CVE-2025-69189 - Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access C

CVE-2025-69175 - Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.

CVE-2025-69174 - Unauthenticated Local File Inclusion in Etude <= 1.6 versions.

CVE-2025-69170 - Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.

CVE-2025-69166 - Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.

CVE-2025-69164 - Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.

CVE-2025-69158 - Unauthenticated Local File Inclusion in Granola <= 1.13 versions.

CVE-2025-69157 - Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.

CVE-2025-69144 - Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.

CVE-2025-69140 - Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.

CVE-2025-69130 - Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.

CVE-2025-69128 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV

CVE-2025-69127 - Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.

CVE-2025-69126 - Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.

CVE-2025-69123 - Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.

CVE-2025-69120 - Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.

CVE-2025-69115 - Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2

CVE-2025-69111 - Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.

CVE-2025-69106 - Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.

CVE-2025-68524 - Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.

CVE-2025-66391 - In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a

CVE-2025-60236 - Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue

CVE-2025-60231 - Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Inject

CVE-2025-60230 - Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.

CVE-2025-60229 - Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This iss

CVE-2025-59554 - Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.

CVE-2025-15657 - Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.

CVE-2026-9690 - Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.

CVE-2026-9570 - The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before ech

CVE-2026-8607 - The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred p

CVE-2026-8494 - The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pos

CVE-2026-8383 - The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST en

CVE-2026-8317 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-8089 - The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommer

CVE-2026-7850 - The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URL

CVE-2026-5667 - Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan

CVE-2026-55706 - sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via c

CVE-2026-54811 - Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.

CVE-2026-54807 - Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

CVE-2026-54806 - Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

CVE-2026-54805 - Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

CVE-2026-54804 - Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

CVE-2026-54803 - Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

CVE-2026-54802 - Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

CVE-2026-54196 - Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

CVE-2026-54195 - Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

CVE-2026-54194 - Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

CVE-2026-54192 - Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

CVE-2026-54189 - Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

CVE-2026-54188 - Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

CVE-2026-54187 - Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

CVE-2026-54186 - Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.

CVE-2026-54185 - Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

CVE-2026-54184 - Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

CVE-2026-53876 - RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may

CVE-2026-52706 - Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.

CVE-2026-52705 - Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.

CVE-2026-52698 - Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation &amp

CVE-2026-52696 - Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.

CVE-2026-50203 - A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`

CVE-2026-49778 - Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.

CVE-2026-49767 - Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.

CVE-2026-49113 - Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

CVE-2026-49107 - Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.

CVE-2026-49084 - Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.

CVE-2026-49081 - Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.

CVE-2026-49080 - Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.

CVE-2026-49079 - Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.

CVE-2026-49076 - Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.

CVE-2026-49075 - Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.

CVE-2026-49074 - Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.

CVE-2026-49073 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-49072 - Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.

CVE-2026-49071 - Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.

CVE-2026-49058 - Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.

CVE-2026-49057 - Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.

CVE-2026-48967 - Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.

CVE-2026-48929 - Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vul

CVE-2026-48875 - Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.

CVE-2026-48869 - Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.

CVE-2026-48797 - Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions

CVE-2026-48788 - Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can a

CVE-2026-48783 - Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated

CVE-2026-48782 - Pydantic AI is a Python agent framework for building applications and workflows with Generative AI.

CVE-2026-48781 - Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration cal

CVE-2026-48779 - ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not

CVE-2026-48745 - Traccar Client is a GPS tracking mobile app for sending location updates to private servers using th

CVE-2026-48616 - Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access contro

CVE-2026-48055 - Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versi

CVE-2026-47340 - Allow authenticated users to access alert instances associated with alert groups they do not have pe

CVE-2026-47277 - Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marke

CVE-2026-45436 - Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.

CVE-2026-44587 - CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.

CVE-2026-42629 - Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.

CVE-2026-42385 - Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.

CVE-2026-42380 - Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.

CVE-2026-42357 - Incorrect Authorization vulnerability allows users to access workflow instance information belonging

CVE-2026-41557 - Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.

CVE-2026-41280 - Incorrect Authorization vulnerability allows users with system login privileges to delete task defin

CVE-2026-40783 - Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.

CVE-2026-40768 - Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 version

CVE-2026-40765 - Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.

CVE-2026-40761 - Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

CVE-2026-40760 - Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

CVE-2026-40759 - Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

CVE-2026-40758 - Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.

CVE-2026-40755 - Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

CVE-2026-40754 - Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

CVE-2026-40753 - Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

CVE-2026-40751 - Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

CVE-2026-40749 - Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.

CVE-2026-40748 - Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.

CVE-2026-40747 - Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.

CVE-2026-40746 - Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.

CVE-2026-40739 - Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

CVE-2026-40736 - Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

CVE-2026-40735 - Unauthenticated PHP Object Injection in Reina <= 2.1 versions.

CVE-2026-40731 - Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.

CVE-2026-40726 - Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.

CVE-2026-40725 - Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.

CVE-2026-40724 - CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.

CVE-2026-40723 - Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.

CVE-2026-40722 - Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Conf

CVE-2026-40721 - Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.

CVE-2026-39598 - Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows

CVE-2026-39597 - Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

CVE-2026-39596 - Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.

CVE-2026-39595 - Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.

CVE-2026-39589 - Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.

CVE-2026-39582 - Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.

CVE-2026-39580 - Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

CVE-2026-39578 - Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

CVE-2026-39577 - Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

CVE-2026-39573 - Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.

CVE-2026-39568 - Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

CVE-2026-39567 - Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

CVE-2026-39558 - Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.

CVE-2026-39557 - Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

CVE-2026-39554 - Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

CVE-2026-39549 - Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

CVE-2026-39548 - Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.

CVE-2026-39547 - Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

CVE-2026-39546 - Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.

CVE-2026-39545 - Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.

CVE-2026-39539 - Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.

CVE-2026-39537 - Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.

CVE-2026-39529 - Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.

CVE-2026-39522 - Unauthenticated Local File Inclusion in Solene <= 3.4 versions.

CVE-2026-39446 - Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

CVE-2026-39443 - Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.

CVE-2026-39438 - Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.

CVE-2026-39433 - Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.

CVE-2026-34895 - Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

CVE-2026-34894 - Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.

CVE-2026-34893 - Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.

CVE-2026-34888 - Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.

CVE-2026-32967 - Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. T

CVE-2026-32966 - DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apa

CVE-2026-2604 - A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file bac

CVE-2026-28615 - In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions byp

CVE-2026-28587 - In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information

CVE-2026-28576 - In Contacts Provider, there is a possible way to access the contacts database due to SQL injection.

CVE-2026-28575 - In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/Pac

CVE-2026-27870 - An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case

CVE-2026-27869 - An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case

CVE-2026-27868 - An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case

CVE-2026-27429 - Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.

CVE-2026-27410 - Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.

CVE-2026-27400 - Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.

CVE-2026-27395 - Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.

CVE-2026-27041 - Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.

CVE-2026-25470 - Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom

CVE-2026-25446 - Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.

CVE-2026-25439 - Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.

CVE-2026-24611 - Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.

CVE-2026-24610 - Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.

CVE-2026-24575 - Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.

CVE-2026-22343 - Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

CVE-2026-22342 - Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

CVE-2026-22340 - Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.

CVE-2026-22339 - Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.

CVE-2026-22338 - Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.

CVE-2026-22335 - Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.

CVE-2026-22334 - Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.

CVE-2026-22332 - Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.

CVE-2026-22331 - Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.

CVE-2026-22330 - Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.

CVE-2026-22329 - Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.

CVE-2026-22328 - Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.

CVE-2026-22327 - Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.

CVE-2026-22326 - Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.

CVE-2026-22325 - Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.

CVE-2026-12491 - A flaw was found in vLLM, an open-source library for large language model inference. This vulnerabil

CVE-2026-12469 - Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attack

CVE-2026-12468 - Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had co

CVE-2026-12467 - Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who

CVE-2026-12466 - Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote

CVE-2026-12465 - Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker

CVE-2026-12464 - Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had

CVE-2026-12463 - Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a re

CVE-2026-12462 - Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had c

CVE-2026-12461 - Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote at

CVE-2026-12460 - Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allow

CVE-2026-12459 - Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote att

CVE-2026-12458 - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote

CVE-2026-12457 - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote

CVE-2026-12456 - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attac

CVE-2026-12455 - Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who c

CVE-2026-12454 - Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who

CVE-2026-12453 - Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed

CVE-2026-12452 - Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote att

CVE-2026-12451 - Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attac

CVE-2026-12450 - Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote atta

CVE-2026-12449 - Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local att

CVE-2026-12448 - Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed

CVE-2026-12447 - Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to

CVE-2026-12446 - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote

CVE-2026-12445 - Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convin

CVE-2026-12444 - Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local

CVE-2026-12443 - Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attac

CVE-2026-12442 - Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote att

CVE-2026-12441 - Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote atta

CVE-2026-12440 - Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a r

CVE-2026-12439 - Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote atta

CVE-2026-12438 - Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed

CVE-2026-12437 - Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote atta

CVE-2026-12360 - The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and includin

CVE-2026-12256 - Contributor PHP Object Injection in Avada <= 3.15.3 versions.

CVE-2026-12199 - A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown

CVE-2026-12165 - The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is

CVE-2026-12115 - The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vul

CVE-2026-11975 - Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5

CVE-2026-11858 - Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Upda

CVE-2026-11857 - Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Upda

CVE-2026-11410 - An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configurat

CVE-2026-11409 - An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler i

CVE-2026-10839 - Open redirection vulnerability in the authentication system allows an attacker to use manipulated va

CVE-2026-10837 - Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. A

CVE-2026-10836 - Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host

CVE-2026-10094 - A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 t

CVE-2026-0092 - In Package Manager, there is a possible device lock controller bypass due to a missing permission ch

CVE-2026-0083 - In Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This c

CVE-2026-0082 - In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permissi

CVE-2026-0081 - In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could

CVE-2026-0071 - In SettingsLib, there is a possible missing permission check due to a logic error in the code. This

CVE-2026-0068 - In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC

CVE-2026-0064 - In multiple places, there is a possible persistent denial of service due to resource exhaustion. Thi

CVE-2026-0063 - In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier rest

CVE-2026-0057 - In Contacts Provider, there is a possible way to access an incoming call's phone number and associat

CVE-2026-0019 - In SettingsLib, there is a possible way to disable system components due to a logic error in the cod