CVE-2026-32013 - OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.g

CVE-2026-32011 - OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers fo

CVE-2026-32010 - OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin confi

CVE-2026-32009 - OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist

CVE-2026-32008 - OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the

CVE-2026-32007 - OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental appl

CVE-2026-32006 - OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-

CVE-2026-32005 - OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive cal

CVE-2026-32004 - OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/chann

CVE-2026-32003 - OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the

CVE-2026-32002 - OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image t

CVE-2026-32001 - OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clie

CVE-2026-30873 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24

CVE-2026-30872 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6

CVE-2026-30871 - OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6

CVE-2026-29072 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-28282 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27936 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27935 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27934 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-4428 - A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs t

CVE-2026-4395 - Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcryp

CVE-2026-3849 - Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in

CVE-2026-3549 - Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic wh

CVE-2026-3547 - Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained

CVE-2026-3230 - Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfS

CVE-2026-3229 - An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused h

CVE-2026-33346 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33321 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33305 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33304 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33303 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33302 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33301 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33299 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32749 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/impo

CVE-2026-32747 - SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles A

CVE-2026-32622 - SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 a

CVE-2026-32191 - Improper neutralization of special elements used in an os command ('os command injection') in Micros

CVE-2026-32169 - Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate p

CVE-2026-30924 - qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissiv

CVE-2026-30836 - Step CA is an online certificate authority for secure, automated certificate management for DevOps.

CVE-2026-27953 - ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validatio

CVE-2026-27740 - Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27570 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27491 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27454 - Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and

CVE-2026-27166 - Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and

CVE-2026-26139 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26138 - Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p

CVE-2026-26137 - Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate pr

CVE-2026-26136 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop

CVE-2026-26120 - Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tamp

CVE-2026-24299 - Improper neutralization of special elements used in a command ('command injection') in M365 Copilot

CVE-2026-23659 - Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthori

CVE-2026-23658 - Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate priv

CVE-2026-3580 - In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditiona

CVE-2026-3579 - wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit

CVE-2026-32238 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32119 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-25928 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-25744 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-3503 - Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSS

CVE-2026-25667 - ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote

CVE-2026-3548 - Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a he

CVE-2026-30694 - An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the

CVE-2026-2646 - A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When de

CVE-2026-2645 - In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementatio

CVE-2026-26940 - Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin i

CVE-2026-26939 - Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauth

CVE-2026-26933 - Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat ca

CVE-2025-67115 - A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Engle

CVE-2025-67114 - Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE

CVE-2025-67113 - OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi En

CVE-2025-67112 - Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell

CVE-2026-30403 - There is an arbitrary file read vulnerability in the test connection function of backend database ma

CVE-2026-26931 - Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in

CVE-2026-1005 - Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow i

CVE-2026-0819 - A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. I

CVE-2026-3029 - A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main

CVE-2026-32869 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of O

CVE-2026-32868 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last

CVE-2026-32867 - OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an e

CVE-2026-32866 - OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last

CVE-2026-32865 - OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP

CVE-2026-30404 - The backend database management connection test feature in wgcloud v3.6.3 has a server-side request

CVE-2026-4427 - Rejected reason: Duplicate of CVE-2026-32286

CVE-2026-4426 - A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompressi

CVE-2026-4424 - A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive

CVE-2026-32843 - Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a reflected

CVE-2026-30711 - Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in

CVE-2026-30402 - An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the te

CVE-2026-2369 - A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with

CVE-2026-27043 - Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography photography

CVE-2026-22558 - An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a mali

CVE-2026-22557 - A malicious actor with access to the network could exploit a Path Traversal vulnerability found in t

CVE-2025-69720 - The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in an

CVE-2025-71260 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted da

CVE-2025-71259 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forge

CVE-2025-71258 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forge

CVE-2025-71257 - BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerab

CVE-2026-3658 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2026-3511 - Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Di

CVE-2006-10003 - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

CVE-2006-10002 - XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap

CVE-2025-14716 - Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authenticati

CVE-2026-27070 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27068 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27067 - Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app

CVE-2026-27065 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25445 - Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Obje

CVE-2026-25443 - Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-pr

CVE-2026-25442 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25438 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-21788 - HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this i

CVE-2025-68836 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67618 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-62043 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2025-60237 - Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue

CVE-2025-60233 - Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue

CVE-2025-53222 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-50001 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-32223 - Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exp

CVE-2026-3475 - The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode

CVE-2026-25471 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Gu

CVE-2026-25312 - Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management all

CVE-2024-42210 - A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and

CVE-2026-4120 - The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cro

CVE-2026-4068 - The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in a

CVE-2026-4006 - The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dis

CVE-2026-2571 - The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a miss

CVE-2026-27093 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27091 - Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrect

CVE-2026-28073 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28070 - Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly C

CVE-2026-28044 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27542 - Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Ca

CVE-2026-27540 - Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce

CVE-2026-27413 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-27397 - Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really

CVE-2026-27096 - Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer Word

CVE-2026-1238 - The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh

CVE-2026-1276 - IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vu

CVE-2025-36051 - IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in co

CVE-2025-15051 - IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vu

CVE-2025-13995 - IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one ten

CVE-2026-32000 - OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extens

CVE-2026-31999 - OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injecti

CVE-2026-31998 - OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synol

CVE-2026-31997 - OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens

CVE-2026-31996 - OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnera

CVE-2026-31995 - OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobs

CVE-2026-31994 - OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows sche

CVE-2026-31993 - OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macO

CVE-2026-31992 - OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardra

CVE-2026-31991 - OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal grou

CVE-2026-31990 - OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in whi

CVE-2026-31989 - OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_searc

CVE-2026-29608 - OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution whe

CVE-2026-29607 - OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always w

CVE-2026-28461 - OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo web

CVE-2026-28460 - OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that al

CVE-2026-28449 - OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, al

CVE-2026-27670 - OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that al

CVE-2026-27566 - OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec an

CVE-2026-22176 - OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled

CVE-2026-32743 - PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and belo

CVE-2026-32255 - Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatc

CVE-2026-3181 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-32805 - Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code c

CVE-2026-32737 - Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code c

CVE-2026-32736 - The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An In

CVE-2026-32735 - openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specif

CVE-2026-32731 - ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophe

CVE-2026-32730 - ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer to

CVE-2025-15031 - A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improp

CVE-2026-4407 - Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in

CVE-2026-33163 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-33042 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32944 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32943 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32886 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32878 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32770 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32742 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32728 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32723 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-qu

CVE-2026-32722 - Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of

CVE-2026-32703 - OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 1

CVE-2026-32698 - OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0

CVE-2026-32700 - Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condi

CVE-2026-32638 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.

CVE-2026-32636 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-32321 - ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL inject

CVE-2026-31973 - SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in

CVE-2026-31972 - SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The `mpileu

CVE-2026-25873 - OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server com

CVE-2026-25745 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-4396 - Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows

CVE-2026-31971 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2026-31970 - HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index

CVE-2026-31969 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2026-31968 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2026-31967 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2026-31966 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2026-0866 - Rejected reason: After the publication of the PoC by the researcher and further analysis, we have de

CVE-2026-3479 - pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.

CVE-2026-31965 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2026-31964 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2026-31963 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2025-58112 - Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of

CVE-2026-32634 - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central

CVE-2026-32633 - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central

CVE-2026-32632 - Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebindin

CVE-2026-32611 - Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0)

CVE-2026-31962 - HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format

CVE-2026-30704 - The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface thr

CVE-2026-30703 - A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201

CVE-2026-30702 - The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechan

CVE-2026-30701 - The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded c

CVE-2026-30048 - A stored cross-site scripting (XSS) vulnerability exists in the NotChatbot WebChat widget thru 1.4.4

CVE-2026-29859 - An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code

CVE-2026-29858 - A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI

CVE-2026-29856 - An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attack

CVE-2026-27135 - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.6

CVE-2026-26948 - Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G vers

CVE-2026-26945 - Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G vers

CVE-2026-26740 - Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of servic

CVE-2026-23270 - In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to

CVE-2026-23269 - In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start st

CVE-2026-23268 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged loca

CVE-2026-23267 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix IS_CHECKPOINTED flag

CVE-2026-23266 - In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error

CVE-2026-23265 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on

CVE-2026-23264 - In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM

CVE-2026-23263 - In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array l

CVE-2026-23262 - In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruptio

CVE-2026-23261 - In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset i

CVE-2026-23260 - In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on ma

CVE-2026-23259 - In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially a

CVE-2026-23258 - In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netde

CVE-2026-23257 - In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one e

CVE-2026-23256 - In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one e

CVE-2026-23255 - In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection

CVE-2026-23254 - In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network off

CVE-2026-23253 - In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong rein

CVE-2026-23252 - In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_

CVE-2026-23251 - In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_d

CVE-2026-23250 - In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchk

CVE-2026-23249 - In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors