CVE-2026-31793 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-31792 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30987 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30986 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30985 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30984 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30983 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30982 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30981 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30980 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30979 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30978 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-30977 - RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-block

CVE-2026-30974 - Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to preve

CVE-2026-30973 - Appium is an automation framework that provides WebDriver-based automation possibilities for a wide

CVE-2026-30970 - Coral Server is open collaboration infrastructure that enables communication, coordination, trust an

CVE-2026-30969 - Coral Server is open collaboration infrastructure that enables communication, coordination, trust an

CVE-2026-30968 - Coral Server is open collaboration infrastructure that enables communication, coordination, trust an

CVE-2026-30964 - web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developer

CVE-2026-30960 - rssn is a scientific computing library for Rust, combining a high-performance symbolic computation e

CVE-2026-30959 - OneUptime is a solution for monitoring and managing online services. The resend-verification-code en

CVE-2026-30958 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenti

CVE-2026-30957 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Syn

CVE-2026-30956 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privile

CVE-2026-30945 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.

CVE-2026-30944 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.

CVE-2026-30942 - Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools.

CVE-2026-30941 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30939 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30938 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30934 - FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-st

CVE-2026-30933 - FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-st

CVE-2026-30930 - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB exp

CVE-2026-30928 - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config R

CVE-2026-30897 - A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0

CVE-2026-2742 - An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.

CVE-2026-2741 - Specially crafted ZIP archives can escape the intended extraction directory during Node.js download

CVE-2026-2724 - The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripti

CVE-2026-2339 - Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies R

CVE-2026-2273 - CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cau

CVE-2026-27661 - A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected

CVE-2026-26738 - Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to

CVE-2026-26148 - External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized

CVE-2026-26144 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-26141 - Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.

CVE-2026-26134 - Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileg

CVE-2026-26132 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-26131 - Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

CVE-2026-26130 - Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker

CVE-2026-26128 - Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges lo

CVE-2026-26127 - Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

CVE-2026-26121 - Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform

CVE-2026-26118 - Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate priv

CVE-2026-26117 - Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allo

CVE-2026-26116 - Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a

CVE-2026-26115 - Improper validation of specified type of input in SQL Server allows an authorized attacker to elevat

CVE-2026-26114 - Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex

CVE-2026-26113 - Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code lo

CVE-2026-26112 - Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c

CVE-2026-26111 - Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authori

CVE-2026-26110 - Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor

CVE-2026-26109 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally

CVE-2026-26108 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code

CVE-2026-26107 - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26106 - Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute co

CVE-2026-26105 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of

CVE-2026-25972 - An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit

CVE-2026-25836 - An improper neutralization of special elements used in an os command ('os command injection') vulner

CVE-2026-25689 - An improper neutralization of argument delimiters in a command ('argument injection') vulnerability

CVE-2026-25605 - A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected applica

CVE-2026-25573 - A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected applica

CVE-2026-25572 - A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK

CVE-2026-25571 - A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK

CVE-2026-25570 - A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK

CVE-2026-25569 - A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds wri

CVE-2026-25190 - Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.

CVE-2026-25189 - Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local

CVE-2026-25188 - Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate p

CVE-2026-25187 - Improper link resolution before file access ('link following') in Winlogon allows an authorized atta

CVE-2026-25186 - Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (

CVE-2026-25185 - Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows a

CVE-2026-25181 - Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a ne

CVE-2026-25180 - Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose infor

CVE-2026-25179 - Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allo

CVE-2026-25178 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-25177 - Improper restriction of names for files and other resources in Active Directory Domain Services allo

CVE-2026-25176 - Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attack

CVE-2026-25175 - Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.

CVE-2026-25174 - Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate pr

CVE-2026-25173 - Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authori

CVE-2026-25172 - Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authori

CVE-2026-25171 - Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges

CVE-2026-25170 - Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2026-25169 - Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service local

CVE-2026-25168 - Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny ser

CVE-2026-25167 - Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privile

CVE-2026-25166 - Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to e

CVE-2026-25165 - Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate pr

CVE-2026-24641 - A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through

CVE-2026-24640 - A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 throu

CVE-2026-24297 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-24296 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-24295 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-24294 - Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges lo

CVE-2026-24293 - Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attac

CVE-2026-24292 - Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to eleva

CVE-2026-24291 - Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBro

CVE-2026-24290 - Improper access control in Windows Projected File System allows an authorized attacker to elevate pr

CVE-2026-24289 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-24288 - Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute co

CVE-2026-24287 - External control of file name or path in Windows Kernel allows an authorized attacker to elevate pri

CVE-2026-24285 - Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

CVE-2026-24283 - Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privilege

CVE-2026-24282 - Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose informa

CVE-2026-24018 - A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.

CVE-2026-24017 - An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet Forti

CVE-2026-23907 - This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, f

CVE-2026-23674 - Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b

CVE-2026-23673 - Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate

CVE-2026-23672 - Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2026-23671 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-23669 - Use after free in RPC Runtime allows an authorized attacker to execute code over a network.

CVE-2026-23668 - Concurrent execution using shared resource with improper synchronization ('race condition') in Micro

CVE-2026-23667 - Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.

