CVE-2026-43484 - In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW f

CVE-2026-43483 - In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write i

CVE-2026-43482 - In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption b

CVE-2026-43481 - In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply s

CVE-2026-43480 - In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836

CVE-2026-43479 - In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in

CVE-2026-43478 - In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use compo

CVE-2026-43477 - In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR tim

CVE-2026-43476 - In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix b

CVE-2026-42946 - A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result

CVE-2026-42945 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu

CVE-2026-42937 - Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and

CVE-2026-42934 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When ch

CVE-2026-42930 - When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be a

CVE-2026-42926 - When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and

CVE-2026-42924 - An authenticated attacker with the Resource Administrator or Administrator role can create SNMP conf

CVE-2026-42920 - When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, un

CVE-2026-42919 - A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrativ

CVE-2026-42781 - When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethe

CVE-2026-42780 - A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated a

CVE-2026-42557 - jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jup

CVE-2026-42409 - When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are confi

CVE-2026-42408 - When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command t

CVE-2026-42406 - A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke

CVE-2026-42290 - protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JS

CVE-2026-42266 - jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jup

CVE-2026-42063 - A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administra

CVE-2026-42058 - An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information

CVE-2026-41959 - Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network

CVE-2026-41957 - An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-I

CVE-2026-41956 - When a classification profile is configured on a UDP virtual server, undisclosed requests can cause

CVE-2026-41954 - Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and

CVE-2026-41953 - A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at l

CVE-2026-41227 - On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result i

CVE-2026-41225 - A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at le

CVE-2026-41219 - An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privile

CVE-2026-41218 - When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASS

CVE-2026-41217 - A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenti

CVE-2026-40703 - A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuratio

CVE-2026-40701 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl

CVE-2026-40699 - A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-pr

CVE-2026-40698 - A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke

CVE-2026-40631 - An authenticated attacker with the Resource Administrator or Administrator role can modify configura

CVE-2026-40629 - When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual serv

CVE-2026-40618 - When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel Q

CVE-2026-40462 - Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undiscl

CVE-2026-40460 - When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may b

CVE-2026-40435 - When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow

CVE-2026-40423 - When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Mana

CVE-2026-40067 - When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the

CVE-2026-40061 - When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TM

CVE-2026-40060 - When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed req

CVE-2026-39459 - A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authent

CVE-2026-39458 - When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traf

CVE-2026-39455 - When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LD

CVE-2026-36742 - Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when bat

CVE-2026-36741 - U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Ne

CVE-2026-36738 - U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control.

CVE-2026-35062 - An authenticated iControl SOAP user may be able to obtain information of other accounts.  Note: Sof

CVE-2026-34176 - When running in Appliance mode, an authenticated remote command injection vulnerability exists in an

CVE-2026-34019 - When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols,

CVE-2026-32673 - A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the

CVE-2026-32643 - A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke

CVE-2026-31156 - A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as th

CVE-2026-28758 - When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST co

CVE-2026-24464 - When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iContro

CVE-2026-20916 - An authenticated iControl REST user with low privileges can create or modify arbitrary files through

CVE-2025-32425 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig

CVE-2025-29338 - NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discover

CVE-2025-28344 - striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.

CVE-2025-28343 - striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.

CVE-2024-55045 - Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the t

CVE-2024-51395 - Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484

CVE-2024-51394 - Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484

CVE-2020-37226 - Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated

CVE-2020-37225 - Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allo

CVE-2020-37224 - Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated

CVE-2020-37223 - IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service

CVE-2020-37222 - Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticat

CVE-2020-37221 - Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execut

CVE-2020-37220 - Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated a

CVE-2020-37219 - Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated at

CVE-2020-37218 - Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows

CVE-2020-37217 - Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauth

CVE-2020-37174 - WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability

CVE-2020-37169 - WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows aut

CVE-2020-37168 - Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attac

CVE-2026-8463 - Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_

CVE-2026-8369 - Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit

CVE-2026-4609 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauth

CVE-2026-4608 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind

CVE-2026-4607 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to author

CVE-2026-39806 - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauth

CVE-2026-39803 - Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthen

CVE-2026-37430 - An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms

CVE-2026-37429 - qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope p

CVE-2026-37428 - qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope p

CVE-2026-6177 - The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versio

CVE-2026-42961 - ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate ha

CVE-2026-42950 - ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value

CVE-2026-42948 - Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one

CVE-2026-42062 - ELECOM wireless LAN access point devices contain an OS command injection in processing of username p

CVE-2026-40621 - ELECOM wireless LAN access point devices do not require authentication to access some specific URLs.

CVE-2026-3426 - The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of d

CVE-2026-3425 - The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all ve

CVE-2026-35506 - ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing

CVE-2026-25107 - ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of

CVE-2026-7168 - Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** au

CVE-2026-7009 - When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP st

CVE-2026-6429 - When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could l

CVE-2026-6276 - Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is

CVE-2026-6253 - curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen whe

CVE-2026-5773 - libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl featur

CVE-2026-5545 - libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTT

CVE-2026-4873 - A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted c

CVE-2026-4798 - The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_or

CVE-2026-4782 - The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, a

CVE-2026-44931 - The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-

CVE-2026-41051 - csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU styl

CVE-2026-2515 - The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to

CVE-2026-25710 - The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from mu

CVE-2024-47091 - Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.

