CVE-2026-0021 - In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permissi

CVE-2026-0020 - In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent d

CVE-2026-0017 - In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a

CVE-2026-0015 - In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to

CVE-2026-0014 - In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due

CVE-2026-0013 - In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI

CVE-2026-0012 - In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due

CVE-2026-0011 - In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from

CVE-2026-0010 - In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bo

CVE-2026-0008 - In multiple locations, there is a possible privilege escalation due to a confused deputy. This coul

CVE-2026-0007 - In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permiss

CVE-2026-0006 - In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflo

CVE-2026-0005 - In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app

CVE-2025-48654 - In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic

CVE-2025-48653 - In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due t

CVE-2025-48650 - In multiple locations, there is a possible information disclosure due to SQL injection. This could l

CVE-2025-48646 - In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused dep

CVE-2025-48645 - In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper i

CVE-2025-48644 - In multiple locations, there is a possible persistent denial of service due to improper input valida

CVE-2025-48642 - In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in

CVE-2025-48641 - In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This cou

CVE-2025-48636 - In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized

CVE-2025-48635 - In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token le

CVE-2025-48634 - In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing

CVE-2025-48630 - In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due t

CVE-2025-48619 - In multiple functions of ContentProvider.java, there is a possible way for an app with read-only acc

CVE-2025-48613 - In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the origin

CVE-2025-48609 - In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which

CVE-2025-48605 - In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a l

CVE-2025-48602 - In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possib

CVE-2025-48587 - In multiple functions of ProfilingService.java, there is a possible persistent denial of service due

CVE-2025-48585 - In multiple functions of ProfilingService.java, there is a possible persistent denial of service due

CVE-2025-48582 - In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE p

CVE-2025-48579 - In multiple functions of MediaProvider.java, there is a possible external storage write permission b

CVE-2025-48578 - In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_ST

CVE-2025-48577 - In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a r

CVE-2025-48574 - In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept dra

CVE-2025-48568 - In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lea

CVE-2025-48567 - In multiple locations, there is a possible bypass of a file path filter designed to prevent access t

CVE-2025-32313 - In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect boun

CVE-2024-43766 - In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invali

CVE-2024-31328 - In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitr

CVE-2026-3180 - The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is

CVE-2026-3132 - The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution

CVE-2026-26707 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_s

CVE-2026-26706 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_r

CVE-2026-26705 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_p

CVE-2026-26704 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_c

CVE-2026-0655 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-L

CVE-2026-0654 - Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted

CVE-2026-28401 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell

CVE-2026-28399 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticate

CVE-2026-28398 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled

CVE-2026-28397 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments render

CVE-2026-28396 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password re

CVE-2026-28361 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token s

CVE-2026-28360 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view pas

CVE-2026-28359 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticate

CVE-2026-28358 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password fo

CVE-2026-28357 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vu

CVE-2026-28286 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In ve

CVE-2026-26708 - sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage

CVE-2026-26700 - sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admi

CVE-2026-24105 - An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value o

CVE-2026-23865 - An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in vers

CVE-2026-21385 - Memory corruption while using alignments for memory allocation.

CVE-2025-70252 - An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and m

CVE-2025-64427 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In ve

CVE-2025-59603 - Memory Corruption when processing invalid user address with nonstandard buffer address.

CVE-2025-59600 - Memory Corruption when adding user-supplied data without checking available buffer space.

CVE-2025-47386 - Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

CVE-2025-47385 - Memory Corruption when accessing trusted execution environment without proper privilege check.

CVE-2025-47384 - Transient DOS when MAC configures config id greater than supported maximum value.

CVE-2025-47383 - Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

CVE-2025-47381 - Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.

CVE-2025-47379 - Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization bet

CVE-2025-47378 - Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

CVE-2025-47377 - Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

CVE-2025-47376 - Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

CVE-2025-47375 - Memory corruption while handling different IOCTL calls from the user-space simultaneously.

CVE-2025-47373 - Memory Corruption when accessing buffers with invalid length during TA invocation.

