CVE-2026-29044 - EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is

CVE-2026-27828 - EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_s

CVE-2026-27816 - EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::hand

CVE-2026-27815 - EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::hand

CVE-2026-27814 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) trig

CVE-2026-27813 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to us

CVE-2026-26074 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to po

CVE-2026-26073 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to po

CVE-2026-4897 - A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessiv

CVE-2026-33397 - The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branc

CVE-2026-30162 - Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field.

CVE-2026-29976 - Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker t

CVE-2026-29934 - A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0

CVE-2026-29933 - A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7

CVE-2026-28298 - SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulne

CVE-2026-28297 - SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulne

CVE-2026-27664 - A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.1

CVE-2026-27663 - A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.1

CVE-2026-26072 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `s

CVE-2026-26071 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `s

CVE-2026-26070 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `s

CVE-2026-26008 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (

CVE-2026-23995 - EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in

CVE-2026-22790 - EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payloa

CVE-2026-22593 - EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux

CVE-2026-4877 - A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affect

CVE-2026-4876 - A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted eleme

CVE-2026-33413 - etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42

CVE-2026-33396 - OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-p

CVE-2026-33343 - etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42

CVE-2026-2511 - The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL I

CVE-2026-2389 - The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-2231 - The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pa

CVE-2026-1032 - The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio

CVE-2025-55264 - HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attac

CVE-2025-55263 - HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to

CVE-2025-55262 - HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability

CVE-2025-55261 - HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker

CVE-2019-25650 - River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability t

CVE-2019-25649 - River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation c

CVE-2019-25648 - MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to cr

CVE-2018-25219 - PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulne

CVE-2018-25218 - PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vu

CVE-2018-25217 - PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allo

CVE-2018-25216 - AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the

CVE-2018-25215 - Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that all

CVE-2018-25214 - MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the app

CVE-2018-25213 - Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allow

CVE-2018-25212 - Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception

CVE-2018-25211 - Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers t

CVE-2026-4887 - A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an of

CVE-2026-4875 - A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected eleme

CVE-2026-1961 - A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Fo

CVE-2025-55277 - HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an

CVE-2025-55276 - HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a cleare

CVE-2025-55275 - HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker c

CVE-2025-55274 - HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfiguratio

CVE-2025-55273 - HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using

CVE-2025-55272 - HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights int

CVE-2025-55271 - HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how t

CVE-2025-55270 - HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject exec

CVE-2025-55269 - HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for att

CVE-2025-55268 - HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spa

CVE-2025-55267 - HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload

CVE-2025-55266 - HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's ses

CVE-2025-55265 - HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to

CVE-2025-41359 - Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecti

CVE-2025-41027 - Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an at

CVE-2025-41026 - Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an at

CVE-2025-41368 - Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in

CVE-2018-25210 - WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the en

CVE-2018-25209 - OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthe

CVE-2018-25208 - qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract da

CVE-2018-25207 - Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that

CVE-2018-25206 - KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands

CVE-2018-25205 - ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers

CVE-2018-25204 - Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to byp

CVE-2018-25203 - Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated atta

CVE-2018-25202 - SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database qu

CVE-2018-25201 - School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login function

CVE-2018-25195 - Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that

CVE-2018-25185 - Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attac

CVE-2018-25183 - Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attacker

CVE-2026-4809 - plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an appli

CVE-2026-4274 - Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail t

CVE-2026-24068 - The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConn

CVE-2026-23398 - In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer derefere

CVE-2026-23397 - In the Linux kernel, the following vulnerability has been resolved: nfnetlink_osf: validate individ

CVE-2026-23396 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref

CVE-2026-4862 - A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue

CVE-2026-4263 - Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private m

CVE-2026-4262 - Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private m

CVE-2026-4861 - A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function

CVE-2026-4860 - A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the funct

CVE-2026-4874 - A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSR

CVE-2026-4850 - A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unkno

CVE-2026-4849 - A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown f

CVE-2026-4848 - A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function

CVE-2026-4847 - A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown fun

CVE-2026-4747 - Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This

CVE-2026-4652 - On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CON

CVE-2026-4247 - When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes

CVE-2026-32680 - The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation fold

CVE-2026-28760 - The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load ce

CVE-2026-1890 - The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowi

CVE-2026-1430 - The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, w

CVE-2025-15488 - The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution du

