CVE-2026-35038 - Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.

CVE-2026-34877 - An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient p

CVE-2026-34831 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::File

CVE-2026-34830 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Send

CVE-2026-34829 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Mult

CVE-2026-34826 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Util

CVE-2026-34786 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Stat

CVE-2026-34785 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Stat

CVE-2026-34763 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Dire

CVE-2026-34230 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Util

CVE-2026-34083 - Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.

CVE-2026-33951 - Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.

CVE-2026-33950 - Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.

CVE-2026-30603 - An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers t

CVE-2026-26961 - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Mult

CVE-2026-26895 - User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumer

CVE-2026-25212 - An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specifi

CVE-2025-65114 - Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affec

CVE-2025-58136 - A bug in POST request handling causes a crash under a certain condition. This issue affects Apache

CVE-2026-5351 - A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_clie

CVE-2026-5350 - A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the funct

CVE-2026-5349 - A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function a

CVE-2026-34876 - An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls

CVE-2026-33746 - Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before ve

CVE-2026-33691 - The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web

CVE-2026-30332 - A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows pr

CVE-2026-5346 - A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client

CVE-2026-5344 - A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerabilit

CVE-2026-5342 - A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_pa

CVE-2026-5339 - A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_

CVE-2026-35002 - Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model executi

CVE-2026-34974 - phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitize

CVE-2026-34973 - phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() meth

CVE-2026-34823 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34822 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_na

CVE-2026-34821 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34820 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34819 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK para

CVE-2026-34818 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34817 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC

CVE-2026-34816 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain para

CVE-2026-34815 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN para

CVE-2026-34814 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group param

CVE-2026-34813 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parame

CVE-2026-34812 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes p

CVE-2026-34811 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34810 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34809 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34808 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34807 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34806 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34805 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34804 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parame

CVE-2026-34803 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parame

CVE-2026-34802 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user

CVE-2026-34801 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34800 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parame

CVE-2026-34799 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34798 - Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark para

CVE-2026-34797 - Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands

CVE-2026-34796 - Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands

CVE-2026-34795 - Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands

CVE-2026-34794 - Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands

CVE-2026-34793 - Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands

CVE-2026-34792 - Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands

CVE-2026-34791 - Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands

CVE-2026-34790 - Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via dir

CVE-2026-34729 - phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulner

CVE-2026-34728 - phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::

CVE-2026-33641 - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances sup

CVE-2026-33544 - Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth serv

CVE-2026-33533 - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances

CVE-2026-32871 - FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvi

CVE-2026-32629 - phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker

CVE-2026-31937 - Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffe

CVE-2026-31935 - Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft

CVE-2026-31934 - Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is

CVE-2026-5338 - A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the functi

CVE-2026-5334 - A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown

CVE-2026-5333 - A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affe

CVE-2026-5332 - A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the

CVE-2026-3692 - In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-pr

CVE-2026-35168 - OpenSTAManager is an open source management software for technical assistance and invoicing. Prior t

CVE-2026-31933 - Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted

CVE-2026-31932 - Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in K

CVE-2026-31931 - Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of th

CVE-2026-30867 - CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a

CVE-2026-2737 - A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administr

CVE-2026-2701 - Authenticated user can upload a malicious file to the server and execute it, which leads to remote c

CVE-2026-2699 - Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to acce

CVE-2026-29782 - OpenSTAManager is an open source management software for technical assistance and invoicing. Prior t

CVE-2026-28805 - OpenSTAManager is an open source management software for technical assistance and invoicing. Prior t

CVE-2026-26928 - SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirH

CVE-2026-26927 - Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary

CVE-2026-5331 - A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file install

CVE-2026-5330 - A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by

CVE-2026-5328 - A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b55

CVE-2026-4636 - A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Man

CVE-2026-4634 - A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending

CVE-2026-4325 - A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper ty

CVE-2026-4282 - A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper ty

CVE-2026-3872 - A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same w

CVE-2026-34890 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-5327 - A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected eleme

CVE-2026-23417 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix constant blinding for

CVE-2026-23416 - In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correc

CVE-2026-23415 - In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_ke

CVE-2026-23414 - In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_de

CVE-2026-23413 - In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in i

CVE-2026-23412 - In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memo

CVE-2026-5326 - A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknow

CVE-2026-32145 - Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denia

CVE-2026-5246 - A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verif

CVE-2026-5245 - A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_reco

CVE-2026-33617 - An unauthenticated remote attacker can access a configuration file containing database credentials.

