CVE-2026-25744 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-3503 - Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSS

CVE-2026-25667 - ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote

CVE-2026-3548 - Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a he

CVE-2026-30694 - An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the

CVE-2026-2646 - A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When de

CVE-2026-2645 - In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementatio

CVE-2026-26940 - Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin i

CVE-2026-26939 - Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauth

CVE-2026-26933 - Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat ca

CVE-2025-67115 - A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Engle

CVE-2025-67114 - Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE

CVE-2025-67113 - OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi En

CVE-2025-67112 - Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell

CVE-2026-30403 - There is an arbitrary file read vulnerability in the test connection function of backend database ma

CVE-2026-26931 - Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in

CVE-2026-1005 - Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow i

CVE-2026-0819 - A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. I

CVE-2026-3029 - A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main

CVE-2026-32869 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of O

CVE-2026-32868 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last

CVE-2026-32867 - OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an e

CVE-2026-32866 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last

CVE-2026-32865 - OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP

CVE-2026-30404 - The backend database management connection test feature in wgcloud v3.6.3 has a server-side request

CVE-2026-4427 - Rejected reason: Duplicate of CVE-2026-32286

CVE-2026-4426 - A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompressi

CVE-2026-4424 - A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive

CVE-2026-32843 - Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected

CVE-2026-30711 - Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in

CVE-2026-30402 - An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the te

CVE-2026-2369 - A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with

CVE-2026-27043 - Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path

CVE-2026-22558 - An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a mali

CVE-2026-22557 - A malicious actor with access to the network could exploit a Path Traversal vulnerability found in t

CVE-2025-69720 - The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in an

CVE-2025-71260 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted da

CVE-2025-71259 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forge

CVE-2025-71258 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forge

CVE-2025-71257 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerab

CVE-2026-3658 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2026-3511 - Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Di

CVE-2006-10003 - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

CVE-2006-10002 - XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap

CVE-2025-14716 - Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authenticati

CVE-2026-27070 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27068 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27067 - Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app

CVE-2026-27065 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25445 - Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Obje

CVE-2026-25443 - Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-pr

CVE-2026-25442 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25438 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-21788 - HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this i

CVE-2025-68836 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67618 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-62043 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2025-60237 - Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue

CVE-2025-60233 - Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue

CVE-2025-53222 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-50001 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-32223 - Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exp

CVE-2026-3475 - The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode

CVE-2026-25471 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Gu

CVE-2026-25312 - Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management all

CVE-2024-42210 - A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and

CVE-2026-4120 - The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cro

CVE-2026-4068 - The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in a

CVE-2026-4006 - The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dis

CVE-2026-2571 - The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a miss

CVE-2026-27093 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27091 - Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrect

CVE-2026-28073 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28070 - Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly C

CVE-2026-28044 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27542 - Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Ca

CVE-2026-27540 - Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce

CVE-2026-27413 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-27397 - Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really

CVE-2026-27096 - Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer Word

CVE-2026-1238 - The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh

CVE-2026-1276 - IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vu

CVE-2025-36051 - IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in co

CVE-2025-15051 - IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vu

CVE-2025-13995 - IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one ten

CVE-2026-32000 - OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extens

CVE-2026-31999 - OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injecti

CVE-2026-31998 - OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synol

CVE-2026-31997 - OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens

CVE-2026-31996 - OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnera

CVE-2026-31995 - OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobs

CVE-2026-31994 - OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows sche

CVE-2026-31993 - OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macO

CVE-2026-31992 - OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardra

CVE-2026-31991 - OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal grou

CVE-2026-31990 - OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in whi

CVE-2026-31989 - OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_searc

CVE-2026-29608 - OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution whe

CVE-2026-29607 - OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always w

CVE-2026-28461 - OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo web

CVE-2026-28460 - OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that al

CVE-2026-28449 - OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, al

CVE-2026-27670 - OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that al

CVE-2026-27566 - OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec an

CVE-2026-22176 - OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled