CVE-2025-13910 - The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting vi

CVE-2024-13785 - The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable

CVE-2026-4302 - The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery

CVE-2026-32899 - OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* a

CVE-2026-32898 - OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client

CVE-2026-32897 - OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID

CVE-2026-32896 - The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fall

CVE-2026-32895 - OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subt

CVE-2026-32067 - OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-st

CVE-2026-32065 - OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.ru

CVE-2026-32064 - OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authenticati

CVE-2026-32058 - OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run exec

CVE-2026-32057 - OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-p

CVE-2026-32056 - OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and Z

CVE-2026-32055 - OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary va

CVE-2026-32054 - OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and

CVE-2026-32053 - OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication w

CVE-2026-32052 - OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run she

CVE-2026-32051 - OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows auth

CVE-2026-32050 - OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction noti

CVE-2026-32049 - OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limi

CVE-2026-32048 - OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_

CVE-2026-32046 - OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that al

CVE-2026-32045 - OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to

CVE-2026-32044 - OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 insta

CVE-2026-32043 - OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-b

CVE-2026-32042 - OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing

CVE-2026-4083 - The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-3577 - The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the back

CVE-2026-3572 - The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored C

CVE-2026-3567 - The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized acces

CVE-2026-3516 - The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_cl_map_

CVE-2026-3474 - The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary

CVE-2026-3368 - The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious

CVE-2026-3350 - The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-3339 - The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions u

CVE-2026-33428 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33427 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33426 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33425 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33424 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33238 - WWBN AVideo is an open source video platform. Prior to version 26.0, the `listFiles.json.php` endpoi

CVE-2026-33237 - WWBN AVideo is an open source video platform. Prior to version 26.0, the Scheduler plugin's `run()`

CVE-2026-32666 - WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentic

CVE-2026-2430 - The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loadi

CVE-2026-2352 - The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao_post_p

CVE-2026-25086 - Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow

CVE-2026-24060 - Service information is not encrypted when transmitted as BACnet packets over the wire, and can be s

CVE-2026-4508 - A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkU

CVE-2026-3864 - A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in vo

CVE-2026-33476 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes

CVE-2026-33423 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33422 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33411 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33291 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33251 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33243 - barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corr

CVE-2026-33236 - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials s

CVE-2026-33231 - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials s

CVE-2026-33230 - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials s

CVE-2026-33228 - flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use a

CVE-2026-33226 - Budibase is a low code platform for creating internal tools, workflows, and admin panels. In version

CVE-2026-33221 - Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage serv

CVE-2026-33210 - Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1

CVE-2026-33209 - Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflect

CVE-2026-33204 - SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthentica

CVE-2026-33203 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocke

CVE-2026-33194 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, the `IsSensitivePath()` fu

CVE-2026-33186 - gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization by

CVE-2026-33180 - HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in J

CVE-2026-32810 - Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41

CVE-2026-32733 - Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38

CVE-2026-32663 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows mu

CVE-2026-31926 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-31904 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication r

CVE-2026-31903 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication r

CVE-2026-2598 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-29796 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorize

CVE-2026-28204 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-27649 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows mu

CVE-2026-25192 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorize

CVE-2026-22163 - Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interf

CVE-2026-21732 - A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can tri

CVE-2026-4507 - A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the fun

CVE-2026-4506 - A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of t

CVE-2026-3584 - The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, an

CVE-2026-33177 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and

CVE-2026-33172 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and

CVE-2026-33171 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and

CVE-2026-33166 - Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allur

CVE-2026-32887 - Effect is a TypeScript framework that consists of several packages that work together to help build

CVE-2026-2378 - ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar t

CVE-2026-23536 - A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows

CVE-2026-33179 - libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.1

CVE-2026-33165 - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a craft

CVE-2026-33164 - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malfo

CVE-2026-33156 - ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable

CVE-2026-33155 - DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 t

CVE-2026-33154 - dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnera

CVE-2026-33151 - Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior t

CVE-2026-33150 - libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.1

CVE-2026-33147 - GMT is an open source collection of command-line tools for manipulating geographic and Cartesian dat

CVE-2026-33144 - GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (

CVE-2026-33143 - OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the W

CVE-2026-33142 - OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the f

CVE-2025-63261 - AWStats 8.0 is vulnerable to Command Injection via the open function

CVE-2025-55988 - An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attacke

CVE-2026-4505 - A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function m

CVE-2026-4504 - A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of

CVE-2026-4500 - A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function ge

CVE-2026-4499 - A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of th

CVE-2026-4438 - Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library'

CVE-2026-4437 - Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library'

CVE-2026-33140 - PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo

CVE-2026-33139 - PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo

CVE-2026-33126 - Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior

CVE-2025-63260 - SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comm

CVE-2026-4497 - A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the

CVE-2026-4496 - A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880.

CVE-2026-33010 - mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.

CVE-2026-32710 - MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaD

CVE-2026-32318 - Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud.

CVE-2026-32317 - Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cl

CVE-2026-32310 - Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version

CVE-2026-32309 - Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-bas

CVE-2026-4495 - A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the fi

CVE-2026-4494 - A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file sr

CVE-2026-4493 - A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function su

CVE-2026-4492 - A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qos

CVE-2026-32844 - XinLiangCoder php_api_doc through commit 1ce5bbf contains a reflected cross-site scripting vulnerabi

CVE-2026-32303 - Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrit

CVE-2026-31836 - Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime,

CVE-2026-30580 - File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create f

CVE-2026-30579 - File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "u

CVE-2026-30578 - File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "

CVE-2026-4491 - A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBi

CVE-2026-4490 - A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of

CVE-2026-29828 - DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via

CVE-2026-22902 - A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains

CVE-2026-22901 - A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gain

CVE-2026-22900 - A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote at

CVE-2026-22898 - A missing authentication for critical function vulnerability has been reported to affect QVR Pro. Th

CVE-2026-22897 - A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can

CVE-2026-22895 - A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote at

CVE-2025-62846 - An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an admin

CVE-2025-62845 - An improper neutralization of escape, meta, or control sequences vulnerability has been reported to

CVE-2025-62844 - A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local ne

CVE-2025-62843 - An improper restriction of communication channel to intended endpoints vulnerability has been report

CVE-2025-59383 - A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attac

CVE-2025-15608 - This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe han

CVE-2025-15607 - A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient

CVE-2026-4489 - A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function f

CVE-2026-4488 - A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the functi

CVE-2026-32989 - Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attacke

CVE-2026-32986 - Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows

CVE-2025-67260 - The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions ha

CVE-2025-46597 - Bitcoin Core 0.13.0 through 29.x has an integer overflow.

CVE-2026-4519 - The webbrowser.open() API would accept leading dashes in the URL which could be handled as command

CVE-2026-4487 - A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function str

CVE-2026-33312 - Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior

CVE-2026-29794 - Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to

CVE-2026-22172 - OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket

CVE-2025-46598 - Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.

CVE-2026-4486 - A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of t

CVE-2026-4485 - A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element i

CVE-2026-33372 - An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (C

CVE-2026-33371 - An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vu

CVE-2026-33370 - An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (

CVE-2026-33369 - Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOA

CVE-2026-33368 - Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulne

CVE-2026-31382 - The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's

CVE-2026-31381 - An attacker can extract user email addresses (PII) exposed in base64 encoding via the state paramete

CVE-2024-44722 - SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.

CVE-2026-4434 - Improper certificate validation in the PAM propagation WinRM connections allows a network attacker

CVE-2026-33136 - WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-

CVE-2026-33135 - WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-

CVE-2026-33134 - WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticate

CVE-2026-33133 - WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB()

CVE-2026-33132 - ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.

CVE-2026-33131 - H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 2.0.1-rc.14 contain a Host header spoofin

CVE-2026-32595 - Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through

CVE-2026-32305 - Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through

CVE-2026-25792 - Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted ex

CVE-2026-33130 - Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fi

CVE-2026-33129 - H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Cha

CVE-2026-33128 - H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14,

CVE-2026-33125 - Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In ve

CVE-2026-33124 - Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versi

CVE-2026-33123 - pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker t

CVE-2026-33081 - PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Vers

CVE-2026-22324 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-0677 - Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite al

CVE-2024-32537 - Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site

CVE-2024-31119 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-3550 - The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and

CVE-2026-33192 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In

CVE-2026-33080 - Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.

CVE-2026-33075 - FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.

CVE-2026-33072 - FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded

CVE-2026-33071 - FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV u

CVE-2026-33070 - FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-au

CVE-2026-33069 - PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and bel

CVE-2026-33068 - Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from se

CVE-2026-33067 - SiYuan is a personal knowledge management system. Versions 3.6.0 and below render package metadata f

CVE-2026-33066 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREA

CVE-2026-32701 - Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arr

CVE-2026-2432 - The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulner

CVE-2026-2421 - The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in al

CVE-2026-27625 - Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In v

CVE-2026-23278 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always wa

CVE-2026-23277 - In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL point

CVE-2026-23276 - In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit t

CVE-2026-23275 - In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is

CVE-2026-23274 - In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject

CVE-2026-23273 - In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace p

CVE-2026-23272 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditi

CVE-2026-23271 - In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow

CVE-2026-33191 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Ver

CVE-2026-33065 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In

CVE-2026-33064 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Ver

CVE-2026-33061 - Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa0405

CVE-2026-33060 - CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tool

CVE-2026-33057 - Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2

CVE-2026-33056 - tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacki

CVE-2026-33022 - Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions

CVE-2026-4478 - A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts

CVE-2026-4477 - A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects

CVE-2026-4476 - A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted eleme

CVE-2026-4475 - A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected

CVE-2026-4474 - A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown funct

CVE-2026-33055 - tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional

CVE-2026-33054 - Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and

CVE-2026-33053 - Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to

CVE-2026-4473 - A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affect

CVE-2026-33051 - Craft CMS is a content management system (CMS). In versions 5.9.0-beta.1 through 5.9.10, the revisio

CVE-2026-33043 - WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json

CVE-2026-33041 - WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.

CVE-2026-33040 - libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions

CVE-2026-33039 - WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy

CVE-2026-33038 - WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthentica

CVE-2026-33037 - WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deploy

CVE-2026-33036 - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callback

CVE-2026-32768 - Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versi

CVE-2026-4472 - A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0.

CVE-2026-4471 - A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects

CVE-2026-4470 - A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affecte

CVE-2026-4469 - A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by

CVE-2026-33035 - WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS v

CVE-2026-33025 - AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in t

CVE-2026-33024 - AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vuln