CVE-2026-28844 - A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe

CVE-2026-28842 - The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.4. A buff

CVE-2026-28841 - A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26

CVE-2026-28839 - The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS Son

CVE-2026-28838 - A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS

CVE-2026-28837 - A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app ma

CVE-2026-28835 - A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS S

CVE-2026-28834 - A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15

CVE-2026-28833 - A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and

CVE-2026-28832 - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequ

CVE-2026-28831 - An authorization issue was addressed with improved state management. This issue is fixed in macOS Se

CVE-2026-28829 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia

CVE-2026-28828 - A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequ

CVE-2026-28827 - A parsing issue in the handling of directory paths was addressed with improved path validation. This

CVE-2026-28826 - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.4. A m

CVE-2026-28825 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac

CVE-2026-28824 - An authorization issue was addressed with improved state management. This issue is fixed in macOS Se

CVE-2026-28823 - A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.

CVE-2026-28822 - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 26.4

CVE-2026-28821 - A validation issue existed in the entitlement verification. This issue was addressed with improved v

CVE-2026-28820 - This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may b

CVE-2026-28818 - A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.

CVE-2026-28817 - A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15

CVE-2026-28816 - A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 1

CVE-2026-20701 - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Seq

CVE-2026-20699 - A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing res

CVE-2026-20698 - The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26

CVE-2026-20697 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia

CVE-2026-20695 - An information disclosure issue was addressed with improved memory management. This issue is fixed i

CVE-2026-20694 - This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPa

CVE-2026-20693 - This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.

CVE-2026-20692 - A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS

CVE-2026-20691 - An authorization issue was addressed with improved state management. This issue is fixed in Safari 2

CVE-2026-20690 - An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO

CVE-2026-20688 - A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iP

CVE-2026-20687 - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.

CVE-2026-20686 - This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS

CVE-2026-20684 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 2

CVE-2026-20670 - An authorization issue was addressed with improved state management. This issue is fixed in macOS So

CVE-2026-20668 - A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iP

CVE-2026-20665 - This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS

CVE-2026-20664 - The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4

CVE-2026-20657 - The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS

CVE-2026-20651 - A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO

CVE-2026-20639 - An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequo

CVE-2026-20637 - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.

CVE-2026-20633 - This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15

CVE-2026-20632 - A parsing issue in the handling of directory paths was addressed with improved path validation. This

CVE-2026-20631 - A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user ma

CVE-2026-20622 - A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macO

CVE-2026-20607 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia

CVE-2025-43534 - A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and

CVE-2026-4781 - A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an u

CVE-2026-4780 - A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknow

CVE-2026-4779 - A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This is

CVE-2026-4778 - A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability

CVE-2026-4777 - A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects a

CVE-2026-4433 - An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port

CVE-2026-4371 - A malicious mail server could send malformed strings with negative lengths, causing the parser to re

CVE-2026-3912 - Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix Busi

CVE-2026-3889 - Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.

CVE-2026-33215 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The

CVE-2026-24159 - NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A

CVE-2026-24158 - NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may c

CVE-2026-24157 - NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause r

CVE-2026-24152 - NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE

CVE-2026-24151 - NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by con

CVE-2026-24150 - NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE

CVE-2026-24141 - NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization featu

CVE-2026-21790 - HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allo

CVE-2025-33254 - NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state c

CVE-2025-33248 - NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may ca

CVE-2025-33247 - NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow

CVE-2025-33244 - NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserial

CVE-2025-33242 - NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify

CVE-2025-33238 - NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may

CVE-2025-33216 - NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on

CVE-2025-33215 - NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest

CVE-2026-33511 - pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before v

CVE-2026-33509 - pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before ve

CVE-2026-33419 - MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AISt

CVE-2026-33412 - Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vuln

CVE-2026-33353 - Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version

CVE-2026-33349 - fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callback

CVE-2026-33347 - league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFi

CVE-2026-33345 - solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint

CVE-2026-33344 - Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2

CVE-2026-33332 - NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.add_media_file() and a

CVE-2026-33331 - oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards.

CVE-2026-33330 - FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access

CVE-2026-33329 - FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.1

CVE-2026-33326 - Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable ac

CVE-2026-33322 - MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEA

CVE-2026-33314 - pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97,

CVE-2026-32948 - sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Win

CVE-2026-22559 - An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to

CVE-2026-21783 - HCL Traveler is affected by sensitive information disclosure.  The application generates some error

CVE-2026-33769 - Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's

CVE-2026-33768 - Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads t

CVE-2026-33627 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33624 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33539 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33538 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33527 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33508 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33498 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33429 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33421 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33417 - Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, passw

CVE-2026-33409 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33323 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30932 - Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add A

CVE-2026-2417 - A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controll

CVE-2026-29772 - Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and p

CVE-2026-23924 - Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when

CVE-2026-23923 - An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitr

CVE-2026-23921 - A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in inclu

CVE-2026-23920 - Host and event action script input is validated with a regex (set by the administrator), but the val

CVE-2026-23919 - For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script ite

CVE-2026-1995 - IDrive’s id_service.exe process runs with elevated privileges and regularly reads from several files

CVE-2026-33407 - Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallo

CVE-2026-33401 - Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the p

CVE-2026-33400 - Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a sto

CVE-2026-33399 - Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the S

CVE-2026-33162 - Craft CMS is a content management system (CMS). From version 5.3.0 to before version 5.9.14, an auth

CVE-2026-33161 - Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and

CVE-2026-33160 - Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and

CVE-2026-33159 - Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and

CVE-2026-33158 - Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and

CVE-2026-33157 - Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remot

CVE-2026-32854 - LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vu

CVE-2026-32853 - LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read v

CVE-2026-26809 - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by

CVE-2026-33340 - LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A c

CVE-2025-11571 - Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command

CVE-2026-33700 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `DELETE

CVE-2026-33680 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the `LinkSha

CVE-2026-33679 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `Downloa

CVE-2026-33678 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, `TaskAttachm

CVE-2026-33677 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `GET /ap

CVE-2026-33676 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vik

CVE-2026-33675 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the migratio

CVE-2026-33668 - Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior

CVE-2026-33474 - Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and pr

CVE-2026-33473 - Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior t

CVE-2026-33336 - Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior

CVE-2026-33335 - Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior

CVE-2026-33334 - Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior

CVE-2026-29840 - JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release

CVE-2026-29839 - DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys

CVE-2025-71275 - Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519.

CVE-2026-4775 - A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow v

CVE-2026-33554 - ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intel

CVE-2026-33316 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vi

CVE-2026-33315 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, the Caldav e

CVE-2026-33313 - Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authentic

CVE-2026-32647 - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might

CVE-2026-30662 - ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. T

CVE-2026-30661 - iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, sp

CVE-2026-30655 - SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0.2.2 and earlier allows unauthe

CVE-2026-30653 - An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the

CVE-2026-28755 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the

CVE-2026-28753 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the

CVE-2026-27784 - The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module

CVE-2026-27654 - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might a

CVE-2026-27651 - When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed

CVE-2026-33497 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.

CVE-2026-33484 - Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 thr

CVE-2026-33418 - DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the `ensureSize(

CVE-2026-33311 - DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to v

CVE-2026-33310 - Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0

CVE-2026-4729 - Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of

CVE-2026-4728 - Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and

CVE-2026-4727 - Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Th

CVE-2026-4726 - Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 1

CVE-2026-4725 - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects

CVE-2026-4724 - Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunde

CVE-2026-4723 - Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Thun

CVE-2026-4722 - Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird

CVE-2026-4721 - Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox

CVE-2026-4720 - Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird

CVE-2026-4719 - Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox <

CVE-2026-4718 - Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Fir

CVE-2026-4717 - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox

CVE-2026-4716 - Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnera

CVE-2026-4715 - Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149,

CVE-2026-4714 - Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149

CVE-2026-4713 - Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, F

CVE-2026-4712 - Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Fir

CVE-2026-4711 - Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR

CVE-2026-4710 - Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149

CVE-2026-4709 - Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox

CVE-2026-4708 - Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, F

CVE-2026-4707 - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefo

CVE-2026-4706 - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefo

CVE-2026-4705 - Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Fir

CVE-2026-4704 - Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Fire

CVE-2026-4702 - JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Fir

CVE-2026-4701 - Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox

CVE-2026-4700 - Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firef

CVE-2026-4699 - Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Fi

CVE-2026-4698 - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149

CVE-2026-4697 - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects F

CVE-2026-4696 - Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Fi

CVE-2026-4695 - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects F

CVE-2026-4694 - Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affect

CVE-2026-4693 - Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Fir

CVE-2026-4692 - Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Fi

CVE-2026-4691 - Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 14

CVE-2026-4690 - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This v

CVE-2026-4689 - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This v

CVE-2026-4688 - Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability aff

CVE-2026-4687 - Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability a

CVE-2026-4686 - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefo

CVE-2026-4685 - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefo

CVE-2026-4684 - Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Fire

CVE-2026-33475 - Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated re

CVE-2026-33309 - Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 throug

CVE-2025-64998 - Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator

CVE-2019-25647 - PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows

CVE-2019-25646 - Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that

CVE-2019-25645 - WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local

CVE-2019-25644 - WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registr

CVE-2019-25643 - eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated att

CVE-2019-25642 - Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers

CVE-2019-25641 - Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attacker

CVE-2019-25640 - Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers t

CVE-2019-25639 - Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthent

CVE-2019-25638 - Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated

CVE-2019-25637 - X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to exe

CVE-2019-25636 - Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to

CVE-2019-25635 - Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated att

CVE-2019-25634 - Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attacker

CVE-2019-25633 - AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that

CVE-2019-25632 - phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attac

CVE-2019-25631 - AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability tha

CVE-2019-25630 - PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component

CVE-2019-25629 - AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in th

CVE-2019-25628 - Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulne

CVE-2019-25627 - FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows loc

CVE-2019-25626 - River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input

CVE-2026-4649 - Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows readi

CVE-2026-3509 - An unauthenticated remote attacker may be able to control the format string of messages processed by

CVE-2026-32642 - Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists wh

CVE-2025-41660 - A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control

CVE-2026-4756 - Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-I

CVE-2026-4755 - CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7:

CVE-2026-4754 - CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7:

CVE-2026-33852 - Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagic

CVE-2026-4753 - Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before