CVE-2026-3255 - HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand()

CVE-2026-28354 - ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item

CVE-2026-28231 - pillow_heif is a Python library for working with HEIF images and plugin for Pillow. Prior to version

CVE-2026-27947 - Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to

CVE-2026-27836 - phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoi

CVE-2026-27832 - Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to

CVE-2026-27824 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-27810 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-27793 - Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to v

CVE-2026-27792 - Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing

CVE-2026-27734 - Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoin

CVE-2026-27707 - Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting i

CVE-2026-27583 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-27582 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-27581 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-27580 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-27573 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-27501 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-27500 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-27201 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-27200 - Rejected reason: Further research determined the situation described is not a vulnerability.

CVE-2026-26997 - ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authent

CVE-2026-22717 - Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor

CVE-2026-2880 - A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypas

CVE-2026-27758 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vuln

CVE-2026-27757 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability t

CVE-2026-27756 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting

CVE-2026-27755 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generat

CVE-2026-27754 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash

CVE-2026-22716 - Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an acto

CVE-2026-27753 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerab

CVE-2026-27752 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over

CVE-2026-27751 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerabili

CVE-2026-26862 - CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting (XSS) v

CVE-2026-26861 - CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via window.

CVE-2026-21619 - Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core

CVE-2019-25497 - osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25496 - osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25495 - osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to m

CVE-2019-25494 - Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows u

CVE-2019-25493 - Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipu

CVE-2019-25492 - Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipu

CVE-2019-25491 - Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipu

CVE-2019-25490 - Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipul

CVE-2019-25489 - Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipul

CVE-2026-2293 - A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization

CVE-2026-25147 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-24488 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2025-69437 - PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript

CVE-2026-3304 - Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior t

CVE-2026-3277 - The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stor

CVE-2026-2750 - Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux

CVE-2026-2749 - Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket mod

CVE-2026-2359 - Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior t

CVE-2026-3327 - Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicio

CVE-2026-3223 - Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google We

CVE-2026-2751 - Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Ce

CVE-2025-15498 - Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a l

CVE-2025-10990 - A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) pa

CVE-2025-11950 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-11252 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-2831 - The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in al

CVE-2026-24352 - PluXml CMS allows a user's session identifier to be set before authentication. The value of this ses

CVE-2026-24351 - PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing

CVE-2026-24350 - PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker ca

CVE-2025-11251 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-1434 - Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious

CVE-2026-21660 - Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password

CVE-2026-21659 - Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) v

CVE-2026-1305 - The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versi

CVE-2025-14142 - The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bu

CVE-2024-10938 - The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files

CVE-2026-2383 - The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cu

CVE-2026-2362 - The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via

CVE-2026-2252 - An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forg

CVE-2026-2251 - Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox

CVE-2026-21658 - Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection')

CVE-2026-21657 - Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Co

CVE-2026-21656 - Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Co

CVE-2026-21654 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi

CVE-2026-1627 - An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to p

CVE-2026-1626 - An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to poten

CVE-2025-12150 - A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacke

CVE-2026-27776 - IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This c

CVE-2026-0980 - A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of R

CVE-2026-0871 - A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only a

CVE-2025-9909 - A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This v

CVE-2025-9908 - A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream

CVE-2025-9907 - A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream

CVE-2025-9572 - n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond

CVE-2025-13327 - A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during packa

CVE-2026-3302 - A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this iss

CVE-2025-15567 - Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.

CVE-2025-15509 - The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some informa

CVE-2025-14149 - The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2025-14040 - The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-S

CVE-2025-12981 - The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and incl

CVE-2026-3301 - A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnera

CVE-2026-3293 - A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function S

CVE-2026-28372 - telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing sy

CVE-2026-27653 - The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrec

CVE-2026-3292 - A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll

CVE-2026-3289 - A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetada

CVE-2026-3287 - A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listP

CVE-2026-28370 - In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed t

CVE-2026-1558 - The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR)

CVE-2026-1442 - Since the encryption algorithm used to protect firmware updates is itself encrypted using key materi

CVE-2026-3286 - A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element i

CVE-2026-2428 - The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of

CVE-2026-28364 - In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/

CVE-2026-28363 - In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long

CVE-2026-3285 - A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function

CVE-2026-3284 - A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the

CVE-2026-3283 - A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_

CVE-2026-3282 - A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_

CVE-2026-3281 - A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the

CVE-2026-3275 - A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of th

CVE-2026-3274 - A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function fr

CVE-2026-3037 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an auth

CVE-2026-25721 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut

CVE-2026-25196 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut

CVE-2026-25105 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an

CVE-2026-25037 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an au

CVE-2026-24498 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIM

CVE-2026-24497 - Stack-based Buffer Overflow vulnerability in SimTech Systems, Inc. ThinkWise allows Remote Code Incl

CVE-2026-24452 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an au

CVE-2026-23702 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut

CVE-2026-22877 - An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthen

CVE-2026-20797 - A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling

CVE-2026-20764 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut

CVE-2026-3273 - A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function

CVE-2026-27647 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows m

CVE-2026-27028 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthoriz

CVE-2026-26305 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication

CVE-2026-26290 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows m

CVE-2026-25774 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-25195 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an

CVE-2026-25111 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut

CVE-2026-25109 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an a

CVE-2026-25085 - A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return

CVE-2026-24695 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an

CVE-2026-24689 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an au

CVE-2026-24663 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unau

CVE-2026-24517 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an a

CVE-2026-24445 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication

CVE-2026-22878 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-21718 - An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabli

CVE-2026-21389 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut

CVE-2026-20910 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut

CVE-2026-20902 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an

CVE-2026-20742 - An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an au

CVE-2021-4456 - Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have

CVE-2026-3272 - A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of

CVE-2026-3271 - A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the

CVE-2026-3270 - A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup

CVE-2026-3269 - A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handl

CVE-2026-2597 - Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the X

CVE-2026-27773 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-27772 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthoriz

CVE-2026-27767 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthoriz

CVE-2026-27652 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows m

CVE-2026-25945 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication

CVE-2026-25851 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthoriz

CVE-2026-25778 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows m

CVE-2026-25711 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows m

CVE-2026-25114 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication

CVE-2026-25113 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication

CVE-2026-24731 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthoriz

CVE-2026-22890 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-20895 - The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows m

CVE-2026-20792 - The WebSocket Application Programming Interface lacks restrictions on the number of authentication

CVE-2026-20791 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-20781 - WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthoriz

CVE-2026-20733 - Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

CVE-2026-1585 - An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.

CVE-2025-40932 - Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX genera

CVE-2026-3268 - A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown

CVE-2026-3265 - A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1.

CVE-2026-3264 - A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1.

CVE-2026-28280 - osctrl is an osquery management solution. Prior to version 0.5.0, a stored cross-site scripting (XSS

CVE-2026-28279 - osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerabil

CVE-2026-28276 - Initiative is a self-hosted project management platform. An access control vulnerability exists in I

CVE-2026-28275 - Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4

CVE-2026-28274 - Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4

CVE-2026-28269 - Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks comma

CVE-2026-28230 - SteVe is an open-source EV charging station management system. In versions up to and including 3.11.

CVE-2026-28226 - Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an

CVE-2026-28225 - Manyfold is an open source, self-hosted web application for managing a collection of 3d models, part

CVE-2026-28217 - hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollecti

CVE-2026-28216 - hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in use

CVE-2026-28215 - hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticate

CVE-2026-28213 - EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in t

CVE-2026-28211 - The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testi

CVE-2026-28208 - Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversa

CVE-2026-28207 - Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version

CVE-2026-27839 - wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three

CVE-2026-27838 - wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check

CVE-2026-27638 - Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode (OpenID),

CVE-2026-3263 - A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.202501

CVE-2026-3262 - A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.2

CVE-2026-3261 - A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function

CVE-2026-28227 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-28219 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-28218 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-27835 - wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, `Repet

CVE-2026-27457 - Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's `AddonViewSet` (`w

CVE-2026-27449 - Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco E

CVE-2026-27154 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-27153 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-25741 - Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0

CVE-2026-27162 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-27152 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-27151 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-27150 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-27149 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-27021 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-22207 - OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnera

CVE-2026-22206 - SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-pr

CVE-2026-22205 - SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type jugg

CVE-2023-31364 - Improper handling of direct memory writes in the input-output memory management unit could allow a m

CVE-2026-27510 - Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android applicati

CVE-2026-27509 - Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentic

CVE-2026-27141 - Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

CVE-2026-26979 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-26973 - Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0

CVE-2026-23939 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in hexp

CVE-2026-1565 - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrat

CVE-2026-1241 - The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue

CVE-2025-11384 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-11383 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-11382 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-11381 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-26938 - Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows

CVE-2026-26937 - Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of S

CVE-2026-22722 - A malicious actor with authenticated user privileges on a Windows based Workstation host may be able

CVE-2026-22715 - VMWare Workstation and Fusion contain a logic flaw in the management of network packets.  Known att

CVE-2026-26936 - Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in Kib

CVE-2026-26935 - Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can

CVE-2026-26934 - Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated a

CVE-2026-26932 - Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lea

CVE-2026-26682 - An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginC

CVE-2026-26227 - VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Acce

CVE-2026-23750 - Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE

CVE-2026-23749 - Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bou

CVE-2026-23748 - Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bou

CVE-2026-23747 - Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based

CVE-2025-50857 - ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php.

CVE-2026-28296 - A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vuln

CVE-2026-28295 - A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by p

CVE-2026-26265 - Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0