CVE-2026-5484 - A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapt

CVE-2026-28798 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior

CVE-2026-25726 - Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the applicat

CVE-2026-3184 - A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when i

CVE-2026-2625 - A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a spec

CVE-2026-5476 - A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_V

CVE-2026-5475 - A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg

CVE-2026-32186 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate priv

CVE-2026-0545 - In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authen

CVE-2026-5474 - A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the

CVE-2026-5473 - A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.

CVE-2026-28373 - The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerabili

CVE-2026-5472 - A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd1

CVE-2026-5471 - A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is

CVE-2026-5470 - A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6

CVE-2026-35218 - Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Pa

CVE-2026-35216 - Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker c

CVE-2026-35214 - Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoi

CVE-2026-31818 - Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery

CVE-2026-31404 - In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup

CVE-2026-31403 - In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for th

CVE-2026-31402 - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv

CVE-2026-31401 - In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overfl

CVE-2026-31400 - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak

CVE-2026-31399 - In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use a

CVE-2026-31398 - In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix incorrect pte rest

CVE-2026-31397 - In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix use of NULL

CVE-2026-31396 - In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free a

CVE-2026-31395 - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_

CVE-2026-31394 - In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee8021

CVE-2026-31393 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CA

CVE-2026-31392 - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount wit

CVE-2026-31391 - In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM

CVE-2026-31390 - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_v

CVE-2026-31389 - In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on cont

CVE-2026-27124 - FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testi

CVE-2026-25118 - immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0

CVE-2026-25044 - Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step exec

CVE-2026-25043 - Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerabili

CVE-2026-23475 - In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation

CVE-2026-23474 - In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoo

CVE-2026-23473 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-23472 - In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop

CVE-2026-23471 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-23470 - In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix deadlock i

CVE-2026-23469 - In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize in

CVE-2026-23468 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry

CVE-2026-23467 - In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely N

CVE-2026-23466 - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Open-code GGTT MMIO acc

CVE-2026-23465 - In the Linux kernel, the following vulnerability has been resolved: btrfs: log new dentries when lo

CVE-2026-23464 - In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memor

CVE-2026-23463 - In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condi

CVE-2026-23462 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible U

CVE-2026-23461 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after

CVE-2026-23460 - In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dere

CVE-2026-23459 - In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_

CVE-2026-23458 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix use-a

CVE-2026-23457 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fi

CVE-2026-23456 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: f

CVE-2026-23455 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: c

CVE-2026-23454 - In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free i

CVE-2026-23453 - In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memo

CVE-2026-23452 - In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race conditi

CVE-2026-23451 - In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infi

CVE-2026-23450 - In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference a

CVE-2026-23449 - In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-fre

CVE-2026-23448 - In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffse

CVE-2026-23447 - In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffse

CVE-2026-23446 - In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perfor

CVE-2026-23445 - In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX t

CVE-2026-23444 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb

CVE-2026-23443 - In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous a

CVE-2026-23442 - In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev

CVE-2026-23441 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent a

CVE-2026-23440 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race condition d

CVE-2026-23439 - In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: fix NULL deref caus

CVE-2026-23438 - In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control

CVE-2026-23437 - In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read

CVE-2026-23436 - In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late

CVE-2026-23435 - In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move event pointer se

CVE-2026-23434 - In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/un

CVE-2026-23433 - In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Fix null pointer dere

CVE-2026-23432 - In the Linux kernel, the following vulnerability has been resolved: mshv: Fix use-after-free in msh

CVE-2026-23431 - In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory

CVE-2026-23430 - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS

CVE-2026-23429 - In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommu_s

CVE-2026-23428 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of sh

CVE-2026-23427 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in du

CVE-2025-68153 - Juju is an open source application orchestration engine that enables any application operation on an

CVE-2025-68152 - Juju is an open source application orchestration engine that enables any application operation on an

CVE-2025-64340 - FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server name

CVE-2026-5469 - A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the co

CVE-2026-26477 - An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of

CVE-2025-59711 - An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in

CVE-2025-59710 - An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is

CVE-2025-59709 - An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in

CVE-2026-5468 - A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInne

CVE-2026-28736 - ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving

CVE-2026-25773 - ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorpo

CVE-2026-23426 - In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node re

CVE-2026-23425 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register ini

CVE-2026-23424 - In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command

CVE-2026-23423 - In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in b

CVE-2026-23422 - In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt sto

CVE-2026-23421 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_resto

CVE-2026-23420 - In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug

CVE-2026-23419 - In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking d

CVE-2026-23418 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Fix leak on xa_s

CVE-2026-27655 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Pe

CVE-2026-5467 - A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functional

CVE-2026-4108 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in No

CVE-2026-4107 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Fo

CVE-2026-3880 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Pu

CVE-2026-3879 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Eq

CVE-2026-28703 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Ma

CVE-2026-28756 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Pe

CVE-2026-28754 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Di

CVE-2026-5462 - A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unk

CVE-2026-4350 - The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in

CVE-2025-7024 - Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Serve

CVE-2026-5458 - A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts

CVE-2026-5457 - A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android.

CVE-2026-5456 - A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted

CVE-2026-5455 - A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an un

CVE-2026-5463 - Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version

CVE-2026-5454 - A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown funct

CVE-2026-5453 - A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android.

CVE-2026-35549 - An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 1

CVE-2026-35545 - An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking fea

CVE-2026-35544 - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style

CVE-2026-35543 - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking fea

CVE-2026-35542 - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking fea

CVE-2026-35541 - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison

CVE-2026-35540 - An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheet

CVE-2026-35539 - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insuffi

CVE-2026-35538 - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH comma

CVE-2026-5452 - A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects u

CVE-2026-35537 - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the

CVE-2026-35536 - In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesi

CVE-2026-35535 - In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a

CVE-2026-28815 - A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read

CVE-2026-35508 - Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,

CVE-2026-35507 - Shynet before 0.14.0 allows Host header injection in the password reset flow.

CVE-2026-33107 - Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate pr

CVE-2026-33105 - Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elev

CVE-2026-32213 - Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges ove

CVE-2026-32211 - Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to

CVE-2026-32173 - Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information o

CVE-2026-26135 - Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an author

CVE-2022-4986 - Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that

CVE-2026-35467 - The stored API keys in temporary browser client is not marked as protected allowing for JavScript co

CVE-2026-35466 - XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface

CVE-2026-30252 - Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen

CVE-2026-30251 - A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Co

CVE-2025-15620 - HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-o

CVE-2024-14033 - Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-service vulnerability in TLS sess

CVE-2026-5420 - A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected ele

CVE-2026-35383 - Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An

CVE-2026-35053 - OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Wor

CVE-2026-34932 - hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored

CVE-2026-34931 - hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open

CVE-2026-34848 - hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored

CVE-2026-34847 - hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page c

CVE-2026-34840 - OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUpti

CVE-2026-34838 - Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions

CVE-2026-34834 - Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, t

CVE-2026-34833 - Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, t

CVE-2026-34832 - Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains

CVE-2026-34825 - NocoBase is an AI-powered no-code/low-code platform for building business applications and enterpris

CVE-2026-34762 - Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscr

CVE-2026-34761 - Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when

CVE-2026-34760 - vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to befo

CVE-2024-14034 - Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in

CVE-2023-7343 - Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrar

CVE-2026-5429 - Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.

CVE-2026-5418 - A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeD

CVE-2026-5417 - A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_e

CVE-2026-34759 - OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multipl

CVE-2026-34758 - OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthe

CVE-2026-34752 - Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a heade

CVE-2026-34745 - Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-20

CVE-2026-34743 - XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to versio

CVE-2026-34742 - The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol

CVE-2026-34736 - Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple

CVE-2026-34735 - The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In ve

CVE-2026-34730 - Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _

CVE-2026-34726 - Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _

CVE-2026-34581 - goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when u

CVE-2026-34426 - OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsiste

CVE-2026-34425 - OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in she

CVE-2025-43264 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Pr

CVE-2025-43257 - This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15

CVE-2025-43238 - An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequo

CVE-2025-43236 - A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Seq

CVE-2025-43219 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Pr

CVE-2025-43210 - An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO

CVE-2025-43202 - This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 1

CVE-2024-44303 - The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious

CVE-2024-44286 - This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.

CVE-2024-44250 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia

CVE-2024-44219 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia

CVE-2024-40858 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia

CVE-2024-40849 - A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1

CVE-2023-7342 - HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability t

CVE-2026-5414 - A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some

CVE-2026-5413 - A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is a

CVE-2026-5370 - A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail

CVE-2026-5368 - A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an u

CVE-2026-35414 - OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving

CVE-2026-34835 - Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 t

CVE-2026-34828 - listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to be

CVE-2026-34827 - Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 t

CVE-2026-34725 - DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS

CVE-2026-34717 - OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =

CVE-2026-34715 - ewe is a Gleam web server. Prior to version 3.0.6, the encode_headers function in src/ewe/internal/e

CVE-2026-34610 - The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant crypt

CVE-2026-34608 - NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in N

CVE-2026-34606 - Frappe Learning Management System (LMS) is a learning system that helps users structure their conten

CVE-2026-34601 - xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer

CVE-2026-34598 - YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerabilit

CVE-2026-34593 - Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to vers

CVE-2026-34591 - Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted whe

CVE-2026-34590 - Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint

CVE-2026-34584 - listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to be

CVE-2026-34577 - Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoi

CVE-2026-34576 - Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-fr

CVE-2026-34526 - SillyTavern is a locally installed user interface that allows users to interact with text generation

CVE-2026-34524 - SillyTavern is a locally installed user interface that allows users to interact with text generation

CVE-2026-34523 - SillyTavern is a locally installed user interface that allows users to interact with text generation

CVE-2026-34522 - SillyTavern is a locally installed user interface that allows users to interact with text generation

CVE-2026-34124 - A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request

CVE-2026-34122 - A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a conf

CVE-2026-34121 - An authentication bypass vulnerability within the HTTP handling of the DS configuration service in T

CVE-2026-34120 - A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asy

CVE-2026-34119 - A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTT

CVE-2026-34118 - A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP PO

CVE-2026-33271 - Local privilege escalation due to insecure folder permissions. The following products are affected:

CVE-2026-32762 - Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to

CVE-2026-28728 - Local privilege escalation due to DLL hijacking vulnerability. The following products are affected:

CVE-2026-27774 - Local privilege escalation due to DLL hijacking vulnerability. The following products are affected:

CVE-2026-26962 - Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multi

CVE-2026-5360 - A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the

CVE-2026-5355 - A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function

CVE-2026-5354 - A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function

CVE-2026-5353 - A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of th

CVE-2026-5352 - A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function

CVE-2026-35388 - OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

CVE-2026-35387 - OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcc

CVE-2026-35386 - In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a

CVE-2026-35385 - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contr