CVE-2026-2081 - A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown functio

CVE-2026-2080 - A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSys

CVE-2026-2079 - A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulne

CVE-2026-1675 - The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versi

CVE-2026-1643 - The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions

CVE-2026-1634 - The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `

CVE-2026-1613 - The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `

CVE-2026-1611 - The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-1608 - The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's

CVE-2026-1573 - The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_

CVE-2026-1570 - The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripti

CVE-2026-1082 - The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions

CVE-2026-0555 - The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_w

CVE-2025-15477 - The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `cat

CVE-2025-15476 - The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to

CVE-2026-2078 - A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Thi

CVE-2026-2077 - A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796e

CVE-2026-2076 - A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. A

CVE-2026-2075 - A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670

CVE-2025-15491 - The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before us

CVE-2025-15267 - The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug

CVE-2025-13463 - The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post

CVE-2025-12803 - The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug

CVE-2025-12159 - The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug

CVE-2026-2074 - A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_

CVE-2026-2073 - A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown

CVE-2026-25845 - Rejected reason: Not used

CVE-2026-25844 - Rejected reason: Not used

CVE-2026-25843 - Rejected reason: Not used

CVE-2026-25842 - Rejected reason: Not used

CVE-2026-25841 - Rejected reason: Not used

CVE-2026-25840 - Rejected reason: Not used

CVE-2026-25839 - Rejected reason: Not used

CVE-2026-25838 - Rejected reason: Not used

CVE-2026-25837 - Rejected reason: Not used

CVE-2025-31990 - Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial

CVE-2026-2071 - A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy o

CVE-2020-37171 - TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username confi

CVE-2020-37170 - TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address config

CVE-2020-37166 - AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field tha

CVE-2020-37165 - AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash

CVE-2020-37164 - AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash

CVE-2020-37163 - QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate da

CVE-2020-37162 - Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input

CVE-2020-37161 - Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to exec

CVE-2020-37160 - SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file,

CVE-2020-37159 - Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execut

CVE-2020-37157 - DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated

CVE-2020-37155 - Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows a

CVE-2020-37154 - eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpo

CVE-2020-37147 - ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows auth

CVE-2020-37146 - ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unaut

CVE-2020-37141 - AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php scrip

CVE-2020-37135 - AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administr

CVE-2020-37122 - SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers

CVE-2020-37109 - aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash t

CVE-2020-37107 - Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the applic

CVE-2020-37106 - Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows atta

CVE-2020-37095 - Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote a

CVE-2020-37079 - Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in

CVE-2026-2070 - A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function str

CVE-2026-25804 - Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2

CVE-2026-25803 - 3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatic

CVE-2026-25793 - Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 cert

CVE-2026-25762 - AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial o

CVE-2026-25757 - Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.1

CVE-2026-25754 - AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototyp

CVE-2026-25749 - Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow v

CVE-2026-25644 - DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is

CVE-2023-6763 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-2069 - A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_ad

CVE-2026-2068 - A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of

CVE-2026-25764 - OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 1

CVE-2026-25763 - OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 1

CVE-2026-25760 - Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a

CVE-2026-25758 - Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability

CVE-2026-25732 - NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes c

CVE-2026-25574 - Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-colle

CVE-2026-25544 - Payload is a free and open source headless content management system. Prior to 3.73.0, when querying

CVE-2026-25533 - Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, t

CVE-2026-25516 - NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to co

CVE-2026-25123 - Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthenticated) tRPC endpoint widget

CVE-2026-1731 - BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain

CVE-2026-1727 - The Agentspace service was affected by a vulnerability that exposed sensitive information due to the

CVE-2025-68621 - Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on b

CVE-2026-2067 - A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects t

CVE-2026-2066 - A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the

CVE-2026-25731 - calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability

CVE-2026-25729 - DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is a

CVE-2026-25636 - calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB

CVE-2026-25635 - calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnera

CVE-2026-25634 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-25632 - EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenar

CVE-2026-25631 - n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in th

CVE-2026-25628 - Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is

CVE-2026-25597 - PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-b

CVE-2026-25593 - OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use t

CVE-2026-25592 - Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems.

CVE-2026-25581 - SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ab

CVE-2026-25580 - Pydantic AI is a Python agent framework for building applications and workflows with Generative AI.

CVE-2026-2065 - A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue i

CVE-2026-2064 - A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is

CVE-2026-25727 - time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input

CVE-2026-25643 - Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior

CVE-2026-25642 - HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, f

CVE-2026-25641 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerabili

CVE-2026-25640 - Pydantic AI is a Python agent framework for building applications and workflows with Generative AI.

CVE-2026-25587 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's pro

CVE-2026-25586 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shado

CVE-2026-25520 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't

CVE-2026-22254 - Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Ve

CVE-2026-1709 - A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-si

CVE-2025-15320 - Tanium addressed a denial of service vulnerability in Tanium Client.

CVE-2026-2063 - A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown co

CVE-2026-2062 - A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_mod

CVE-2026-25753 - PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, th

CVE-2026-25752 - FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vu

CVE-2026-25751 - FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure

CVE-2026-25651 - client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication

CVE-2026-25650 - MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce inte

CVE-2026-25647 - Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier (as used i

CVE-2026-24418 - OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTA

CVE-2026-24417 - OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTA

CVE-2026-24416 - OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTA

CVE-2026-24050 - Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative action

CVE-2026-23989 - REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization mi

CVE-2025-69216 - OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.

CVE-2025-69214 - OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.

CVE-2025-69212 - OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.

CVE-2026-2061 - A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub

CVE-2026-2060 - A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by thi

CVE-2026-25725 - Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing m

CVE-2026-25724 - Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforc

CVE-2026-25723 - Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly valid

CVE-2026-25722 - Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly valid

CVE-2026-24903 - OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting (XSS)

CVE-2026-24851 - OpenFGA is a high-performance and flexible authorization/permission engine built for developers and

CVE-2026-24776 - OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop

CVE-2026-24419 - OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTA

CVE-2026-24135 - Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulner

CVE-2026-23633 - Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary f

CVE-2026-23632 - Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repo

CVE-2026-22592 - Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user c

CVE-2026-1769 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-70963 - Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes eac

CVE-2025-64175 - Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code

CVE-2026-2103 - Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, includin

CVE-2026-2059 - A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affect

CVE-2026-2058 - A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3

CVE-2026-25556 - MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_disp

CVE-2026-23741 - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cer

CVE-2026-23740 - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cer

CVE-2026-23739 - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cer

CVE-2026-23738 - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cer

CVE-2025-64111 - Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient

CVE-2019-25305 - JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running wi

CVE-2019-25304 - SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService th

CVE-2019-25303 - TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers t

CVE-2019-25302 - Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIServ

CVE-2019-25301 - Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment subm

CVE-2019-25300 - thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate

CVE-2019-25299 - RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter tha

CVE-2019-25298 - html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate d

CVE-2019-25294 - html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to in

CVE-2019-25293 - BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRo

CVE-2019-25292 - Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local

CVE-2019-25266 - Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability

CVE-2026-2057 - A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This aff

CVE-2025-13523 - Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names i

CVE-2026-2056 - A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impa

CVE-2026-1337 - Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions

CVE-2025-13818 - Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Managem

CVE-2026-2055 - A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element

CVE-2026-2054 - A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an

CVE-2026-2018 - A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of

CVE-2026-2017 - A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the fun

CVE-2026-2016 - A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by t

CVE-2026-1293 - The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnera

CVE-2026-2015 - A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of

CVE-2026-2014 - A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an u

CVE-2026-2013 - A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknow

CVE-2026-24928 - Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this

CVE-2026-24927 - Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitati

CVE-2026-24924 - Vulnerability of improper permission control in the print module. Impact: Successful exploitation of

CVE-2026-24920 - Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerab

CVE-2026-2012 - A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element i

CVE-2026-2011 - A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an

CVE-2026-24931 - Vulnerability of improper criterion security check in the card module. Impact: Successful exploitati

CVE-2026-24930 - UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulner

CVE-2026-24929 - Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vul

CVE-2026-24926 - Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vuln

CVE-2026-24925 - Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of thi

CVE-2026-24923 - Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerab

CVE-2026-24922 - Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerabili

CVE-2026-24921 - Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability

CVE-2026-24919 - Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnera

CVE-2026-24918 - Address read vulnerability in the communication module. Impact: Successful exploitation of this vuln

CVE-2026-24917 - UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may

CVE-2026-24916 - Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation o

CVE-2026-24915 - Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerabili

CVE-2026-24914 - Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerabi

CVE-2026-21643 - An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit

CVE-2026-1785 - The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u

CVE-2026-1499 - The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary Fi

CVE-2026-1252 - The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-2010 - A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impact

CVE-2026-2009 - A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some un

CVE-2026-21626 - Access control settings for forum post custom fields are not applied to the JSON output type, leadin

CVE-2026-1279 - The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fo

CVE-2026-2008 - A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a.

CVE-2026-2000 - A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of t

CVE-2026-1998 - A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import

CVE-2026-1909 - The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's

CVE-2026-1888 - The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-1808 - The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored

CVE-2026-1401 - The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in

CVE-2026-0521 - A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG

CVE-2025-10753 - The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized acc

CVE-2026-1991 - A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of t

CVE-2026-0598 - A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI c

CVE-2026-1990 - A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::da

CVE-2026-1979 - A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm

CVE-2026-1978 - A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown f

CVE-2026-25698 - Rejected reason: Not used

CVE-2026-25697 - Rejected reason: Not used

CVE-2026-25696 - Rejected reason: Not used

CVE-2026-25695 - Rejected reason: Not used

CVE-2026-25694 - Rejected reason: Not used

CVE-2026-25693 - Rejected reason: Not used

CVE-2026-25692 - Rejected reason: Not used

CVE-2026-1977 - A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8c

CVE-2025-15566 - A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-s

CVE-2026-1976 - A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionRespo

CVE-2026-1975 - A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTrigge

CVE-2026-1228 - The Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plug

CVE-2026-1974 - A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp o

CVE-2026-1973 - A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establis

CVE-2026-1972 - A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_chec

CVE-2026-1971 - A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24g

CVE-2026-23623 - Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Co

CVE-2026-24302 - Azure Arc Elevation of Privilege Vulnerability

CVE-2026-24300 - Azure Front Door Elevation of Privilege Vulnerability

CVE-2026-21532 - Azure Function Information Disclosure Vulnerability

CVE-2026-0391 - User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows a

CVE-2025-68458 - Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is en

CVE-2025-68157 - Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is en

CVE-2025-32393 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig

CVE-2026-25815 - Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configu

CVE-2026-1970 - A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup

CVE-2026-1964 - A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file mod