CVE-2025-69396 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69395 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69394 - Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploi

CVE-2025-69393 - Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Ac

CVE-2025-69392 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69391 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69390 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69389 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69388 - Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrect

CVE-2025-69387 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69386 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69385 - Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartif

CVE-2025-69384 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69383 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69382 - Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elemen

CVE-2025-69381 - Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-pr

CVE-2025-69380 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2025-69379 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2025-69378 - Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdct

CVE-2025-69377 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2025-69376 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2025-69375 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69374 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69373 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69372 - Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object

CVE-2025-69371 - Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object

CVE-2025-69370 - Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injectio

CVE-2025-69368 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69367 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69366 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69365 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69337 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69330 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69329 - Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection

CVE-2025-69328 - Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking

CVE-2025-69326 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69325 - Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-myd

CVE-2025-69324 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69323 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69322 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-69310 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69309 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69308 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69307 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69306 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69305 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69304 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69303 - Missing Authorization vulnerability in ModelTheme ModelTheme Framework allows Exploiting Incorrectly

CVE-2025-69302 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69301 - Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injectio

CVE-2025-69299 - Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Reque

CVE-2025-69298 - Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configure

CVE-2025-69297 - Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting I

CVE-2025-69296 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-69295 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-69294 - Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Inje

CVE-2025-69063 - Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploitin

CVE-2025-69011 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68895 - Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger

CVE-2025-68880 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68863 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68862 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murt

CVE-2025-68856 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68855 - Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing jo

CVE-2025-68854 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68853 - Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Obje

CVE-2025-68852 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68848 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68847 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68846 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68845 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68844 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68843 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68842 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68841 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68837 - Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing Sys

CVE-2025-68834 - Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Goog

CVE-2025-68564 - Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Ac

CVE-2025-68552 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68549 - Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows U

CVE-2025-68545 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68543 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68542 - Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iri

CVE-2025-68541 - Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.

CVE-2025-68539 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68536 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-68534 - Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting

CVE-2025-68531 - Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Ele

CVE-2025-68526 - Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows

CVE-2025-68514 - Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptio

CVE-2025-68501 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68495 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68069 - Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly C

CVE-2025-68051 - Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket a

CVE-2025-68050 - Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly C

CVE-2025-68048 - Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allo

CVE-2025-68043 - Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorre

CVE-2025-68042 - Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting I

CVE-2025-68037 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68032 - Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics

CVE-2025-68031 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68028 - Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-fo

CVE-2025-68026 - Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrect

CVE-2025-68025 - Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floa

CVE-2025-68024 - Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist al

CVE-2025-68023 - Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce ad

CVE-2025-68022 - Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerc

CVE-2025-68021 - Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting

CVE-2025-68005 - Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Inc

CVE-2025-68002 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100p

CVE-2025-68000 - Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting

CVE-2025-67998 - Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous El

CVE-2025-67997 - Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Objec

CVE-2025-67996 - Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.

CVE-2025-67995 - Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injec

CVE-2025-67994 - Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorre

CVE-2025-67993 - Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiti

CVE-2025-67992 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67991 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67990 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67988 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67987 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-67984 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67982 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67981 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67980 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67979 - Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Googl

CVE-2025-67978 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67977 - Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows

CVE-2025-67975 - Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectl

CVE-2025-67974 - Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting In

CVE-2025-67973 - Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all

CVE-2025-67972 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67971 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67970 - Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exp

CVE-2025-67969 - Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-co

CVE-2025-67624 - Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-im

CVE-2025-67547 - Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configure

CVE-2025-67438 - A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authentic

CVE-2025-60183 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-60087 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-53237 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-53233 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-53231 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-53228 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-53217 - Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploit

CVE-2025-52744 - Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion F

CVE-2025-52603 - HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenari

CVE-2024-56208 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-54222 - Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-acc

CVE-2024-52387 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-51915 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-50555 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-50452 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2024-43228 - Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPre

CVE-2024-34438 - Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Sh

CVE-2026-21627 - The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests throu

CVE-2025-14547 - An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE M

CVE-2025-14055 - An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer ov

CVE-2026-2486 - The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2025-10970 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-21620 - Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erla

CVE-2026-26050 - The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue wit

CVE-2026-26370 - WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerabil

CVE-2025-59819 - This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath p

CVE-2026-2825 - A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fi

CVE-2026-2824 - A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cg

CVE-2026-2823 - A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41AC

CVE-2026-2822 - A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unkn

CVE-2026-2739 - This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupt

CVE-2026-27325 - Rejected reason: Not used

CVE-2026-27324 - Rejected reason: Not used

CVE-2026-27323 - Rejected reason: Not used

CVE-2026-27322 - Rejected reason: Not used

CVE-2026-27321 - Rejected reason: Not used

CVE-2026-27320 - Rejected reason: Not used

CVE-2026-27319 - Rejected reason: Not used

CVE-2026-27318 - Rejected reason: Not used

CVE-2026-27317 - Rejected reason: Not used

CVE-2026-2821 - A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impa

CVE-2026-2384 - The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `v

CVE-2026-27017 - uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while s

CVE-2026-26996 - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objec

CVE-2026-26995 - Rejected reason: Further research determined the issue is an external dependency vulnerability.

CVE-2026-26994 - uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while s

CVE-2026-26993 - Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools.

CVE-2026-26992 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and

CVE-2026-26991 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and

CVE-2026-2820 - A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5.

CVE-2026-2819 - A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the

CVE-2026-27016 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 throu

CVE-2026-26990 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and b

CVE-2026-26989 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and b

CVE-2026-26988 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and b

CVE-2026-26987 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and b

CVE-2026-26980 - Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a

CVE-2026-26977 - Frappe Learning Management System (LMS) is a learning system that helps users structure their conten

CVE-2026-26960 - node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below,

CVE-2026-26065 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-26064 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-26975 - Music Assistant is an open-source media library manager that integrates streaming services with conn

CVE-2026-26974 - Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.j

CVE-2026-26967 - PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and

CVE-2025-30416 - Sensitive data disclosure and manipulation due to missing authorization. The following products are

CVE-2025-30412 - Sensitive data disclosure and manipulation due to improper authentication. The following products ar

CVE-2025-30411 - Sensitive data disclosure and manipulation due to improper authentication. The following products ar

CVE-2025-30410 - Sensitive data disclosure and manipulation due to missing authentication. The following products are

CVE-2026-2605 - Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.

CVE-2026-2435 - Tanium addressed a SQL injection vulnerability in Asset.

CVE-2026-2408 - Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.

CVE-2026-2350 - Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and T

CVE-2026-27009 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw

CVE-2026-27008 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `download` skill installat

CVE-2026-27007 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/s

CVE-2026-27004 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, O

CVE-2026-27003 - OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack trac

CVE-2026-27002 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in

CVE-2026-27001 - OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current worki

CVE-2026-26972 - OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser downl

CVE-2026-26964 - Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows an

CVE-2026-26963 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions

CVE-2026-26959 - ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the in

CVE-2026-26957 - Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.202602152110

CVE-2026-26329 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read ar

CVE-2026-26328 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowli

CVE-2026-1292 - Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.

CVE-2026-26958 - filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for b

CVE-2026-26953 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-26952 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-26327 - OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records

CVE-2026-26326 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, `skills.status` could disclose secr

CVE-2026-26325 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between `rawCommand` and

CVE-2026-26324 - OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be

CVE-2026-26323 - OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in

CVE-2026-26322 - OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted

CVE-2026-26321 - OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previ

CVE-2026-26320 - OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL s

CVE-2026-26319 - OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice

CVE-2026-24122 - Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and bel

CVE-2026-21535 - Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information o

CVE-2026-1658 - User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory S

CVE-2025-9208 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-8055 - Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forg

CVE-2025-8054 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Open

CVE-2025-13672 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-13671 - Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross

CVE-2026-26744 - A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functi

CVE-2026-26317 - OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes ac

CVE-2026-26316 - OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel p

CVE-2026-26315 - go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to ver