CVE-2026-25865 - Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows

CVE-2026-9692 - Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The

CVE-2026-55392 - NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to valida

CVE-2026-48937 - A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `G

CVE-2026-47833 - setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via

CVE-2026-12390 - In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by a

CVE-2026-54390 - JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that a

CVE-2026-48986 - pam_usb provides hardware authentication for Linux using removable media. In pam_usb 0.9.1 and earli

CVE-2026-48985 - pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1

CVE-2026-48984 - pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1

CVE-2026-12475 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-56024 - Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request F

CVE-2026-56022 - Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agen

CVE-2026-56021 - Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within modu

CVE-2026-56020 - The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a

CVE-2026-55237 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2026-55205 - Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POS

CVE-2026-55204 - HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability i

CVE-2026-55203 - HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fc

CVE-2026-54106 - The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civil

CVE-2026-54105 - The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civil

CVE-2026-54104 - The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civil

CVE-2026-54103 - The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civil

CVE-2026-48617 - A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path

CVE-2026-38718 - InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discov

CVE-2026-38717 - InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discov

CVE-2026-38716 - InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discov

CVE-2026-38715 - InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discov

CVE-2026-38714 - InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discov

CVE-2026-11982 - Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability i

CVE-2026-10687 - Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, c

CVE-2025-53114 - CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0

CVE-2025-32437 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2025-32436 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2025-32424 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2025-32422 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2025-32392 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2026-46580 - In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a

CVE-2026-44691 - In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/t

CVE-2026-44688 - In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory

CVE-2026-22551 - In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI response

CVE-2026-11791 - A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function u

CVE-2025-58175 - GeoServer is an open source server that allows users to share and edit geospatial data. Prior to ver

CVE-2025-52465 - GeoServer is an open source server that allows users to share and edit geospatial data. Prior to ver

CVE-2025-27511 - GeoServer is an open source server that allows users to share and edit geospatial data. Prior to ver

CVE-2026-9158 - In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the

CVE-2026-8461 - An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV de

CVE-2026-8024 - A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in

CVE-2026-56012 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-56009 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-56007 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-54419 - claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commi

CVE-2026-54224 - UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to vie

CVE-2026-54223 - UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to

CVE-2026-54222 - UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in C

CVE-2026-54221 - UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain

CVE-2026-54220 - uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechani

CVE-2026-54219 - UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fail

CVE-2026-50141 - Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability

CVE-2026-44942 - A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.1

CVE-2026-42490 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabiliti

CVE-2026-42489 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabiliti

CVE-2026-42488 - Some shadow paging errors paths will switch the page-tables without updating the currently running v

CVE-2026-42487 - HVM guest I/O port accesses are subject to either emulation or at least translation. Translations a

CVE-2026-40457 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before co

CVE-2026-40456 - An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de du

CVE-2026-40455 - An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within th

CVE-2026-12539 - Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time,

CVE-2026-12527 - A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communicati

CVE-2026-12039 - Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolut

CVE-2026-11958 - Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, ve

CVE-2026-11719 - An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missi

CVE-2026-11718 - An authentication bypass vulnerability exists in the generic opaque token validation path (validateO

CVE-2026-11717 - An authentication bypass vulnerability exists in the generic opaque token validation path (validateO

CVE-2026-8811 - SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF

CVE-2026-8039 - The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'au

CVE-2026-50643 - 8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of #line directives and GNU line

CVE-2026-2021 - The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2025-10560 - Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret materi

CVE-2026-9815 - The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded t

CVE-2026-55746 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the P

CVE-2026-55745 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Pe

CVE-2026-55744 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Pe

CVE-2026-55742 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the ad

CVE-2026-55741 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the ad

CVE-2026-28573 - In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission

CVE-2026-12137 - The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plu

CVE-2026-12136 - The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-12111 - The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposur

CVE-2026-12102 - The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for W

CVE-2026-12098 - The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-11395 - The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions

CVE-2026-9860 - The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code

CVE-2026-9199 - The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for Wo

CVE-2026-55740 - Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad)

CVE-2026-12120 - The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to S

CVE-2026-12093 - The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up

CVE-2026-11784 - The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin f

CVE-2026-11777 - The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v

CVE-2026-11776 - The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v

CVE-2026-11402 - The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vul

CVE-2026-11360 - The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injectio

CVE-2026-11358 - The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin fo

CVE-2026-11357 - The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to

CVE-2026-10736 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic S

CVE-2026-10623 - The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is v

CVE-2026-10029 - The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vu

CVE-2026-12505 - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its r

CVE-2026-12407 - The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorizatio

CVE-2026-10023 - The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Et

CVE-2026-12569 - A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and

CVE-2026-48768 - TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/ge

CVE-2026-48764 - TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by re

CVE-2026-54533 - vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, m

CVE-2026-54445 - vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 p

CVE-2026-53676 - ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution

CVE-2026-50268 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50267 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50202 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50201 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-48759 - TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Referenc

