CVE-2026-4702 - JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149,

CVE-2026-4701 - Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Fire

CVE-2026-4700 - Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Fi

CVE-2026-4699 - Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed

CVE-2026-4698 - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox

CVE-2026-4697 - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed

CVE-2026-4696 - Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149,

CVE-2026-4695 - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed

CVE-2026-4694 - Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fi

CVE-2026-4693 - Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed i

CVE-2026-4692 - Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149,

CVE-2026-4691 - Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox

CVE-2026-4690 - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This v

CVE-2026-4689 - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This v

CVE-2026-4688 - Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was

CVE-2026-4687 - Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability w

CVE-2026-4686 - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in F

CVE-2026-4685 - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in F

CVE-2026-4684 - Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in

CVE-2026-33475 - Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated re

CVE-2026-33309 - Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 throug

CVE-2025-64998 - Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator

CVE-2019-25647 - PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows

CVE-2019-25646 - Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that

CVE-2019-25645 - WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local

CVE-2019-25644 - WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registr

CVE-2019-25643 - eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated att

CVE-2019-25642 - Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers

CVE-2019-25641 - Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attacker

CVE-2019-25640 - Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers t

CVE-2019-25639 - Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthent

CVE-2019-25638 - Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated

CVE-2019-25637 - X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to exe

CVE-2019-25636 - Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to

CVE-2019-25635 - Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated att

CVE-2019-25634 - Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attacker

CVE-2019-25633 - AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that

CVE-2019-25632 - phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attac

CVE-2019-25631 - AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability tha

CVE-2019-25630 - PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component

CVE-2019-25629 - AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in th

CVE-2019-25628 - Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulne

CVE-2019-25627 - FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows loc

CVE-2019-25626 - River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input

CVE-2026-4649 - Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows readi

CVE-2026-3509 - An unauthenticated remote attacker may be able to control the format string of messages processed by

CVE-2026-32642 - Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists wh

CVE-2025-41660 - A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control

CVE-2026-4756 - Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-I

CVE-2026-4755 - CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7:

CVE-2026-4754 - CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7:

CVE-2026-33852 - Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagic

CVE-2026-4753 - Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before

CVE-2026-4752 - Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.

CVE-2026-4751 - NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.

CVE-2026-4750 - Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0

CVE-2026-4749 - NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.

CVE-2026-33856 - Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagic

CVE-2026-33855 - Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affect

CVE-2026-33854 - Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-I

CVE-2026-33853 - NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Andr

CVE-2026-33851 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell

CVE-2026-33850 - Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: be

CVE-2026-33849 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvisi

CVE-2026-33848 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvisi

CVE-2026-33847 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvisi

CVE-2026-4746 - Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules). This vu

CVE-2026-4745 - Improper Control of Generation of Code ('Code Injection') vulnerability in dendibakh perf-ninja (lab

CVE-2026-4662 - The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX a

CVE-2026-4640 - Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowin

CVE-2026-4639 - Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowi

CVE-2026-4632 - A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affe

CVE-2026-4627 - A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handl

CVE-2026-4283 - The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in

CVE-2026-3260 - A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP

CVE-2026-3138 - The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data lo

CVE-2026-4744 - Out-of-bounds Read vulnerability in rizonesoft Notepad3 (‎scintilla/oniguruma/src modules). This vul

CVE-2026-4743 - NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerabilit

CVE-2026-4742 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in vi

CVE-2026-4741 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Team

CVE-2026-4739 - Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/E

CVE-2026-4738 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal

CVE-2026-4737 - Use After Free vulnerability in No-Chicken Echo-Mate (‎SDK/rv1106-sdk/sysdrv/source/kernel/mm module

CVE-2026-4736 - Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kern

CVE-2026-4735 - Deserialization of Untrusted Data vulnerability in DTStack chunjun (‎chunjun-core/src/main/java/com/

CVE-2026-4734 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modi

CVE-2026-4733 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stc

CVE-2026-4732 - Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). Th

CVE-2026-4731 - Integer Overflow or Wraparound vulnerability in artraweditor ART (‎rtengine‎ modules). This vulnerab

CVE-2026-4626 - A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknow

CVE-2026-4625 - A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown functio

CVE-2026-4624 - A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted el

CVE-2026-4623 - A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-

CVE-2026-33308 - Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for clien

CVE-2026-3079 - The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filt

CVE-2026-33307 - Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0,

CVE-2026-4680 - Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execut

CVE-2026-4679 - Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perf

CVE-2026-4678 - Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execu

CVE-2026-4677 - Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote a

CVE-2026-4676 - Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potenti

CVE-2026-4675 - Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to

CVE-2026-4674 - Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perf

CVE-2026-4673 - Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker

CVE-2026-4617 - A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0.

CVE-2026-4616 - A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown fun

CVE-2026-33320 - Dasel is a command-line tool and library for querying, modifying, and transforming data structures.