CVE-2025-47371 - Transient DOS when an LTE RLC packet with invalid TB is received by UE.

CVE-2026-28412 - Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket se

CVE-2026-28403 - Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket se

CVE-2026-26720 - An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the

CVE-2026-26701 - sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admi

CVE-2026-26699 - sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in

CVE-2026-24112 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by

CVE-2026-24110 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRule

CVE-2026-24101 - An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the conditi

CVE-2026-0689 - In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration

CVE-2025-66880 - Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote

CVE-2025-52998 - Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserializati

CVE-2025-52564 - Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fa

CVE-2025-52563 - Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site s

CVE-2025-52476 - Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site s

CVE-2025-52475 - Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site s

CVE-2025-52470 - Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XS

CVE-2025-52469 - Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the frie

CVE-2025-52468 - Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability

CVE-2025-50199 - Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerabili

CVE-2025-50198 - Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserial

CVE-2025-50197 - Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection

CVE-2025-50196 - Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection

CVE-2025-50195 - Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection

CVE-2025-50194 - Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection

CVE-2025-50193 - Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection

CVE-2026-26703 - sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admi

CVE-2026-26702 - sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admi

CVE-2026-26696 - code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recor

CVE-2026-26695 - code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recor

CVE-2026-26694 - code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_

CVE-2026-24115 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` an

CVE-2026-24114 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lea

CVE-2026-24113 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by

CVE-2026-24111 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by

CVE-2026-24109 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by

CVE-2026-24108 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by

CVE-2026-24107 - An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartit

CVE-2026-23600 - A remote authentication bypass vulnerability  exists in HPE AutoPass License Server (APLS).

CVE-2026-0995 - An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TL

CVE-2025-65465 - A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip ve

CVE-2025-58107 - In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers

CVE-2025-52482 - Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists

CVE-2025-50192 - Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injecti

CVE-2025-50191 - Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injec

CVE-2025-50190 - Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injec

CVE-2025-50189 - Chamilo is a learning management system. Prior to version 1.11.30, the application performs insuffic

CVE-2025-50188 - Chamilo is a learning management system. Prior to version 1.11.30, the application performs insuffic

CVE-2025-50187 - Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is ev

CVE-2025-50186 - Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XS

CVE-2024-50337 - Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone

CVE-2024-47886 - Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserial

CVE-2026-26698 - code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal

CVE-2026-26697 - code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recor

CVE-2026-1628 - Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external

CVE-2026-3432 - On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that

CVE-2026-3431 - On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection paramet

CVE-2025-14532 - DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of an

CVE-2025-12462 - A Blind SQL injection vulnerability has been identified in DobryCMS.  A remote unauthenticated attac

CVE-2025-58406 - The CGM CLININET application respond without essential security HTTP headers, exposing users to clie

CVE-2025-58405 - The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, ne

CVE-2025-58402 - The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper a

CVE-2025-30062 - In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injecti

CVE-2025-30044 - In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/us

CVE-2025-30042 - The CGM CLININET system provides smart card authentication; however, authentication is conducted loc

CVE-2025-30035 - The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access

CVE-2025-10350 - SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD so

CVE-2026-2584 - A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of th

CVE-2026-20445 - In MDDP, there is a possible system crash due to a race condition. This could lead to local denial o

CVE-2026-20444 - In display, there is a possible memory corruption due to a missing bounds check. This could lead to

CVE-2026-20443 - In display, there is a possible memory corruption due to use after free. This could lead to local es

CVE-2026-20442 - In display, there is a possible system crash due to use after free. This could lead to local denial

CVE-2026-20441 - In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to lo

CVE-2026-20440 - In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to lo

CVE-2026-20439 - In imgsys, there is a possible system crash due to use after free. This could lead to local denial o

CVE-2026-20438 - In MAE, there is a possible out of bounds write due to a race condition. This could lead to local es

CVE-2026-20437 - In MAE, there is a possible system crash due to use after free. This could lead to local denial of s

CVE-2026-20436 - In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This

CVE-2026-20435 - In preloader, there is a possible read of device unique identifiers due to a logic error. This could