CVE-2026-33616 - An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability

CVE-2026-33615 - An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the

CVE-2026-33614 - An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the

CVE-2026-33613 - Due to the improper neutralisation of special elements used in an OS command, a remote attacker can

CVE-2026-29144 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitizatio

CVE-2026-29143 - SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message

CVE-2026-29142 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted ema

CVE-2026-29141 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitizatio

CVE-2026-29140 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled

CVE-2026-29139 - SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account

CVE-2026-29138 - SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email

CVE-2026-29137 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from us

CVE-2026-29136 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notificat

CVE-2026-29135 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that

CVE-2026-29134 - SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain

CVE-2026-29133 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs

CVE-2026-29132 - SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GIN

CVE-2026-29131 - SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email

CVE-2026-0634 - Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execut

CVE-2026-5244 - A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv

CVE-2026-5032 - The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to,

CVE-2026-0688 - The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up

CVE-2026-0686 - The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up

CVE-2026-5325 - A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0.

CVE-2026-5323 - A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the functio

CVE-2026-5322 - A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb

CVE-2026-4347 - The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file

CVE-2026-1540 - The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, whi

CVE-2026-5321 - A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown function

CVE-2026-5320 - A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unk

CVE-2026-5319 - A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affe

CVE-2026-5318 - A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval

CVE-2026-5317 - A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_deco

CVE-2026-1243 - IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerabi

CVE-2026-5316 - A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setu

CVE-2026-5315 - A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbt

CVE-2026-21767 - HCL BigFix Platform is affected by insufficient authentication.  The application might allow users t

CVE-2026-21765 - HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private

CVE-2026-5314 - A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_intern

CVE-2026-4759 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-3882 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-32929 - V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Ope

CVE-2026-32928 - V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_co

CVE-2026-32927 - V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp

CVE-2026-32926 - V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_lin

CVE-2026-32925 - V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::Wr

CVE-2025-66487 - IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authentica

CVE-2025-66486 - IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inje

CVE-2025-66485 - IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper va

CVE-2025-66484 - IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerabil

CVE-2025-66483 - IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which coul

CVE-2025-36375 - IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 thr

CVE-2025-0711 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-5313 - A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif

CVE-2026-3987 - A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a p

CVE-2026-34572 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34571 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34570 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34569 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34568 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34567 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34566 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34565 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34564 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34563 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34562 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34561 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34560 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34559 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-5312 - A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-4820 - IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authoriza

CVE-2026-4364 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-4101 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-34873 - An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resumi

CVE-2026-34545 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34544 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34543 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34531 - Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to versi

CVE-2026-34530 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-34529 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-34528 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-34525 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34520 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34519 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34518 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34517 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34516 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34515 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34514 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34513 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-2862 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-2475 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-22815 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-1491 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-1345 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2025-36373 - IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 thr

CVE-2025-13916 - IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could

CVE-2026-5311 - A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-32

CVE-2026-34872 - An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a

CVE-2026-34750 - Payload is a free and open source headless content management system. Prior to version 3.78.0 in @pa

CVE-2026-34749 - Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cro

CVE-2026-34748 - Payload is a free and open source headless content management system. Prior to version 3.78.0 in @pa

CVE-2026-34747 - Payload is a free and open source headless content management system. Prior to version 3.79.1, certa

CVE-2026-34746 - Payload is a free and open source headless content management system. Prior to version 3.79.1, an au

CVE-2026-34456 - Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vi

CVE-2026-34455 - Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1

CVE-2025-66442 - In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decry

CVE-2026-35000 - ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPa

CVE-2026-34874 - An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer der

CVE-2026-34871 - An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0

CVE-2026-25835 - Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generato

CVE-2026-25833 - Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6()

CVE-2026-5199 - A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or

CVE-2026-34875 - An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occ

CVE-2026-34751 - Payload is a free and open source headless content management system. Prior to version 3.79.1 in @pa

CVE-2026-34447 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior

CVE-2026-34446 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior

CVE-2026-34445 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior

CVE-2026-34397 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0

CVE-2026-34376 - PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multip

CVE-2026-34236 - Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before ve

CVE-2026-34222 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-34159 - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's

CVE-2026-34076 - Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from

CVE-2026-34072 - Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log

CVE-2026-27489 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior

CVE-2026-25834 - Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.

CVE-2026-5310 - A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown

CVE-2026-34604 - Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-b

CVE-2026-34603 - Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added le

CVE-2026-33990 - Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior

CVE-2026-33978 - Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a sto

CVE-2026-33949 - Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability

CVE-2026-30643 - An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag

CVE-2026-30273 - pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base