CVE-2026-23665 - Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate

CVE-2026-23664 - Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an

CVE-2026-23662 - Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker t

CVE-2026-23661 - Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacke

CVE-2026-23660 - Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevat

CVE-2026-23656 - Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attac

CVE-2026-23654 - Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unau

CVE-2026-23240 - In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_

CVE-2026-23239 - In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in

CVE-2026-22629 - An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer

CVE-2026-22628 - An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allo

CVE-2026-22627 - A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet F

CVE-2026-22614 - The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute

CVE-2026-22572 - An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer

CVE-2026-21791 - HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information i

CVE-2026-21262 - Improper access control in SQL Server allows an authorized attacker to elevate privileges over a net

CVE-2026-20967 - Improper input validation in System Center Operations Manager allows an authorized attacker to eleva

CVE-2026-1286 - CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confident

CVE-2026-1261 - The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz featu

CVE-2025-70025 - An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was disco

CVE-2025-69615 - Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and fu

CVE-2025-69614 - Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthor

CVE-2025-68648 - A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7

CVE-2025-68482 - A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, Forti

CVE-2025-66178 - A improper neutralization of special elements used in an os command ('os command injection') vulnera

CVE-2025-56422 - A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to exec

CVE-2025-56421 - SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain

CVE-2025-55717 - A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet Forti

CVE-2025-54820 - A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 t

CVE-2025-54659 - An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE

CVE-2025-53706 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or

CVE-2025-53608 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit

CVE-2025-49784 - An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit

CVE-2025-48840 - An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWe

CVE-2025-48418 - A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.

CVE-2025-41712 - An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get acces

CVE-2025-41711 - An unauthenticated remote attacker can use firmware images to extract password hashes and brute forc

CVE-2025-41710 - An unauthenticated remote attacker may use hardcodes credentials to get access to the previously act

CVE-2025-41709 - An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to g

CVE-2025-40943 - Affected devices do not properly sanitize contents of trace files. This could allow an attacker t

CVE-2025-27769 - A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.

CVE-2025-13957 - CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure

CVE-2025-13902 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerab

CVE-2025-13901 - CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial o

CVE-2025-11739 - CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code exec

CVE-2022-4977 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-3585 - The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to,

CVE-2026-30927 - Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/events_functio

CVE-2026-30925 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-30921 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Syn

CVE-2026-30920 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's G

CVE-2026-30919 - facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , store

CVE-2026-30918 - facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a ref

CVE-2026-30917 - Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a

CVE-2026-30916 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determ

CVE-2026-30913 - Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered u

CVE-2026-30887 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime all

CVE-2026-30885 - WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php

CVE-2026-30870 - PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when

CVE-2026-30869 - SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in

CVE-2026-30862 - Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Criti

CVE-2026-2364 - If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Developm

CVE-2026-29773 - Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to

CVE-2026-28513 - Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services

CVE-2026-28512 - Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services

CVE-2026-28281 - InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not

CVE-2026-28267 - Multiple i-フィルター products are configured with improper file access permission settings. Files may be

CVE-2026-27689 - Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated atta

CVE-2026-27688 - Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated

CVE-2026-27687 - Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with

CVE-2026-27686 - Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attac

CVE-2026-27685 - SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted

CVE-2026-27684 - SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an a

CVE-2026-24317 - SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application.

CVE-2026-24316 - SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows

CVE-2026-24313 - SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary au

CVE-2026-24311 - The SAP Customer Checkout application exhibits certain design characteristics that involve locally s

CVE-2026-24310 - Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated at

CVE-2026-24309 - Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated at

CVE-2026-1920 - The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vuln

CVE-2026-1919 - The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vuln

CVE-2026-1508 - The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deletin

CVE-2026-0953 - The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to,

CVE-2026-0489 - Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business On

CVE-2025-36173 - Affected Product(s)Version(s)InfoSphere Data Architect9.2.1

CVE-2025-36105 - IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privile

CVE-2025-2399 - Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Ele

CVE-2025-11158 - Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8

CVE-2026-31802 - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into

CVE-2026-30937 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-30936 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-30935 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-30931 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-30929 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-30926 - SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerabil

CVE-2026-30883 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28693 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28692 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28691 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28690 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28689 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28688 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28687 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28686 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28494 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28493 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-28433 - Misskey is an open source, federated social media platform. All Misskey servers running versions 10.

CVE-2026-28432 - Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 co

CVE-2026-28431 - Misskey is an open source, federated social media platform. All Misskey servers running versions 8.4

CVE-2026-26982 - Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+

CVE-2026-1776 - Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulne

CVE-2026-3288 - A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-targ

CVE-2026-31816 - Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4

CVE-2026-30240 - Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5

CVE-2026-25960 - vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix fo

CVE-2026-25737 - Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0

CVE-2026-25045 - Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue

CVE-2025-70973 - ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cooki

CVE-2025-70028 - An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Tr

CVE-2025-15603 - A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown functi

CVE-2026-25041 - Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22

CVE-2026-0846 - A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allow

CVE-2025-70031 - An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-po

CVE-2025-70030 - An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in

CVE-2025-68402 - FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce w

CVE-2025-62166 - FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to m