CVE-2025-64487 - Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escala

CVE-2024-50620 - Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and do

CVE-2020-37215 - MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers

CVE-2020-37214 - Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive

CVE-2020-37213 - TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the

CVE-2020-37212 - SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that a

CVE-2020-37211 - SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application

CVE-2020-37210 - SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows at

CVE-2020-37209 - SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that

CVE-2020-37208 - SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that al

CVE-2020-37207 - SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that

CVE-2020-37206 - ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the applicat

CVE-2020-37205 - RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the ap

CVE-2020-37204 - RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that al

CVE-2020-37203 - Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to

CVE-2020-37202 - NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the

CVE-2020-37201 - NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that

CVE-2020-37200 - NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that

CVE-2020-37199 - NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allo

CVE-2020-37198 - Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to cras

CVE-2020-37197 - Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to

CVE-2020-37196 - Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to

CVE-2020-37195 - BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field

CVE-2020-37194 - Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash

CVE-2020-37193 - ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash

CVE-2020-37192 - MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attac

CVE-2020-37191 - Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that

CVE-2020-37190 - Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows at

CVE-2020-37189 - TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field tha

CVE-2020-37188 - SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field th

CVE-2020-37187 - SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field tha

CVE-2020-37186 - Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject

CVE-2020-37185 - Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash

CVE-2020-37184 - Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input fie

CVE-2020-37183 - Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows

CVE-2020-37182 - Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attac

CVE-2020-37181 - Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers t

CVE-2020-37180 - GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to cras

CVE-2020-37179 - APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to

CVE-2020-37178 - KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help sys

CVE-2020-37177 - BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the applic

CVE-2020-37176 - Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute

CVE-2020-37175 - P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash

CVE-2020-37173 - AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumer

CVE-2020-37172 - AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to res

CVE-2020-37158 - AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to res

CVE-2020-37156 - BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to acc

CVE-2020-37153 - ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection i

CVE-2020-37104 - ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers t

CVE-2019-25313 - FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers

CVE-2024-50618 - A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CI

CVE-2024-26480 - An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted re

CVE-2024-26479 - An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted re

CVE-2024-26478 - An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted re

CVE-2024-26477 - An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted re

CVE-2026-2323 - Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote a

CVE-2026-2322 - Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote

CVE-2026-2321 - Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convin

CVE-2026-2320 - Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote

CVE-2026-2319 - Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a u

CVE-2026-2318 - Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a r

CVE-2026-2317 - Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote a

CVE-2026-2316 - Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote a

CVE-2026-2315 - Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote atta

CVE-2026-2314 - Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to

CVE-2026-2313 - Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potential

CVE-2025-70297 - A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving compo

CVE-2025-70296 - A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows

CVE-2025-69873 - ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Serv

CVE-2025-69872 - DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attac

CVE-2025-69871 - A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage()

CVE-2026-2361 - PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by cr

CVE-2026-2360 - PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by cr

CVE-2026-0229 - A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Net

CVE-2026-0228 - An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server A

CVE-2025-70085 - An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. T

CVE-2025-70084 - Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive i

CVE-2025-70083 - An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the

CVE-2025-70029 - An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. Th

CVE-2025-69874 - nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allow

CVE-2025-65480 - An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scri

CVE-2025-65128 - A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electr

CVE-2026-25084 - Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.

CVE-2026-24789 - An unprotected API endpoint allows an attacker to remotely change the device password without provid

CVE-2025-65127 - A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 2

CVE-2025-13391 - The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for Wo

CVE-2026-25869 - MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the di

CVE-2026-25868 - MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in

CVE-2026-1837 - A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated

CVE-2025-64075 - A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2

CVE-2025-12474 - A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but alloc

CVE-2026-2345 - Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains

CVE-2026-2344 - A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on beha

CVE-2026-2250 - The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacke

CVE-2026-2249 - METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint

CVE-2026-2248 - METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint

CVE-2025-61969 - Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve p

CVE-2025-52541 - A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation

CVE-2025-48518 - Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds

CVE-2025-48508 - Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacke

CVE-2025-48503 - A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privi

CVE-2025-12059 - Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Log

CVE-2024-36324 - Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially craft

CVE-2024-36320 - Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write pot

CVE-2024-36316 - The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size

CVE-2023-31324 - A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an

CVE-2023-20548 - A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an

CVE-2023-20514 - Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker

CVE-2019-25317 - Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject mal

CVE-2019-25316 - GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated at

CVE-2019-25315 - WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows

CVE-2019-25314 - Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability

CVE-2019-25312 - InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that al

CVE-2019-25311 - thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers

CVE-2019-25310 - ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxSer

CVE-2019-25309 - Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local

CVE-2019-25308 - Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows se

CVE-2019-25307 - WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configura

CVE-2019-25306 - BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local us

CVE-2018-25157 - Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated user

CVE-2026-2337 - A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized

CVE-2026-1227 - CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause

CVE-2026-1226 - CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of un

CVE-2026-0910 - The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, a

CVE-2025-8668 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-22894 - A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gain

CVE-2025-8025 - Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Busi

CVE-2025-68406 - A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains

CVE-2025-66278 - A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain

CVE-2025-66277 - A link following vulnerability has been reported to affect several QNAP operating system versions. T

CVE-2025-66274 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v

CVE-2025-62856 - A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains

CVE-2025-62855 - A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains

CVE-2025-62854 - An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a

CVE-2025-62853 - A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain

CVE-2025-59386 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v

CVE-2025-58472 - A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta

CVE-2025-58471 - An allocation of resources without limits or throttling vulnerability has been reported to affect Qs

CVE-2025-58470 - A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains

CVE-2025-58467 - A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attac

CVE-2025-58466 - A use of uninitialized variable vulnerability has been reported to affect several QNAP operating sys

CVE-2025-57713 - A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers

CVE-2025-57711 - An allocation of resources without limits or throttling vulnerability has been reported to affect Qs

CVE-2025-57710 - An allocation of resources without limits or throttling vulnerability has been reported to affect Qs

CVE-2025-57709 - A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain

CVE-2025-57708 - An allocation of resources without limits or throttling vulnerability has been reported to affect Qs

CVE-2025-57707 - An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerab

CVE-2025-54170 - An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker

CVE-2025-54169 - An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker

CVE-2025-54163 - A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att

CVE-2025-54162 - A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gain

CVE-2025-54161 - An allocation of resources without limits or throttling vulnerability has been reported to affect Fi

CVE-2025-54155 - An allocation of resources without limits or throttling vulnerability has been reported to affect Fi

CVE-2025-54152 - A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a r

CVE-2025-54151 - An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a l

CVE-2025-54150 - An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a l

CVE-2025-54149 - An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a l

CVE-2025-54148 - A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta

CVE-2025-54147 - A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta

CVE-2025-54146 - A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta

CVE-2025-53598 - A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta

CVE-2025-52870 - A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain

CVE-2025-52869 - A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain

CVE-2025-52868 - A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain

CVE-2025-48725 - A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.

CVE-2025-48724 - A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain

CVE-2025-48723 - A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain

CVE-2025-48722 - A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta

CVE-2025-47209 - A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta

CVE-2025-47205 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v

CVE-2025-30276 - An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker

CVE-2025-30269 - A use of externally-controlled format string vulnerability has been reported to affect Qsync Central

CVE-2025-30266 - A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta

CVE-2024-56808 - A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker

CVE-2024-56807 - An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attack

CVE-2026-1458 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 b

CVE-2026-1456 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 1

CVE-2026-1387 - GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 bef

CVE-2026-1282 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7

CVE-2026-1094 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that c

CVE-2026-1080 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 bef

CVE-2026-0958 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7

CVE-2026-0595 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7

CVE-2025-8099 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7

CVE-2025-7659 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7

CVE-2025-14594 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7

CVE-2025-14592 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7

CVE-2025-14560 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7

CVE-2025-12575 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 bef

CVE-2025-12073 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7

CVE-2025-10174 - Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technolo

CVE-2026-2295 - The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to

CVE-2025-15096 - The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via acc

CVE-2026-1885 - The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid'

CVE-2026-1853 - The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-1833 - The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in

CVE-2026-1827 - The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2026-1826 - The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-

CVE-2026-1821 - The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' p

CVE-2026-1809 - The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2026-1804 - The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-1786 - The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data du

CVE-2026-1748 - The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthoriz

CVE-2026-1560 - The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution i

CVE-2026-1215 - The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio

CVE-2026-0815 - The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-im

CVE-2026-0724 - The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wp

CVE-2025-9986 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Cor

CVE-2025-15440 - The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2025-13651 - Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb

CVE-2025-13650 - An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, regis

CVE-2025-13649 - An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, reg

CVE-2025-13648 - An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, reg

CVE-2025-10913 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-10912 - Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Ser

CVE-2026-1357 - The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Un

CVE-2026-1235 - The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which cou

CVE-2025-15400 - The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger

CVE-2026-26079 - Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection,

CVE-2026-26044 - Rejected reason: Not used

CVE-2026-26043 - Rejected reason: Not used

CVE-2026-26042 - Rejected reason: Not used

CVE-2026-26041 - Rejected reason: Not used

CVE-2026-26040 - Rejected reason: Not used

CVE-2026-26039 - Rejected reason: Not used

CVE-2026-26038 - Rejected reason: Not used

CVE-2026-26037 - Rejected reason: Not used

CVE-2026-26036 - Rejected reason: Not used

CVE-2026-1893 - The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-1231 - The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable t

CVE-2025-15524 - The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a

CVE-2025-14541 - The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions

CVE-2025-13431 - The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’

CVE-2026-1571 - User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C6

CVE-2026-25872 - JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal v

CVE-2026-25870 - DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEd

CVE-2026-25251 - Rejected reason: This has been moved to the REJECTED state because the information source is under r

CVE-2026-26013 - LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the Chat

CVE-2026-26007 - cryptography is a package designed to expose cryptographic primitives and recipes to Python develope

CVE-2026-26006 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig

CVE-2026-1507 - The affected products are vulnerable to an uncaught exception that could allow an unauthenticated at

CVE-2026-1495 - The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privil

CVE-2025-12699 - The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled st

CVE-2026-2303 - The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux a

CVE-2026-21349 - Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability tha

CVE-2026-21348 - Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerabilit

CVE-2026-1763 - Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and prev

CVE-2026-1762 - A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affe

CVE-2025-54514 - Improper isolation of shared resources on a system on a chip by a malicious local attacker with high

CVE-2025-52536 - Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to do