CVE-2026-33306 - bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version

CVE-2026-33298 - llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulner

CVE-2026-33290 - WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw

CVE-2026-22739 - Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spr

CVE-2026-4615 - A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unk

CVE-2026-4614 - A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affec

CVE-2026-4613 - A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown

CVE-2026-4056 - The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification o

CVE-2026-4021 - The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin

CVE-2026-4001 - The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Executio

CVE-2026-3533 - The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authori

CVE-2026-33286 - Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interfa

CVE-2026-33283 - Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing

CVE-2026-33282 - Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing

CVE-2026-33281 - Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing

CVE-2026-33252 - The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTT

CVE-2026-33250 - Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1

CVE-2026-33242 - Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Contr

CVE-2026-33241 - Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`

CVE-2026-33211 - Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting

CVE-2026-33202 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33195 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33176 - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails f

CVE-2026-33174 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33173 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33170 - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails f

CVE-2026-33169 - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails f

CVE-2026-4306 - The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in

CVE-2026-4066 - The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a m

CVE-2026-3225 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of

CVE-2026-33168 - Action View provides conventions and helpers for building web pages with the Rails framework. Prior

CVE-2026-33167 - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.

CVE-2026-33046 - Indico is an event management system that uses Flask-Multipass, a multi-backend authentication syste

CVE-2026-2412 - The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged

CVE-2026-4681 - A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC Flex

CVE-2026-4612 - A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an un

CVE-2026-4611 - A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by

CVE-2026-33634 - Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi

CVE-2026-32913 - OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard

CVE-2026-32912 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32911 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32910 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32909 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32908 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32907 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32904 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32903 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32902 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32901 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32900 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32300 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32299 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32279 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32278 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32277 - Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.4

CVE-2026-32276 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32066 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32047 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32012 - Rejected reason: This CVE ID has been rejected.

CVE-2026-29111 - systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unpri

CVE-2026-28483 - Rejected reason: This CVE ID has been rejected.

CVE-2026-28455 - Rejected reason: This CVE ID has been rejected.

CVE-2026-27646 - OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command

CVE-2026-27183 - OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.r

CVE-2026-22173 - Rejected reason: This CVE ID has been rejected.

CVE-2026-1940 - An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() funct

CVE-2025-60949 - Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unaut

CVE-2025-60948 - Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticat

CVE-2025-60947 - Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a mal

CVE-2025-60946 - Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access u

CVE-2026-4597 - A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the functi

CVE-2026-4368 - Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL V

CVE-2026-3055 - Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l

CVE-2026-23882 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Pro

CVE-2026-23488 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create

CVE-2026-23487 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerabi

CVE-2026-23486 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endp

CVE-2026-23485 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter acc

CVE-2026-23484 - Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName par

CVE-2026-23483 - Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file

CVE-2026-23482 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint d

CVE-2026-23481 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated

CVE-2026-23480 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escal

CVE-2026-4596 - A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects som

CVE-2026-33548 - Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping

CVE-2026-33517 - Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Ta

CVE-2026-32879 - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management sys

CVE-2026-32852 - MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the web

CVE-2026-32851 - MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the web

CVE-2026-32850 - MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the web

CVE-2026-30886 - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management sys

CVE-2026-30849 - Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on M

CVE-2026-2298 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in

CVE-2026-27131 - The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in ver

CVE-2025-52204 - A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint v

CVE-2024-46879 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki

CVE-2024-46878 - A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki

CVE-2026-4595 - A vulnerability was determined in code-projects Exam Form Submission 1.0. This vulnerability affects

CVE-2026-33723 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Subscribe::

CVE-2026-33719 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin e

CVE-2026-33717 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVid

CVE-2026-33716 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone l

CVE-2026-33690 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `getRealIpAd

CVE-2026-33688 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password rec

CVE-2026-33685 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/AD_S

CVE-2026-33683 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization o

CVE-2026-33681 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/plu

CVE-2026-33651 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `remindMe.js

CVE-2026-33650 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the

CVE-2026-33649 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Perm

CVE-2026-33648 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the restreamer e

CVE-2026-33647 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `ImageGaller

CVE-2026-33513 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticat

CVE-2026-33512 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin e

CVE-2026-26209 - cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serializati

CVE-2026-25075 - strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS

CVE-2026-0898 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio deve

CVE-2025-15606 - A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to im

CVE-2026-4594 - A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function

CVE-2025-15605 - A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX5

CVE-2025-15519 - Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX

CVE-2025-15518 - Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX

CVE-2025-15517 - A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to

CVE-2026-4593 - A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function Eru

CVE-2026-33507 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/plu

CVE-2026-33502 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticat

CVE-2026-33501 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint `pl

CVE-2026-33500 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-

CVE-2026-33499 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `view/forbid

CVE-2026-30007 - XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file

CVE-2026-30006 - XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.

CVE-2026-26829 - A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit

CVE-2026-26828 - A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server

CVE-2026-24516 - A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troublesho

CVE-2026-4592 - A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function login

CVE-2026-4591 - A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the f

CVE-2026-33493 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/imp

CVE-2026-33492 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's `_sessi

CVE-2026-33488 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys(

CVE-2026-32845 - cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() funct

CVE-2024-51226 - A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpg

CVE-2024-51225 - A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpguruku

CVE-2024-51224 - Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpg