CVE-2026-3240 - In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form

CVE-2026-2994 - Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam All

CVE-2026-3452 - Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injecti

CVE-2026-3244 - In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the

CVE-2026-2292 - The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin s

CVE-2026-2289 - The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings

CVE-2026-1980 - The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing aut

CVE-2026-1945 - The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_nam

CVE-2026-1651 - The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the

CVE-2026-1273 - The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vu

CVE-2026-3266 - Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerabilit

CVE-2026-3076 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2363. Reason: T

CVE-2026-28289 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vu

CVE-2026-27981 - HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limite

CVE-2026-27971 - Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an uns

CVE-2026-27932 - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encry

CVE-2026-27905 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-27622 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-27601 - Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual

CVE-2026-27600 - HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionalit

CVE-2026-26279 - Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input val

CVE-2026-26272 - HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scrip

CVE-2026-26266 - AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scr

CVE-2026-25590 - The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collec

CVE-2026-3487 - A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unk

CVE-2026-3224 - Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server

CVE-2026-3204 - Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier all

CVE-2026-3130 - Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an au

CVE-2026-2590 - Improper enforcement of the Disable password saving in vaults setting in the connection entry comp

CVE-2026-27012 - OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.

CVE-2026-25146 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-24898 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-24848 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-24415 - OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTA

CVE-2026-21866 - Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored

CVE-2026-1775 - The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an u

CVE-2026-3486 - A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability aff

CVE-2026-3485 - A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the componen

CVE-2026-25906 - Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Li

CVE-2026-24502 - Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path

CVE-2026-1713 - IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.3

CVE-2026-1567 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerabili

CVE-2025-70240 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70239 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70234 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-14480 - IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow

CVE-2025-14456 - IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1

CVE-2025-13688 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute

CVE-2025-13687 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute

CVE-2025-13686 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute

CVE-2026-3494 - In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_even

CVE-2026-3484 - A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0

CVE-2026-2915 - HP System Event Utility might allow denial of service with elevated arbitrary file writes. This pote

CVE-2026-2606 - IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7

CVE-2026-29022 - dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow

CVE-2026-26892 - Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manag

CVE-2026-26891 - Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manag

CVE-2026-26889 - Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-26888 - Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-26887 - Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-1265 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive In

CVE-2026-0869 - Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operati

CVE-2025-70241 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70237 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70236 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-66945 - A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP

CVE-2025-36364 - IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by

CVE-2025-36363 - IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a re

CVE-2025-14923 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Serve

CVE-2025-14604 - IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 -

CVE-2025-13734 - IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to

CVE-2025-13616 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP res

CVE-2025-13490 - IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions

CVE-2024-55027 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext i

CVE-2024-55026 - An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows un

CVE-2024-55025 - Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 a

CVE-2024-55024 - An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb

CVE-2024-55023 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption k

CVE-2024-55022 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command

CVE-2024-55021 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in

CVE-2024-55020 - A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web

CVE-2024-55019 - Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version

CVE-2026-3437 - An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell

CVE-2026-26890 - Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-0540 - DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site

CVE-2025-69765 - Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list param

CVE-2025-67840 - Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ra

CVE-2025-63912 - Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptogra

CVE-2025-63911 - Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authentic

CVE-2025-63910 - An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Releas

CVE-2025-63909 - Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration

CVE-2025-15599 - DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability t

CVE-2023-31044 - An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote a

CVE-2021-35486 - A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-202101180421502

CVE-2021-35485 - The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an au

CVE-2021-35484 - Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-bas

CVE-2021-35483 - The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an au

CVE-2026-3136 - An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prio

CVE-2026-26886 - Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/se

CVE-2026-26885 - Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/

CVE-2026-26884 - Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/adm

CVE-2026-26883 - Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/cla

CVE-2025-62817 - An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2

CVE-2025-62816 - An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2

CVE-2025-66680 - An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allo

CVE-2025-66363 - An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memor

CVE-2025-62815 - An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL

CVE-2025-62814 - An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL

CVE-2026-3465 - A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerabili

CVE-2026-2637 - iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper d

CVE-2026-28518 - OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability

CVE-2026-25674 - An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race conditio

CVE-2026-25673 - An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_

CVE-2026-24103 - A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.0

CVE-2026-22891 - A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Bios

CVE-2026-20777 - A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Bi

CVE-2025-70821 - renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component

CVE-2025-64736 - An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project li

CVE-2025-57622 - An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /ca

CVE-2025-52365 - A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows

CVE-2026-3344 - A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem

CVE-2026-3343 - A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of

CVE-2026-3342 - An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged

CVE-2026-3351 - Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allow

CVE-2026-3463 - A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::de

CVE-2025-59060 - Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apa

CVE-2025-59059 - Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versi

CVE-2026-2568 - The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPre

CVE-2026-22886 - OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication.

CVE-2025-15598 - A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded

CVE-2026-1876 - Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F S

CVE-2026-1875 - Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F S

CVE-2026-1874 - Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC

CVE-2025-15595 - Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.

