CVE-2026-1437 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1436 - Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the us

CVE-2026-1435 - Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incor

CVE-2025-8308 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-60038 - A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute a

CVE-2025-60037 - A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute a

CVE-2025-60036 - A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth Indra

CVE-2025-60035 - A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth Indr

CVE-2025-59920 - When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assi

CVE-2025-33253 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution b

CVE-2025-33252 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution.

CVE-2025-33251 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution.

CVE-2025-33250 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution.

CVE-2025-33249 - NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, wh

CVE-2025-33246 - NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where

CVE-2025-33245 - NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code executio

CVE-2025-33243 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution i

CVE-2025-33241 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution b

CVE-2025-33240 - NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input

CVE-2025-33239 - NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input co

CVE-2025-33236 - NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cau

CVE-2025-14340 - Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, 

CVE-2026-2386 - The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCom

CVE-2026-1582 - The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio

CVE-2026-1317 - The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL In

CVE-2025-8781 - The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Inject

CVE-2025-7630 - Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in

CVE-2025-14799 - The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorizatio

CVE-2026-2653 - A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_chec

CVE-2026-2426 - The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, a

CVE-2026-1942 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthoriz

CVE-2025-14444 - The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin

CVE-2026-2126 - The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is v

CVE-2025-13727 - The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored

CVE-2025-11185 - The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-2495 - The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for Word

CVE-2026-2127 - The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode

CVE-2026-1941 - The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2026-1656 - The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing a

CVE-2026-1649 - The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce_v

CVE-2026-2419 - The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, a

CVE-2026-2112 - The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,

CVE-2026-25421 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collisio

CVE-2026-1943 - The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2026-1938 - The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized licens

CVE-2026-1860 - The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all version

CVE-2026-1831 - The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin

CVE-2026-1655 - The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing a

CVE-2026-2644 - A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solv

CVE-2026-2642 - A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted e

CVE-2026-2633 - The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorizati

CVE-2026-2296 - The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vuln

CVE-2026-2281 - The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label

CVE-2026-2019 - The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all vers

CVE-2026-1937 - The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modifi

CVE-2026-1857 - The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request

CVE-2026-1807 - The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scri

CVE-2026-1666 - The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'r

CVE-2026-1640 - The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable

CVE-2026-2641 - A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the fun

CVE-2026-2023 - The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-1906 - The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Dire

CVE-2026-1639 - The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable

CVE-2026-1368 - The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its

CVE-2026-1304 - The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-1072 - The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all

CVE-2025-12356 - The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modifi

CVE-2025-12122 - The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2025-11737 - The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-2576 - The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulne

CVE-2026-1931 - The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' p

CVE-2026-1925 - The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthori

CVE-2026-1714 - The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plu

CVE-2026-1296 - The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in

CVE-2026-1277 - The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and incl

CVE-2025-6460 - The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2025-13959 - The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fi

CVE-2025-12075 - The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data

CVE-2025-12074 - The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, an

CVE-2025-12071 - The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in al

CVE-2025-12037 - The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-27171 - zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp

CVE-2026-27038 - Rejected reason: Not used

CVE-2026-27037 - Rejected reason: Not used

CVE-2026-27036 - Rejected reason: Not used

CVE-2026-27035 - Rejected reason: Not used

CVE-2026-27034 - Rejected reason: Not used

CVE-2026-27033 - Rejected reason: Not used

CVE-2026-27032 - Rejected reason: Not used

CVE-2026-27031 - Rejected reason: Not used

CVE-2026-23599 - A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass

CVE-2026-22048 - StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sig

CVE-2026-1344 - Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.

CVE-2026-2570 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-26119 - Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges

CVE-2026-1670 - The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an

CVE-2025-62183 - Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerabil

CVE-2025-13689 - IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands

CVE-2025-13333 - IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during sys

CVE-2026-2629 - A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100

CVE-2026-2627 - A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function

CVE-2026-2623 - A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file bloss

CVE-2025-36348 - IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0

CVE-2025-36183 - IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious f

CVE-2025-33135 - IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 thr

CVE-2025-33088 - IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's

CVE-2023-38005 - IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated us

CVE-2026-2622 - A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function conten

CVE-2026-2621 - A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Managemen

CVE-2026-23598 - Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow

CVE-2026-23597 - Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow

CVE-2026-23596 - A vulnerability in the management API of the affected product could allow an unauthenticated remote

CVE-2026-23595 - An authentication bypass in the application API allows an unauthorized administrative account to be

CVE-2025-36379 - IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptogra

CVE-2025-36377 - IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration

CVE-2025-36376 - IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration

CVE-2025-14289 - IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inje

CVE-2025-13691 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP res

CVE-2026-2620 - A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this is

CVE-2026-26357 - Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input Duri

CVE-2026-22769 - Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia

CVE-2026-22762 - Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain a

CVE-2026-22284 - Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of

CVE-2026-0102 - Under specific conditions, a malicious webpage may trigger autofill population after two consecutive

CVE-2025-70846 - lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in

CVE-2025-67102 - A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authentica

CVE-2025-36598 - Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam

CVE-2025-36597 - Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam

CVE-2025-36243 - IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow

CVE-2025-33130 - IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause

CVE-2025-33124 - IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause

CVE-2025-33101 - IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in

CVE-2025-33089 - IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or per

CVE-2025-32355 - Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. Ho

CVE-2025-27904 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind

CVE-2025-27903 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind

CVE-2025-27901 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind

CVE-2025-27900 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishin

CVE-2025-27899 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environmen

CVE-2025-27898 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout whic

CVE-2025-13108 - IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitiv

CVE-2023-38265 - IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location

CVE-2026-2630 - A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbit

CVE-2026-26736 - TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow vi

CVE-2026-26732 - TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via t

CVE-2026-26731 - TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via t

CVE-2026-24734 - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP

CVE-2026-24733 - Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests t

CVE-2025-66614 - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 1

CVE-2025-59793 - Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxi

CVE-2025-36019 - IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vuln

CVE-2025-36018 - IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery whic

CVE-2025-12755 - IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images

CVE-2024-43178 - IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow

CVE-2026-1452 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2025-36425 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 t

CVE-2025-36247 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 t

CVE-2025-14689 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow

CVE-2025-13867 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 t

CVE-2024-55270 - phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.ph

CVE-2026-2618 - A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of

CVE-2026-23648 - Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries

CVE-2026-23647 - Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating sys

CVE-2025-67905 - Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delet

CVE-2024-55271 - A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management S

CVE-2026-2617 - A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the c

CVE-2025-70830 - A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1

CVE-2025-70828 - An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in t

CVE-2025-70397 - jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the da

CVE-2025-65753 - An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to e

CVE-2026-2616 - A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown f

CVE-2026-22208 - OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code e

CVE-2025-70829 - An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access

CVE-2024-31118 - Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting I

CVE-2022-41650 - Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-co

CVE-2026-25087 - Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 t

CVE-2026-23861 - Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input

CVE-2025-7706 - Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies R

CVE-2026-2615 - A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function sin

CVE-2026-2608 - The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to

CVE-2026-2247 - SQL injection vulnerability (SQLi) in Clicldeu SaaS, specifically in the generation of reports, whic

CVE-2025-8303 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-7631 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25903 - Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on

CVE-2026-1216 - The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tem

CVE-2026-0829 - The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send

CVE-2026-1657 - The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions

CVE-2026-2592 - The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control t

CVE-2026-2002 - The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vuln

CVE-2026-26220 - LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in P

CVE-2025-12062 - The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for

CVE-2026-2439 - Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The gen

CVE-2025-15578 - Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is

CVE-2026-2474 - Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in th

CVE-2026-2001 - The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missi

CVE-2026-2567 - A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function

CVE-2026-2566 - A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the fun

CVE-2019-25395 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulner

CVE-2019-25394 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulner

CVE-2019-25393 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabil

CVE-2019-25392 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabil

CVE-2019-25390 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vul

CVE-2019-25389 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabil

CVE-2019-25388 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabil

CVE-2019-25387 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabil

CVE-2019-25386 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vul

CVE-2019-25385 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabil

CVE-2019-25384 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vul

CVE-2019-25383 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vul

CVE-2019-25382 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerabil

CVE-2019-25381 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vul

CVE-2019-25380 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vul

CVE-2019-25379 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting v

CVE-2019-25378 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabiliti

CVE-2026-2565 - A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the functio

CVE-2026-2564 - A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this v

CVE-2026-2101 - A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm V

CVE-2026-26930 - SmarterTools SmarterMail before 9526 allows XSS via MAPI requests.

CVE-2026-2563 - A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the fu

CVE-2026-1783 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2025-65717 - An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files vi

CVE-2025-65716 - An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to exec

CVE-2025-65715 - An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2

CVE-2026-2562 - A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the f

CVE-2026-2561 - A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the functi

CVE-2026-2447 - Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1,

CVE-2026-2032 - Malicious scripts that interrupt new tab page loading could cause desynchronization between the addr

CVE-2026-2560 - A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the functi

CVE-2026-2558 - A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the fi

CVE-2026-2557 - A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/

CVE-2026-1335 - An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawin

CVE-2026-1334 - An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawing

CVE-2026-1333 - A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORK

CVE-2026-2556 - A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown pr

CVE-2026-1046 - Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a mali

CVE-2025-14573 - Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team setting

CVE-2025-14350 - Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate

CVE-2026-2555 - A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDoc

CVE-2026-2553 - A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1

CVE-2026-2552 - A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete

CVE-2025-2418 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber ​​Defense Inc. Web Ap

CVE-2025-13821 - Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitiv

CVE-2026-2551 - A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the functio

CVE-2026-2452 - Emails sent by pretix can utilize placeholders that will be filled with customer data. For example,

CVE-2026-2451 - Emails sent by pretix can utilize placeholders that will be filled with customer data. For example,

CVE-2026-2415 - Emails sent by pretix can utilize placeholders that will be filled with customer data. For example,

CVE-2026-2577 - The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0

CVE-2026-2550 - A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file

CVE-2026-2549 - A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. This impacts an un

CVE-2026-0999 - Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate