CVE-2026-4427 - Rejected reason: Duplicate of CVE-2026-32286

CVE-2026-4426 - A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompressi

CVE-2026-4424 - A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive

CVE-2026-32843 - Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected

CVE-2026-30711 - Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in

CVE-2026-30402 - An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the te

CVE-2026-2369 - A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with

CVE-2026-27043 - Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path

CVE-2026-22558 - An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a mali

CVE-2026-22557 - A malicious actor with access to the network could exploit a Path Traversal vulnerability found in t

CVE-2025-69720 - The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in an

CVE-2025-71260 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted da

CVE-2025-71259 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forge

CVE-2025-71258 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forge

CVE-2025-71257 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerab

CVE-2026-3658 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2026-3511 - Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Di

CVE-2006-10003 - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

CVE-2006-10002 - XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap

CVE-2025-14716 - Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authenticati

CVE-2026-27070 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27068 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27067 - Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app

CVE-2026-27065 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25445 - Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Obje

CVE-2026-25443 - Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-pr

CVE-2026-25442 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25438 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-21788 - HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this i

CVE-2025-68836 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67618 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-62043 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2025-60237 - Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue

CVE-2025-60233 - Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue

CVE-2025-53222 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-50001 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-32223 - Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exp

CVE-2026-3475 - The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode

CVE-2026-25471 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Gu

CVE-2026-25312 - Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management all

CVE-2024-42210 - A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and