CVE-2026-4755 - CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7:

CVE-2026-4754 - CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7:

CVE-2026-33852 - Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagic

CVE-2026-4753 - Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before

CVE-2026-4752 - Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.

CVE-2026-4751 - NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.

CVE-2026-4750 - Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0

CVE-2026-4749 - NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.

CVE-2026-33856 - Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagic

CVE-2026-33855 - Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affect

CVE-2026-33854 - Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-I

CVE-2026-33853 - NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Andr

CVE-2026-33851 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell

CVE-2026-33850 - Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: be

CVE-2026-33849 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvisi

CVE-2026-33848 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvisi

CVE-2026-33847 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvisi

CVE-2026-4746 - Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules). This vu

CVE-2026-4745 - Improper Control of Generation of Code ('Code Injection') vulnerability in dendibakh perf-ninja (lab

CVE-2026-4662 - The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX a

CVE-2026-4640 - Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowin

CVE-2026-4639 - Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowi

CVE-2026-4632 - A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affe

CVE-2026-4627 - A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handl

CVE-2026-4283 - The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in

CVE-2026-3260 - A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP

CVE-2026-3138 - The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data lo

CVE-2026-4744 - Out-of-bounds Read vulnerability in rizonesoft Notepad3 (‎scintilla/oniguruma/src modules). This vul

CVE-2026-4743 - NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerabilit

CVE-2026-4742 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in vi

CVE-2026-4741 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Team

CVE-2026-4739 - Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/E

CVE-2026-4738 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal

CVE-2026-4737 - Use After Free vulnerability in No-Chicken Echo-Mate (‎SDK/rv1106-sdk/sysdrv/source/kernel/mm module

CVE-2026-4736 - Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kern

CVE-2026-4735 - Deserialization of Untrusted Data vulnerability in DTStack chunjun (‎chunjun-core/src/main/java/com/

CVE-2026-4734 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modi

CVE-2026-4733 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stc

CVE-2026-4732 - Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). Th

CVE-2026-4731 - Integer Overflow or Wraparound vulnerability in artraweditor ART (‎rtengine‎ modules). This vulnerab

CVE-2026-4626 - A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknow

CVE-2026-4625 - A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown functio

CVE-2026-4624 - A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted el

CVE-2026-4623 - A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-

CVE-2026-33308 - Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for clien

CVE-2026-3079 - The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filt

CVE-2026-33307 - Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0,

CVE-2026-4680 - Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execut

CVE-2026-4679 - Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perf

CVE-2026-4678 - Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execu

CVE-2026-4677 - Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote a

CVE-2026-4676 - Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potenti

CVE-2026-4675 - Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to

CVE-2026-4674 - Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perf

CVE-2026-4673 - Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker

CVE-2026-4617 - A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0.

CVE-2026-4616 - A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown fun

CVE-2026-33320 - Dasel is a command-line tool and library for querying, modifying, and transforming data structures.

CVE-2026-33306 - bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version

CVE-2026-33298 - llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulner

CVE-2026-33290 - WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw

CVE-2026-22739 - Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spr

CVE-2026-4615 - A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unk

CVE-2026-4614 - A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affec

CVE-2026-4613 - A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown

CVE-2026-4056 - The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification o

CVE-2026-4021 - The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin

CVE-2026-4001 - The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Executio

CVE-2026-3533 - The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authori

CVE-2026-33286 - Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interfa

CVE-2026-33283 - Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing

CVE-2026-33282 - Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing

CVE-2026-33281 - Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing

CVE-2026-33252 - The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTT

CVE-2026-33250 - Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1

CVE-2026-33242 - Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Contr

CVE-2026-33241 - Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`

CVE-2026-33211 - Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting

CVE-2026-33202 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33195 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33176 - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails f

CVE-2026-33174 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33173 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33170 - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails f

CVE-2026-33169 - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails f

CVE-2026-4306 - The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in

CVE-2026-4066 - The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a m

CVE-2026-3225 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of

CVE-2026-33168 - Action View provides conventions and helpers for building web pages with the Rails framework. Prior

CVE-2026-33167 - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.

CVE-2026-33046 - Indico is an event management system that uses Flask-Multipass, a multi-backend authentication syste

CVE-2026-2412 - The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged

CVE-2026-4681 - A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC Flex

CVE-2026-4612 - A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an un

CVE-2026-4611 - A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by

CVE-2026-33634 - Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi

CVE-2026-32913 - OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard

CVE-2026-32912 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32911 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32910 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32909 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32908 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32907 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32904 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32903 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32902 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32901 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32900 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32300 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32299 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32279 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32278 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32277 - Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.4

CVE-2026-32276 - Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0

CVE-2026-32066 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32047 - Rejected reason: This CVE ID has been rejected.

CVE-2026-32012 - Rejected reason: This CVE ID has been rejected.

CVE-2026-29111 - systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unpri

CVE-2026-28483 - Rejected reason: This CVE ID has been rejected.

CVE-2026-28455 - Rejected reason: This CVE ID has been rejected.

CVE-2026-27646 - OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command

CVE-2026-27183 - OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.r

CVE-2026-22173 - Rejected reason: This CVE ID has been rejected.

