CVE-2026-31988 - yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the

CVE-2026-3961 - A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected elemen

CVE-2026-3959 - A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted

CVE-2026-3958 - A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function re

CVE-2026-3942 - Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote a

CVE-2026-3941 - Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote

CVE-2026-3940 - Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote

CVE-2026-3939 - Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote atta

CVE-2026-3938 - Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remot

CVE-2026-3937 - Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remo

CVE-2026-3936 - Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attack

CVE-2026-3935 - Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote att

CVE-2026-3934 - Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a re

CVE-2026-3932 - Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a

CVE-2026-3931 - Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to pe

CVE-2026-3930 - Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote atta

CVE-2026-3929 - Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a

CVE-2026-3928 - Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an att

CVE-2026-3927 - Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote a

CVE-2026-3926 - Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perfor

CVE-2026-3925 - Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed

CVE-2026-3924 - use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who

CVE-2026-3923 - Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to poten

CVE-2026-3922 - Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to p

CVE-2026-3921 - Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to

CVE-2026-3920 - Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attack

CVE-2026-3919 - Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinc

CVE-2026-3918 - Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potent

CVE-2026-3917 - Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potent

CVE-2026-3916 - Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker t

CVE-2026-3915 - Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to p

CVE-2026-3914 - Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to poten

CVE-2026-3913 - Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to p

CVE-2026-32136 - AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthe

CVE-2026-32133 - 2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security c

CVE-2026-32132 - ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulne

CVE-2026-32131 - ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability i

CVE-2026-32130 - ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zita

CVE-2026-32128 - FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-s

CVE-2026-32117 - The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's

CVE-2026-27591 - Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Pr

CVE-2025-62328 - HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-P

CVE-2026-3957 - A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. T

CVE-2026-3956 - A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1

CVE-2026-3955 - A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the fun

CVE-2026-32127 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32126 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32125 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32124 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32123 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32122 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32121 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32118 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32112 - ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-co

CVE-2026-32111 - ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form (beta feature)

CVE-2026-32110 - SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endp

CVE-2026-32109 - Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and

CVE-2026-32108 - Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the s

CVE-2026-32106 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.

CVE-2026-32104 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.

CVE-2026-32103 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.

CVE-2026-32102 - OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, O

CVE-2026-32101 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.

CVE-2026-2640 - During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manage

CVE-2026-2368 - An improper certificate validation vulnerability was reported in the Lenovo Filez application that c

CVE-2026-1717 - An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo V

CVE-2026-1716 - An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vanta

CVE-2026-1715 - An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vanta

CVE-2026-1653 - A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart

CVE-2026-1652 - A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smar

CVE-2026-1068 - An improper certificate validation vulnerability was reported in the Lenovo Filez application that c

CVE-2026-0940 - A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that co

CVE-2026-0520 - A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain c

CVE-2025-70041 - An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube

CVE-2025-70024 - An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command wa

CVE-2025-66956 - Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allow

CVE-2026-3954 - A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the functi

CVE-2026-3951 - A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the funct

CVE-2026-3950 - A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::

CVE-2026-32234 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32098 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-32097 - PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.

CVE-2026-32096 - Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Reques

CVE-2026-32095 - Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload

CVE-2026-32094 - Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does no

CVE-2026-31979 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and

CVE-2026-31976 - xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to

CVE-2026-31974 - OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject S

CVE-2026-31961 - Quill provides simple mac binary signing and notarization from any platform. Quill before version v0

CVE-2026-31960 - Quill provides simple mac binary signing and notarization from any platform. Quill before version v0

CVE-2026-31959 - Quill provides simple mac binary signing and notarization from any platform. Quill before version v0

CVE-2026-31958 - Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior

CVE-2026-31957 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to befor

CVE-2026-31954 - Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asyn

CVE-2026-31901 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-31900 - Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting cod

CVE-2026-31896 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection

CVE-2026-31895 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA (Web gerenciador p

CVE-2026-31894 - WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB() extracts ta

CVE-2026-31889 - Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopwa

CVE-2026-27703 - RIOT is an open-source microcontroller operating system, designed to match the requirements of Inter

CVE-2026-27478 - Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical auth

CVE-2026-24510 - Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Man

CVE-2026-24508 - Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate V

CVE-2026-3949 - A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_p

CVE-2026-31888 - Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint

CVE-2026-31887 - Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the

CVE-2026-31881 - Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset

CVE-2026-31879 - Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a

CVE-2026-31878 - Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicio

CVE-2026-31877 - Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted

CVE-2026-31876 - Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross

CVE-2026-31874 - Taskosaur is an open source project management platform with conversational AI for task execution in