CVE-2025-12345 - A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected el

CVE-2026-3455 - Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the

CVE-2026-3449 - Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scop

CVE-2026-1492 - The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profi

CVE-2026-20801 - Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwh

CVE-2026-20757 - Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operato

CVE-2025-47147 - Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android

CVE-2026-2628 - The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to a

CVE-2026-2448 - The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all ver

CVE-2026-2269 - The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for

CVE-2026-1487 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-0754 - An embedded test key and certificate could be extracted from a Poly Voice device using specialized r

CVE-2026-1566 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-1336 - The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unaut

CVE-2026-2583 - The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta`

CVE-2026-3338 - Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass s

CVE-2026-3337 - Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to pote

CVE-2026-3336 - Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass

CVE-2026-2256 - A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, al

CVE-2026-27631 - Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP

CVE-2026-27596 - Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP

CVE-2026-26713 - code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-o

CVE-2026-26712 - code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admi

CVE-2026-25884 - Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP

CVE-2026-25477 - AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, the

CVE-2026-21882 - theshit is a command-line utility that automatically detects and fixes common mistakes in shell comm

CVE-2026-26711 - code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.

CVE-2026-26710 - code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-ord

CVE-2026-26709 - code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_searc

CVE-2026-21853 - AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, the

CVE-2026-0047 - In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access pri

CVE-2026-0038 - In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a l

CVE-2026-0037 - In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the co

CVE-2026-0035 - In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access

CVE-2026-0034 - In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy des

CVE-2026-0032 - In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error

CVE-2026-0031 - In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer ov

CVE-2026-0030 - In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an

CVE-2026-0029 - In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code.

CVE-2026-0028 - In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integ

CVE-2026-0027 - In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free

CVE-2026-0026 - In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any sy

CVE-2026-0025 - In hasImage of Notification.java, there is a possible way to reveal information across users due to

CVE-2026-0024 - In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reve

CVE-2026-0023 - In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to upda

CVE-2026-0021 - In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permissi

CVE-2026-0020 - In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent d

CVE-2026-0017 - In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a

CVE-2026-0015 - In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to

CVE-2026-0014 - In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due

CVE-2026-0013 - In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI

CVE-2026-0012 - In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due

CVE-2026-0011 - In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from

CVE-2026-0010 - In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bo

CVE-2026-0008 - In multiple locations, there is a possible privilege escalation due to a confused deputy. This coul

CVE-2026-0007 - In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permiss

CVE-2026-0006 - In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflo

CVE-2026-0005 - In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app

CVE-2025-48654 - In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic

CVE-2025-48653 - In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due t

CVE-2025-48650 - In multiple locations, there is a possible information disclosure due to SQL injection. This could l

CVE-2025-48646 - In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused dep

CVE-2025-48645 - In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper i

CVE-2025-48644 - In multiple locations, there is a possible persistent denial of service due to improper input valida

CVE-2025-48642 - In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in

CVE-2025-48641 - In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This cou

CVE-2025-48636 - In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized

CVE-2025-48635 - In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token le

CVE-2025-48634 - In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing

CVE-2025-48630 - In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due t

CVE-2025-48619 - In multiple functions of ContentProvider.java, there is a possible way for an app with read-only acc

CVE-2025-48613 - In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the origin

CVE-2025-48609 - In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which

CVE-2025-48605 - In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a l

CVE-2025-48602 - In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possib

CVE-2025-48587 - In multiple functions of ProfilingService.java, there is a possible persistent denial of service due

CVE-2025-48585 - In multiple functions of ProfilingService.java, there is a possible persistent denial of service due

CVE-2025-48582 - In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE p

CVE-2025-48579 - In multiple functions of MediaProvider.java, there is a possible external storage write permission b

CVE-2025-48578 - In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_ST

CVE-2025-48577 - In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a r

CVE-2025-48574 - In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept dra

CVE-2025-48568 - In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lea

CVE-2025-48567 - In multiple locations, there is a possible bypass of a file path filter designed to prevent access t

CVE-2025-32313 - In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect boun

CVE-2024-43766 - In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invali

CVE-2024-31328 - In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitr

CVE-2026-3180 - The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is

CVE-2026-3132 - The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution

CVE-2026-26707 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_s

CVE-2026-26706 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_r

CVE-2026-26705 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_p

CVE-2026-26704 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_c

CVE-2026-0655 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-L

CVE-2026-0654 - Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted

CVE-2026-28401 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell

CVE-2026-28399 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticate

CVE-2026-28398 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled

CVE-2026-28397 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments render

CVE-2026-28396 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password re

CVE-2026-28361 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token s

CVE-2026-28360 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view pas

CVE-2026-28359 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticate

CVE-2026-28358 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password fo

CVE-2026-28357 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vu

CVE-2026-28286 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In ve

CVE-2026-26708 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-26700 - sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admi

CVE-2026-24105 - An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value o

CVE-2026-23865 - An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in vers

CVE-2026-21385 - Memory corruption while using alignments for memory allocation.

CVE-2025-70252 - An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and m

CVE-2025-64427 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In ve

CVE-2025-59603 - Memory Corruption when processing invalid user address with nonstandard buffer address.

CVE-2025-59600 - Memory Corruption when adding user-supplied data without checking available buffer space.

CVE-2025-47386 - Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.