CVE-2026-22416 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22415 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22414 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22413 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22412 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22410 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22408 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22405 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22403 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22399 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22397 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22395 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22394 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22392 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22390 - Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Bui

CVE-2026-22389 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22387 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22385 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69411 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robe

CVE-2025-69343 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69340 - Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech

CVE-2025-69339 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69338 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69090 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68555 - Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upl

CVE-2025-68554 - Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keenarch keenarch allows

CVE-2025-68553 - Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upl

CVE-2025-68515 - Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-

CVE-2025-54001 - Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injectio

CVE-2025-53335 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-3523 - The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in

CVE-2026-3034 - The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-2899 - The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all

CVE-2026-2365 - The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `flue

CVE-2026-29127 - The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor use

CVE-2026-26034 - UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permi

CVE-2026-26033 - UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or

CVE-2024-57854 - Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v

CVE-2026-3381 - Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Comp

CVE-2026-3257 - UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.

CVE-2026-29126 - Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International

CVE-2026-29125 - IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local use

CVE-2026-29124 - Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal,

CVE-2026-29123 - A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100

CVE-2026-29122 - International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility insta

CVE-2025-40931 - Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::S

CVE-2025-40926 - Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely.

CVE-2026-29121 - International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility instal

CVE-2026-2836 - A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache k

CVE-2026-2835 - An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 an

CVE-2026-2833 - An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connec

CVE-2026-22052 - ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vu

CVE-2026-2297 - The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly han

CVE-2026-29086 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to versi

CVE-2026-29085 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to versi

CVE-2026-29045 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to versi

CVE-2026-26002 - Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand

CVE-2025-41257 - Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the curre

CVE-2026-29000 - pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability i

CVE-2026-27898 - Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarde

CVE-2026-27803 - Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarde

CVE-2026-27802 - Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarde

CVE-2026-27801 - Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarde

CVE-2026-25750 - Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to l

CVE-2026-22040 - NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generati

CVE-2025-70222 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-68467 - Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark

CVE-2025-66024 - The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versi

CVE-2025-70225 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/

CVE-2025-70221 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-46108 - D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.

CVE-2026-3545 - Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote

CVE-2026-3544 - Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker

CVE-2026-3543 - Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacke

CVE-2026-3542 - Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remot

CVE-2026-3541 - Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attack

CVE-2026-3540 - Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote a

CVE-2026-3539 - Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who

CVE-2026-3538 - Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to poten

CVE-2026-3537 - Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remo

CVE-2026-3536 - Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to pote

CVE-2026-28435 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, c

CVE-2026-28434 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, w

CVE-2026-28427 - OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on por

CVE-2025-70219 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot.

CVE-2026-3125 - A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare pack

CVE-2026-20064 - A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticat

CVE-2026-20025 - A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft

CVE-2026-20024 - A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft

CVE-2026-20023 - A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft

CVE-2026-20022 - A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft

CVE-2026-20021 - A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft

CVE-2026-20020 - A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft

CVE-2026-20016 - A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Se

CVE-2026-0847 - A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path trave

CVE-2025-70226 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70223 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2026-26949 - Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vul

CVE-2026-20149 - A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a c

CVE-2026-20131 - A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM

CVE-2026-20106 - A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure

CVE-2026-20105 - A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Securit

CVE-2026-20103 - A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Securit

CVE-2026-20102 - A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software a

CVE-2026-20101 - A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software a

CVE-2026-20100 - A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall

CVE-2026-20082 - A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive

CVE-2026-20079 - A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could

CVE-2026-20073 - A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure

CVE-2026-20070 - A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Applian

CVE-2026-20069 - A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Applian

CVE-2026-20068 - Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could a

CVE-2026-20067 - Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could a

CVE-2026-20066 - Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could a

CVE-2026-20065 - Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could a

CVE-2026-20063 - A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker

CVE-2026-20062 - A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in mu

CVE-2026-20058 - Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow

CVE-2026-20057 - Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications

CVE-2026-20054 - Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow

CVE-2026-20053 - Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow

CVE-2026-20052 - A vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure F

CVE-2026-20050 - A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secur

CVE-2026-20049 - A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange versi

CVE-2026-20044 - A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software

CVE-2026-20039 - A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Sof

CVE-2026-20031 - A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthentic

CVE-2026-20018 - A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Softw

CVE-2026-20017 - A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker

CVE-2026-20015 - A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft

CVE-2026-20014 - A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft

CVE-2026-20013 - A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft

CVE-2026-20009 - A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication

CVE-2026-20008 - A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Se

CVE-2026-20007 - A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat De

CVE-2026-20006 - A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secur

CVE-2026-20003 - A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote at

CVE-2026-20002 - A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an au

CVE-2026-20001 - A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote at

CVE-2025-70220 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70218 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall c

