVE-2026-35337 - Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6.

CVE-2025-15632 - A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of t

CVE-2026-4810 - A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) vers

CVE-2026-0234 - An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex

CVE-2026-0233 - A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager o

CVE-2026-0232 - A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a

CVE-2026-6168 - A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function set

CVE-2026-6167 - A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown

CVE-2026-6166 - A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0.

CVE-2026-5936 - An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to

CVE-2026-5085 - Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSes

CVE-2026-40436 - The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of

CVE-2026-3830 - The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape

CVE-2026-34866 - Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerab

CVE-2026-34865 - Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerab

CVE-2025-15441 - The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when

CVE-2026-6165 - A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnera

CVE-2026-6164 - A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affec

CVE-2026-6163 - A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by thi

CVE-2026-40447 - Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavi

CVE-2026-21014 - Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to acces

CVE-2026-21013 - Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to

CVE-2026-21012 - External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local

CVE-2026-21011 - Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allo

CVE-2026-21010 - Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to t

CVE-2026-21009 - Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical

CVE-2026-21008 - Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacke

CVE-2026-21007 - Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows phys

CVE-2026-21006 - Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to

CVE-2026-6162 - A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an

CVE-2026-6161 - A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown pa

CVE-2026-6160 - A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the functio

CVE-2026-6159 - A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerabi

CVE-2026-6158 - A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUbo

CVE-2026-40446 - Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source E

CVE-2026-35553 - Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability

CVE-2026-34864 - Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of

CVE-2026-34863 - Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulner

CVE-2026-34862 - Race condition vulnerability in the power consumption statistics module. Impact: Successful exploita

CVE-2026-34861 - Race condition vulnerability in the thermal management module. Impact: Successful exploitation of th

CVE-2026-34859 - UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will a

CVE-2026-34858 - UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability

CVE-2026-34857 - UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability

CVE-2026-34855 - Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vuln

CVE-2026-34854 - UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will a

CVE-2026-34849 - UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerabi

CVE-2026-25209 - Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This

CVE-2026-25208 - Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue af

CVE-2026-25207 - Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue

CVE-2026-25206 - Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This

CVE-2026-25205 - Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.

CVE-2026-21003 - Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 al

CVE-2026-6157 - A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function set

CVE-2026-6156 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects th

CVE-2026-6155 - A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function

CVE-2026-6154 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element i

CVE-2026-6153 - A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is

CVE-2026-34867 - Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vu

CVE-2026-34860 - Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerabili

CVE-2026-34856 - UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability

CVE-2026-34853 - Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerabi

CVE-2026-34852 - Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerab

CVE-2026-34851 - Race condition vulnerability in the event notification module. Impact: Successful exploitation of th

CVE-2026-34850 - Race condition vulnerability in the notification service. Impact: Successful exploitation of this vu

CVE-2026-28553 - Vulnerability of improper permission control in the theme setting module. Impact: Successful exploit

CVE-2026-6179 - Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run

CVE-2026-6152 - A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue a

CVE-2026-6151 - A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerabilit

CVE-2026-6150 - A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown p

CVE-2026-6149 - A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issu

CVE-2026-6148 - A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by th

CVE-2026-6143 - A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is

CVE-2026-6142 - A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf

CVE-2026-6141 - A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is

CVE-2026-6140 - A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function Upload

CVE-2026-6139 - A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function U

CVE-2026-25204 - Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows d

CVE-2026-6138 - A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function

CVE-2026-6137 - A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function

CVE-2026-6136 - A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the functio

CVE-2026-6135 - A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fro

CVE-2026-6134 - A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the

CVE-2026-6133 - A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeU

CVE-2026-6132 - A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is t

CVE-2026-6131 - A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability i

CVE-2026-6130 - A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransp

CVE-2026-6129 - A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unk

CVE-2026-40396 - Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after ti

CVE-2026-40395 - Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) f

CVE-2026-40394 - Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" d

CVE-2026-40393 - In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because

CVE-2026-40386 - In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote deco

CVE-2026-40385 - In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be u

CVE-2019-25713 - MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute

CVE-2019-25712 - BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allo

CVE-2019-25711 - SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attacker

CVE-2019-25710 - Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin d

CVE-2019-25709 - CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the applicatio

