CVE-2026-23249 - In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors

CVE-2025-71270 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fix

CVE-2025-71269 - In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reserva

CVE-2025-71268 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in

CVE-2026-32610 - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances

CVE-2026-30695 - A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucche

CVE-2026-30345 - A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attack

CVE-2026-1463 - The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable

CVE-2025-67830 - Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.

CVE-2026-3090 - The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP

CVE-2026-33004 - Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job confi

CVE-2026-33003 - Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml fil

CVE-2026-33002 - Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) perfo

CVE-2026-33001 - Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the

CVE-2026-2992 - The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privil

CVE-2026-2991 - The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authen

CVE-2026-2559 - The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missi

CVE-2026-2512 - The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field me

CVE-2026-24063 - When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.

CVE-2026-24062 - The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient

CVE-2025-67829 - Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.

CVE-2025-55046 - MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy a

CVE-2025-55045 - The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user

CVE-2025-55044 - The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted

CVE-2025-55043 - MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csetting

CVE-2025-55041 - MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user man

CVE-2025-55040 - The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install

CVE-2026-32609 - Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60)

CVE-2026-3278 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-32694 - In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a g

CVE-2026-25449 - Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Inject

CVE-2026-32693 - In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not perform

CVE-2026-32692 - An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions

CVE-2026-32691 - A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an

CVE-2026-33265 - In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.

CVE-2025-41258 - LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API whic

CVE-2026-23248 - In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix refcount bug and

CVE-2026-23247 - In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports

CVE-2026-23246 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check li

CVE-2026-23245 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_gate: snapshot p

CVE-2026-23244 - In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in

CVE-2026-23243 - In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data

CVE-2026-23242 - In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL po

CVE-2025-71267 - In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop tr

CVE-2025-71266 - In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value o

CVE-2025-71265 - In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in

CVE-2025-12518 - beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder funct

CVE-2026-32565 - Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows

CVE-2026-1217 - The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due

CVE-2026-22730 - A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attack

CVE-2026-22729 - A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authentic

CVE-2026-22323 - A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remot

CVE-2026-22322 - A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface al

CVE-2026-22321 - A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthentic

CVE-2026-22320 - A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileg

CVE-2026-22319 - A stack-based buffer overflow in the device's file installation workflow allows a high-privileged at

CVE-2026-22318 - A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows

CVE-2026-22317 - A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a hig

CVE-2026-22316 - A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a

CVE-2025-31703 - A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access

CVE-2026-3512 - The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t

CVE-2026-32608 - Glances is an open-source system cross-platform monitoring tool. The Glances action system allows ad

CVE-2025-15363 - The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which could allow users wit

CVE-2026-32606 - IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default conf

CVE-2026-32596 - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server

CVE-2026-32268 - The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS

CVE-2026-4366 - A flaw was identified in Keycloak, an identity and access management solution, where it improperly f

CVE-2026-33189 - Rejected reason: Further research determined the issue originates from a different product.

CVE-2026-33188 - Rejected reason: Further research determined the issue originates from a different product.

CVE-2026-33187 - Rejected reason: Further research determined the issue originates from a different product.

CVE-2026-33058 - Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have

CVE-2026-32266 - The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft

CVE-2026-32265 - The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.

CVE-2026-32256 - music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music

CVE-2026-32254 - Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's p

CVE-2026-31938 - jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `opti

CVE-2026-31898 - jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments

CVE-2026-31891 - Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or

CVE-2026-31865 - Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and

CVE-2026-30922 - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to

CVE-2026-30884 - mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates w

CVE-2026-2575 - A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level De

CVE-2026-29112 - DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize(

CVE-2026-1926 - The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of

CVE-2026-1780 - The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t

CVE-2026-4356 - A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown funct

CVE-2026-4268 - The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-2603 - A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SA

CVE-2026-2092 - A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint d

CVE-2026-29056 - Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's u

CVE-2026-28500 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In ve

CVE-2026-28499 - LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping

CVE-2026-27545 - OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run executio

CVE-2026-27524 - OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override o

CVE-2026-27523 - OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attack

CVE-2026-27522 - OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachme

CVE-2026-22217 - OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in s

CVE-2026-22181 - OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch p

CVE-2026-22180 - OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser outpu

CVE-2026-22179 - OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulne

CVE-2026-22178 - OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention

CVE-2026-22177 - OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables

CVE-2026-22175 - OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode

CVE-2026-22174 - OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe

CVE-2026-22171 - OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media down

CVE-2026-22170 - OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control

CVE-2026-22169 - OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins confi

CVE-2026-22168 - OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.

CVE-2026-29057 - Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and

CVE-2026-28674 - xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In version

CVE-2026-28673 - xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In version

CVE-2026-27980 - Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 an

CVE-2026-27979 - Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 an

CVE-2026-4355 - A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the fi

CVE-2026-4354 - A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the

CVE-2026-27978 - Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 an

CVE-2026-27977 - Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 an

CVE-2026-27895 - LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings)

CVE-2026-27894 - LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings)

CVE-2026-27811 - Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers

CVE-2026-27459 - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to ve

CVE-2026-27448 - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to ve

CVE-2026-26004 - Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0

CVE-2026-26001 - The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collec

CVE-2026-25937 - GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to ver

CVE-2026-3856 - IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or co

CVE-2026-22727 - Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v5

CVE-2026-21994 - Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of

CVE-2026-20643 - A cross-origin issue in the Navigation API was addressed with improved input validation. This issue

CVE-2026-1264 - IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through

CVE-2025-14031 - IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 thr

CVE-2026-4349 - A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unk

CVE-2026-32842 - Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerabi

CVE-2026-32841 - Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability t

CVE-2026-32840 - Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerabil

CVE-2026-32839 - Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerabili

CVE-2026-32838 - Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interf

CVE-2026-1376 - IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication con

CVE-2026-1267 - IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive ap

CVE-2025-14806 - IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mecha

CVE-2026-2809 - Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Window

CVE-2026-4359 - A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP res

CVE-2026-4358 - A specially crafted aggregation query with $lookup by an authenticated user with write privileges ca

CVE-2026-4295 - Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms migh

CVE-2026-4064 - Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.

CVE-2026-3563 - Improper input validation in the apps and endpoints configuration in PowerShell Universal before 202

CVE-2026-32981 - A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions p

CVE-2026-32837 - miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEX

CVE-2026-32836 - dr_libs dr_flac.h version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability

CVE-2026-30707 - An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Bro

CVE-2026-25936 - GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to ver

CVE-2025-15584 - Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Window

CVE-2026-3207 - Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows u

CVE-2026-25790 - Wazuh is a free and open source platform used for threat prevention, detection, and response. Starti

CVE-2026-25772 - Wazuh is a free and open source platform used for threat prevention, detection, and response. Starti

CVE-2026-25771 - Wazuh is a free and open source platform used for threat prevention, detection, and response. Starti

CVE-2026-22882 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2026-20726 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-66633 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-66617 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-66503 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-66342 - A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafte

CVE-2025-66042 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-66000 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-65119 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-64776 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-64735 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-64733 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-64301 - An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a s

CVE-2025-62500 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-62403 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-61979 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-61952 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-58427 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2025-47873 - An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a sp

CVE-2026-4319 - A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulne

CVE-2026-32298 - The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script

CVE-2026-32297 - The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including con

CVE-2026-32296 - Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, a

CVE-2026-32295 - JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess crede

CVE-2026-32294 - JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-

CVE-2026-32293 - The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA

CVE-2026-32292 - The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force att

CVE-2026-32291 - The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial conso

CVE-2026-32290 - The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of

CVE-2026-25770 - Wazuh is a free and open source platform used for threat prevention, detection, and response. Starti

CVE-2026-25769 - Wazuh is a free and open source platform used for threat prevention, detection, and response. Versio

CVE-2026-25534 - ### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputt

CVE-2026-21570 - This High severity RCE (Remote Code Execution)  vulnerability was introduced in versions 9.6.0, 10.0

CVE-2026-4148 - A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with th

CVE-2026-4147 - An authenticated user with the read role may read limited amounts of uninitialized stack memory via

CVE-2026-28506 - Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list AP

CVE-2026-24901 - Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct

CVE-2026-23759 - Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated O

CVE-2026-21886 - OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.

CVE-2026-4318 - A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy

CVE-2026-3564 - A condition in ScreenConnect may allow an actor with access to server-level cryptographic material u

CVE-2025-13406 - NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webser

CVE-2026-4324 - A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper

CVE-2026-3888 - Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-crea

CVE-2025-62320 - HTML Injection can be carried out in Product when a web application does not properly check or clean

CVE-2026-4271 - A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Us

CVE-2025-31966 - HCL Sametime is vulnerable to broken server-side validation. While the application performs client-s

CVE-2026-30911 - Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API

CVE-2026-28779 - Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regar

CVE-2026-28563 - Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependenc

CVE-2026-26929 - Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG au

CVE-2026-3634 - A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header c

CVE-2026-3633 - A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_mes

CVE-2026-3632 - A flaw was found in libsoup, a library used by applications to send network requests. This vulnerabi

CVE-2026-23241 - In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to

CVE-2025-71239 - In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to chang

CVE-2026-4208 - The extension fails to properly reset the generated MFA code after successful authentication. This l

CVE-2026-4202 - The extension fails to verify, if an authenticated user has permissions to access to redirects resul

CVE-2026-32586 - Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows E

CVE-2026-1323 - The extension fails to properly define allowed classes used when deserializing transport failure met

CVE-2026-4312 - GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing u

CVE-2026-3237 - In affected versions of Octopus Server it was possible for a low privileged user to manipulate an AP

CVE-2026-4258 - All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature

CVE-2026-4308 - A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_

CVE-2026-4307 - A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is t

CVE-2026-2373 - The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vuln

CVE-2026-0708 - A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Un

CVE-2026-2579 - The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to

CVE-2026-4289 - A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17

CVE-2026-4288 - A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted e

CVE-2026-4287 - A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affec

CVE-2026-4285 - A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76

CVE-2026-4284 - A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76

CVE-2026-4177 - YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a

CVE-2026-21991 - A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.

CVE-2026-2454 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrect

CVE-2026-29522 - ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnera

CVE-2026-26230 - Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the tea

CVE-2026-1629 - Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user

CVE-2025-69902 - A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 a

CVE-2025-50881 - The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerab

CVE-2026-32267 - Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and

CVE-2026-32264 - Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.5 and

CVE-2026-32263 - Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.11, in src/

CVE-2026-32262 - Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.5 and

CVE-2026-30882 - Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflec

CVE-2026-30881 - Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vuln

CVE-2026-30876 - Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user

CVE-2026-30875 - Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vuln

CVE-2026-29516 - Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permi

CVE-2026-28430 - Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated S

CVE-2026-26304 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empt

CVE-2025-69693 - Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantizati

CVE-2025-68971 - In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-