CVE-2026-33017 - Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to

CVE-2026-33013 - Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily t

CVE-2026-33012 - Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily t

CVE-2026-33011 - Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and

CVE-2026-32954 - ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.

CVE-2026-32953 - Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a c

CVE-2026-32950 - SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior t

CVE-2026-32949 - SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior t

CVE-2026-32947 - Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versio

CVE-2026-4468 - A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the f

CVE-2026-4136 - The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect

CVE-2026-4038 - The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privi

CVE-2026-32946 - Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versio

CVE-2026-32945 - PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and bel

CVE-2026-32942 - PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and bel

CVE-2026-32941 - Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and

CVE-2026-32940 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an in

CVE-2026-32939 - DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsi

CVE-2026-32938 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2Bl

CVE-2026-32114 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-4467 - A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file

CVE-2026-33063 - free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Nu

CVE-2026-33062 - free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input

CVE-2026-32937 - free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds s

CVE-2026-32935 - phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.

CVE-2026-32933 - AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 a

CVE-2026-32891 - Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items a

CVE-2026-32890 - Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items a

CVE-2026-32889 - tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who ca

CVE-2026-32888 - Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter

CVE-2026-31869 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-31805 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-30891 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-30889 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-30888 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-21992 - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST We

CVE-2026-4466 - A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the

CVE-2026-4465 - A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown function of the fil

CVE-2026-4464 - Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to pote

CVE-2026-4463 - Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to

CVE-2026-4462 - Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to pe

CVE-2026-4461 - Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacke

CVE-2026-4460 - Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to per

CVE-2026-4459 - Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote a

CVE-2026-4458 - Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convin

CVE-2026-4457 - Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potential

CVE-2026-4456 - Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote

CVE-2026-4455 - Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to

CVE-2026-4454 - Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to pote

CVE-2026-4453 - Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker t

CVE-2026-4452 - Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attac

CVE-2026-4451 - Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 al

CVE-2026-4450 - Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to pote

CVE-2026-4449 - Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potent

CVE-2026-4448 - Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to

CVE-2026-4447 - Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacke

CVE-2026-4446 - Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to poten

CVE-2026-4445 - Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to poten

CVE-2026-4444 - Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker t

CVE-2026-4443 - Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker

CVE-2026-4442 - Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to po

CVE-2026-4441 - Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potenti

CVE-2026-4440 - Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote atta

CVE-2026-4439 - Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a r

CVE-2026-32881 - ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to

CVE-2026-32880 - ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to

CVE-2026-32875 - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versio

CVE-2026-32874 - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versio

CVE-2026-32873 - ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handle_trailers functio

CVE-2026-32817 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents a

CVE-2026-32813 - Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbit

CVE-2026-32812 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted UR

CVE-2026-32811 - Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heim

CVE-2026-32808 - pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 a

CVE-2026-32711 - pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are

CVE-2026-32829 - lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and belo

CVE-2026-32828 - Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.

CVE-2026-32771 - The CTFer.io Monitoring component is in charge of the collection, process and storage of various sig

CVE-2026-32769 - Fullchain is an umbrella project for deploying a ready-to-use CTF platform. In versions prior to 0.

CVE-2026-32767 - SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization

CVE-2026-33289 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-33288 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-32985 - Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vul

CVE-2026-32766 - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earl

CVE-2026-32765 - Rejected reason: This repository is no longer public.

CVE-2026-32764 - Rejected reason: This repository is no longer public.

CVE-2026-32763 - Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL i

CVE-2026-32761 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-32760 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-32759 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-32758 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-32757 - Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send hand

CVE-2026-32756 - Admidio is an open-source user management solution. Versions 5.0.6 and below contain a critical unre

CVE-2026-32697 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29189 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29109 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29108 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-22737 - Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring We

CVE-2026-22735 - Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Event

CVE-2026-22733 - Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability

CVE-2026-3948 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-33408 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33395 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-32818 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum modul

CVE-2026-32816 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, act

CVE-2026-32755 - Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership

CVE-2026-32721 - LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a s

CVE-2026-30874 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6

CVE-2026-29107 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29106 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29105 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29104 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29103 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29102 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29101 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29100 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29099 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29098 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29097 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-29096 - SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica

CVE-2026-22732 - When applications specify HTTP response headers for servlet applications using Spring Security, ther

CVE-2026-22731 - Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability

CVE-2026-4342 - A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be u

CVE-2026-4159 - 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerabil

CVE-2026-33410 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33394 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33393 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-33355 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-32815 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoin

CVE-2026-32754 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208

CVE-2026-32753 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.2

CVE-2026-32752 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.2

CVE-2026-32751 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree

CVE-2026-32750 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/impo

CVE-2026-32194 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Bin

CVE-2026-32099 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-32041 - OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during s

CVE-2026-32040 - OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exp

CVE-2026-32039 - OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySen

CVE-2026-32038 - OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trus

CVE-2026-32037 - OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configure

CVE-2026-32036 - OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allo

CVE-2026-32035 - OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voic

CVE-2026-32034 - OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control U

CVE-2026-32033 - OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerability where @-prefixed absolut

CVE-2026-32032 - OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell env

CVE-2026-32031 - OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in

CVE-2026-32030 - OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia

CVE-2026-32029 - OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value whe

CVE-2026-32028 - OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on

CVE-2026-32027 - OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-

CVE-2026-32026 - OpenClaw versions prior to 2026.2.24 contain an improper path validation vulnerability in sandbox me

CVE-2026-32025 - OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSo

CVE-2026-32024 - OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling th

CVE-2026-32023 - OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run a

CVE-2026-32022 - OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep to

CVE-2026-32021 - OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu all

CVE-2026-32020 - OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handl

CVE-2026-32019 - OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isP

CVE-2026-32018 - OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegi

CVE-2026-32017 - OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins

CVE-2026-32016 - OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the

CVE-2026-32015 - OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.

CVE-2026-32014 - OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platf

CVE-2026-32013 - OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.g

CVE-2026-32011 - OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers fo

CVE-2026-32010 - OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin confi

CVE-2026-32009 - OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist

CVE-2026-32008 - OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the

CVE-2026-32007 - OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental appl

CVE-2026-32006 - OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-

CVE-2026-32005 - OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive cal

CVE-2026-32004 - OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/chann

CVE-2026-32003 - OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the

CVE-2026-32002 - OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image t

CVE-2026-32001 - OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clie

CVE-2026-30873 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24

CVE-2026-30872 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6

CVE-2026-30871 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6

CVE-2026-29072 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-28282 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27936 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27935 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27934 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-4428 - A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs t

CVE-2026-4395 - Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcryp

CVE-2026-3849 - Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in

CVE-2026-3549 - Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic wh

CVE-2026-3547 - Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained

CVE-2026-3230 - Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfS

CVE-2026-3229 - An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused h

CVE-2026-33346 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33321 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33305 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33304 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33303 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33302 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33301 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33299 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32749 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/impo

CVE-2026-32747 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles A

CVE-2026-32622 - SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 a

CVE-2026-32191 - Improper neutralization of special elements used in an os command ('os command injection') in Micros

CVE-2026-32169 - Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate p

CVE-2026-30924 - qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissiv

CVE-2026-30836 - Step CA is an online certificate authority for secure, automated certificate management for DevOps.

CVE-2026-27953 - ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validatio

CVE-2026-27740 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27570 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27491 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27454 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27166 - Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and

CVE-2026-26139 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26138 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26137 - Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate pr

CVE-2026-26136 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-26120 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tamp

CVE-2026-24299 - Improper neutralization of special elements used in a command ('command injection') in M365 Copilot

CVE-2026-23659 - Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthori

CVE-2026-23658 - Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate priv

CVE-2026-3580 - In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditiona

CVE-2026-3579 - wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit

CVE-2026-32238 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32119 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-25928 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-25744 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-3503 - Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSS

CVE-2026-25667 - ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote

CVE-2026-3548 - Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a he

CVE-2026-30694 - An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the

CVE-2026-2646 - A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When de

CVE-2026-2645 - In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementatio

CVE-2026-26940 - Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin i

CVE-2026-26939 - Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauth

CVE-2026-26933 - Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat ca

CVE-2025-67115 - A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Engle

CVE-2025-67114 - Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE

CVE-2025-67113 - OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi En

CVE-2025-67112 - Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell

CVE-2026-30403 - There is an arbitrary file read vulnerability in the test connection function of backend database ma

CVE-2026-26931 - Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in

CVE-2026-1005 - Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow i

CVE-2026-0819 - A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. I

CVE-2026-3029 - A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main

CVE-2026-32869 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of O

CVE-2026-32868 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last

CVE-2026-32867 - OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an e

CVE-2026-32866 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last

CVE-2026-32865 - OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP

CVE-2026-30404 - The backend database management connection test feature in wgcloud v3.6.3 has a server-side request