CVE-2019-25708 - Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attack

CVE-2019-25707 - eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to exec

CVE-2019-25706 - Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers

CVE-2019-25705 - Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash

CVE-2019-25703 - ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated

CVE-2019-25701 - Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user regis

CVE-2019-25699 - Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter

CVE-2019-25697 - CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipul

CVE-2019-25695 - R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary co

CVE-2019-25693 - ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to exe

CVE-2019-25691 - Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dial

CVE-2019-25689 - HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to exe

CVE-2018-25258 - RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows

CVE-2018-25257 - Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated

CVE-2017-20239 - MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitra

CVE-2026-6126 - A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is

CVE-2026-6125 - A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelH

CVE-2026-6124 - A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSa

CVE-2026-6123 - A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the fil

CVE-2026-6122 - A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7Pr

CVE-2026-6121 - A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function Wrlclien

CVE-2026-6120 - A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of t

CVE-2026-6119 - A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the func

CVE-2026-31413 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking

CVE-2026-6118 - A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp

CVE-2026-6117 - A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function insta

CVE-2026-6116 - A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects

CVE-2026-6115 - A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg

CVE-2026-6114 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the

CVE-2026-6113 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by thi

CVE-2026-6112 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function se

CVE-2026-6111 - A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the functi

CVE-2026-6110 - A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function ge

CVE-2026-1116 - A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollm

CVE-2026-6109 - A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the

CVE-2026-6108 - A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function exec

CVE-2026-6107 - A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of

CVE-2026-6106 - A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the functio

CVE-2026-6105 - A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an un

CVE-2026-31845 - A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and ear

CVE-2026-32146 - Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows a

CVE-2026-23900 - Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0

CVE-2026-5809 - The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and

CVE-2026-34621 - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control

CVE-2026-5226 - The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Si

CVE-2026-5217 - The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin f

CVE-2026-5207 - The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all v

CVE-2026-5144 - The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions

CVE-2026-4979 - The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for W

CVE-2026-4895 - The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cros

CVE-2026-3498 - The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clien

CVE-2026-3371 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure

CVE-2026-3358 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori

CVE-2026-5496 - Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability

CVE-2026-5495 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab

CVE-2026-5494 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab

CVE-2026-5493 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab

CVE-2026-5059 - aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability all

CVE-2026-5058 - aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remo

CVE-2026-5055 - NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerabil

CVE-2026-5054 - NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability

CVE-2026-5053 - NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability al

CVE-2026-4158 - KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerab

CVE-2026-4157 - ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vul

CVE-2026-4156 - ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability.

CVE-2026-4155 - ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulne

CVE-2026-4154 - GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow

CVE-2026-4153 - GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-4152 - GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-4151 - GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow

CVE-2026-4150 - GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow

CVE-2026-4149 - Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerabil

CVE-2026-40354 - Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash an

CVE-2026-3691 - OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote

CVE-2026-3690 - OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to b

CVE-2026-3689 - OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remot

CVE-2026-40199 - Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow

CVE-2026-40198 - Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP

CVE-2026-33119 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all

CVE-2026-33118 - Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-5724 - The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor

CVE-2026-40252 - FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (I

CVE-2026-40242 - Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.

CVE-2026-40194 - phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net

CVE-2026-40191 - ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.

CVE-2026-40190 - LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, th

CVE-2026-40189 - goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-

CVE-2026-40188 - goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command renam

CVE-2026-40185 - TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the

CVE-2026-40184 - TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requirin

CVE-2026-40180 - Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs gen

CVE-2026-40178 - ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.1

CVE-2026-40177 - ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.1

CVE-2026-40175 - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axi

CVE-2026-40168 - Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vu

CVE-2026-39922 - GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnera

CVE-2026-39921 - GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnera

CVE-2026-32252 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use

CVE-2026-30232 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use

CVE-2026-3446 - When calling base64.b64decode() or related functions the decoding process would stop after encounter

CVE-2026-33737 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use sim

CVE-2026-33736 - Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including

CVE-2026-33710 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are gene

CVE-2026-33708 - Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST

CVE-2026-33707 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password r

CVE-2026-33706 - Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST AP

CVE-2026-33705 - Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /mai

CVE-2026-33704 - Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including stu

CVE-2026-33703 - Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc

CVE-2026-33702 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a

CVE-2026-33698 - Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise

CVE-2026-33618 - Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController

CVE-2026-27460 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-5483 - A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard`

CVE-2026-40163 - Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5,

CVE-2026-40162 - Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability wa