CVE-2025-69693 - Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantizati

CVE-2025-68971 - In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-

CVE-2026-32261 - Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GE

CVE-2025-69809 - A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to writ

CVE-2025-69808 - An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers

CVE-2025-69727 - An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The a

CVE-2025-69196 - FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server

CVE-2026-4269 - A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13

CVE-2026-4254 - A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the functi

CVE-2026-4253 - A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_us

CVE-2026-4224 - When an Expat parser with a registered ElementDeclHandler parses an inline document type definition

CVE-2026-3644 - The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete.

CVE-2026-29521 - Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerabil

CVE-2026-29520 - Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulner

CVE-2026-29513 - Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerabi

CVE-2026-29510 - Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerabi

CVE-2026-28498 - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a

CVE-2026-28490 - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a

CVE-2026-27962 - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a

CVE-2026-23862 - Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special

CVE-2026-23489 - Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version

CVE-2025-69768 - SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive

CVE-2025-66687 - Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation durin

CVE-2026-4270 - Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP

CVE-2026-4252 - A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function chec

CVE-2026-4251 - A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulner

CVE-2026-30405 - An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_

CVE-2025-65734 - An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet

CVE-2025-54758 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or

CVE-2025-53815 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or

CVE-2025-53517 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or

CVE-2026-4276 - LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to fo

CVE-2026-4250 - A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Androi

CVE-2026-32587 - Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrect

CVE-2026-32583 - Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrec

CVE-2025-69784 - A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1

CVE-2025-69783 - A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executa

CVE-2025-62319 - Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queri

CVE-2025-57543 - Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacke

CVE-2026-4243 - A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function

CVE-2026-4242 - A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android

CVE-2026-2455 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv

CVE-2026-25369 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24692 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce

CVE-2026-22545 - Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processin

CVE-2026-21386 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent e

CVE-2025-52649 - HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Pred

CVE-2025-52646 - HCL AION is affected by a vulnerability where certain offering configurations may permit execution o

CVE-2025-52645 - HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not in

CVE-2025-52644 - HCL AION is affected by a vulnerability where certain user actions are not adequately audited or log

CVE-2025-52643 - HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed wit

CVE-2025-52642 - HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through appli

CVE-2025-52636 - HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper cont

CVE-2025-2274 - Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on

CVE-2026-4265 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-sp

CVE-2026-4255 - A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows

CVE-2026-4241 - A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element i

CVE-2026-4240 - A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_c

CVE-2026-4239 - A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of th

CVE-2026-4238 - A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects som

CVE-2026-4237 - A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects

CVE-2026-4236 - A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is

CVE-2026-4235 - A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some

CVE-2026-4234 - A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the f

CVE-2026-4233 - A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/fi

CVE-2026-4232 - A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this iss

CVE-2026-4231 - A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the funct

CVE-2026-4230 - A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of

CVE-2026-4229 - A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data

CVE-2026-4228 - A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub_458754 of the

CVE-2026-4227 - A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the f

CVE-2026-4226 - A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_

CVE-2026-4225 - A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function

CVE-2026-4223 - A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects som

CVE-2026-4222 - A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUti

CVE-2026-4221 - A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unk

CVE-2026-4220 - A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by th

CVE-2026-4219 - A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2

CVE-2026-4218 - A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function

CVE-2026-4217 - A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts

CVE-2026-4216 - A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknow

CVE-2026-4215 - A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the

CVE-2026-4214 - A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321,

CVE-2026-4213 - A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DN

CVE-2026-4212 - A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L,

CVE-2026-4211 - A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-4210 - A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-32

CVE-2026-4209 - A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-4207 - A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-4206 - A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-3

CVE-2026-4205 - A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-4204 - A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321,

CVE-2026-4203 - A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DN

CVE-2026-4201 - A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. T

CVE-2026-4200 - A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed23

CVE-2026-4199 - A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue i

CVE-2026-4198 - A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vul

CVE-2026-4197 - A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-3

CVE-2026-4196 - A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-4195 - A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321,

CVE-2026-4194 - A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DN

CVE-2026-4193 - A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the

CVE-2026-4192 - A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability

CVE-2026-4191 - A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname

CVE-2026-4190 - A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User

CVE-2026-4189 - A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function o

CVE-2026-4188 - A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function

CVE-2026-4187 - A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an

CVE-2026-4186 - A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing

CVE-2026-4185 - A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affect

CVE-2026-4184 - A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unkno

CVE-2026-4183 - A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown funct

CVE-2026-4182 - A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the

CVE-2026-4181 - A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of

CVE-2026-4180 - A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown funct

CVE-2026-4179 - Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while

CVE-2026-4175 - A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown f

CVE-2026-4174 - A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie o

CVE-2026-4173 - A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function ex

CVE-2026-4172 - A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the fi

CVE-2026-4171 - A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected

CVE-2026-4170 - A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown fu

CVE-2026-4169 - A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_e

CVE-2026-4168 - A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the fil

CVE-2026-4167 - A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of th

CVE-2026-4166 - A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404

CVE-2026-4165 - A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affecte

CVE-2026-4164 - A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName

CVE-2026-4163 - A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/G

CVE-2026-3839 - Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability

CVE-2026-3838 - Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows

CVE-2026-3562 - Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This v

CVE-2026-3561 - Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerabi

CVE-2026-3560 - Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution

CVE-2026-3559 - Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This

CVE-2026-3558 - Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerabi

CVE-2026-3557 - Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Ex

CVE-2026-3556 - Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2026-3555 - Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execut

CVE-2026-3476 - A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 c

CVE-2026-3442 - A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an

CVE-2026-3441 - A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out

CVE-2026-3227 - A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR84

CVE-2026-3111 - Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoi

CVE-2026-3110 - Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoi

CVE-2026-3086 - GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-3085 - GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerab

CVE-2026-3084 - GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerabili

CVE-2026-3083 - GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability a

CVE-2026-3082 - GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-3081 - GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This v

CVE-2026-3024 - Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web application, specifically in the e

CVE-2026-3023 - Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in t

CVE-2026-3022 - Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in t

CVE-2026-3021 - Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in t

CVE-2026-3020 - Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data

CVE-2026-32778 - libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an

CVE-2026-32777 - libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

CVE-2026-32776 - libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content

CVE-2026-32775 - libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function

CVE-2026-32774 - Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling t

CVE-2026-32772 - telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clie

CVE-2026-32732 - Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects

CVE-2026-32729 - Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp end

CVE-2026-32724 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is

CVE-2026-32720 - The CTFer.io Monitoring component is in charge of the collection, process and storage of various sig

CVE-2026-32719 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe

CVE-2026-32717 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe

CVE-2026-32715 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe

CVE-2026-32713 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4

CVE-2026-32709 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path

CVE-2026-32708 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscribe

CVE-2026-32707 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an un

CVE-2026-32706 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accep

CVE-2026-32705 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe

CVE-2026-32704 - SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lac

CVE-2026-32702 - Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and

CVE-2026-32640 - SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, obj

CVE-2026-32635 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-32630 - file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP fil

CVE-2026-32628 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe

CVE-2026-32627 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, w

CVE-2026-32626 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe

CVE-2026-32621 - Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to

CVE-2026-32617 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe

CVE-2026-32616 - Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVE

CVE-2026-32614 - Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chine

CVE-2026-32600 - xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and

CVE-2026-32594 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32314 - Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, t

CVE-2026-32313 - xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.

CVE-2026-31386 - OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection

CVE-2026-2923 - GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability

CVE-2026-2922 - GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerabil

CVE-2026-2921 - GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allo

CVE-2026-2920 - GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-2578 - Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts durin

CVE-2026-2493 - IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability a

CVE-2026-2491 - Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-a

CVE-2026-2476 - Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which all

CVE-2026-2463 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite ID

CVE-2026-2462 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to restrict plugin

CVE-2026-2461 - Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks o

CVE-2026-2458 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validat

CVE-2026-2457 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to sanitize client-

CVE-2026-2456 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limi

CVE-2026-2326 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-2233 - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrat

CVE-2026-28522 - arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiU

CVE-2026-28521 - arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the Tuy

CVE-2026-28520 - arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the Wi

CVE-2026-28519 - arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the Dns

CVE-2026-26246 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory all

CVE-2026-26133 - AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a

CVE-2026-25783 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validat

CVE-2026-25780 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory all

CVE-2026-25083 - GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earl

CVE-2026-24458 - Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly handle

CVE-2026-21005 - Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arb

CVE-2026-21004 - Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trig

CVE-2026-21002 - Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows lo

CVE-2026-21001 - Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with G

CVE-2026-21000 - Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create fi

CVE-2026-20999 - Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers t

CVE-2026-20998 - Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass

CVE-2026-20997 - Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows r

CVE-2026-20996 - Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows r

CVE-2026-20995 - Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69

CVE-2026-20994 - URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially

CVE-2026-20993 - Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 all

CVE-2026-20992 - Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable

CVE-2026-20991 - Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privilege

CVE-2026-20990 - Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 a

CVE-2026-20989 - Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 al

CVE-2026-20988 - Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 al

CVE-2026-1948 - The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthoriz

CVE-2026-1947 - The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure D

CVE-2026-1883 - The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress i

CVE-2026-1870 - The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vul

CVE-2026-0977 - IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view

CVE-2026-0849 - Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the

CVE-2026-0639 - in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of me

CVE-2026-0385 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

CVE-2025-71264 - Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of servi

CVE-2025-6969 - in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

CVE-2025-69246 - Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to

CVE-2025-69245 - Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacke

CVE-2025-69243 - Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages

CVE-2025-69242 - Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a m

CVE-2025-69241 - Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing func