CVE-2026-35637 - OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization che

CVE-2026-35636 - OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where

CVE-2026-35635 - OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Ch

CVE-2026-35634 - OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway wher

CVE-2026-35633 - OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP

CVE-2026-35632 - OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.up

CVE-2026-35631 - OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat comman

CVE-2026-35629 - OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel e

CVE-2026-35628 - OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authent

CVE-2026-35627 - OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct mes

CVE-2026-35626 - OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice cal

CVE-2026-35625 - OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-au

CVE-2026-35624 - OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that match

CVE-2026-35623 - OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication t

CVE-2026-35622 - OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google C

CVE-2026-35618 - OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verificatio

CVE-2026-35617 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy

CVE-2026-34512 - OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:s

CVE-2026-33797 - An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows

CVE-2026-33793 - An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Network

CVE-2026-33791 - An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos O

CVE-2026-33790 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of

CVE-2026-33788 - A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs

CVE-2026-33787 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon

CVE-2026-33786 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon

CVE-2026-33785 - A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a

CVE-2026-33784 - A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual L

CVE-2026-33783 - A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networ

CVE-2026-33782 - A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Ju

CVE-2026-33781 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin

CVE-2026-33780 - A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning D

CVE-2026-33779 - An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks J

CVE-2026-33778 - An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by

CVE-2026-33776 - A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved a

CVE-2026-33775 - A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber

CVE-2026-33774 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin

CVE-2026-33773 - An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Junip

CVE-2026-33771 - A Weak Password Requirements vulnerability in the password management function of Juniper Networks C

CVE-2026-21919 - An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos

CVE-2026-21916 - A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allow

CVE-2026-21915 - A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JS

CVE-2026-21904 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit

CVE-2025-59969 - A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanc

CVE-2025-13914 - A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Netw

CVE-2026-5980 - A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACF

CVE-2026-5979 - A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the funct

CVE-2026-5978 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the

CVE-2026-5977 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function s

CVE-2026-5447 - Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overfl

CVE-2026-5446 - In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce

CVE-2026-40109 - Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolk

CVE-2026-40107 - SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with

CVE-2026-40093 - nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and ear

CVE-2026-35206 - Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specia

CVE-2023-54364 - Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenti

CVE-2023-54363 - Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthent

CVE-2023-54362 - Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that

CVE-2023-54361 - Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allo

CVE-2023-54360 - Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attacke

CVE-2023-54359 - WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that all

CVE-2023-54358 - WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that all

CVE-2026-5976 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the funct

CVE-2026-5975 - A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the

CVE-2026-5974 - A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the

CVE-2026-5973 - A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime

CVE-2026-5972 - A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the funct

CVE-2026-5194 - Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA cert

CVE-2026-5187 - Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c.

CVE-2026-4436 - A low-privileged remote attacker can send Modbus packets to manipulate register values that are inp

CVE-2026-40089 - Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audi

CVE-2026-40088 - PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow

CVE-2026-40087 - LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.2

CVE-2026-40077 - Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept

CVE-2026-39977 - flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-fil

CVE-2026-35577 - Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. P

CVE-2026-35063 - OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authe

CVE-2026-34734 - HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the

CVE-2026-34500 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled a

CVE-2026-34487 - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin

CVE-2026-34486 - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-2914

CVE-2026-34483 - Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache

CVE-2026-32990 - Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.

CVE-2026-29923 - The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privil

CVE-2026-29146 - Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This

CVE-2026-29145 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled v

CVE-2026-29129 - Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects

CVE-2026-25854 - Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via th

CVE-2026-24880 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Ap

CVE-2025-13926 - An attacker could use data obtained by sniffing the network traffic to forge packets in order to ma

CVE-2026-39912 - V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response b

CVE-2026-35556 - OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an atta

CVE-2026-35195 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's imple

CVE-2026-35186 - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34988 - Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34987 - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime wi

CVE-2026-34983 - Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can resu

CVE-2026-34971 - Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34946 - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34945 - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34944 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platfo

CVE-2026-34943 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contain

CVE-2026-34942 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's imple

CVE-2026-34941 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contain

CVE-2026-31170 - An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex

CVE-2026-28205 - OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability w

CVE-2026-5971 - A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the functi

CVE-2026-5970 - A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function chec

CVE-2026-5329 - Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in t

CVE-2026-40072 - web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.1

CVE-2026-40071 - pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /js

CVE-2026-40070 - BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::Wallet

CVE-2026-40069 - BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's

CVE-2026-39987 - marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The

CVE-2026-39985 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-39983 - basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via C

CVE-2026-39981 - AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the ess

CVE-2026-39980 - OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.