CVE-2026-24509 - Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Contro

CVE-2019-25487 - SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated

CVE-2019-25486 - Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manip

CVE-2019-25485 - R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu

CVE-2019-25484 - WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows

CVE-2019-25483 - Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability

CVE-2019-25480 - ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated

CVE-2019-25478 - GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attack

CVE-2019-25477 - RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to c

CVE-2019-25476 - Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers

CVE-2019-25475 - SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attacker

CVE-2019-25474 - Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to

CVE-2019-25472 - IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerabili

CVE-2019-25471 - FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload ma

CVE-2019-25470 - eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attac

CVE-2019-25469 - Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field t

CVE-2019-25468 - NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated a

CVE-2019-25467 - Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that

CVE-2019-25466 - Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vuln

CVE-2019-25465 - Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated

CVE-2019-25464 - InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local

CVE-2019-25463 - SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the r

CVE-2018-25159 - Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) inject

CVE-2026-31975 - Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Ge

CVE-2026-31875 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-31872 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-31871 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-31870 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, w

CVE-2026-31868 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-31867 - Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct

CVE-2026-31866 - flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/

CVE-2026-31863 - Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the loca

CVE-2026-31862 - Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Ge

CVE-2026-31861 - Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Ge

CVE-2026-31859 - Craft is a content management system (CMS). The fix for CVE-2025-35939 in craftcms/cms introduced a

CVE-2026-31858 - Craft is a content management system (CMS). The ElementSearchController::actionSearch() endpoint is

CVE-2026-31857 - Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulne

CVE-2026-31856 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30226 - Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't

CVE-2026-0231 - An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authen

CVE-2026-0230 - A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a l

CVE-2026-3429 - A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lowe

CVE-2026-31854 - Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains m

CVE-2026-31853 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-31852 - Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/je

CVE-2026-31840 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-31839 - Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability

CVE-2026-31813 - Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vuln

CVE-2026-30868 - OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC AP

CVE-2026-30239 - OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets

CVE-2026-30236 - OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing

CVE-2026-30235 - OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerab

CVE-2026-20166 - In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2

CVE-2026-20165 - In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver

CVE-2026-20164 - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver

CVE-2026-20163 - In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver

CVE-2026-20162 - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform vers

CVE-2026-20118 - A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Ci

CVE-2026-20117 - A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unifi

CVE-2026-20116 - A vulnerability in the web-based management interface of  Cisco Finesse, Cisco Packaged Contact

CVE-2026-20074 - A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing fea

CVE-2026-20046 - A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could a

CVE-2026-20040 - A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to

CVE-2026-1524 - An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can

CVE-2026-1471 - Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4

CVE-2025-70082 - An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain

CVE-2025-68623 - In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an

CVE-2025-67041 - An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in t

CVE-2025-67039 - An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can

CVE-2025-67038 - An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command

CVE-2025-67037 - An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS comm

CVE-2025-67036 - An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log fi

CVE-2025-67035 - An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affe

CVE-2025-67034 - An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS comm

CVE-2025-12555 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8

CVE-2026-3848 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8

CVE-2026-31892 - Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on

CVE-2026-30741 - A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to

CVE-2026-30234 - OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authentica

CVE-2026-29777 - Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to a

CVE-2026-28803 - Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cos

CVE-2026-28229 - Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on

CVE-2026-27897 - Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2,

CVE-2026-22248 - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk feat

CVE-2026-21888 - NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer

CVE-2026-1732 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8

CVE-2026-1663 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8

CVE-2026-1497 - Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versio

CVE-2026-1230 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 b

CVE-2026-1090 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8

CVE-2026-1069 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that c

CVE-2026-0602 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8

CVE-2025-14513 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8

CVE-2025-13929 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8

CVE-2025-13690 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8

CVE-2025-12704 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 bef

CVE-2025-12697 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8

CVE-2025-12690 - Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.Th

CVE-2025-12576 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 b

CVE-2026-3946 - A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file

CVE-2026-3013 - Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthen

CVE-2026-32229 - In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabl

CVE-2026-30903 - External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0

CVE-2026-30902 - Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to

CVE-2026-30901 - Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenti

CVE-2026-30900 - Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may al

CVE-2025-70330 - Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradeb

CVE-2025-70027 - An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-p

CVE-2025-67298 - An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoi

CVE-2026-3904 - Calling NSS-backed functions that support caching via nscd may call the nscd client side code and i

CVE-2026-3496 - The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter

CVE-2026-32063 - OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in system

CVE-2026-32062 - OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to

CVE-2026-32061 - OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directiv

CVE-2026-32060 - OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allo

CVE-2026-32059 - OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fail

CVE-2026-3944 - A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability

CVE-2026-3943 - A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the f

CVE-2026-3178 - The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_d

CVE-2026-3805 - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointi

CVE-2026-3784 - curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the ne

CVE-2026-3783 - When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect t

CVE-2026-1965 - libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authentic

CVE-2026-3906 - WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature

CVE-2026-3492 - The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions

CVE-2026-3231 - The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to S

CVE-2026-1993 - The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privile

CVE-2026-1992 - The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct

CVE-2026-1454 - The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to S

CVE-2026-3903 - The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to

CVE-2026-2918 - The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Referenc

CVE-2026-2917 - The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Referenc

CVE-2026-1708 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2024-14026 - A command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-14025 - An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local

CVE-2024-14024 - An improper certificate validation vulnerability has been reported to affect Video Station. If an at

CVE-2026-3826 - IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated rem