CVE-2026-12119 - The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a mis

CVE-2026-11912 - The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insuff

CVE-2026-11911 - The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficie

CVE-2026-9843 - The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbi

CVE-2026-9265 - Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8

CVE-2026-56216 - Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey end

CVE-2026-56215 - Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbi

CVE-2026-56214 - Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC end

CVE-2026-56213 - Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_me

CVE-2026-56212 - Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team o

CVE-2026-11551 - The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all ve

CVE-2026-56082 - Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURI

CVE-2026-56081 - Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and cont

CVE-2026-56080 - Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin en

CVE-2026-56079 - Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoi

CVE-2026-56073 - Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allo

CVE-2026-50559 - Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3

CVE-2026-50519 - Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allow

CVE-2026-49346 - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafte

CVE-2026-49337 - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a craft

CVE-2026-49295 - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a craft

CVE-2026-48794 - Authelia is an open-source authentication and authorization server providing two-factor authenticati

CVE-2026-48584 - Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate priv

CVE-2026-48582 - Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileg

CVE-2026-48129 - Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1

CVE-2026-47645 - Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows

CVE-2026-47203 - Authelia is an open-source authentication and authorization server providing two-factor authenticati

CVE-2026-45480 - Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privile

CVE-2026-42895 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-32208 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ed

CVE-2026-49345 - Mercator is an open source web application that enables mapping of the information system. Prior to

CVE-2026-49344 - Mercator is an open source web application that enables mapping of the information system. Prior to

CVE-2026-49342 - YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44,

CVE-2026-48787 - gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attac

CVE-2026-48774 - ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8,

CVE-2026-48773 - ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 ha

CVE-2026-48772 - ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8,

CVE-2026-48715 - radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipp

CVE-2026-48089 - DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a

CVE-2026-9375 - urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_co

CVE-2026-49340 - gonic is a music streaming server / free-software subsonic server API implementation. Prior to versi

CVE-2026-49339 - gonic is a music streaming server / free-software subsonic server API implementation. The maintainer

CVE-2026-49338 - gonic is a music streaming server / free-software subsonic server API implementation. Prior to versi

CVE-2026-49336 - @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In

CVE-2026-49293 - js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to an

CVE-2026-49291 - mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTT

CVE-2026-49288 - Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0,

CVE-2026-27878 - A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to a

CVE-2026-12726 - A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks

CVE-2026-12238 - The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass

CVE-2023-54357 - Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unau

CVE-2026-49359 - PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version

CVE-2026-49290 - Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 C

CVE-2026-49287 - Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0,

CVE-2026-49286 - PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version

CVE-2026-49271 - libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompresse

CVE-2019-25762 - Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows u

CVE-2019-25761 - Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated at

CVE-2019-25760 - Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthen

CVE-2019-25759 - Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated atta

CVE-2019-25758 - Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authent

CVE-2019-25757 - Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers t

CVE-2019-25756 - Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated

CVE-2019-25755 - Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated

CVE-2019-25754 - Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticat

CVE-2019-25753 - Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated att

CVE-2019-25752 - Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unau

CVE-2019-25751 - Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unau

CVE-2019-25750 - Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allow

CVE-2019-25749 - Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attack

CVE-2026-56211 - A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. I

CVE-2026-56210 - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementatio

CVE-2026-56209 - An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation

CVE-2026-56208 - A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A

CVE-2026-51846 - In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack b

CVE-2026-51845 - Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan

CVE-2026-51844 - Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan

CVE-2026-51843 - Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan

CVE-2026-49260 - PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version

CVE-2026-3196 - An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the

CVE-2026-3195 - A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `vir

CVE-2019-25748 - Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated a

CVE-2017-20282 - Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthe

CVE-2017-20281 - Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthentic

CVE-2017-20280 - Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticat

CVE-2017-20279 - Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to

CVE-2017-20278 - Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticate

CVE-2017-20277 - Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author

CVE-2017-20276 - Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthentic

CVE-2017-20275 - Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticat

CVE-2017-20274 - Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthentic

CVE-2017-20273 - Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows una

CVE-2017-20272 - Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthent

CVE-2017-20271 - Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated a

CVE-2017-20270 - Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated

CVE-2017-20269 - Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthentica

CVE-2017-20268 - Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauth

CVE-2026-12622 - The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form su

CVE-2026-12621 - Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000

CVE-2026-12620 - The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints.

CVE-2026-12619 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2017-20267 - Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthe

CVE-2017-20266 - Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated att

CVE-2017-20265 - Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated

CVE-2017-20264 - Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticat

CVE-2017-20263 - Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unau

CVE-2017-20262 - Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated

CVE-2017-20261 - Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauth

CVE-2017-20260 - Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthentica

CVE-2017-20259 - Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attacke

CVE-2017-20258 - Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows

CVE-2017-20257 - Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthentica

CVE-2017-20256 - Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated

CVE-2017-20255 - Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated at

CVE-2017-20254 - Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated

CVE-2017-20253 - Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticate

CVE-2017-20252 - Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated atta

CVE-2026-52910 - In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog a

CVE-2026-52909 - In the Linux kernel, the following vulnerability has been resolved: ip6_vti: set netns_immutable on

CVE-2026-52908 - In the Linux kernel, the following vulnerability has been resolved: RDMA: During rereg_mr ensure th

CVE-2026-49358 - PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version

CVE-2026-21768 - The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email compos

CVE-2025-71326 - AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that

CVE-2023-54353 - Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that

CVE-2022-50971 - Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that

CVE-2021-47985 - Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service bina

CVE-2020-37254 - Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted servic

CVE-2020-37253 - Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service tha

CVE-2020-37252 - Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.

