CVE-2026-29774 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap

CVE-2026-29079 - Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lex

CVE-2026-29078 - Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to r

CVE-2026-26954 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays conta

CVE-2026-25823 - HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Co

CVE-2026-25819 - HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Co

CVE-2026-25818 - HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Co

CVE-2026-25817 - HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Co

CVE-2026-25076 - Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Repo

CVE-2026-24097 - Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, an

CVE-2026-23943 - Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_

CVE-2026-23942 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla

CVE-2026-23941 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP

CVE-2026-23940 - Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Pu

CVE-2026-22216 - wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated at

CVE-2026-22215 - wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() f

CVE-2026-22210 - wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject

CVE-2026-22209 - wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that all

CVE-2026-22204 - wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to man

CVE-2026-22203 - wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators t

CVE-2026-22202 - wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to

CVE-2026-22201 - wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows att

CVE-2026-22199 - wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulat

CVE-2026-22193 - wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function

CVE-2026-22192 - wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticate

CVE-2026-22191 - wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute

CVE-2026-22183 - wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment pr

CVE-2026-22182 - wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anony

CVE-2026-1704 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2026-1668 - The web interface on multiple Omada switches does not adequately validate certain external inputs, w

CVE-2026-0957 - There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted fi

CVE-2026-0956 - There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted fil

CVE-2026-0955 - There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted fil

CVE-2026-0954 - There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DS

CVE-2026-0835 - IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through

CVE-2025-8766 - A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. T

CVE-2025-71263 - In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the '

CVE-2025-66249 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apac

CVE-2025-60012 - Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apa

CVE-2025-57849 - A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /e

CVE-2025-36368 - IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through

CVE-2025-15515 - The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability

CVE-2025-14811 - IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could al

CVE-2025-14504 - IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through

CVE-2025-14483 - IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through

CVE-2025-13779 - Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.T

CVE-2025-13778 - Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.T

CVE-2025-13777 - Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This i

CVE-2025-13726 - IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could al

CVE-2025-13723 - IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could al

CVE-2025-13718 - IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could al

CVE-2025-13702 - IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulne

CVE-2025-13337 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-12455 - Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.  

CVE-2025-12454 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2025-12453 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2023-40693 - IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 thr

CVE-2026-3611 - The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentica

CVE-2026-2581 - This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Serv

CVE-2026-2229 - ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper valida

CVE-2026-1528 - ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large

CVE-2026-1527 - ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an

CVE-2026-1526 - The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consump

CVE-2026-32274 - Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the n

CVE-2026-32269 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32260 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection

CVE-2026-32259 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-32251 - Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing

CVE-2026-32249 - Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex c

CVE-2026-32248 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32240 - Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using

CVE-2026-32239 - Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative

CVE-2026-1525 - Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-var

CVE-2026-3497 - Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerabilit

CVE-2026-32247 - Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti ve

CVE-2026-32246 - Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpo

CVE-2026-32245 - Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does

CVE-2026-32242 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32237 - Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users w

CVE-2026-32236 - Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Reques

CVE-2026-32235 - Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OID

CVE-2026-32232 - ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangling Symlink Component Bypass,

CVE-2026-32231 - ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supp

CVE-2026-32230 - Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge

CVE-2026-32142 - Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. T

CVE-2026-32138 - NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and P

CVE-2026-2376 - A flaw was found in mirror-registry where an authenticated user can trick the system into accessing

CVE-2026-26793 - GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_

CVE-2025-70873 - An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3

CVE-2025-70245 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-66955 - Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows r

CVE-2025-61154 - Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a cra

CVE-2025-13913 - A privileged Ignition user, intentionally or otherwise, imports an external file with a specially cr

CVE-2026-3841 - A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of

CVE-2026-32141 - flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive reviv

CVE-2026-32140 - Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the In

CVE-2026-32139 - Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the st

CVE-2026-32137 - Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter f

CVE-2026-32129 - soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart cont

CVE-2026-32116 - Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to a

CVE-2026-32100 - Shopware is an open commerce platform. /api/_info/config route exposes information about active secu

CVE-2026-31890 - Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubern

CVE-2026-31873 - Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe

CVE-2026-31860 - Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to in

CVE-2026-28256 - A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and T

CVE-2026-28255 - A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge c

CVE-2026-28254 - A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could all

CVE-2026-28253 - A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Trac

CVE-2026-28252 - A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and

CVE-2026-26795 - GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the modu

CVE-2026-26794 - GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_grou

CVE-2026-26792 - GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in

CVE-2026-26791 - GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the stri

CVE-2025-13462 - The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even whil

CVE-2026-4045 - A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file inclu

CVE-2026-31841 - Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative con

CVE-2026-29066 - Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures

CVE-2026-28793 - Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exp

CVE-2026-28792 - Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a

CVE-2026-28791 - Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists

CVE-2026-28356 - multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the

CVE-2026-27940 - llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_im

CVE-2026-25529 - Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerabi

CVE-2026-24125 - Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update

CVE-2026-21887 - OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.

CVE-2026-21708 - A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user

CVE-2026-21672 - A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication serv

CVE-2026-4044 - A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the f

CVE-2026-4043 - A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the f

CVE-2019-25543 - Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticat

CVE-2019-25542 - Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticate

CVE-2019-25541 - Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated

CVE-2019-25540 - Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated

CVE-2019-25539 - 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers t

CVE-2019-25538 - 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to man

CVE-2019-25537 - Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows una

CVE-2019-25536 - Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthent

CVE-2019-25535 - Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attac

CVE-2019-25534 - Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attac

CVE-2019-25533 - Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthent

CVE-2019-25532 - Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated atta

CVE-2019-25531 - Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginacti

CVE-2019-25530 - uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers t

CVE-2019-25529 - Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers t

CVE-2019-25528 - Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenti

CVE-2019-25527 - Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenti

CVE-2019-25526 - Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenti

CVE-2019-25525 - Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenti

CVE-2019-25524 - XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25523 - XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25522 - XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attacke

CVE-2019-25521 - XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25520 - Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the adm

CVE-2019-25519 - Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attack

CVE-2019-25518 - Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauth

CVE-2019-25517 - Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauth

CVE-2019-25516 - Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauth

CVE-2019-25515 - Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the log

CVE-2019-25514 - Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attack

CVE-2019-25513 - Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauth

CVE-2019-25512 - Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attack

CVE-2019-25511 - Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauth

CVE-2019-25510 - Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the adm

CVE-2019-25509 - XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25508 - Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthe

CVE-2019-25488 - Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin pan

CVE-2019-25482 - Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows u

CVE-2019-25481 - iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers

CVE-2019-25479 - Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to ma

CVE-2019-25473 - Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate

CVE-2026-4042 - A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function form

CVE-2026-4041 - A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy

CVE-2026-28384 - An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authentic

CVE-2026-21671 - A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote

CVE-2026-21670 - A vulnerability allowing a low-privileged user to extract saved SSH credentials.

CVE-2026-21669 - A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the

CVE-2026-21668 - A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrar

CVE-2026-21667 - A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the

CVE-2026-21666 - A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the

CVE-2026-3099 - A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDom

CVE-2026-2987 - The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' p

CVE-2026-2514 - In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adver

CVE-2026-2513 - A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an admin

CVE-2026-0809 - Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF

CVE-2026-4040 - A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.ex

CVE-2026-4039 - A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function appl

CVE-2026-3989 - SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper de

CVE-2026-3060 - SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code executio

CVE-2026-3059 - SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through

CVE-2026-3234 - A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injec

CVE-2026-2366 - A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows

CVE-2026-4016 - A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the

CVE-2026-4015 - A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of th

CVE-2026-4014 - A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unk

CVE-2026-4013 - A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. T

CVE-2026-4012 - A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacte

CVE-2026-4010 - A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce

CVE-2026-4009 - A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_r

CVE-2026-4008 - A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the f

CVE-2026-4007 - A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of t

CVE-2026-3994 - A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::Obje

CVE-2026-3993 - A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulne

CVE-2026-3992 - A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unkn

CVE-2026-3990 - A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is so

CVE-2026-3984 - A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix Syste

CVE-2026-3983 - A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix

CVE-2026-2687 - The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its setti

CVE-2025-15473 - The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowin

CVE-2026-3982 - A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vu

CVE-2026-3981 - A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unkno

CVE-2026-3980 - A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an

CVE-2026-3979 - A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_conc

CVE-2026-3978 - A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of

CVE-2026-3977 - A security vulnerability has been detected in projectsend up to r1945. The affected element is an un

CVE-2026-3976 - A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilter

CVE-2026-3975 - A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formW

CVE-2026-3974 - A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function fo

CVE-2026-3657 - The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_le

CVE-2026-3226 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notif

CVE-2026-1878 - An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation

CVE-2025-15038 - An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. Thi

CVE-2025-15037 - An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interfac

CVE-2026-3973 - A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing

CVE-2026-3972 - A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetC

CVE-2026-1182 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8

CVE-2025-59388 - A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The rem

CVE-2026-3971 - A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the func

CVE-2026-3970 - A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file

CVE-2026-3969 - A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file

CVE-2026-3968 - A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scri

CVE-2023-43010 - The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17

CVE-2026-3967 - A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function

CVE-2026-3966 - A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vul

CVE-2026-3965 - A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown f

CVE-2026-2808 - HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary

CVE-2026-3964 - A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file

CVE-2026-3963 - A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function

CVE-2026-3962 - A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934

CVE-2026-31988 - yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the

CVE-2026-3961 - A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected elemen

CVE-2026-3959 - A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted

CVE-2026-3958 - A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function re

CVE-2026-3942 - Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote a

CVE-2026-3941 - Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote

CVE-2026-3940 - Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote

CVE-2026-3939 - Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote atta

CVE-2026-3938 - Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remot

CVE-2026-3937 - Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remo

CVE-2026-3936 - Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attack

CVE-2026-3935 - Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote att