CVE-2026-22867 - LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a

CVE-2026-22265 - Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.

CVE-2026-20076 - A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could

CVE-2026-20075 - A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager

CVE-2026-20047 - A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Ci

CVE-2025-70656 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65

CVE-2025-70310 - A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial

CVE-2025-70309 - A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a

CVE-2025-70308 - An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a

CVE-2025-70305 - A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Servic

CVE-2025-70304 - A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to ca

CVE-2025-70298 - GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.

CVE-2025-66417 - GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated u

CVE-2025-66292 - DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitr

CVE-2025-62193 - Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via special

CVE-2025-67246 - A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lac

CVE-2025-67079 - File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code

CVE-2025-67078 - Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers

CVE-2025-67077 - File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under c

CVE-2025-67076 - Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated a

CVE-2025-64516 - GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorize

CVE-2025-61973 - A local privilege escalation vulnerability exists during the installation of Epic Games Store via th

CVE-2021-47843 - Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject m

CVE-2021-47819 - ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to u

CVE-2021-47799 - Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo

CVE-2021-47784 - Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to cras

CVE-2021-47781 - Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trig

CVE-2021-47777 - Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' pa

CVE-2021-47776 - Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to ma

CVE-2021-47775 - YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vul

CVE-2021-47774 - Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field t

CVE-2021-47773 - Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService tha

CVE-2021-47772 - 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text f

CVE-2021-47771 - RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allow

CVE-2021-47769 - Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fie

CVE-2021-47768 - ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export m

CVE-2021-47767 - 10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the

CVE-2021-47766 - Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter

CVE-2021-47765 - AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash

CVE-2021-47764 - AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash

CVE-2021-47763 - Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allo

CVE-2021-47762 - HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to

CVE-2021-47761 - MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users

CVE-2021-47760 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a dupl

CVE-2021-47759 - MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attacke

CVE-2021-47758 - Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerabili

CVE-2021-47757 - Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerabili

CVE-2021-47755 - Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attacker

CVE-2021-47754 - Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate

CVE-2021-47753 - phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote atta

CVE-2021-47752 - AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers

CVE-2026-0992 - A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs

CVE-2026-0990 - A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occur

CVE-2026-0989 - A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are

CVE-2025-71019 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the s

CVE-2025-70744 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the

CVE-2025-67084 - File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arb

CVE-2025-67083 - Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to

CVE-2025-67082 - An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" an

CVE-2025-67081 - An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" paramete

CVE-2026-22646 - Certain error messages returned by the application expose internal system details that should not be

CVE-2026-22645 - The application discloses all used components, versions and license information to unauthenticated a

CVE-2026-22644 - Certain requests pass the authentication token in the URL as string query parameter, making it vulne

CVE-2026-22643 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22642 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22641 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22640 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22639 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22638 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-0897 - Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google 

CVE-2025-13859 - The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modifica

CVE-2025-13062 - The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions

CVE-2025-12895 - The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthori

CVE-2026-22920 - The device's passwords have not been adequately salted, making them vulnerable to password extractio

CVE-2026-22919 - An attacker with administrative access may inject malicious content into the login page, potentially

CVE-2026-22918 - An attacker may exploit missing protection against clickjacking by tricking users into performing un

CVE-2026-22917 - Improper input handling in a system endpoint may allow attackers to overload resources, causing a de

CVE-2026-22916 - An attacker with low privileges may be able to trigger critical system functions such as reboot or f

CVE-2026-22915 - An attacker with low privileges may be able to read files from specific directories on the device, p

CVE-2026-22914 - An attacker with limited permissions may still be able to write files to specific locations on the d

CVE-2026-22913 - Improper handling of a URL parameter may allow attackers to execute code in a user's browser after l

CVE-2026-22912 - Improper validation of a login parameter may allow attackers to redirect users to malicious websites

CVE-2026-22911 - Firmware update files may expose password hashes for system accounts, which could allow a remote att

CVE-2026-22910 - The device is deployed with weak and publicly known default passwords for certain hidden user levels

CVE-2026-22909 - Certain system functions may be accessed without proper authorization, allowing attackers to start,

CVE-2026-22908 - Uploading unvalidated container images may allow remote attackers to gain full access to the system,

CVE-2026-22907 - An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read a

CVE-2026-22637 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-0976 - A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak a

CVE-2026-0713 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-0712 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.