CVE-2025-0031 - A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest

CVE-2025-0029 - Improper handling of error condition during host-induced faults can allow a local high-privileged at

CVE-2025-0012 - Improper handling of overlap between the segmented reverse map table (RMP) and system management mod

CVE-2024-36355 - Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to S

CVE-2024-36311 - A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a p

CVE-2024-36310 - Improper input validation in the SMM communications buffer could allow a privileged attacker to perf

CVE-2024-21953 - Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers

CVE-2021-26410 - Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading sy

CVE-2021-26381 - Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform

CVE-2026-2302 - Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Crite

CVE-2026-26009 - Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel i

CVE-2026-25613 - An authorized user may disable the MongoDB server by issuing a query against a collection that conta

CVE-2026-25610 - An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid in

CVE-2026-25609 - Incorrect validation of the profile command may result in the determination that a request altering

CVE-2026-25506 - MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17,

CVE-2026-21355 - DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that cou

CVE-2026-21354 - DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerabil

CVE-2026-21353 - DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerabil

CVE-2026-21352 - DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that co

CVE-2026-21347 - Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnera

CVE-2026-21346 - Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that

CVE-2026-21345 - Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability

CVE-2026-21344 - Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability

CVE-2026-21343 - Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability

CVE-2026-21342 - Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability

CVE-2026-21341 - Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability

CVE-2026-1850 - Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Mem

CVE-2026-1849 - MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce dee

CVE-2026-1848 - Connections received from the proxy port may not count towards total accepted connections, resulting

CVE-2026-1847 - Inserting certain large documents into a replica set could lead to replica set secondaries not being

CVE-2026-26003 - FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the p

CVE-2026-25993 - EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handlin

CVE-2026-25992 - SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint use

CVE-2026-25956 - Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could c

CVE-2026-25950 - Rejected reason: Further research determined the issue is not a vulnerability.

CVE-2026-25947 - Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilit

CVE-2026-25805 - Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool i

CVE-2026-25728 - ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Tim

CVE-2026-25646 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl

CVE-2026-25612 - The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in o

CVE-2026-25611 - A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a

CVE-2026-25577 - Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies pr

CVE-2026-24045 - Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the

CVE-2026-23655 - Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to

CVE-2026-21537 - Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an

CVE-2026-21533 - Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate pri

CVE-2026-21531 - Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over

CVE-2026-21529 - Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsi

CVE-2026-21528 - Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to discl

CVE-2026-21527 - User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an

CVE-2026-21525 - Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker

CVE-2026-21523 - Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an auth

CVE-2026-21522 - Improper neutralization of special elements used in a command ('command injection') in Azure Compute

CVE-2026-21519 - Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an au

CVE-2026-21518 - Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo

CVE-2026-21517 - Improper link resolution before file access ('link following') in Windows App for Mac allows an auth

CVE-2026-21516 - Improper neutralization of special elements used in a command ('command injection') in Github Copilo

CVE-2026-21514 - Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized

CVE-2026-21513 - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a securit

CVE-2026-21512 - Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform s

CVE-2026-21511 - Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to per

CVE-2026-21510 - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security f

CVE-2026-21508 - Improper authentication in Windows Storage allows an authorized attacker to elevate privileges local

CVE-2026-21358 - InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vuln

CVE-2026-21357 - InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vuln

CVE-2026-21351 - After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could re

CVE-2026-21350 - After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability tha

CVE-2026-21340 - Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerabili

CVE-2026-21339 - Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerabili

CVE-2026-21338 - Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulner

CVE-2026-21337 - Substance3D - Designer versions 15.1.0 and earlier are affected by an Out-of-bounds Read vulnerabili

CVE-2026-21336 - Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulner

CVE-2026-21335 - Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerabil

CVE-2026-21334 - Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerabil

CVE-2026-21332 - InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerabili

CVE-2026-21330 - After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Typ

CVE-2026-21329 - After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could re

CVE-2026-21328 - After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that co

CVE-2026-21327 - After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that co

CVE-2026-21326 - After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could re

CVE-2026-21325 - After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when par

CVE-2026-21324 - After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when par

CVE-2026-21323 - After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could re

CVE-2026-21322 - After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when par

CVE-2026-21321 - After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerabil

CVE-2026-21320 - After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could re

CVE-2026-21319 - After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that cou

CVE-2026-21318 - After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that co

CVE-2026-21317 - Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could le

CVE-2026-21316 - Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer

CVE-2026-21315 - Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could le

CVE-2026-21314 - Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could le

CVE-2026-21313 - Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could le

CVE-2026-21312 - Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could r

CVE-2026-21261 - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information

CVE-2026-21260 - Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an una

CVE-2026-21259 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate priv

CVE-2026-21258 - Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose info

CVE-2026-21257 - Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo

CVE-2026-21256 - Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo

CVE-2026-21255 - Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security featur

CVE-2026-21253 - Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.

CVE-2026-21251 - Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privilege

CVE-2026-21250 - Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privilege

CVE-2026-21249 - External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo

CVE-2026-21248 - Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-21247 - Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-21246 - Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate

CVE-2026-21245 - Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc

CVE-2026-21244 - Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-21243 - Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthori

CVE-2026-21242 - Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges lo

CVE-2026-21241 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele

CVE-2026-21240 - Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker

CVE-2026-21239 - Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc

CVE-2026-21238 - Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attack

CVE-2026-21237 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-21236 - Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized att

CVE-2026-21235 - Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l

CVE-2026-21234 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-21232 - Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privilege

CVE-2026-21231 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windo

CVE-2026-21229 - Improper input validation in Power BI allows an authorized attacker to execute code over a network.

CVE-2026-21228 - Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over

CVE-2026-21222 - Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to

CVE-2026-21218 - Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoo

CVE-2026-20846 - Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

CVE-2026-20841 - Improper neutralization of special elements used in a command ('command injection') in Windows Notep

CVE-2026-1997 - Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is

CVE-2026-1996 - Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requ

CVE-2026-0653 - On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access res

CVE-2026-0652 - On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in cert

CVE-2026-0651 - A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within t

CVE-2025-6010 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-25530 - Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwiml

CVE-2026-24885 - Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site

CVE-2025-36522 - Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or l

CVE-2025-36511 - Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within

CVE-2025-35999 - Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFw

CVE-2025-35998 - Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technolog

CVE-2025-35992 - Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drive

CVE-2025-33030 - Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applica

CVE-2025-32739 - Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels

CVE-2025-32735 - Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drive

CVE-2025-32467 - Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor ma

CVE-2025-32453 - Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged P

CVE-2025-32452 - Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applic

CVE-2025-32092 - Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 withi

CVE-2025-32008 - Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within

CVE-2025-32007 - Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow

CVE-2025-32003 - Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before ver

CVE-2025-31944 - Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denia

CVE-2025-31655 - Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User App

CVE-2025-31648 - Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an es

CVE-2025-30513 - Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. S

CVE-2025-30508 - Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ri

CVE-2025-27940 - Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an

CVE-2025-27708 - Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME)

CVE-2025-27572 - Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor

CVE-2025-27560 - Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Ker

CVE-2025-27535 - Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection

CVE-2025-27243 - Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw

CVE-2025-25210 - Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12

CVE-2025-25058 - Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before

CVE-2025-24851 - Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version

CVE-2025-22885 - Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege

CVE-2025-22849 - Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions C

CVE-2025-22453 - Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12

CVE-2025-20106 - Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R

CVE-2025-20080 - Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability w

CVE-2025-20070 - Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MG

CVE-2026-22153 - An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet Forti

CVE-2026-21743 - A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthe

CVE-2026-1774 - CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

CVE-2026-1603 - An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen

CVE-2026-1602 - SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac

CVE-2025-70347 - An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of s

CVE-2025-68686 - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability

CVE-2025-64157 - A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4,

CVE-2025-62676 - An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerabili

CVE-2025-62439 - An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability

CVE-2025-55018 - An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet

CVE-2025-52436 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit

CVE-2025-15572 - A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePag

CVE-2025-11004 - The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in sever

CVE-2024-54192 - An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file

CVE-2025-7636 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-7347 - Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions D

CVE-2025-15571 - A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects

CVE-2025-6967 - Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industr

CVE-2025-15570 - A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_b

CVE-2025-15569 - A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function

CVE-2025-11537 - A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied patt

CVE-2026-2268 - The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions

CVE-2026-25656 - A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (Al

CVE-2026-25655 - A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application

CVE-2026-24343 - Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache

CVE-2026-23906 - Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all ve

CVE-2026-23901 - Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from

CVE-2026-23720 - A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al

CVE-2026-23719 - A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al

CVE-2026-23718 - A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al

CVE-2026-23717 - A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al

CVE-2026-23716 - A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al

CVE-2026-23715 - A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (Al

CVE-2026-22923 - A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions <

CVE-2026-1922 - The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2026-1866 - The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML

CVE-2025-40587 - A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All

CVE-2025-14895 - The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and i

CVE-2024-52334 - A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected a

CVE-2025-11242 - Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing I

CVE-2026-1722 - The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to

CVE-2026-2099 - AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authentica

CVE-2026-2098 - AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthe

CVE-2026-2097 - Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated r

CVE-2026-2096 - Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated

CVE-2026-2095 - Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated

CVE-2026-2094 - Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote atta

CVE-2026-2093 - Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote at

CVE-2025-12063 - An insecure direct object reference allowed a non-admin user to modify or remove certain data object

CVE-2026-0996 - The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form B

CVE-2025-13064 - A server-side injection was possible for a malicious admin to manipulate the application to include

CVE-2025-12757 - An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view in

CVE-2025-11547 - AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a

CVE-2025-11142 - The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible

CVE-2026-25981 - Rejected reason: Not used

CVE-2026-25980 - Rejected reason: Not used

CVE-2026-25979 - Rejected reason: Not used

CVE-2026-25978 - Rejected reason: Not used

CVE-2026-25977 - Rejected reason: Not used

CVE-2026-25976 - Rejected reason: Not used

CVE-2026-25975 - Rejected reason: Not used

CVE-2026-25974 - Rejected reason: Not used

CVE-2026-25973 - Rejected reason: Not used

CVE-2026-2260 - A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file

CVE-2026-2259 - A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the func

CVE-2026-24328 - SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious

CVE-2026-24327 - Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Bus

CVE-2026-24326 - Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Sec

CVE-2026-24325 - SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Store

CVE-2026-24324 - SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker wit

CVE-2026-24323 - The BSP applications allow an unauthenticated user to inject malicious script content via user-contr

CVE-2026-24322 - SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary au

CVE-2026-24321 - SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit

CVE-2026-24320 - Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an a

CVE-2026-24319 - In SAP Business One, sensitive information is written to the application�s memory dump files without

CVE-2026-24312 - An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenti

CVE-2026-23689 - Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated atta

CVE-2026-23688 - SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an aut