CVE-2026-1940 - An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() funct

CVE-2025-60949 - Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unaut

CVE-2025-60948 - Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticat

CVE-2025-60947 - Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a mal

CVE-2025-60946 - Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access u

CVE-2026-4597 - A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the functi

CVE-2026-4368 - Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL V

CVE-2026-3055 - Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l

CVE-2026-23882 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Pro

CVE-2026-23488 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create

CVE-2026-23487 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerabi

CVE-2026-23486 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, a publicly accessible endp

CVE-2026-23485 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter acc

CVE-2026-23484 - Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName par

CVE-2026-23483 - Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file

CVE-2026-23482 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint d

CVE-2026-23481 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated

CVE-2026-23480 - Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escal

CVE-2026-4596 - A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects som

CVE-2026-33548 - Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping

CVE-2026-33517 - Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Ta

CVE-2026-32879 - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management sys

CVE-2026-32852 - MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the web

CVE-2026-32851 - MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the web

CVE-2026-32850 - MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the web

CVE-2026-30886 - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management sys

CVE-2026-30849 - Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on M

CVE-2026-2298 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in

CVE-2026-27131 - The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in ver

CVE-2025-52204 - A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint v

CVE-2024-46879 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki

CVE-2024-46878 - A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki

CVE-2026-4595 - A vulnerability was determined in code-projects Exam Form Submission 1.0. This vulnerability affects

CVE-2026-33723 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Subscribe::

CVE-2026-33719 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin e

CVE-2026-33717 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVid

CVE-2026-33716 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone l

CVE-2026-33690 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `getRealIpAd

CVE-2026-33688 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password rec

CVE-2026-33685 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/AD_S

CVE-2026-33683 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization o

CVE-2026-33681 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/plu

CVE-2026-33651 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `remindMe.js

CVE-2026-33650 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the

CVE-2026-33649 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Perm

CVE-2026-33648 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the restreamer e

CVE-2026-33647 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `ImageGaller

CVE-2026-33513 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticat

CVE-2026-33512 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin e

CVE-2026-26209 - cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serializati

CVE-2026-25075 - strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS

CVE-2026-0898 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio deve

CVE-2025-15606 - A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to im

CVE-2026-4594 - A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function

CVE-2025-15605 - A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX5

CVE-2025-15519 - Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX

CVE-2025-15518 - Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX

CVE-2025-15517 - A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to

CVE-2026-4593 - A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function Eru

CVE-2026-33507 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/plu

CVE-2026-33502 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticat

CVE-2026-33501 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint `pl

CVE-2026-33500 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-

CVE-2026-33499 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `view/forbid

CVE-2026-30007 - XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file

CVE-2026-30006 - XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.

CVE-2026-26829 - A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit

CVE-2026-26828 - A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server

CVE-2026-24516 - A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troublesho

CVE-2026-4592 - A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function login

CVE-2026-4591 - A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the f

CVE-2026-33493 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/imp

CVE-2026-33492 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's `_sessi

CVE-2026-33488 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys(

CVE-2026-32845 - cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() funct

CVE-2024-51226 - A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpg

CVE-2024-51225 - A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpguruku

CVE-2024-51224 - Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpg

CVE-2024-51223 - A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul

CVE-2024-51222 - A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul

CVE-2026-4590 - A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown fun

CVE-2026-4404 - Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use t

CVE-2026-33485 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP `on_pub

CVE-2026-33483 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `aVideoEncod

CVE-2026-33482 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `sanitizeFFm

CVE-2026-33480 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeU

CVE-2026-33479 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plug

CVE-2026-33478 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnera

CVE-2026-33354 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, `POST /objects/a

CVE-2026-4647 - A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files

CVE-2026-4645 - Rejected reason: Duplicate of CVE-2026-32287

CVE-2026-4589 - A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDr

CVE-2026-3635 - Summary When trustProxy is configured with a restrictive trust function (e.g., a specific IP like tr

CVE-2026-33352 - WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injectio

CVE-2026-33351 - WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery (

CVE-2026-33297 - WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endp

CVE-2025-41008 - SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create,

CVE-2019-25625 - Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the

CVE-2019-25624 - Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash t

CVE-2019-25623 - Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to cras

CVE-2019-25622 - Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash th

CVE-2019-25621 - Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash th

CVE-2019-25620 - Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the

CVE-2026-4588 - A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of

CVE-2026-4587 - A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of

CVE-2026-4586 - A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of th

CVE-2026-31851 - Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or

CVE-2026-31850 - Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, inclu

CVE-2026-31849 - Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections

CVE-2026-31848 - Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authent

CVE-2026-31847 - Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware thr

CVE-2026-1958 - Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker

CVE-2025-41007 - SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and dele

CVE-2026-4585 - A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vul

CVE-2026-4584 - A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part

CVE-2026-32969 - An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the u

CVE-2026-32968 - Due to the improper neutralisation of special elements used in an OS command, an unauthenticated rem

CVE-2026-31846 - Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through v

CVE-2026-4633 - A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the i

CVE-2026-4583 - A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue

CVE-2026-28809 - XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the sys

CVE-2026-4582 - A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected

CVE-2026-4581 - A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown fu

CVE-2026-4628 - A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Ac

CVE-2026-4580 - A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unkn

CVE-2026-4579 - A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown f

CVE-2026-4578 - A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an