CVE-2026-23072 - In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tp_udp_e

CVE-2026-23071 - In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in h

CVE-2026-23070 - In the Linux kernel, the following vulnerability has been resolved: Octeontx2-af: Add proper checks

CVE-2026-23069 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential und

CVE-2026-23068 - In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double f

CVE-2026-23067 - In the Linux kernel, the following vulnerability has been resolved: iommu/io-pgtable-arm: fix size_

CVE-2026-23066 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditio

CVE-2026-23065 - In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory le

CVE-2026-23064 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possi

CVE-2026-23063 - In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue releas

CVE-2026-23062 - In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix k

CVE-2026-23061 - In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_rea

CVE-2026-23060 - In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too

CVE-2026-23059 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload

CVE-2026-23058 - In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk

CVE-2026-23057 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only lin

CVE-2026-23056 - In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uacc

CVE-2026-23055 - In the Linux kernel, the following vulnerability has been resolved: i2c: riic: Move suspend handlin

CVE-2026-23054 - In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash

CVE-2026-23053 - In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving n

CVE-2026-23052 - In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ft

CVE-2026-23051 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null

CVE-2026-23050 - In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when retur

CVE-2026-23049 - In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector

CVE-2026-20123 - A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager

CVE-2026-20119 - A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) So

CVE-2026-20111 - A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an a

CVE-2026-20098 - A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an aut

CVE-2026-20056 - A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS

CVE-2026-0662 - A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to

CVE-2026-0661 - A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption

CVE-2026-0660 - A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer

CVE-2026-0659 - A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, ca

CVE-2026-0538 - A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Wri

CVE-2026-0537 - A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption

CVE-2025-71199 - In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix

CVE-2025-71198 - In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix iio_c

CVE-2025-71197 - In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffe

CVE-2025-71196 - In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by o

CVE-2025-71195 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix re

CVE-2025-71194 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in wait_cur

CVE-2025-71193 - In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL point

CVE-2025-61917 - n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use o

CVE-2026-23048 - In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before s

CVE-2026-23047 - In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set

CVE-2026-23046 - In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch

CVE-2026-23045 - In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when

CVE-2026-23044 - In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when f

CVE-2026-23043 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer derefer

CVE-2026-23042 - In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging

CVE-2026-23041 - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash

CVE-2026-23040 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo

CVE-2026-22549 - A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions

CVE-2025-71192 - In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free i

CVE-2025-70545 - A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC

CVE-2026-22548 - When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed req

CVE-2026-20732 - A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacke

CVE-2026-20730 - A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attac

CVE-2026-1642 - A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport La

CVE-2025-70997 - A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arb

CVE-2025-69618 - An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4

CVE-2025-5329 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-15368 - The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, an

CVE-2025-14740 - Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the

CVE-2026-24735 - Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. T

CVE-2026-0873 - On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilit

CVE-2025-59818 - This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying sy

CVE-2026-1622 - Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a

CVE-2025-41085 - Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the version 2.7.15, where SVG ima

CVE-2026-1370 - The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection

CVE-2026-0816 - The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via

CVE-2026-0743 - The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-0742 - The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2026-0681 - The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripti

CVE-2026-0679 - The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inve

CVE-2026-0572 - The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of da

CVE-2025-15508 - The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Expo

CVE-2025-15507 - The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification

CVE-2025-15487 - The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and in

CVE-2025-15482 - The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Inf

CVE-2025-15285 - The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data d

CVE-2025-15268 - The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'inf

CVE-2025-15260 - The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to mis

CVE-2025-14461 - The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in a

CVE-2026-1819 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-24447 - If a malformed data is input to the affected product, a CSV file downloaded from the affected produc

CVE-2026-23704 - A non-administrative user can upload malicious files. When an administrator or the product accesses

CVE-2026-22875 - Movable Type contains a stored cross-site scripting vulnerability in Export Sites. If crafted input

CVE-2026-21393 - Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input

CVE-2026-20987 - Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged atta

CVE-2026-20986 - Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overw

CVE-2026-20985 - Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to c

CVE-2026-20984 - Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prio

CVE-2026-20983 - Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1

CVE-2026-20982 - Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker t

CVE-2026-20981 - Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physica

CVE-2026-20980 - Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execut

CVE-2026-20979 - Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to

CVE-2026-20978 - Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to

CVE-2026-20977 - Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers

CVE-2026-1756 - The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect fil

CVE-2025-29867 - Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Of

CVE-2026-1791 - Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Ma

CVE-2025-69621 - An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 al

CVE-2025-69620 - A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via wri

CVE-2026-1835 - A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Thi

CVE-2026-1813 - A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the

CVE-2026-1633 - The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface wit

CVE-2026-24514 - A security issue was discovered in ingress-nginx where the validating admission controller feature i

CVE-2026-24513 - A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ing

CVE-2026-24512 - A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can

CVE-2026-1812 - A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importF

CVE-2026-1755 - The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2026-1632 - MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requir

CVE-2026-1580 - A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method`

CVE-2025-36094 - IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 I

CVE-2025-36033 - IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim F

CVE-2025-33081 - IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be

CVE-2020-37087 - Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability th

CVE-2020-37084 - School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin us

CVE-2026-25510 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-25509 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-25224 - Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-s

CVE-2026-25223 - Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation

CVE-2026-25155 - Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular e

CVE-2026-25151 - Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side

CVE-2026-25150 - Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution v

CVE-2026-25149 - Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulner

CVE-2026-25148 - Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting

CVE-2026-1811 - A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdo

CVE-2026-1341 - Avation Light Engine Pro exposes its configuration and control interface without any authentication

CVE-2020-37097 - Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network co

CVE-2020-37096 - Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering conf

CVE-2020-37094 - EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user ac

CVE-2020-37093 - Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated att

CVE-2020-37092 - Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthentica

CVE-2020-37091 - Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers

CVE-2020-37090 - School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP

CVE-2020-37089 - School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allo

CVE-2020-37088 - School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to

CVE-2020-37086 - Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows re

CVE-2020-37085 - VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash

CVE-2020-37083 - PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote a

CVE-2020-37082 - webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to

CVE-2020-37081 - Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php,

CVE-2020-37080 - webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration compo

CVE-2020-37078 - i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allo

CVE-2020-37077 - Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.ph

CVE-2020-37076 - Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php th

CVE-2020-37075 - LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functio

CVE-2020-37074 - Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to exe

CVE-2020-37073 - Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upl

CVE-2020-37072 - Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST par

CVE-2020-37071 - CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated a

CVE-2020-37070 - CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbi

CVE-2020-37069 - Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that all

CVE-2020-37068 - Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that all

CVE-2020-37067 - Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing tha

CVE-2020-37066 - GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary co

CVE-2020-37065 - StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that

CVE-2019-25260 - OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' param

CVE-2026-24887 - Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing,

CVE-2026-24053 - Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation fla

CVE-2026-24052 - Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient

CVE-2026-1862 - Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potential

CVE-2026-1861 - Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to

CVE-2026-1810 - A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the functio

CVE-2026-1801 - A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerabilit

CVE-2025-65081 - An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lex

CVE-2025-65080 - A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark

CVE-2025-65079 - A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in vari

CVE-2025-65078 - An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in va

CVE-2025-65077 - A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in v

CVE-2026-25616 - Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665.

CVE-2026-25615 - Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.

CVE-2026-25614 - Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.

CVE-2026-24441 - Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintex

CVE-2026-24434 - Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections fo

CVE-2026-24149 - NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data crea

CVE-2026-1846 - Rejected reason: loading template...

CVE-2026-1803 - A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the

CVE-2025-64438 - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object

CVE-2025-64098 - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object

CVE-2025-62799 - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object

CVE-2025-62603 - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object

CVE-2025-62602 - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object

CVE-2025-62601 - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object

CVE-2025-10878 - A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 be

CVE-2026-25522 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25503 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-25502 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-25490 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25489 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25488 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25487 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25486 - Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vul

CVE-2026-25485 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25484 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25483 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25482 - Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from

CVE-2026-25241 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an

CVE-2026-25240 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a

CVE-2026-25239 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a

CVE-2026-25238 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a

CVE-2026-25237 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, us

CVE-2026-25236 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a

CVE-2026-25235 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, pr

CVE-2026-25234 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a

CVE-2026-25233 - PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, lo

CVE-2026-24427 - Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web ma

CVE-2026-24426 - Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vu

CVE-2026-1802 - A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function m

CVE-2026-0620 - When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without

CVE-2025-62673 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adja

CVE-2025-62600 - Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object

CVE-2025-62501 - SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows at

CVE-2025-62405 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows auth

CVE-2025-62404 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows auth

CVE-2025-61983 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows auth

CVE-2025-61944 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows auth

CVE-2025-59487 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows auth

CVE-2025-59482 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows auth

CVE-2025-58455 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows auth

CVE-2025-58077 - Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows auth

CVE-2025-52633 - HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. I

CVE-2025-52631 - HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerabi

CVE-2025-52628 - HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This ca

CVE-2025-52623 - HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability

CVE-2026-24774 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24773 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24674 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24673 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24672 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24671 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24670 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24669 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24668 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24667 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24666 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24665 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-24664 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-22228 - An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Arch

CVE-2026-22220 - A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modu

CVE-2025-71179 - Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the s

CVE-2025-70849 - Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary fil

CVE-2025-70841 - Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to

CVE-2025-70758 - chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerabili

CVE-2025-70560 - Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality

CVE-2025-70559 - pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading

CVE-2025-70311 - JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the