CVE-2026-20434 - In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20430 - In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could

CVE-2026-20429 - In display, there is a possible out of bounds read due to a missing bounds check. This could lead to

CVE-2026-20428 - In display, there is a possible out of bounds write due to a missing bounds check. This could lead t

CVE-2026-20427 - In display, there is a possible escalation of privilege due to a missing bounds check. This could le

CVE-2026-20426 - In display, there is a possible out of bounds write due to a missing bounds check. This could lead t

CVE-2026-20425 - In display, there is a possible out of bounds write due to a missing bounds check. This could lead t

CVE-2026-20424 - In display, there is a possible out of bounds read due to a missing bounds check. This could lead to

CVE-2026-20423 - In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This coul

CVE-2026-20416 - In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to l

CVE-2026-3422 - U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unau

CVE-2026-3413 - A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects u

CVE-2026-3000 - IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowi

CVE-2026-2999 - IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowi

CVE-2025-15597 - A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of t

CVE-2026-3412 - A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unkno

CVE-2026-3411 - A security vulnerability has been detected in itsourcecode University Management System 1.0. Affecte

CVE-2026-3410 - A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulne

CVE-2026-3409 - A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib

CVE-2026-3408 - A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExpli

CVE-2026-3407 - A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::

CVE-2026-3406 - A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an u

CVE-2026-3405 - A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown

CVE-2026-3404 - A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file

CVE-2026-3403 - A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects

CVE-2026-3402 - A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0.

CVE-2026-3401 - A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. T

CVE-2026-3400 - A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some

CVE-2026-3399 - A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function

CVE-2026-3398 - A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the

CVE-2026-3395 - A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file applica

CVE-2026-3394 - A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::

CVE-2026-3393 - A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element

CVE-2026-3392 - A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function

CVE-2026-3391 - A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_

CVE-2026-3390 - A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patc

CVE-2026-3389 - A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_

CVE-2026-3388 - A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQComp

CVE-2026-3387 - A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function

CVE-2026-3386 - A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function

CVE-2026-3385 - A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of

CVE-2026-3384 - A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chai

CVE-2026-3383 - A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxe

CVE-2026-3382 - A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function

CVE-2026-3380 - A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the

CVE-2026-3379 - A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSe

CVE-2026-3378 - A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /g

CVE-2026-3377 - A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeU

CVE-2026-3376 - A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is

CVE-2026-28562 - wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where

CVE-2026-28561 - wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators

CVE-2026-28560 - wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injectio

CVE-2026-28559 - wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated use

CVE-2026-28558 - wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated s

CVE-2026-28557 - wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated user

CVE-2026-28556 - wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscri

CVE-2026-28555 - wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscri

CVE-2026-28554 - wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscri

CVE-2026-3010 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-2844 - Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configurat

CVE-2025-13673 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injec

CVE-2026-2471 - The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to

CVE-2026-1542 - The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could a

CVE-2026-2647 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-28517 - openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in r

CVE-2026-28516 - openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::U

CVE-2026-28515 - openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in i

CVE-2026-28426 - Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 an

CVE-2026-28425 - Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 an

CVE-2026-28424 - Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 an

CVE-2026-28423 - Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 an

CVE-2026-27759 - Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 con

CVE-2026-28422 - Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow

CVE-2026-28421 - Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overf

CVE-2026-28420 - Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer over

CVE-2026-28419 - Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer unde

CVE-2026-28418 - Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer over

CVE-2026-28417 - Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection

CVE-2026-28416 - Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Se

CVE-2026-28415 - Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the

CVE-2026-28414 - Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio

CVE-2026-28411 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `ex

CVE-2026-28409 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code E

CVE-2026-28408 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_

CVE-2026-28407 - malcontent is software for discovering supply-chain compromises through context, differential analys

CVE-2026-28406 - kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes clust

CVE-2026-28402 - nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the A

CVE-2026-28400 - Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Versio

CVE-2026-27939 - Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 an

CVE-2026-27167 - Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 a