CVE-2026-45617 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In version

CVE-2026-45357 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In version

CVE-2026-44646 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In version

CVE-2026-44645 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In version

CVE-2026-44644 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 1

CVE-2026-12568 - The postman_download module uses the workspace name field from the Postman API to construct the loca

CVE-2026-12567 - The github_workflows module constructs local directory paths from user-controlled repository names w

CVE-2026-12566 - The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response h

CVE-2026-12565 - The unarchive internal module's archive extraction commands perform no code-level validation on extr

CVE-2024-27928 - vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, i

CVE-2024-24769 - vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, u

CVE-2026-8050 - In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemB

CVE-2026-8049 - In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explici

CVE-2026-54386 - marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page th

CVE-2026-50200 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50196 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50194 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-48997 - e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection v

CVE-2026-48991 - XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentic

CVE-2026-48990 - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encry

CVE-2026-48989 - Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0

CVE-2026-48820 - CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.

CVE-2026-12530 - Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock Agent

CVE-2026-49133 - Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers w

CVE-2026-48988 - markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerabilit

CVE-2026-48979 - PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography

CVE-2026-48821 - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site

CVE-2026-55202 - Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during

CVE-2026-55201 - Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the down

CVE-2026-55200 - libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh

CVE-2026-55199 - libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vul

CVE-2026-54388 - Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Cont

CVE-2026-54387 - Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and

CVE-2026-50107 - When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an in

CVE-2026-48823 - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scr

CVE-2026-48822 - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scr

CVE-2026-48817 - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a r

CVE-2026-48814 - Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP

CVE-2026-32682 - When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with per

CVE-2026-12529 - A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Pr

CVE-2026-11407 - Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated adm

CVE-2026-10741 - Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy

CVE-2026-10696 - Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026

CVE-2026-55198 - Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export en

CVE-2026-55197 - Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endp

CVE-2026-55196 - Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration

CVE-2026-53871 - Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cooki

CVE-2026-53870 - Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-reada

CVE-2026-53869 - Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows

CVE-2026-48818 - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Win

CVE-2026-9697 - Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy

CVE-2026-9679 - Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turni

CVE-2026-9678 - Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstr

CVE-2026-7300 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext

CVE-2026-6734 - Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins

CVE-2026-6733 - Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sock

CVE-2026-53805 - NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vuln

CVE-2026-48591 - Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allo

CVE-2026-47774 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to vers

CVE-2026-3894 - Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffer

CVE-2026-39199 - snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.

CVE-2026-30803 - Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Ov

CVE-2026-30802 - Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This

CVE-2026-30799 - Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plu

CVE-2026-2675 - Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plu

CVE-2026-2674 - Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professio

CVE-2026-2467 - Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflo

CVE-2026-20266 - In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute ar

CVE-2026-20265 - In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "

CVE-2026-20178 - A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticate

CVE-2026-11525 - Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contain

CVE-2026-9675 - Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumul

CVE-2026-53875 - picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that a

CVE-2026-53874 - picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated us

CVE-2026-53873 - picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block

CVE-2026-53872 - picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenti

CVE-2026-3490 - picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire

CVE-2026-36418 - JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling

CVE-2026-35069 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Specia

CVE-2026-35068 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Specia

CVE-2026-32652 - Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability.

CVE-2026-20246 - A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated,

CVE-2026-20220 - A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could al

CVE-2026-20190 - A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sen

CVE-2026-20181 - A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute ar

CVE-2026-1288 - A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Rev

CVE-2026-12515 - A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficien

CVE-2026-12151 - Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragment

CVE-2025-71325 - picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling

CVE-2025-71323 - picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code

CVE-2025-71322 - PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowin

CVE-2025-71321 - picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to b

CVE-2025-71320 - picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and opera

CVE-2025-32748 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Host Header Injection vulnerabilit

CVE-2025-26240 - In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code wit

CVE-2026-55748 - OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a c

CVE-2026-55743 - The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (de

CVE-2026-54812 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54810 - Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configu

CVE-2026-54415 - Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS befo

CVE-2026-49502 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerabi

CVE-2026-48142 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When co

CVE-2026-48117 - DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io wa

CVE-2026-47103 - Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that

CVE-2026-42530 - NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is co

CVE-2026-42055 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_g

CVE-2026-40641 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptogr

CVE-2026-35162 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerabi

CVE-2026-35067 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerabi

CVE-2026-35066 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerabi

CVE-2026-35065 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critica

CVE-2026-32804 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerabi

CVE-2026-22283 - Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from U

CVE-2026-12528 - A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A

CVE-2026-11311 - When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability

CVE-2026-10850 - Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description

CVE-2024-47477 - Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulner

CVE-2026-9591 - Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e

CVE-2026-55738 - A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microt

CVE-2026-54819 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54818 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54817 - Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API all

CVE-2026-54816 - Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads

CVE-2026-54815 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54814 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-54813 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54809 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54808 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54417 - An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a rem