CVE-2026-45601 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-45600 - Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows

CVE-2026-45599 - Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code

CVE-2026-45598 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-45597 - Concurrent execution using shared resource with improper synchronization ('race condition') in UI Au

CVE-2026-45596 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-45595 - Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to by

CVE-2026-45594 - Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) S

CVE-2026-45593 - Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.

CVE-2026-45592 - Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to el

CVE-2026-45591 - Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service ov

CVE-2026-45588 - Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a securi

CVE-2026-45586 - Improper link resolution before file access ('link following') in Windows Collaborative Translation

CVE-2026-45583 - Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an una

CVE-2026-45504 - Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to ele

CVE-2026-45503 - Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to dis

CVE-2026-45502 - Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to dis

CVE-2026-45501 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex

CVE-2026-45500 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex

CVE-2026-45491 - Improper link resolution before file access ('link following') in .NET allows an unauthorized attack

CVE-2026-45490 - Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

CVE-2026-45487 - Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows

CVE-2026-45486 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-45485 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information local

CVE-2026-45484 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to el

CVE-2026-45483 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45482 - Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and

CVE-2026-45481 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45479 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45476 - Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-45475 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45474 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45472 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45471 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-45469 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-45468 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45467 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45466 - Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose info

CVE-2026-45465 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45464 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45463 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45462 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45461 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-45460 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information local

CVE-2026-45459 - Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a s

CVE-2026-45458 - Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor

CVE-2026-45457 - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co

CVE-2026-45456 - Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor

CVE-2026-45455 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-45454 - Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office S

CVE-2026-45453 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-45447 - Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free du

CVE-2026-45446 - Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the au

CVE-2026-45445 - Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-sho

CVE-2026-44824 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-44823 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44822 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-44821 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information local

CVE-2026-44820 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44819 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local

CVE-2026-44818 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44817 - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to

CVE-2026-44815 - Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code o

CVE-2026-44814 - Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information

CVE-2026-44813 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-44812 - Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute c

CVE-2026-44811 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-44810 - Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate

CVE-2026-44809 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate pri

CVE-2026-44808 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-44807 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-44805 - Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny s

CVE-2026-44804 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-44803 - Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute c

CVE-2026-44802 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-44801 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-44799 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42993 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42992 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42991 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42989 - Improper link resolution before file access ('link following') in Winlogon allows an authorized atta

CVE-2026-42987 - Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a

CVE-2026-42986 - Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l

CVE-2026-42985 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42984 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-42983 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-42981 - Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacke

CVE-2026-42980 - Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev

CVE-2026-42979 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42978 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42977 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42974 - Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacke

CVE-2026-42973 - Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos

CVE-2026-42972 - Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized a

CVE-2026-42971 - Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos

CVE-2026-42970 - Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos

CVE-2026-42969 - Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos

CVE-2026-42968 - Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose informatio

CVE-2026-42916 - Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev

CVE-2026-42915 - Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny servi

CVE-2026-42914 - Windows Kerberos Denial of Service Vulnerability

CVE-2026-42913 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42912 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-42911 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-42910 - Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate

CVE-2026-42909 - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code

CVE-2026-42908 - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a net

CVE-2026-42907 - Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att

CVE-2026-42906 - Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att

CVE-2026-42905 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-42904 - Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges o

CVE-2026-42903 - Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a ne

CVE-2026-42902 - Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges lo

CVE-2026-42837 - Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele

CVE-2026-42836 - Concurrent execution using shared resource with improper synchronization ('race condition') in Funct

CVE-2026-42835 - Improper neutralization of special elements in output used by a downstream component ('injection') i

CVE-2026-42829 - Improper access control in Windows Administrator Protection allows an authorized attacker to bypass

CVE-2026-42828 - Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to ele

CVE-2026-42771 - Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a craft

CVE-2026-42770 - Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key i

CVE-2026-42769 - Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key upd

CVE-2026-42768 - Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style at

CVE-2026-42767 - Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a N

CVE-2026-42766 - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer derefer

CVE-2026-42765 - Issue summary: When a partial-chain certificate verification is enabled together with OCSP response

CVE-2026-42764 - Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dere

CVE-2026-42599 - Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to

CVE-2026-42573 - Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DO

CVE-2026-42570 - Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't

CVE-2026-42567 - Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an int

CVE-2026-41108 - Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privile

CVE-2026-41098 - Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack

CVE-2026-41092 - Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges loca

CVE-2026-40409 - Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-40404 - Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-40376 - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privilege

CVE-2026-40371 - Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises)

CVE-2026-3088 - Unauthenticated users on the local network can cause the router to become unavailable by sending spe

CVE-2026-38615 - DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

CVE-2026-35188 - Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response thr

CVE-2026-34692 - Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based C

CVE-2026-34335 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-34183 - Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with

CVE-2026-34182 - Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input val

CVE-2026-34181 - Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files th

CVE-2026-34180 - Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content

CVE-2026-33828 - Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges

CVE-2026-33113 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-32193 - Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Ku

CVE-2026-28301 - A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to

CVE-2026-26142 - Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute c

CVE-2026-24181 - NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index

CVE-2026-24180 - NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffe

CVE-2026-22926 - Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.