CVE-2020-37251 - RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe b

CVE-2020-37250 - TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service b

CVE-2019-25747 - Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that

CVE-2016-20095 - Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastVi

CVE-2016-20094 - AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arb

CVE-2016-20093 - Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the W

CVE-2016-20092 - NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 s

CVE-2016-20091 - Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local a

CVE-2016-20090 - Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in th

CVE-2016-20089 - Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to exec

CVE-2016-20088 - Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the Chromodo

CVE-2016-20087 - Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to ex

CVE-2016-20086 - Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBa

CVE-2016-20085 - Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that

CVE-2026-9143 - There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missin

CVE-2026-9142 - There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is n

CVE-2026-4027 - A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allo

CVE-2026-4026 - A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an au

CVE-2026-49872 - Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route

CVE-2026-49871 - Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations.

CVE-2026-49357 - Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows

CVE-2026-49231 - Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed iden

CVE-2026-49230 - Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin

CVE-2026-48895 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker co

CVE-2026-48141 - There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service du

CVE-2026-48140 - There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow a

CVE-2026-48139 - There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that

CVE-2026-48138 - There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bo

CVE-2026-48137 - There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API

CVE-2026-47341 - Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from c

CVE-2026-47339 - Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor

CVE-2026-44915 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default con

CVE-2026-44087 - Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect p

CVE-2026-44046 - Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac

CVE-2026-39999 - Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypas

CVE-2026-39998 - Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certai

CVE-2026-12104 - OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix t

CVE-2025-62821 - Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDat

CVE-2026-56142 - In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 20

CVE-2026-56141 - In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 20

CVE-2026-53915 - In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configu

CVE-2026-50242 - In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 20

CVE-2026-44939 - A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/

CVE-2026-12706 - A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function

CVE-2026-11941 - Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI

CVE-2026-8296 - In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-S

CVE-2026-56138 - AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoi

CVE-2026-41156 - Software installed and run as a non-privileged user may conduct improper GPU system calls to cause m

CVE-2026-34192 - Software installed and run as a non-privileged user may conduct improper GPU system calls to cause a

CVE-2026-11576 - The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP

CVE-2026-6798 - The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized a

CVE-2026-46461 - Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerabi

CVE-2026-3640 - The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all

CVE-2026-9822 - The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of

CVE-2026-9013 - The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,

CVE-2026-8713 - The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insu

CVE-2026-8118 - The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vuln

CVE-2026-7547 - The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read vi

CVE-2026-7515 - The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and

CVE-2026-56132 - In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because sc

CVE-2026-56131 - libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within ha

CVE-2026-54414 - FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint (/api/fo

CVE-2026-4328 - The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all version

CVE-2026-1856 - The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-12644 - Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the im

CVE-2026-12430 - The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin se

CVE-2026-12157 - The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPres

CVE-2026-11989 - The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin f

CVE-2026-11752 - A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceS

CVE-2026-10779 - The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to M

CVE-2026-10720 - Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal is

CVE-2026-10034 - The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions

CVE-2025-7737 - DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects

CVE-2026-8806 - Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethe

CVE-2026-8805 - Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELS

CVE-2026-11775 - The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2026-52866 - An attacker within BLE communication range can monopolize the device's only available BLE connectio

CVE-2026-50034 - An attacker within BLE communication range can passively intercept wireless traffic and obtain sens

CVE-2026-40624 - Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote,

CVE-2026-12050 - SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/

CVE-2026-12049 - Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoin

CVE-2026-12048 - Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text retur

CVE-2026-12047 - HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and

CVE-2026-12046 - Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_i

CVE-2026-12045 - Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence data

CVE-2026-12044 - SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS '<descripti

CVE-2026-6716 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-56078 - PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to

CVE-2026-56077 - PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger co

CVE-2026-56076 - PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint

CVE-2026-56075 - PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI mo

CVE-2026-56074 - PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation argumen

CVE-2026-10746 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-8668 - A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to interna

CVE-2026-8100 - Impact A security issue has been identified in Chef 360 that could allow unauthorized access to pro

CVE-2026-54130 - Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disc

CVE-2026-54017 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-49205 - phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization

CVE-2026-47647 - Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privilege

CVE-2026-47633 - Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experience

CVE-2026-32174 - Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges ove

CVE-2026-22674 - Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vu

CVE-2026-49454 - Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0

CVE-2026-49257 - mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. I

CVE-2026-49252 - deepstream is a server that allows clients and backend services to sync data, send messages and make

CVE-2026-49248 - OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.unta

CVE-2026-46699 - conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted

CVE-2026-45696 - OpenEXR is the reference implementation and specification for the EXR image format, widely used in t

CVE-2026-44663 - OpenEXR is the reference implementation and specification for the EXR image format, widely used in t

CVE-2026-43994 - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contai

CVE-2025-15661 - libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability i

CVE-2026-56099 - OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_

CVE-2026-48983 - pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior

CVE-2026-48982 - pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior

CVE-2026-48981 - pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior

CVE-2026-48980 - pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2

CVE-2026-48716 - nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge

CVE-2026-47847 - Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credentia

CVE-2026-47846 - Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When

CVE-2026-43915 - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contai

CVE-2026-2842 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in