CVE-2026-5904 - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a use

CVE-2026-5903 - Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who

CVE-2026-5902 - Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had c

CVE-2026-5901 - Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attac

CVE-2026-5900 - Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypa

CVE-2026-5899 - Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowe

CVE-2026-5898 - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att

CVE-2026-5897 - Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5896 - Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinc

CVE-2026-5895 - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att

CVE-2026-5894 - Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5893 - Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit

CVE-2026-5892 - Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote att

CVE-2026-5891 - Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo

CVE-2026-5890 - Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potent

CVE-2026-5889 - Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read pot

CVE-2026-5888 - Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to

CVE-2026-5887 - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7

CVE-2026-5886 - Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attac

CVE-2026-5885 - Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.

CVE-2026-5884 - Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed

CVE-2026-5883 - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5882 - Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5881 - Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5880 - Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo

CVE-2026-5879 - Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 a

CVE-2026-5878 - Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to

CVE-2026-5877 - Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ex

CVE-2026-5876 - Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a rem

CVE-2026-5875 - Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform

CVE-2026-5874 - Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who co

CVE-2026-5873 - Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5872 - Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5871 - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5870 - Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut

CVE-2026-5869 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o

CVE-2026-5868 - Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attack

CVE-2026-5867 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o

CVE-2026-5866 - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5865 - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5864 - Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker t

CVE-2026-5863 - Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5862 - Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5861 - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5860 - Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut

CVE-2026-5859 - Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5858 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to e

CVE-2026-5810 - A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown funct

CVE-2026-5808 - A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae63405933

CVE-2026-5806 - A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unkn

CVE-2026-5711 - The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 's

CVE-2026-40037 - OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetc

CVE-2026-40036 - Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py

CVE-2026-40035 - Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that en

CVE-2026-40032 - UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in t

CVE-2026-40031 - MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-l

CVE-2026-40030 - parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path ar

CVE-2026-40029 - parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file p

CVE-2026-40028 - Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML repo

CVE-2026-40027 - ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerabili

CVE-2026-40026 - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem

CVE-2026-40025 - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem ke

CVE-2026-40024 - The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an

CVE-2026-39901 - monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a tra

CVE-2026-5805 - A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an

CVE-2026-5803 - A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f38934

CVE-2026-5451 - The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-5436 - The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to

CVE-2026-39892 - cryptography is a package designed to expose cryptographic primitives and recipes to Python develope

CVE-2026-39891 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function

CVE-2026-39890 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method

CVE-2026-39889 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream serv

CVE-2026-39888 - PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.p

CVE-2026-39885 - FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the m

CVE-2026-39883 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2

CVE-2026-39882 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters

CVE-2026-39881 - Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerabilit

CVE-2026-39860 - Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allow

CVE-2026-39844 - NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward

CVE-2026-39429 - kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and containe

CVE-2026-39416 - AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. P

CVE-2026-39415 - Frappe Learning Management System (LMS) is a learning system that helps users structure their conten

CVE-2026-39414 - MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEA

CVE-2026-5802 - A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of

CVE-2026-39880 - Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.

CVE-2026-39864 - Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an ou

CVE-2026-39863 - Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.

CVE-2026-39862 - Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code e

CVE-2026-39859 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3

CVE-2026-39413 - LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API

CVE-2026-39412 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4

CVE-2026-39411 - LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow

CVE-2026-39362 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DO

CVE-2026-35525 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3

CVE-2026-35479 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who hav

CVE-2026-35478 - InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authentica

CVE-2026-35477 - InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-2

CVE-2026-35476 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authe

CVE-2026-23869 - A denial of service vulnerability exists in React Server Components, affecting the following package

CVE-2026-39851 - Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, th

CVE-2026-35455 - immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStore

CVE-2026-35446 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35407 - Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a

CVE-2026-35403 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35401 - Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a m

CVE-2026-35400 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35169 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35165 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-34985 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-34837 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint

CVE-2026-34782 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the RE

CVE-2026-34724 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side te

CVE-2026-34723 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauth

CVE-2026-34722 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the us

CVE-2026-34721 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OA

CVE-2026-34720 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SS

CVE-2026-34719 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the we

CVE-2026-34718 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HT

CVE-2026-34392 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-34248 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in sha

CVE-2026-34166 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3

CVE-2026-33350 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-30818 - An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an au

CVE-2026-30817 - An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an

CVE-2026-30816 - An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows

CVE-2026-30815 - An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an au

CVE-2026-30814 - A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenti

CVE-2026-2942 - The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missin

CVE-2026-27806 - Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk e

CVE-2026-20709 - Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Serie

CVE-2026-0814 - The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due

CVE-2026-0811 - The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in a

CVE-2025-50673 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50672 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para

CVE-2025-50671 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para

CVE-2025-50670 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para

CVE-2025-50669 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to i

CVE-2025-50668 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50667 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50666 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of mult

CVE-2025-50665 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of inpu

CVE-2025-50664 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para

CVE-2025-50663 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50662 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50661 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of mult

CVE-2025-50660 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50659 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50657 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50655 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50654 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of th

CVE-2025-50653 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50652 - An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /savep

CVE-2025-50650 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of

CVE-2025-50649 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation

CVE-2025-50648 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validati

CVE-2025-50647 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of

CVE-2025-50646 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input valida

CVE-2025-50645 - A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflo

CVE-2025-50644 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of us

CVE-2025-30650 - A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networ

CVE-2026-33756 - Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Sal

CVE-2026-33466 - Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitra

CVE-2026-33459 - Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Al

CVE-2026-33458 - Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An

CVE-2026-32591 - A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administr

CVE-2026-32590 - A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p

CVE-2026-32589 - A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push a

CVE-2025-52222 - D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200

CVE-2025-52221 - Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the func

CVE-2025-45059 - D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the t

CVE-2025-45058 - D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the j

CVE-2025-45057 - D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the i

CVE-2026-4837 - An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions cou

CVE-2026-4498 - Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can le

CVE-2026-33461 - Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (

CVE-2026-33460 - Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privi

CVE-2026-31017 - A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNe

CVE-2026-30080 - OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configurati

CVE-2026-30075 - OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport

CVE-2026-2377 - A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by provi

CVE-2025-57175 - Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root passwor

CVE-2025-14243 - A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, rem

CVE-2023-46945 - QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request

CVE-2026-33753 - rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161.

CVE-2026-33229 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of

CVE-2026-31040 - A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-s

CVE-2026-39865 - Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and pri

CVE-2026-39410 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39409 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39408 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39407 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-39406 - @hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling

CVE-2026-39394 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39393 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39392 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39391 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39390 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-39389 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-5795 - In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two Th

CVE-2026-35023 - Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulner

CVE-2026-31411 - In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unva

CVE-2026-2509 - The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2025-58713 - A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images

CVE-2025-57854 - A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. T

CVE-2025-57853 - A container privilege escalation flaw was found in certain Web Terminal images. This issue stems fro

CVE-2025-57851 - A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images

CVE-2025-57847 - A container privilege escalation flaw was found in certain Ansible Automation Platform images. This

CVE-2025-14816 - Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 ver

CVE-2025-14815 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 1

CVE-2026-5600 - A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a sp

CVE-2026-5302 - CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers

CVE-2026-5301 - Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers t

CVE-2026-5300 - Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attacke

CVE-2026-4402 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-28261 - Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0

CVE-2026-27102 - Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, con

CVE-2026-24511 - Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, con

CVE-2026-5208 - Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to

CVE-2026-3396 - WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'po

CVE-2026-3243 - The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to in

CVE-2026-2481 - The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable t

CVE-2026-28264 - Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assign

CVE-2026-1865 - The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, Us

CVE-2026-1673 - The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for

CVE-2026-1672 - The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for

CVE-2026-4303 - The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Sit

CVE-2026-4300 - The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading

CVE-2026-4073 - The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' short

CVE-2026-4025 - The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'a

CVE-2026-39716 - Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Conf

CVE-2026-39715 - Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-l

CVE-2026-39714 - Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrect

CVE-2026-39713 - Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize

CVE-2026-39712 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDi

CVE-2026-39711 - Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions r

CVE-2026-39710 - Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions a

CVE-2026-39709 - Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-

CVE-2026-39708 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39707 - Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contac

CVE-2026-39706 - Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incor

CVE-2026-39705 - Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync all

CVE-2026-39704 - Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing –

CVE-2026-39703 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39702 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-39701 - Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configu

CVE-2026-39700 - Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured

CVE-2026-39699 - Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-li

CVE-2026-39698 - Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-a

CVE-2026-39697 - Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-n

CVE-2026-39696 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i