CVE-2026-27807 - MarkUs is a web application for the submission and grading of student assignments. Prior to version

CVE-2026-25962 - MarkUs is a web application for the submission and grading of student assignments. Prior to version

CVE-2025-59544 - Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to

CVE-2025-59543 - Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scri

CVE-2025-59542 - Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scri

CVE-2025-59541 - Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSR

CVE-2025-59540 - Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists

CVE-2025-55289 - Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerabili

CVE-2026-3616 - A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0.

CVE-2026-3613 - A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the functio

CVE-2026-3612 - A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 o

CVE-2026-3610 - A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue i

CVE-2026-2589 - The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive I

CVE-2026-28727 - Local privilege escalation due to insecure Unix socket permissions. The following products are affec

CVE-2026-28726 - Sensitive information disclosure due to improper access control. The following products are affected

CVE-2026-28725 - Sensitive information disclosure due to improper configuration of a headless browser. The following

CVE-2026-28724 - Unauthorized data access due to insufficient access control validation. The following products are a

CVE-2026-28723 - Unauthorized report deletion due to insufficient access control. The following products are affected

CVE-2026-28722 - Local privilege escalation due to improper soft link handling. The following products are affected:

CVE-2026-28721 - Local privilege escalation due to improper soft link handling. The following products are affected:

CVE-2026-28720 - Unauthorized modification of settings due to insufficient authorization checks. The following produc

CVE-2026-28719 - Unauthorized resource manipulation due to improper authorization checks. The following products are

CVE-2026-28718 - Denial of service due to insufficient input validation in authentication logging. The following prod

CVE-2026-28717 - Local privilege escalation due to improper directory permissions. The following products are affecte

CVE-2026-28716 - Information disclosure and manipulation due to improper authorization checks. The following products

CVE-2026-28715 - Sensitive information disclosure due to improper authorization checks. The following products are af

CVE-2026-28714 - Unnecessary transmission of sensitive cryptographic material. The following products are affected: A

CVE-2026-28713 - Default credentials set for local privileged user in Virtual Appliance. The following products are a

CVE-2026-28712 - Local privilege escalation due to DLL hijacking vulnerability. The following products are affected:

CVE-2026-28711 - Local privilege escalation due to DLL hijacking vulnerability. The following products are affected:

CVE-2026-28710 - Sensitive information disclosure and manipulation due to improper authentication. The following prod

CVE-2026-28709 - Unauthorized resource manipulation due to improper authorization checks. The following products are

CVE-2026-27778 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication r

CVE-2026-27770 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-24912 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows mu

CVE-2026-22552 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorize

CVE-2025-30413 - Credentials are not deleted from Acronis Agent after plan revocation. The following products are aff

CVE-2025-11792 - Local privilege escalation due to DLL hijacking vulnerability. The following products are affected:

CVE-2025-11791 - Sensitive information disclosure and manipulation due to insufficient authorization checks. The foll

CVE-2025-11790 - Credentials are not deleted from Acronis Agent after plan revocation. The following products are aff

CVE-2026-26125 - Payment Orchestrator Service Elevation of Privilege Vulnerability

CVE-2026-26124 - '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

CVE-2026-26122 - Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized

CVE-2026-23651 - Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate priv

CVE-2026-21536 - Microsoft Devices Pricing Program Remote Code Execution Vulnerability

CVE-2026-3606 - A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the fun

CVE-2026-2593 - The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cros

CVE-2026-29613 - OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles (optional plugin) we

CVE-2026-29612 - OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing

CVE-2026-29611 - OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles ext

CVE-2026-29610 - OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers

CVE-2026-29609 - OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the fetchWithGuard

CVE-2026-29606 - OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-ca

CVE-2026-28486 - OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive e

CVE-2026-28485 - OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent

CVE-2026-28484 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-28482 - OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId par

CVE-2026-28481 - OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in

CVE-2026-28480 - OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram al

CVE-2026-28479 - OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and

CVE-2026-28478 - OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers t

CVE-2026-28477 - OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the m

CVE-2026-28476 - OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the opti

CVE-2026-28475 - OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validati

CVE-2026-28474 - OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable

CVE-2026-28473 - OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with

CVE-2026-28472 - OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handsha

CVE-2026-28471 - OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contai

CVE-2026-28470 - OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vul

CVE-2026-28469 - OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat moni

CVE-2026-28468 - OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser

CVE-2026-28467 - OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachmen

CVE-2026-28466 - OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to san

CVE-2026-28465 - OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerabili

CVE-2026-28464 - OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validati

CVE-2026-28463 - OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses rea

CVE-2026-28462 - OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it

CVE-2026-28459 - OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authe

CVE-2026-28458 - OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay (extensio

CVE-2026-28457 - OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirrori

CVE-2026-28456 - OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it doe

CVE-2026-28454 - OpenClaw versions prior to 2026.2.2 fail to validate webhook secrets in Telegram webhook mode (must

CVE-2026-28453 - OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, all

CVE-2026-28452 - OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive

CVE-2026-28451 - OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feis

CVE-2026-28450 - OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated H

CVE-2026-28448 - OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin (must be

CVE-2026-28447 - OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugi

CVE-2026-28446 - OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an a

CVE-2026-28395 - OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in

CVE-2026-28394 - OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the web_fetch tool

CVE-2026-28393 - OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook tran

CVE-2026-28392 - OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash

CVE-2026-28391 - OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allo

CVE-2026-21622 - Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordR

CVE-2026-29188 - File Browser provides a file managing interface within a specified directory and it can be used to u

CVE-2026-29081 - Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoi

CVE-2026-29077 - Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a l

CVE-2026-28492 - File Browser provides a file managing interface within a specified directory and it can be used to u

CVE-2026-28443 - OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /{projectId}/car

CVE-2026-28442 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In ve

CVE-2026-28436 - Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacke

CVE-2026-28413 - Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0,

CVE-2026-28410 - The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other bloc

CVE-2026-28405 - MarkUs is a web application for the submission and grading of student assignments. Prior to version

CVE-2026-22723 - Inappropriate user token revocation due to a logic error in the token revocation endpoint implementa

CVE-2026-0848 - NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in

CVE-2025-70995 - An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve

CVE-2025-70949 - An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive

CVE-2025-70948 - A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows

CVE-2025-70614 - OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vuln

CVE-2025-55208 - Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecur

CVE-2026-28790 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0,

CVE-2026-28789 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3,

CVE-2026-28353 - Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode

CVE-2026-28350 - lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior

CVE-2026-28348 - lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior

CVE-2026-28343 - CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.

CVE-2026-28342 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2,

CVE-2026-28277 - LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (b

CVE-2026-28223 - Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6,

CVE-2026-28222 - Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6,

CVE-2026-21621 - Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.API.OAuthController' mo

CVE-2025-29165 - An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/sha

CVE-2025-13350 - Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d

CVE-2024-43035 - Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:

CVE-2026-3459 - The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitr

CVE-2026-3047 - A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SA

CVE-2026-3009 - A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication

CVE-2026-29054 - Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version

CVE-2026-28287 - FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.

CVE-2026-28284 - FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module

CVE-2026-28210 - FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Dat

CVE-2026-28209 - FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.