CVE-2026-41050 - Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a

CVE-2026-3004 - The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘da

CVE-2026-25705 - A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.co

CVE-2025-14767 - The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-6965 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure

CVE-2026-6929 - The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerabl

CVE-2026-44612 - Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Li

CVE-2026-32661 - Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Sec

CVE-2026-2725 - Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows

CVE-2026-21024 - Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows loca

CVE-2026-21022 - Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows loc

CVE-2026-21021 - Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to l

CVE-2026-21020 - Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows lo

CVE-2026-21019 - Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows lo

CVE-2026-21018 - Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers

CVE-2026-21016 - Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attac

CVE-2026-21015 - Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker

CVE-2025-14033 - The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access

CVE-2025-11159 - Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 da

CVE-2026-7635 - The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object In

CVE-2026-7619 - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin

CVE-2026-7051 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Au

CVE-2026-6962 - The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerab

CVE-2026-6828 - The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo

CVE-2025-9989 - The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings

CVE-2025-9988 - The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capabilit

CVE-2025-9987 - The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions

CVE-2025-14755 - The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation

CVE-2026-8336 - After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce comma

CVE-2026-8202 - Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $

CVE-2026-8201 - A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis compo

CVE-2026-8200 - When schema validation is enabled on a collection and an update or insert would violate the collecti

CVE-2026-8199 - An authenticated user can cause excess memory usage via bitwise match expression AST processing of $

CVE-2026-8053 - An issue in MongoDB Server's time-series collection implementation allows an authenticated user with

CVE-2026-6888 - Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attack

CVE-2025-62627 - An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker w

CVE-2025-62624 - A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to ac

CVE-2025-62623 - A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to ac

CVE-2025-61972 - Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain

CVE-2025-61971 - Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modi

CVE-2024-36315 - Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculatio

CVE-2026-8108 - The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write pe

CVE-2026-5371 - The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for

CVE-2026-44548 - ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navig

CVE-2026-44547 - ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058

CVE-2026-44352 - Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr

CVE-2026-44347 - Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flo

CVE-2026-44341 - GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that

CVE-2026-44245 - Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue

CVE-2026-43685 - A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console pr

CVE-2026-43680 - A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console pr

CVE-2026-42289 - ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user

CVE-2026-42288 - ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is

CVE-2026-42158 - Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr

CVE-2026-42157 - Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr

CVE-2026-42156 - Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr

CVE-2026-41901 - Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.

CVE-2026-1250 - The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to gene

CVE-2025-15463 - The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode e

CVE-2026-8449 - Rejected reason: This CVE ID has been rejected or withdrawn.

CVE-2026-45227 - Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that a

CVE-2026-45226 - Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows

CVE-2026-45225 - Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows a

CVE-2026-44871 - Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the

CVE-2026-44307 - Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash tra

CVE-2026-44306 - Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.21 and 6.15.0,

CVE-2026-44305 - Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = Tru

CVE-2026-44304 - Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/au

CVE-2026-44302 - Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1

CVE-2026-44301 - Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses No

CVE-2026-44296 - Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial

CVE-2026-44262 - Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when docume

CVE-2026-44260 - efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFi

CVE-2026-44259 - efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with t

CVE-2026-44258 - efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function valida

CVE-2026-44257 - efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip

CVE-2026-44242 - Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily t

CVE-2026-44241 - Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily t

CVE-2026-44015 - Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated us

CVE-2026-43948 - wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and g

CVE-2026-42855 - arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2

CVE-2026-42854 - arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2

CVE-2026-42844 - Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user wit

CVE-2026-42545 - Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker

CVE-2026-42544 - Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker

CVE-2026-42268 - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS

CVE-2026-42196 - django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMid

CVE-2026-41195 - mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automati

CVE-2026-40902 - PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1

CVE-2026-40863 - PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1

CVE-2026-35555 - PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permi

CVE-2026-33570 - PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access

CVE-2026-26289 - PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with lim

CVE-2026-44403 - Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the se

CVE-2026-44246 - nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Pr

CVE-2026-44240 - basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denia

CVE-2026-44232 - DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks.

CVE-2026-44224 - Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL muta

CVE-2026-44012 - Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::a

CVE-2026-44011 - Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS w

CVE-2026-44010 - Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL

CVE-2026-35504 - PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when usi

CVE-2025-65088 - An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and C

CVE-2025-65087 - An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and C

CVE-2025-65086 - An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and

CVE-2026-8052 - HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on

CVE-2026-7474 - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client h

CVE-2026-6959 - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write

CVE-2026-45185 - Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the

CVE-2026-44874 - A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow a

CVE-2026-44873 - A session management vulnerability in AOS-8 allows previously authenticated users to retain network

CVE-2026-44872 - A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 O

CVE-2026-44870 - Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the

CVE-2026-44869 - Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op

CVE-2026-44868 - Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op

CVE-2026-44867 - Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op

CVE-2026-44866 - Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op

CVE-2026-44865 - Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op

CVE-2026-44864 - SQL injection vulnerabilities exist in several underlying service components accessible through the

CVE-2026-44863 - SQL injection vulnerabilities exist in several underlying service components accessible through the

CVE-2026-44862 - SQL injection vulnerabilities exist in several underlying service components accessible through the

CVE-2026-44861 - SQL injection vulnerabilities exist in several underlying service components accessible through the

CVE-2026-44860 - SQL injection vulnerabilities exist in several underlying service components accessible through the

CVE-2026-44859 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44858 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44857 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44856 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component

CVE-2026-44855 - Stack-based buffer overflow vulnerabilities exist in several underlying management service component