CVE-2026-40185 - TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the

CVE-2026-40184 - TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requirin

CVE-2026-40180 - Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs gen

CVE-2026-40178 - ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.1

CVE-2026-40177 - ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.1

CVE-2026-40175 - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axi

CVE-2026-40168 - Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vu

CVE-2026-39922 - GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side

CVE-2026-39921 - GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnera

CVE-2026-32252 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use

CVE-2026-30232 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use

CVE-2026-3446 - When calling base64.b64decode() or related functions the decoding process would stop after encounter

CVE-2026-33737 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use sim

CVE-2026-33736 - Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including

CVE-2026-33710 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are gene

CVE-2026-33708 - Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST

CVE-2026-33707 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password r

CVE-2026-33706 - Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST AP

CVE-2026-33705 - Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /mai

CVE-2026-33704 - Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including stu

CVE-2026-33703 - Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc

CVE-2026-33702 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a

CVE-2026-33698 - Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise

CVE-2026-33618 - Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController

CVE-2026-27460 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-5483 - A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard`

CVE-2026-40163 - Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5,

CVE-2026-40162 - Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability wa

CVE-2026-33141 - Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc

CVE-2026-32932 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulne

CVE-2026-32931 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file u

CVE-2026-32930 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Obj

CVE-2026-32894 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Obj

CVE-2026-32893 - Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (

CVE-2026-32892 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a

CVE-2026-31941 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a

CVE-2026-31940 - Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.p

CVE-2026-31939 - Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exe

CVE-2026-1502 - CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

CVE-2025-66447 - Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicio

CVE-2026-40200 - An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur d

CVE-2026-40160 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path pas

CVE-2026-40159 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol)

CVE-2026-40158 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can

CVE-2026-40157 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .pr

CVE-2026-40156 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file name

CVE-2026-40103 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API

CVE-2026-40100 - FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool end

CVE-2026-40097 - Step CA is an online certificate authority for secure, automated certificate management for DevOps.

CVE-2026-40086 - Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the

CVE-2026-40074 - SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Pr

CVE-2026-40073 - SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Pr

CVE-2026-35670 - OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to r

CVE-2026-35669 - OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plu

CVE-2026-35668 - OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sa

CVE-2026-35667 - OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command

CVE-2026-35666 - OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fa

CVE-2026-35665 - OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook han

CVE-2026-35664 - OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface t

CVE-2026-35663 - OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators

CVE-2026-35662 - OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing le

CVE-2026-35661 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query

CVE-2026-35660 - OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent

CVE-2026-35659 - OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour

CVE-2026-35658 - OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that

CVE-2026-35657 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sess

CVE-2026-35656 - OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For hea

CVE-2026-35655 - OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution t

CVE-2026-35654 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback

CVE-2026-35653 - OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profi

CVE-2026-35652 - OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dis

CVE-2026-35651 - OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerabilit

CVE-2026-35650 - OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allo

CVE-2026-35649 - OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to

CVE-2026-35648 - OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not r

CVE-2026-35647 - OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass

CVE-2026-35643 - OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing

CVE-2026-35641 - OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hoo

CVE-2026-35621 - OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command

CVE-2026-35620 - OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist

CVE-2026-35619 - OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endp

CVE-2026-35602 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file imp

CVE-2026-35601 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output ge

CVE-2026-35600 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embe

CVE-2026-35599 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatInterva

CVE-2026-35598 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResour

CVE-2026-35597 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-atte

CVE-2026-35596 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel

CVE-2026-35595 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check

CVE-2026-22560 - An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected

CVE-2026-40228 - In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users

CVE-2026-40227 - In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with

CVE-2026-40226 - In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted op

CVE-2026-40225 - In udev in systemd before 260, local root execution can occur via malicious hardware devices and uns

CVE-2026-40224 - In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink c

CVE-2026-40223 - In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and U

CVE-2026-40023 - Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayou

CVE-2026-40021 - Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#lay

CVE-2026-35594 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share

CVE-2026-34727 - Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback ha

CVE-2026-34481 - Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.

CVE-2026-34480 - Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout ,

CVE-2026-34479 - The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden b

CVE-2026-34478 - Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424L

CVE-2026-34477 - The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete:

CVE-2026-29043 - HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file

CVE-2026-29002 - CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users t

CVE-2026-23781 - An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user cred

CVE-2026-36236 - SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php vi

CVE-2026-36235 - A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Stude

CVE-2026-36234 - itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php v

CVE-2026-36233 - A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Onl

CVE-2026-36232 - A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Stu

CVE-2026-31262 - Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remo

CVE-2026-29861 - PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the use

CVE-2026-23782 - An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allow

CVE-2026-23780 - An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in

CVE-2025-44560 - owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.

CVE-2026-6069 - NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output,

CVE-2026-6068 - NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling

CVE-2026-6067 - A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds

CVE-2026-40217 - LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting

CVE-2026-33092 - Local privilege escalation due to improper handling of environment variables. The following products

CVE-2025-5804 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-58920 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-58913 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-5774 - Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, an

CVE-2026-5412 - In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade.

CVE-2026-5777 - This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bri

CVE-2026-39304 - Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker,

CVE-2026-31412 - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fi

CVE-2026-6057 - FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload A

CVE-2026-4162 - The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and

CVE-2021-47961 - A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows

CVE-2021-47960 - A files or directories accessible to external parties vulnerability in Synology SSL VPN Client befor

CVE-2026-6042 - A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the

CVE-2026-6038 - A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts

CVE-2026-6037 - A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects

CVE-2026-6036 - A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted elem

CVE-2026-33457 - Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allo

CVE-2026-33456 - Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authe

CVE-2026-33455 - Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attac

CVE-2026-6035 - A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected

CVE-2026-6034 - A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknow

CVE-2026-6033 - A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of

CVE-2026-6032 - A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown functi

CVE-2026-6031 - A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unkn

CVE-2026-5525 - A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handl

CVE-2026-40212 - OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerab

CVE-2026-22750 - When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.

CVE-2026-6030 - A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an

CVE-2026-6029 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the f

CVE-2026-6028 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the

CVE-2026-6027 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the func

CVE-2026-6026 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability aff

CVE-2026-4432 - The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist own

CVE-2026-28704 - Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same

CVE-2026-1115 - A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/l

CVE-2025-14545 - The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via

CVE-2026-6025 - A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s

CVE-2026-6024 - A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7W

CVE-2026-6016 - A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd o

CVE-2026-6015 - A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of

CVE-2026-5477 - An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge C

CVE-2026-6014 - A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of th

CVE-2026-6013 - A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSet

CVE-2026-6012 - A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSet

CVE-2026-6011 - A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown f

CVE-2026-4482 - The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted

CVE-2026-6010 - A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulner

CVE-2026-6007 - A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknow

CVE-2026-6006 - A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted e

CVE-2026-6005 - A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is

CVE-2026-5501 - wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the

CVE-2026-5500 - wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication t

CVE-2026-5479 - In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and r

CVE-2026-5466 - wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the sig

CVE-2026-5188 - An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extensi

CVE-2026-2305 - The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-6004 - A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown

CVE-2026-6003 - A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This iss

CVE-2026-6000 - A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unkn

CVE-2026-5999 - A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the com

CVE-2026-33551 - An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.

CVE-2026-5998 - A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function

CVE-2026-5997 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the f

CVE-2026-5996 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected el

CVE-2026-4977 - The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for W

CVE-2026-4664 - The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in

CVE-2026-4351 - The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in

CVE-2026-4305 - The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Si

CVE-2026-4057 - The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to

CVE-2026-3360 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecu

CVE-2026-2712 - The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to mi

CVE-2026-25203 - Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

CVE-2026-1924 - The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-1263 - The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to,

CVE-2026-5995 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function se

CVE-2026-5994 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the

CVE-2026-5993 - A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects

CVE-2026-5992 - A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of

CVE-2026-5991 - A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtra

CVE-2026-5990 - A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function

CVE-2026-5989 - A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /g

CVE-2026-5460 - A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare pr

CVE-2026-5448 - X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may

CVE-2026-5393 - Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVer

CVE-2026-5392 - Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the hea

CVE-2026-5988 - A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the

CVE-2026-5987 - A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the f

CVE-2026-5986 - A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the func

CVE-2026-5985 - A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected el

CVE-2026-5507 - When restoring a session from cache, a pointer from the serialized session data is used in a free op

CVE-2026-5504 - A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover pl

CVE-2026-5503 - In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find

CVE-2026-5295 - A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() functi

CVE-2026-34424 - Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access to

CVE-2026-5984 - A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of th

CVE-2026-5983 - A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDD

CVE-2026-5982 - A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAd

CVE-2026-5981 - A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall

CVE-2026-5778 - Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in

CVE-2026-5772 - A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) duri

CVE-2026-5264 - Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1

CVE-2026-5263 - URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate

CVE-2026-40154 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched templat

CVE-2026-40153 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in she

CVE-2026-40152 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools v

CVE-2026-40151 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a

CVE-2026-40150 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praison

CVE-2026-40149 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list en

CVE-2026-40148 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in Praiso

CVE-2026-40117 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py

CVE-2026-40116 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in P

CVE-2026-40115 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (se

CVE-2026-40114 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbi

CVE-2026-40113 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delim

CVE-2026-40112 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/a

CVE-2026-40111 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praison

CVE-2026-39848 - Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop opera

CVE-2026-35646 - OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook t

CVE-2026-35645 - OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subage

CVE-2026-35644 - OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers wit

CVE-2026-35642 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events

CVE-2026-35640 - OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing

CVE-2026-35639 - OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve m

CVE-2026-35638 - OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allow

CVE-2026-35637 - OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization che

CVE-2026-35636 - OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where

CVE-2026-35635 - OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Ch