CVE-2026-39841 - Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikim

CVE-2026-39840 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-39839 - Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikim

CVE-2026-39838 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-39837 - Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiW

CVE-2026-39395 - Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3,

CVE-2026-39382 - dbt enables data analysts and engineers to transform their data using the same practices that softwa

CVE-2026-39381 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-39380 - Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter

CVE-2026-39376 - FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches

CVE-2026-39374 - Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint

CVE-2026-39373 - JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an u

CVE-2026-39371 - RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported

CVE-2026-39370 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json

CVE-2026-39369 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderRecei

CVE-2026-39368 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log call

CVE-2026-39367 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG (Electronic P

CVE-2026-39366 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler

CVE-2026-39365 - Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, t

CVE-2026-39364 - Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vi

CVE-2026-39363 - Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, i

CVE-2026-39361 - OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment

CVE-2026-39356 - Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escape

CVE-2026-39322 - PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/

CVE-2026-32864 - There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_fr

CVE-2026-32863 - There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_contex

CVE-2026-32862 - There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitReso

CVE-2026-32861 - There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LV

CVE-2026-32860 - There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LV

CVE-2025-69515 - An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the inf

CVE-2025-56015 - In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.

CVE-2025-14859 - The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to

CVE-2025-14858 - The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disc

CVE-2025-14857 - An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early v

CVE-2026-5762 - Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki

CVE-2026-5736 - A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the

CVE-2026-39360 - RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a mi

CVE-2026-39355 - Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnera

CVE-2026-39354 - Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated author

CVE-2026-39351 - Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unres

CVE-2026-39349 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-39348 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-39347 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-39346 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-39345 - OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open

CVE-2026-22711 - Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki

CVE-2025-71058 - Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that th

CVE-2026-39344 - ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Sit

CVE-2026-39343 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability

CVE-2026-39342 - ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via Q

CVE-2026-39341 - ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable

CVE-2026-39340 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability

CVE-2026-39339 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication byp

CVE-2026-39338 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site S

CVE-2026-39337 - ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication re

CVE-2026-39336 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting

CVE-2026-39335 - ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group r

CVE-2026-39334 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39333 - ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint

CVE-2026-39332 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripti

CVE-2026-39331 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can

CVE-2026-39330 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39329 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39328 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting

CVE-2026-39327 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39326 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39325 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability

CVE-2026-39324 - Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Ses

CVE-2026-39323 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason:

CVE-2026-39321 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-39319 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection v

CVE-2026-39318 - ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection

CVE-2026-39317 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason:

CVE-2026-35576 - ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting

CVE-2026-35575 - ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting

CVE-2026-35573 - ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability

CVE-2026-35572 - ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger serv

CVE-2026-31272 - MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/

CVE-2026-31271 - megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition func

CVE-2026-24175 - NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash

CVE-2026-24174 - NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash

CVE-2026-24173 - NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash

CVE-2026-24156 - NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted da

CVE-2026-24147 - NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause

CVE-2026-24146 - NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a la

CVE-2026-22682 - OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in fi

CVE-2026-22680 - OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling

CVE-2026-4631 - Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface t

CVE-2026-39384 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212,

CVE-2026-39316 - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.

CVE-2026-39314 - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.

CVE-2026-39312 - SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier,

CVE-2026-39308 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpo

CVE-2026-39307 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feat

CVE-2026-39306 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow ext

CVE-2026-39305 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains

CVE-2026-35615 - PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath()

CVE-2026-35614 - Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL in

CVE-2026-35613 - coursevault-preview is a utility for previewing course material files from a configured directory. c

CVE-2026-35611 - Addressable is an alternative implementation to the URI implementation that is part of Ruby's standa

CVE-2026-35610 - PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPass

CVE-2026-35608 - QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exi

CVE-2026-35607 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35606 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35605 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35604 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35592 - pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _sa

CVE-2026-35586 - pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADM

CVE-2026-35585 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-35584 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212,

CVE-2026-35583 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint

CVE-2026-35581 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class co

CVE-2026-35580 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files

CVE-2026-35578 - Rejected reason: This CVE is a duplicate of another CVE.** REJECT ** DO NOT USE THIS CANDIDATE NUMB

CVE-2026-35574 - ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting

CVE-2026-35523 - Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vu

CVE-2026-32588 - Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise quer

CVE-2026-27315 - Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information,

CVE-2026-27314 - Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator all

CVE-2026-23696 - Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the fo

CVE-2026-22683 - Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows u

CVE-2025-70844 - yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScrip

CVE-2025-14944 - The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up

CVE-2025-14821 - A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security down

CVE-2024-36058 - The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injec

CVE-2026-5745 - A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing l

CVE-2026-5359 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-4931 - Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt posit

CVE-2026-35571 - Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates

CVE-2026-35567 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason:

CVE-2026-35566 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39319. Reason:

CVE-2026-35534 - ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting

CVE-2026-35526 - Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's We

CVE-2026-35521 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35520 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35519 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35518 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35517 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35516 - LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update an

CVE-2026-35515 - Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStr

CVE-2026-35492 - Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in ke

CVE-2026-35491 - FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web inte

CVE-2026-35490 - changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login

CVE-2026-35489 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-35488 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-35487 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35486 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-33816 - Memory-safety vulnerability in github.com/jackc/pgx/v5.

