CVE-2019-25502 - Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attacker

CVE-2019-25501 - Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate databa

CVE-2019-25500 - Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25499 - Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25498 - Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2026-3520 - Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior t

CVE-2026-29069 - Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendA

CVE-2026-28784 - Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a m

CVE-2026-28783 - Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS imple

CVE-2026-28782 - Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate"

CVE-2026-28781 - Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creat

CVE-2026-28697 - Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticate

CVE-2026-28696 - Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL dir

CVE-2026-28695 - Craft is a content management system (CMS). There is an authenticated admin RCE in Craft CMS 5.8.21

CVE-2026-23812 - A vulnerability has been identified where an attacker connecting to an access point as a standard wi

CVE-2026-23811 - A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) commu

CVE-2026-23810 - A vulnerability in the packet processing logic may allow an authenticated attacker to craft and tran

CVE-2026-23809 - A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that

CVE-2026-23808 - A vulnerability has been identified in a standardized wireless roaming protocol that could enable a

CVE-2026-23601 - A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A ma

CVE-2026-22760 - Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual

CVE-2026-20005 - Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could a

CVE-2025-69969 - A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communicatio

CVE-2025-66944 - SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to ex

CVE-2025-66678 - An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.

CVE-2025-15558 - Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a director

CVE-2026-26673 - An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote at

CVE-2026-26514 - An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute modul

CVE-2026-26478 - A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389

CVE-2026-22285 - Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Passwor

CVE-2025-62879 - A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of

CVE-2025-59787 - 2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error respo

CVE-2025-59786 - 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple

CVE-2025-59785 - Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker

CVE-2025-59784 - 2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent

CVE-2025-59783 - API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient

CVE-2025-12801 - A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux,

CVE-2026-23238 - In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize()

CVE-2026-23237 - In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop:

CVE-2026-23236 - In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy i

CVE-2026-23235 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access

CVE-2026-23234 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_

CVE-2026-23233 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wron

CVE-2026-23232 - In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio w

CVE-2025-71238 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() c

CVE-2025-70342 - erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path

CVE-2025-70341 - Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to writ

CVE-2026-3103 - A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0

CVE-2025-40896 - The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malic

CVE-2025-40895 - A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to im

CVE-2025-40894 - A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality du

CVE-2026-25907 - Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vu

CVE-2026-24732 - Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Re

CVE-2026-23231 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-a

CVE-2026-22270 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21426 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21425 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21424 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21423 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-21422 - Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, co

CVE-2026-21421 - Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains a

CVE-2026-3058 - The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in

CVE-2026-3056 - The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2026-2355 - The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2026-1674 - The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder p

CVE-2026-3439 - A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allo

CVE-2026-1706 - The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting vi

CVE-2023-7337 - The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL I

CVE-2026-3094 - Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a ma

CVE-2026-2748 - SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued

CVE-2026-2747 - SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating t

CVE-2026-2746 - SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature veri

CVE-2026-27446 - Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache Activ

CVE-2026-27445 - SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature wa

CVE-2026-27444 - SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the em

CVE-2026-27443 - SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MI

CVE-2026-27442 - The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly chec

CVE-2026-27441 - SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption pa

CVE-2026-1236 - The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2025-66168 - Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow

CVE-2026-29120 - The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (

CVE-2026-29119 - International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains

CVE-2026-28778 - International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocum

CVE-2026-28777 - International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `

CVE-2026-28776 - International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcode

CVE-2026-28775 - An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of Internati

CVE-2026-28774 - An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of Inter

CVE-2026-28773 - The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation

CVE-2026-28772 - A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of Inter

CVE-2026-28771 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of Internatio

CVE-2026-2732 - The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due

CVE-2026-2363 - The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_

CVE-2026-28770 - Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in Internatio

CVE-2026-28769 - A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Da

CVE-2026-2025 - The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API end

CVE-2026-3242 - In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Languag

CVE-2026-3241 - In Concrete CMS below version 9.4.8, a stored cross-site scripting (XSS) vulnerability exists in the

CVE-2026-3240 - In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form

CVE-2026-2994 - Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam All

CVE-2026-3452 - Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injecti

CVE-2026-3244 - In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the

CVE-2026-2292 - The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin s

CVE-2026-2289 - The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings

CVE-2026-1980 - The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing aut

CVE-2026-1945 - The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_nam

CVE-2026-1651 - The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the

CVE-2026-1273 - The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vu

CVE-2026-3266 - Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerabilit

CVE-2026-3076 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2363. Reason: T

CVE-2026-28289 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vu

CVE-2026-27981 - HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limite

CVE-2026-27971 - Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an uns

CVE-2026-27932 - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encry

CVE-2026-27905 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-27622 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-27601 - Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual

CVE-2026-27600 - HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionalit

CVE-2026-26279 - Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input val

CVE-2026-26272 - HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scrip

CVE-2026-26266 - AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scr

CVE-2026-25590 - The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collec

CVE-2026-3487 - A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unk

CVE-2026-3224 - Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server

CVE-2026-3204 - Improper input validation in the error message page in Devolutions Server 2025.3.16 and earlier all

CVE-2026-3130 - Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an au

CVE-2026-2590 - Improper enforcement of the Disable password saving in vaults setting in the connection entry comp

CVE-2026-27012 - OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.