CVE-2026-0420 - An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud

CVE-2026-0419 - Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit releas

CVE-2026-0418 - Insufficient configuration management in the listed devices allows authenticated administrators conn

CVE-2026-0417 - Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated admin

CVE-2026-0416 - An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an

CVE-2026-0415 - Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated admini

CVE-2026-0414 - Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated admini

CVE-2026-0413 - A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models al

CVE-2026-0412 - Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band

CVE-2026-0411 - An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could al

CVE-2026-0410 - Authenticated administrators connected to the local network can gain elevated access to the router

CVE-2026-0409 - A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traf

CVE-2026-8045 - CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause

CVE-2026-8025 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability i

CVE-2026-49948 - Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability

CVE-2026-49938 - A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2

CVE-2026-25089 - A improper neutralization of special elements used in an os command ('os command injection') vulnera

CVE-2026-24065 - Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerab

CVE-2026-24064 - Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerab

CVE-2026-10727 - An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions

CVE-2026-10523 - An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R1

CVE-2026-10520 - An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versi

CVE-2025-67862 - An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerabili

CVE-2026-9279 - Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an a

CVE-2026-7486 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability i

CVE-2026-52907 - In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off

CVE-2026-52906 - In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being

CVE-2026-52905 - In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-pow

CVE-2026-52904 - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device le

CVE-2026-49762 - Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allo

CVE-2026-47901 - Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject

CVE-2026-47900 - Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaSc

CVE-2026-47899 - The Electron preload script in Logseq exposes an API method that allows the renderer process to invo

CVE-2026-46332 - In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound b

CVE-2026-46330 - In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP

CVE-2026-46329 - In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem

CVE-2026-46328 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix

CVE-2026-46327 - In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_su

CVE-2026-46326 - In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix

CVE-2026-46325 - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conver

CVE-2026-11793 - A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c c

CVE-2026-11792 - A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the cr

CVE-2026-11790 - A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce

CVE-2026-11789 - A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer

CVE-2026-11788 - A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocati

CVE-2026-11787 - A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start

CVE-2026-11786 - A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when p

CVE-2026-11785 - A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handl

CVE-2026-46324 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_

CVE-2026-46323 - In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skb

CVE-2026-46322 - In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb fai

CVE-2026-46321 - In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame r

CVE-2026-46320 - In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths i

CVE-2026-46319 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release

CVE-2026-46318 - In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hu

CVE-2026-46317 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmu

CVE-2026-46316 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the

CVE-2026-2638 - A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 thro

CVE-2026-11764 - When creating an export of all reusable media, the secrets of connected gift cards were included in

CVE-2017-20251 - WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that al

CVE-2017-20250 - Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers

CVE-2017-20249 - Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attack

CVE-2017-20248 - Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attack

CVE-2017-20247 - WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthen

CVE-2017-20246 - KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenti

CVE-2017-20245 - Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthent

CVE-2017-20244 - Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthent

CVE-2017-20243 - WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerab

CVE-2016-20065 - Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unaut

CVE-2016-20064 - WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers

CVE-2016-20063 - Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated user

CVE-2016-20062 - Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthent

CVE-2026-49742 - Backend users with file download permissions were able to download files from the fallback storage o

CVE-2026-49741 - Backend users with write access to the form_definition database table were able to directly create,

CVE-2026-49740 - TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP

CVE-2026-49738 - The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix compa

CVE-2026-47352 - Authenticated backend users were able to retrieve file metadata via several Backend API routes witho

CVE-2026-47351 - Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without prope

CVE-2026-47350 - Backend users were able to move records to a different page without having edit permissions on the s

CVE-2026-47349 - Backend users with access to the Recycler module were able to restore soft-deleted records on pages

CVE-2026-47348 - Editors with access to create or modify page content were able to include HTML markup in page titles

CVE-2026-47347 - Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to op

CVE-2026-47346 - Backend users with file write permissions were able to upload form definition files with mixed-case

CVE-2026-47343 - Non-privileged backend users with file mount access were able to perform write operations (move, del

CVE-2026-11607 - Backend users with access to the Form Framework were able to use files not ending in .form.yaml as f

CVE-2026-52902 - A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directiv

CVE-2026-4058 - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrat

CVE-2026-46749 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected ap

CVE-2026-46748 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected sy

CVE-2026-46747 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected ap

CVE-2026-46746 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application

CVE-2026-41031 - A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Bui

CVE-2026-24349 - A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC

CVE-2026-10731 - SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ fun

CVE-2025-40808 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP

CVE-2025-10263 - Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Co