CVE-2026-33815 - Memory-safety vulnerability in github.com/jackc/pgx/v5.

CVE-2026-30460 - Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE

CVE-2026-1079 - A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions

CVE-2026-1078 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automatio

CVE-2025-52908 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2025-24819 - Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validatio

CVE-2025-24818 - Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralizat

CVE-2025-24817 - Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralizat

CVE-2024-36057 - Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leadi

CVE-2026-5384 - An issue that could allow a credential to be updated and used for a task from outside of the authori

CVE-2026-5383 - An issue that could allow access to Explorer groups from outside of the authorized organization scop

CVE-2026-5382 - An issue that could expose records outside of the authorized organization scope through the MCP endp

CVE-2026-5381 - An issue that could expose task information outside of the authorized organization scope has been re

CVE-2026-5380 - An issue that could allow an authorized user to view the clear-text secrets for a subset of credenti

CVE-2026-5379 - An issue that allowed MCP agents to access certificate information from outside of their authorized

CVE-2026-5378 - An issue that allowed administrators to create and update users outside of their authorized organiza

CVE-2026-5376 - An issue that could prevent session inactivity timeouts from triggering due to automatic page reload

CVE-2026-5375 - An issue that could allow a user with access to a credential to view sensitive fields through an API

CVE-2026-5374 - An issue that allowed MCP agents to access remediation and asset information from outside of the aut

CVE-2026-5373 - An issue that allowed all-organization administrators to promote accounts to superuser status has be

CVE-2026-5372 - An issue that allowed a SQL injection attack vector related to saved queries (introduced in version

CVE-2026-4740 - A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluste

CVE-2026-4292 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changel

CVE-2026-4277 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissio

CVE-2026-3902 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest`

CVE-2026-35485 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35484 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35483 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.

CVE-2026-35481 - Rejected reason: Further research determined the issue does not satisfy the assignment rules.

CVE-2026-35480 - go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batte

CVE-2026-35464 - pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 adde

CVE-2026-35463 - pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, t

CVE-2026-35462 - Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with a

CVE-2026-35461 - Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webho

CVE-2026-35460 - Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional e

CVE-2026-35458 - Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/r

CVE-2026-35457 - libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.

CVE-2026-35405 - libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.

CVE-2026-33034 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests

CVE-2026-33033 - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartPar

CVE-2026-30079 - In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE

CVE-2026-24660 - A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Co

CVE-2026-24450 - An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw

CVE-2026-21413 - A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of Lib

CVE-2026-20911 - A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw

CVE-2026-20889 - A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Co

CVE-2026-20884 - An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit

CVE-2025-62818 - An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990,

CVE-2025-52909 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2026-5627 - A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9

CVE-2026-35554 - A race condition in the Apache Kafka Java producer client’s buffer pool management can cause message

CVE-2026-5735 - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evi

CVE-2026-5734 - Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thun

CVE-2026-5733 - Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Fir

CVE-2026-5732 - Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability

CVE-2026-5731 - Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Fi

CVE-2026-3466 - Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 bef

CVE-2026-33866 - MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved m

CVE-2026-33865 - MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLm

CVE-2026-32144 - Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows O

CVE-2026-28808 - Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to

CVE-2026-23818 - A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Pr

CVE-2026-22679 - Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code exec

CVE-2026-22666 - Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerabili

CVE-2025-39666 - Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 befo

CVE-2021-4473 - Tianxin Internet Behavior Management System contains a command injection vulnerability in the Report

CVE-2026-31842 - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensi

CVE-2026-4420 - Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An aut

CVE-2026-34904 - Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allow

CVE-2026-34903 - Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured

CVE-2026-34899 - Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edi

CVE-2026-34896 - Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maint

CVE-2026-34197 - Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i

CVE-2026-33227 - Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Cli

CVE-2026-28810 - Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_

CVE-2026-3177 - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin

CVE-2026-5465 - The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Inse

CVE-2026-4079 - The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is con

CVE-2026-1900 - The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that all

CVE-2026-1114 - In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper acc

CVE-2025-15611 - The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_po

CVE-2026-1839 - A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows

CVE-2025-65116 - Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Ma

CVE-2025-65115 - Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desk

CVE-2026-0740 - The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to m

CVE-2026-20446 - In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to

CVE-2026-20433 - In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20432 - In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20431 - In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of

CVE-2026-5719 - A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown fu

CVE-2025-13044 - IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local u

CVE-2026-5705 - A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerabi

CVE-2026-5692 - A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGam

CVE-2026-5691 - A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s

CVE-2026-5690 - A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function

CVE-2026-5689 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the f

CVE-2026-5688 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the

CVE-2026-5709 - Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.1

CVE-2026-5708 - Unsanitized control of user-modifiable attributes in the session creation component in AWS Research

CVE-2026-5707 - Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and

CVE-2026-5687 - A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatSt

CVE-2026-5686 - A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the funct