CVE-2026-25146 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-24898 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-24848 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-24415 - OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTA

CVE-2026-21866 - Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored

CVE-2026-1775 - The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an u

CVE-2026-3486 - A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability aff

CVE-2026-3485 - A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the componen

CVE-2026-25906 - Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Li

CVE-2026-24502 - Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path

CVE-2026-1713 - IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.3

CVE-2026-1567 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerabili

CVE-2025-70240 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70239 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70234 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-14480 - IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow

CVE-2025-14456 - IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1

CVE-2025-13688 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute

CVE-2025-13687 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute

CVE-2025-13686 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute

CVE-2026-3494 - In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_even

CVE-2026-3484 - A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0

CVE-2026-2915 - HP System Event Utility might allow denial of service with elevated arbitrary file writes. This pote

CVE-2026-2606 - IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7

CVE-2026-29022 - dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow

CVE-2026-26892 - Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manag

CVE-2026-26891 - Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manag

CVE-2026-26889 - Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-26888 - Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-26887 - Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-1265 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive In

CVE-2026-0869 - Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operati

CVE-2025-70241 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70237 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-70236 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/form

CVE-2025-66945 - A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP

CVE-2025-36364 - IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by

CVE-2025-36363 - IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a re

CVE-2025-14923 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Serve

CVE-2025-14604 - IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 -

CVE-2025-13734 - IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to

CVE-2025-13616 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP res

CVE-2025-13490 - IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions

CVE-2024-55027 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext i

CVE-2024-55026 - An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows un

CVE-2024-55025 - Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 a

CVE-2024-55024 - An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb

CVE-2024-55023 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption k

CVE-2024-55022 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command

CVE-2024-55021 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in

CVE-2024-55020 - A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web

CVE-2024-55019 - Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version

CVE-2026-3437 - An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell

CVE-2026-26890 - Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-0540 - DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site

CVE-2025-69765 - Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list param

CVE-2025-67840 - Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ra

CVE-2025-63912 - Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptogra

CVE-2025-63911 - Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authentic

CVE-2025-63910 - An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Releas

CVE-2025-63909 - Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration

CVE-2025-15599 - DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability t

CVE-2023-31044 - An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote a

CVE-2021-35486 - A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-202101180421502

CVE-2021-35485 - The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an au

CVE-2021-35484 - Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-bas

CVE-2021-35483 - The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an au

CVE-2026-3136 - An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prio

CVE-2026-26886 - Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/se

CVE-2026-26885 - Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/

CVE-2026-26884 - Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/adm

CVE-2026-26883 - Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/cla

CVE-2025-62817 - An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2

CVE-2025-62816 - An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2

CVE-2025-66680 - An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allo

CVE-2025-66363 - An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memor

CVE-2025-62815 - An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL

CVE-2025-62814 - An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL

CVE-2026-3465 - A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerabili

CVE-2026-2637 - iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper d

CVE-2026-28518 - OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability

CVE-2026-25674 - An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race conditio

CVE-2026-25673 - An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_

CVE-2026-24103 - A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.0

CVE-2026-22891 - A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Bios

CVE-2026-20777 - A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Bi

CVE-2025-70821 - renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component

CVE-2025-64736 - An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project li

CVE-2025-57622 - An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /ca

CVE-2025-52365 - A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows

CVE-2026-3344 - A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem

CVE-2026-3343 - A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of

CVE-2026-3342 - An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged

CVE-2026-3351 - Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allow

CVE-2026-3463 - A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::de

CVE-2025-59060 - Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apa

CVE-2025-59059 - Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versi

CVE-2026-2568 - The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPre

CVE-2026-22886 - OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication.

CVE-2025-15598 - A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded

CVE-2026-1876 - Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F S

CVE-2026-1875 - Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F S

CVE-2026-1874 - Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC

CVE-2025-15595 - Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.

CVE-2025-12345 - A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected el

CVE-2026-3455 - Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the

CVE-2026-3449 - Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scop

CVE-2026-1492 - The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profi

CVE-2026-20801 - Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwh

CVE-2026-20757 - Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operato

CVE-2025-47147 - Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android

CVE-2026-2628 - The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to a

CVE-2026-2448 - The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all ver

CVE-2026-2269 - The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for

CVE-2026-1487 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-0754 - An embedded test key and certificate could be extracted from a Poly Voice device using specialized r

CVE-2026-1566 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-1336 - The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unaut

CVE-2026-2583 - The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta`

CVE-2026-3338 - Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass s

CVE-2026-3337 - Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to pote

CVE-2026-3336 - Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass

CVE-2026-2256 - A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, al