CVE-2025-15433 - The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to d

CVE-2026-4846 - A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknow

CVE-2026-4845 - A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the fil

CVE-2026-1206 - The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensi

CVE-2026-4844 - A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects so

CVE-2026-4842 - A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulner

CVE-2026-4841 - A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unk

CVE-2026-4840 - A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue i

CVE-2026-4389 - The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cr

CVE-2026-4331 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthoriz

CVE-2026-4329 - The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-4281 - The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization

CVE-2026-4278 - The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2026-33201 - Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulner

CVE-2026-2931 - The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versio

CVE-2026-4839 - A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown f

CVE-2026-4838 - A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown

CVE-2026-4335 - The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-4075 - The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-3328 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via dese

CVE-2026-1986 - The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is v

CVE-2026-4836 - A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unkn

CVE-2026-4835 - A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an un

CVE-2025-15101 - A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interfac

CVE-2014-125112 - Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Pla

CVE-2026-4833 - A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compil

CVE-2026-4831 - A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the fi

CVE-2026-4484 - The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,

CVE-2026-4830 - A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the

CVE-2026-33942 - Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to

CVE-2026-33526 - Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vul

CVE-2026-33515 - Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid

CVE-2026-33287 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version

CVE-2026-33285 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version

CVE-2026-33183 - Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version

CVE-2026-33182 - Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version

CVE-2026-32748 - Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource dur

CVE-2026-4826 - A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability

CVE-2026-4758 - The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient

CVE-2026-34056 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-34055 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-34053 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-34051 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33934 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33933 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33932 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33931 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33918 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33917 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33915 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33914 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-30892 - crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the

CVE-2026-4825 - A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown

CVE-2026-33913 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33912 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33911 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33910 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33909 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33348 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32120 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-29187 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2025-2535 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-4824 - A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue

CVE-2026-4823 - A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability i

CVE-2025-36187 - IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0

CVE-2025-14684 - IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorize

CVE-2026-4822 - A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown fu

CVE-2026-33249 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Star

CVE-2026-33248 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33223 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33222 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-30976 - Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950,

CVE-2026-30975 - Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authenticatio

CVE-2026-2485 - IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scrip

CVE-2026-2484 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure v

CVE-2026-2483 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. T

CVE-2026-1561 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve

CVE-2026-1262 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure

CVE-2026-1015 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request for

CVE-2026-1014 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive i

CVE-2025-64648 - IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain

CVE-2025-64647 - IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow

CVE-2025-64646 - IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory du

CVE-2025-36440 - IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to miss

CVE-2025-36438 - IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to

CVE-2025-36422 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer i

CVE-2025-36258 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and othe

CVE-2025-14974 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Obj

CVE-2025-14917 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve

CVE-2025-14915 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve

CVE-2025-14912 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request for

CVE-2025-14810 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after priv

CVE-2025-14808 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensit

CVE-2025-14807 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection,

CVE-2026-33247 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33246 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The

CVE-2026-33219 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33218 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33217 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33216 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-29785 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-27889 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Star

CVE-2025-70888 - An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate

CVE-2025-14790 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensit

CVE-2025-12708 - IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local us

CVE-2026-33809 - A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, c

CVE-2026-33751 - n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1,

CVE-2026-33749 - n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1,

CVE-2026-33724 - n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control

CVE-2026-33722 - n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authent

CVE-2026-33720 - n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_

CVE-2026-27602 - Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/

CVE-2026-1001 - Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Har

CVE-2025-70952 - pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, wher

CVE-2025-70887 - An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the s

CVE-2026-33713 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26,

CVE-2026-33696 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27,

CVE-2026-33665 - n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP a

CVE-2026-33663 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27,

CVE-2026-33660 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26,

CVE-2026-30587 - Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and

CVE-2026-27496 - n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, a

CVE-2025-67030 - Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in pl

CVE-2026-3988 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9

CVE-2026-3857 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9

CVE-2026-34085 - fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, lead

CVE-2026-32573 - Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB T

CVE-2026-32567 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icop

CVE-2026-32562 - Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting In

CVE-2026-32546 - Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting

CVE-2026-32545 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32544 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32542 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32541 - Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manag

CVE-2026-32540 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32539 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32538 - Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer

CVE-2026-32537 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32536 - Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-p

CVE-2026-32535 - Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ti

CVE-2026-32534 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32533 - Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allo

CVE-2026-32532 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i