CVE-2026-3825 - IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authentic

CVE-2026-3824 - IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote atta

CVE-2026-3534 - The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-backgro

CVE-2026-31844 - An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi

CVE-2026-3911 - A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnera

CVE-2026-3884 - Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the sp

CVE-2026-3222 - The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_i

CVE-2026-2707 - The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry

CVE-2026-2631 - The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST en

CVE-2026-2626 - The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of

CVE-2026-2466 - The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputt

CVE-2026-2358 - The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[wp_ulike_li

CVE-2026-27842 - Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypa

CVE-2026-24448 - Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker

CVE-2026-20892 - Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with a

CVE-2026-1867 - The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a

CVE-2026-1753 - The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could

CVE-2023-27573 - netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the

CVE-2026-2413 - The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the

CVE-2025-13067 - The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all ve

CVE-2026-29515 - MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP serve

CVE-2026-23817 - A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthentica

CVE-2026-23816 - A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote

CVE-2026-23815 - A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote

CVE-2026-23814 - A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privileg

CVE-2026-23813 - A vulnerability has been identified in the web-based management interface of AOS-CX switches that co

CVE-2026-3453 - The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versi

CVE-2026-21361 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21360 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21359 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21311 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21310 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21309 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21297 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21296 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21295 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21294 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21293 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21292 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21291 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21290 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21289 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21286 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21285 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21284 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-21282 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlie

CVE-2026-2324 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-1781 - The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in al

CVE-2025-12473 - The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilde

CVE-2026-27266 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27265 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27264 - Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority.

CVE-2026-27263 - Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority.

CVE-2026-27262 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27261 - Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority.

CVE-2026-27260 - Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority.

CVE-2026-27259 - Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority.

CVE-2026-27257 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27256 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27255 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27254 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27253 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27252 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27251 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27250 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27249 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27248 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27247 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27244 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27242 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27241 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27240 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27239 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27237 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27236 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27235 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27234 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27233 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27232 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27231 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27230 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27229 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27228 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27226 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27225 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27224 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-27223 - Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (

CVE-2026-2569 - The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnera

CVE-2026-27272 - Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability t

CVE-2026-27271 - Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerabi

CVE-2026-27270 - Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability th

CVE-2026-27268 - Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability th

CVE-2026-27267 - Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerab

CVE-2026-21362 - Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability t

CVE-2026-21333 - Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability

CVE-2025-22850 - Time-of-check time-of-use race condition in the UEFI PdaSmm module for some Intel(R) reference platf

CVE-2025-22444 - Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms

CVE-2025-20105 - Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may

CVE-2025-20096 - Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escal

CVE-2025-20073 - Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEF

CVE-2025-20068 - Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms m

CVE-2025-20064 - Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may

CVE-2025-20028 - Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference plat

CVE-2025-20027 - Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allo

CVE-2025-20005 - Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow a

CVE-2026-31838 - Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and

CVE-2026-31837 - Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and

CVE-2026-31834 - Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerabi

CVE-2026-31833 - Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user

CVE-2026-31832 - Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorizat

CVE-2026-31830 - sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign

CVE-2026-31829 - Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.

CVE-2026-31828 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-31827 - Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint

CVE-2026-31826 - pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this v

CVE-2026-31825 - Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter

CVE-2026-31824 - Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) rac

CVE-2026-31823 - Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scriptin

CVE-2026-31822 - Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting (XSS) vulnerability

CVE-2026-31821 - Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/{tokenValue}/i

CVE-2026-31820 - Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Ref

CVE-2026-31819 - Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction(), I

CVE-2026-31817 - OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when th

CVE-2026-31815 - Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, comp

CVE-2026-31812 - Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to

CVE-2026-28807 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in glea

CVE-2026-28806 - Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device c

CVE-2026-27278 - Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use A

CVE-2026-27221 - Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Impr

CVE-2026-27220 - Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use A

CVE-2026-31809 - SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeS

CVE-2026-31808 - file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vul

CVE-2026-31807 - SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeS

CVE-2026-31801 - zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Speci

CVE-2026-31800 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30972 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30967 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30966 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30965 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30962 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30954 - LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy

CVE-2026-30953 - LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /link

CVE-2026-30952 - liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0

CVE-2026-30951 - Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in

CVE-2026-30949 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30948 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30947 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30946 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30837 - Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and c

CVE-2026-0124 - There is a possible out of bounds write due to a missing bounds check. This could lead to local esca

CVE-2026-0123 - In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due

CVE-2026-0122 - In multiple places, there is a possible out of bounds write due to memory corruption. This could lea

CVE-2026-0121 - In VPU, there is a possible use-after-free read due to a race condition. This could lead to local in

CVE-2026-0120 - In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead

CVE-2026-0119 - In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of bounds write due to memo

CVE-2026-0118 - In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could le

CVE-2026-0117 - In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect boun

CVE-2026-0116 - In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible out of bounds write due to a mis

CVE-2026-0115 - In Trusted Execution Environment, there is a possible key leak due to side channel information discl

CVE-2026-0114 - In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead

CVE-2026-0113 - In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrec

CVE-2026-0112 - In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This co

CVE-2026-0111 - In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrec

CVE-2026-0110 - In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This c

CVE-2026-0109 - In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition che

CVE-2026-0108 - The register protection of the PowerVR GPU is incorrectly configured. This could lead to local infor

CVE-2026-0107 - In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a

CVE-2025-70802 - Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnera

CVE-2025-70798 - Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerabil

CVE-2025-70244 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/form

CVE-2025-66413 - Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NT

CVE-2025-36920 - In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to impr

CVE-2025-13213 - IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improp

CVE-2026-3582 - An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an

CVE-2026-2713 - IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to exe

CVE-2026-2266 - An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that al

CVE-2026-29793 - Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaSc

CVE-2026-29792 - Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaSc

CVE-2026-29177 - Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Sit

CVE-2026-29176 - Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability ex

CVE-2026-29175 - Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities ex

CVE-2026-29174 - Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable

CVE-2026-29173 - Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a stored XSS vulne

CVE-2026-29172 - Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is

CVE-2026-29113 - Craft is a content management system (CMS). Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in

CVE-2026-28495 - GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpl

CVE-2026-27825 - MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira).

CVE-2026-26330 - Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13,

CVE-2026-26311 - Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13,

CVE-2026-26310 - Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13,

CVE-2026-26309 - Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13,

CVE-2026-26308 - Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13,

CVE-2026-26123 - Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose

CVE-2026-23868 - Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImag

CVE-2025-70251 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/form

CVE-2025-70249 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70247 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70246 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70242 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/form

CVE-2025-70227 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the nextPage parameter to goform/for

CVE-2025-70129 - If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha c

CVE-2025-70128 - A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for

CVE-2025-48611 - In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds chec

CVE-2025-36227 - IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by imprope

CVE-2025-36226 - IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability

CVE-2025-13219 - IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may

CVE-2026-3370 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-28292 - `simple-git`, an interface for running git commands in any node.js application, has an issue in vers

CVE-2026-27826 - MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira).

CVE-2026-27281 - DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerabil

CVE-2026-27280 - DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that co

CVE-2026-27279 - Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability

CVE-2026-27277 - Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that

CVE-2026-27276 - Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that

CVE-2026-27275 - Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability

CVE-2026-27274 - Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability

CVE-2026-27273 - Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability

CVE-2026-27269 - Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when pars

CVE-2026-27219 - Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerabilit

CVE-2026-27218 - Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnera

CVE-2026-27217 - Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnera

CVE-2026-27216 - Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerabilit

CVE-2026-27215 - Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnera

CVE-2026-27214 - Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnera

CVE-2026-26801 - Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allo

CVE-2026-26742 - PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm G

CVE-2026-26741 - PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. W

CVE-2026-21365 - Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerabilit

CVE-2026-21364 - Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnera

CVE-2026-21363 - Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnera

CVE-2026-3862 - Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application wh

CVE-2026-3854 - An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Ser

CVE-2026-3847 - Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corrupti

CVE-2026-3846 - Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects F

CVE-2026-3845 - Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerabili

CVE-2026-3843 - Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection

CVE-2026-3483 - An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attac

CVE-2026-3315 - Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assig

CVE-2026-3306 - An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a us

CVE-2026-3228 - The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-31797 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-31796 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-31795 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-31794 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-31793 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-31792 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30987 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30986 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30985 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30984 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t