CVE-2026-27944 - Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup e

CVE-2026-27723 - OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 1

CVE-2026-27023 - Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService

CVE-2026-26999 - Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a

CVE-2026-26998 - Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a

CVE-2026-26418 - Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Cl

CVE-2026-26417 - A broken access control vulnerability in the password reset functionality of Tata Consultancy Servic

CVE-2026-26416 - An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows a

CVE-2026-26276 - Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HT

CVE-2026-26196 - Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts toke

CVE-2026-26195 - Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possibl

CVE-2026-26194 - Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in

CVE-2026-26022 - Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripti

CVE-2026-25921 - Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object acr

CVE-2026-24457 - An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a

CVE-2025-7375 - A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacen

CVE-2025-70616 - A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (versi

CVE-2025-70233 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70232 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70231 - D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests r

CVE-2025-70230 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70229 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-45691 - An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients

CVE-2025-13476 - Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and pre

CVE-2026-30798 - Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerab

CVE-2026-30797 - Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, M

CVE-2026-30796 - Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server

CVE-2026-30795 - Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rus

CVE-2026-30794 - Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on

CVE-2026-30793 - Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client o

CVE-2026-30792 - A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, An

CVE-2026-30790 - Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Co

CVE-2026-30789 - Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort

CVE-2026-30785 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Pa

CVE-2026-30784 - Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server

CVE-2026-30783 - A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, An

CVE-2026-26377 - Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbi

CVE-2026-25048 - xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prio

CVE-2025-64166 - Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (C

CVE-2026-3598 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Serve

CVE-2026-30791 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client ru

CVE-2026-27750 - Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer

CVE-2026-27749 - Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Spe

CVE-2026-27748 - Avira Internet Security contains an improper link resolution vulnerability in the Software Updater c

CVE-2025-69534 - Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause ht

CVE-2026-1720 - The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin fo

CVE-2026-2599 - The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP

CVE-2026-3236 - In affected versions of Octopus Server it was possible to create a new API key from an existing acce

CVE-2026-21628 - A improperly secured file management feature allows uploads of dangerous data types for unauthentica

CVE-2026-1605 - In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerabili

CVE-2025-11143 - The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unu

CVE-2026-28551 - Race condition vulnerability in the device security management module. Impact: Successful exploitati

CVE-2026-28549 - Race condition vulnerability in the permission management service. Impact: Successful exploitation o

CVE-2026-28548 - Vulnerability of improper verification in the email application. Impact: Successful exploitation of

CVE-2026-28547 - Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitatio

CVE-2026-28546 - Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulner

CVE-2026-28542 - Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of

CVE-2026-2893 - The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' param

CVE-2026-28552 - Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnera

CVE-2026-28550 - Race condition vulnerability in the security control module. Impact: Successful exploitation of this

CVE-2026-28545 - Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnera

CVE-2026-28544 - Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnera

CVE-2026-28543 - Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitat

CVE-2026-28541 - Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of thi

CVE-2026-28540 - Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vul

CVE-2026-28539 - Data processing vulnerability in the certificate management module. Impact: Successful exploitation

CVE-2026-28538 - Path traversal vulnerability in the certificate management module. Impact: Successful exploitation o

CVE-2026-28537 - Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerabilit

CVE-2026-21786 - HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is wr

CVE-2026-1321 - The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation

CVE-2025-66319 - Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation

CVE-2026-2743 - Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interfa

CVE-2026-28536 - Authentication bypass vulnerability in the device authentication module. Impact: Successful exploita

CVE-2026-25702 - A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 br

CVE-2026-1678 - dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the b

CVE-2026-3072 - The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2026-30777 - EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerabili

CVE-2026-2418 - The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to

CVE-2026-29128 - IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing c

CVE-2026-29053 - Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted mal

CVE-2026-29052 - The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee

CVE-2026-28137 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28135 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor A

CVE-2026-28134 - Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-

CVE-2026-28133 - Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allow

CVE-2026-28130 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28129 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28128 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28127 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28126 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28125 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28124 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28123 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28122 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28121 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28120 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28119 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28118 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28117 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28115 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-28114 - Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Mana

CVE-2026-28113 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28112 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28110 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28109 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28108 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28107 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28105 - Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Inj

CVE-2026-28104 - Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Acce

CVE-2026-28103 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28102 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28101 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28100 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28099 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-28098 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-28097 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio