CVE-2026-2705 - A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom:

CVE-2026-2704 - A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the fu

CVE-2026-2703 - A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::de

CVE-2026-2702 - A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown

CVE-2026-2693 - A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unk

CVE-2026-2692 - A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the

CVE-2026-2691 - A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue i

CVE-2026-2690 - A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is

CVE-2026-2689 - A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown fun

CVE-2026-2681 - A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, sp

CVE-2026-2504 - The Dealia – Request a quote plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2026-2502 - The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in vers

CVE-2026-2284 - The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization

CVE-2026-2282 - The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings i

CVE-2026-25474 - OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSe

CVE-2026-25242 - Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated fil

CVE-2026-25232 - Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control byp

CVE-2026-25229 - Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access contr

CVE-2026-25120 - Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API

CVE-2026-24764 - OpenClaw (formerly Clawdbot) is a personal AI assistant users run on their own devices. In versions

CVE-2026-1994 - The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all

CVE-2026-1646 - The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the T

CVE-2026-1455 - The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Si

CVE-2026-1405 - The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t

CVE-2026-1373 - The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aut

CVE-2026-1055 - The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in a

CVE-2026-1047 - The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-1044 - The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi

CVE-2026-1043 - The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-0974 - The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for Word

CVE-2026-0926 - The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up t

CVE-2026-0912 - The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can l

CVE-2026-0722 - The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions

CVE-2026-0561 - The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'me

CVE-2026-0556 - The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug

CVE-2026-0549 - The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'group

CVE-2025-4960 - The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a

CVE-2025-4521 - The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable

CVE-2025-15586 - OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a typ

CVE-2025-15041 - The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized

CVE-2025-14983 - The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scri

CVE-2025-14864 - The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Informatio

CVE-2025-14851 - The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `

CVE-2025-14452 - The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the

CVE-2025-14445 - The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2025-14427 - The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPres

CVE-2025-14357 - The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data du

CVE-2025-14342 - The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of da

CVE-2025-14294 - The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2025-14270 - The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up

CVE-2025-14167 - The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2025-14076 - The iXML – Google XML sitemap generator plugin for WordPress is vulnerable to Reflected Cross-Site S

CVE-2025-13930 - The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to

CVE-2025-13864 - The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearin

CVE-2025-13851 - The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege es

CVE-2025-13842 - The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-control

CVE-2025-13738 - The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2025-13732 - The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access

CVE-2025-13617 - The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2025-13612 - The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2025-13603 - The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all v

CVE-2025-13587 - The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authe

CVE-2025-13563 - The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,

CVE-2025-13438 - The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Re

CVE-2025-13413 - The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in

CVE-2025-13113 - The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Expos

CVE-2025-13091 - The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing

CVE-2025-13079 - The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress

CVE-2025-13048 - The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2025-12975 - The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized a

CVE-2025-12884 - The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass i

CVE-2025-12882 - The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to,

CVE-2025-12845 - The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPre

CVE-2025-12821 - The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6

CVE-2025-12707 - The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' para

CVE-2025-12500 - The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to

CVE-2025-12451 - The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file

CVE-2025-12448 - The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to

CVE-2025-12375 - The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request F

CVE-2025-12172 - The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery i

CVE-2025-12117 - The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in al

CVE-2025-12116 - The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all

CVE-2025-12081 - The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2025-12027 - The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification o

CVE-2025-11754 - The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a m

CVE-2025-11725 - The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due

CVE-2025-11706 - The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the

CVE-2026-2686 - A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the fun

CVE-2026-2684 - A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(6253

CVE-2026-25926 - Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426

CVE-2026-24126 - Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not valida

CVE-2025-15585 - Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in th

CVE-2026-2683 - A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The aff

CVE-2026-2682 - A vulnerability has been found in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(6253

CVE-2026-2676 - A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. A

CVE-2026-26281 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-26270 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25596 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25595 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25594 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25548 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-24745 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2025-15581 - Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTT

CVE-2025-12812 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc.

CVE-2025-12811 - Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Clo

CVE-2026-2672 - A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532

CVE-2026-2670 - A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown functio

CVE-2026-2669 - A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to

CVE-2026-2650 - Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to

CVE-2026-2649 - Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potenti

CVE-2026-2648 - Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to

CVE-2026-27182 - Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated at

CVE-2026-27181 - MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through

CVE-2026-27180 - MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through

CVE-2026-27179 - MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the

CVE-2026-27178 - MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability thr

CVE-2026-27177 - MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via

CVE-2026-27176 - MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability

CVE-2026-27175 - MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/i

CVE-2026-27174 - MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin pan

CVE-2026-24744 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-24743 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2019-25401 - Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulner

CVE-2019-25400 - IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the

CVE-2019-25399 - IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the ext

CVE-2019-25398 - IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.c

CVE-2019-25397 - IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the

CVE-2019-25396 - IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlr

CVE-2019-25365 - ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that a

CVE-2019-25364 - MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remot

CVE-2019-25363 - WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows atta

CVE-2019-25362 - WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows atta

CVE-2019-25361 - Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that a

CVE-2019-25360 - Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration

CVE-2019-25359 - SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inj

CVE-2019-25358 - FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash t

CVE-2019-25357 - Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation m

CVE-2019-25356 - Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vul

CVE-2019-25355 - gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to acce

CVE-2019-25354 - iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the a

CVE-2019-25353 - Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username in

CVE-2019-25352 - Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attack

CVE-2019-25351 - Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to re

CVE-2019-25350 - XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the

CVE-2019-25349 - ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash t

CVE-2019-25326 - ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the app

CVE-2026-2668 - A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260

CVE-2026-2667 - A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to

CVE-2026-24746 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-1999 - A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a

CVE-2026-1355 - A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an att

CVE-2026-1200 - A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmenta

CVE-2026-0665 - An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw

CVE-2026-0573 - An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-co

CVE-2025-8860 - A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VAR

CVE-2025-1272 - The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has t

CVE-2025-14876 - A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit

CVE-2025-12343 - A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file.

CVE-2025-10256 - A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_fire

CVE-2025-0577 - An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of fun

CVE-2026-2666 - A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the fil

CVE-2026-2665 - A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596

CVE-2026-2663 - A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affec

CVE-2026-2662 - A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the funct

CVE-2026-2661 - A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::op

CVE-2026-25500 - Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Dir

CVE-2026-23491 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-0875 - A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of

CVE-2026-0874 - A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-

CVE-2026-2660 - A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the functi

CVE-2026-22860 - Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Dir

CVE-2025-70064 - PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-priv

CVE-2025-70063 - The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Dire

CVE-2025-70062 - PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerabilit

CVE-2025-69287 - The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchai

CVE-2026-2659 - A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function

CVE-2026-2658 - A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee.

CVE-2026-24708 - An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By

CVE-2026-20144 - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platf

CVE-2026-20142 - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Sea

CVE-2026-20141 - In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does

CVE-2026-20139 - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platf

CVE-2026-20138 - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Sea

CVE-2026-20137 - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platfo

CVE-2025-70152 - code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the a

CVE-2025-70151 - code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code e

CVE-2025-70150 - CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete

CVE-2025-70148 - Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Manage

CVE-2025-14009 - A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all version

CVE-2026-2657 - A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError o

CVE-2026-2507 - When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note

CVE-2026-2230 - The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v

CVE-2025-70149 - CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.p

CVE-2025-70147 - Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Tab

CVE-2025-70146 - Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Onli

CVE-2025-70141 - SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in aja

CVE-2025-13965 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason:

CVE-2025-13933 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason:

CVE-2025-13602 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-23230 - In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid b

CVE-2026-23229 - In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock p

CVE-2026-23228 - In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active

CVE-2026-23227 - In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock

CVE-2026-23226 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protec

CVE-2026-23225 - In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID i

CVE-2026-23224 - In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-b

CVE-2026-23223 - In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_chec

CVE-2026-23222 - In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CR

CVE-2026-23221 - In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free

CVE-2026-23220 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused

CVE-2025-71237 - In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block ove

CVE-2025-71236 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp befo

CVE-2025-71235 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unl

CVE-2025-71234 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of

CVE-2025-71233 - In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating s

CVE-2025-71232 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error

CVE-2025-71231 - In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds

CVE-2025-71230 - In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb->s_fs_info is al

CVE-2025-71229 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix alignment faul

CVE-2025-70998 - UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default cre

CVE-2025-65791 - ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passe

CVE-2025-65519 - mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML f

CVE-2025-15579 - Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Inject

CVE-2026-2656 - A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::ba

CVE-2026-2329 - An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bi

CVE-2026-27100 - Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds

CVE-2026-27099 - Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not

CVE-2026-23219 - In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloc_tagging_slab

CVE-2026-23218 - In the Linux kernel, the following vulnerability has been resolved: gpio: loongson-64bit: Fix incor

CVE-2026-23217 - In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot dead

CVE-2026-23216 - In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-af

CVE-2026-23215 - In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobb

CVE-2026-23214 - In the Linux kernel, the following vulnerability has been resolved: btrfs: reject new transactions

CVE-2026-23213 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Disable MMIO access

CVE-2026-23212 - In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races ar

CVE-2026-23211 - In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swap_space at

CVE-2026-1426 - The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all

CVE-2026-1404 - The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem

CVE-2025-71228 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71227 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for

CVE-2025-71226 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71225 - In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updatin

CVE-2025-61982 - An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenC

CVE-2026-2655 - A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscr

CVE-2026-2654 - A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.g

CVE-2026-2464 - Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remot

CVE-2026-1441 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1440 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1439 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1438 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2