CVE-2019-25507 - Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated att

CVE-2019-25506 - FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter t

CVE-2019-25505 - Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipula

CVE-2019-25504 - NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25503 - PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute

CVE-2019-25502 - Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attacker

CVE-2019-25501 - Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate databa

CVE-2019-25500 - Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25499 - Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25498 - Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2026-3520 - Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior t

CVE-2026-29069 - Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendA

CVE-2026-28784 - Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a m

CVE-2026-28783 - Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS imple

CVE-2026-28782 - Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate"

CVE-2026-28781 - Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creat

CVE-2026-28697 - Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticate

CVE-2026-28696 - Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL dir

CVE-2026-28695 - Craft is a content management system (CMS). There is an authenticated admin RCE in Craft CMS 5.8.21

CVE-2026-23812 - A vulnerability has been identified where an attacker connecting to an access point as a standard wi

CVE-2026-23811 - A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) commu

CVE-2026-23810 - A vulnerability in the packet processing logic may allow an authenticated attacker to craft and tran

CVE-2026-23809 - A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that

CVE-2026-23808 - A vulnerability has been identified in a standardized wireless roaming protocol that could enable a

CVE-2026-23601 - A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A ma

CVE-2026-22760 - Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual

CVE-2026-20005 - Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could a

CVE-2025-69969 - A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communicatio

CVE-2025-66944 - SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to ex

CVE-2025-66678 - An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.

CVE-2025-15558 - Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a director

CVE-2026-26673 - An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote at

CVE-2026-26514 - An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute modul

CVE-2026-26478 - A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389

CVE-2026-22285 - Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Passwor

CVE-2025-62879 - A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of

CVE-2025-59787 - 2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error respo

CVE-2025-59786 - 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple

CVE-2025-59785 - Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker

CVE-2025-59784 - 2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent

CVE-2025-59783 - API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient

CVE-2025-12801 - A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux,

CVE-2026-23238 - In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize()

CVE-2026-23237 - In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop:

CVE-2026-23236 - In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy i

CVE-2026-23235 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access

CVE-2026-23234 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_

CVE-2026-23233 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wron

CVE-2026-23232 - In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio w

CVE-2025-71238 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() c

CVE-2025-70342 - erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path

CVE-2025-70341 - Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to writ

CVE-2026-3103 - A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0

CVE-2025-40896 - The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malic

CVE-2025-40895 - A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to im

CVE-2025-40894 - A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality du

CVE-2026-25907 - Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vu

CVE-2026-24732 - Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Re

CVE-2026-23231 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-a

CVE-2026-22270 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21426 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21425 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21424 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21423 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21422 - Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, co

CVE-2026-21421 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-3058 - The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in

CVE-2026-3056 - The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2026-2355 - The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2026-1674 - The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder p

CVE-2026-3439 - A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allo

CVE-2026-1706 - The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting vi

CVE-2023-7337 - The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL I

CVE-2026-3094 - Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a ma

CVE-2026-2748 - SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued

CVE-2026-2747 - SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating t

CVE-2026-2746 - SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature veri

CVE-2026-27446 - Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache Activ

CVE-2026-27445 - SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature wa

CVE-2026-27444 - SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the em

CVE-2026-27443 - SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MI

CVE-2026-27442 - The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly chec

CVE-2026-27441 - SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption pa

CVE-2026-1236 - The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2025-66168 - Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow

CVE-2026-29120 - The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (

CVE-2026-29119 - International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains

CVE-2026-28778 - International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocum

CVE-2026-28777 - International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `

CVE-2026-28776 - International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcode

CVE-2026-28775 - An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of Internati

CVE-2026-28774 - An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of Inter

CVE-2026-28773 - The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation

CVE-2026-28772 - A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of Inter

CVE-2026-28771 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of Internatio

CVE-2026-2732 - The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due

CVE-2026-2363 - The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_

CVE-2026-28770 - Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in Internatio

CVE-2026-28769 - A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Da

CVE-2026-2025 - The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API end

CVE-2026-3242 - In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Languag

CVE-2026-3241 - In Concrete CMS below version 9.4.8, a stored cross-site scripting (XSS) vulnerability exists in the

CVE-2026-3240 - In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form

CVE-2026-2994 - Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam All

CVE-2026-3452 - Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injecti

CVE-2026-3244 - In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the

CVE-2026-2292 - The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin s

CVE-2026-2289 - The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings

CVE-2026-1980 - The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing aut