CVE-2026-39961 - Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From

CVE-2026-39911 - Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability

CVE-2026-39315 - Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable tha

CVE-2026-35207 - dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a

CVE-2026-30478 - A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows

CVE-2026-1584 - A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sen

CVE-2025-70797 - Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execut

CVE-2025-63238 - A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to t

CVE-2026-5962 - A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecur

CVE-2026-5961 - A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vul

CVE-2026-40046 - Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveM

CVE-2026-39976 - Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is a

CVE-2026-39974 - n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive acce

CVE-2026-39972 - Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-e

CVE-2026-39962 - MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutraliz

CVE-2026-39959 - Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol

CVE-2026-39958 - oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metada

CVE-2026-39957 - Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug i

CVE-2026-39943 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, D

CVE-2026-39942 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, t

CVE-2026-39856 - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-

CVE-2026-39855 - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an inte

CVE-2026-30479 - A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attacke

CVE-2026-5960 - A weakness has been identified in code-projects Patient Record Management System 1.0. This affects a

CVE-2026-4878 - A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TO

CVE-2026-39941 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows at

CVE-2026-39853 - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack

CVE-2026-39843 - Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of

CVE-2026-39398 - Rejected reason: The affected product and advisory are not public.

CVE-2026-35205 - Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins

CVE-2026-35204 - Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm p

CVE-2026-35041 - fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service

CVE-2026-35040 - fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers

CVE-2026-34020 - Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The RE

CVE-2026-33266 - Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie en

CVE-2026-33005 - Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered u

CVE-2025-70365 - A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output

CVE-2025-70364 - An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execu

CVE-2025-15480 - In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during cra

CVE-2025-14551 - In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. U

CVE-2026-5959 - A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affect

CVE-2026-5445 - An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDec

CVE-2026-5444 - A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a

CVE-2026-5443 - A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pix

CVE-2026-5442 - A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded

CVE-2026-5441 - An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.c

CVE-2026-5440 - A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Len

CVE-2026-5439 - A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts Z

CVE-2026-5438 - A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Enc

CVE-2026-5437 - An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing.

CVE-2026-4116 - Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent

CVE-2026-4114 - Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent

CVE-2026-4113 - An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a

CVE-2026-4112 - Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SM

CVE-2026-34757 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl

CVE-2026-34578 - OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authenti

CVE-2025-70811 - Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute

CVE-2025-70810 - Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute

CVE-2025-62718 - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios

CVE-2025-50228 - Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and

CVE-2026-4660 - HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during

CVE-2025-45806 - A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers

CVE-2026-3005 - The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2026-2519 - The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to

CVE-2026-24661 - Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhoo

CVE-2026-21388 - Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhoo

CVE-2025-57735 - When user logged out, the JWT token the user had authtenticated with was not invalidated, which coul

CVE-2024-1490 - An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the

CVE-2026-4901 - Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials

CVE-2026-34538 - Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to

CVE-2026-34185 - Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters.

CVE-2026-34184 - Hydrosystem Control System does not enforce authorization for some directories. This allows an unaut

CVE-2026-34179 - In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go

CVE-2026-34178 - In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/in

CVE-2026-34177 - Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidde

CVE-2025-62188 - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache Dolphin

CVE-2026-5854 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the

CVE-2026-5853 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by thi

CVE-2026-5852 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function se

CVE-2026-5851 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the funct

CVE-2026-5850 - A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s

CVE-2026-5849 - A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown funct

CVE-2026-5848 - A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function

CVE-2026-5847 - A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown f

CVE-2026-5844 - A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file pr

CVE-2026-5842 - A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is

CVE-2026-5841 - A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7Web

CVE-2026-5840 - A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown fu

CVE-2026-5839 - A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknow

CVE-2026-5838 - A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unk

CVE-2026-5742 - The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and

CVE-2026-4336 - The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ

CVE-2026-1830 - The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up

CVE-2026-5837 - A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the

CVE-2026-5836 - A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is som

CVE-2026-5835 - A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an u

CVE-2026-5834 - A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function

CVE-2026-5833 - A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impac

CVE-2026-5357 - The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid'

CVE-2026-4429 - The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'm

CVE-2026-4124 - The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and in

CVE-2026-3574 - The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-3568 - The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versio

CVE-2026-5832 - A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze

CVE-2026-5831 - A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown funct

CVE-2026-5830 - A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of th

CVE-2026-5829 - A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element

CVE-2026-5828 - A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is a

CVE-2026-4326 - The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all v

CVE-2026-5827 - A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unkno

CVE-2026-5826 - A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unkno

CVE-2026-5825 - A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects

CVE-2026-5824 - A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects

CVE-2026-5823 - A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this

CVE-2026-5815 - A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_ma

CVE-2026-5814 - A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue

CVE-2026-5813 - A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affe

CVE-2026-5812 - A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This a

CVE-2026-5811 - A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this i

CVE-2026-5173 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.

CVE-2026-4916 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9

CVE-2026-4398 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-4332 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef

CVE-2026-3438 - A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 th

CVE-2026-3199 - A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 throug

CVE-2026-2619 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 bef

CVE-2026-2104 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9

CVE-2026-1752 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 bef

CVE-2026-1516 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 b

CVE-2026-1101 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef

CVE-2026-1092 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9

CVE-2025-9484 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 bef

CVE-2025-12664 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9