CVE-2025-58343 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2025-58342 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2025-58341 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2025-58340 - An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exyno

CVE-2025-57529 - YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchi

CVE-2025-52629 - HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may inc

CVE-2025-52627 - Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended mod

CVE-2025-52626 - A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command exe

CVE-2025-46651 - Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL

CVE-2020-37116 - GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attacker

CVE-2020-37115 - GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all reg

CVE-2020-37114 - GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive informatio

CVE-2020-37113 - GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploadi

CVE-2020-37112 - GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated atta

CVE-2020-37111 - 60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attacke

CVE-2020-37110 - 60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows

CVE-2020-37108 - PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_deta

CVE-2020-37105 - PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows aut

CVE-2020-37103 - DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to

CVE-2019-25265 - Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group descr

CVE-2019-25264 - Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users

CVE-2019-25263 - Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows at

CVE-2026-1568 - Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Cons

CVE-2026-24762 - RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, Rus

CVE-2026-23795 - Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An ad

CVE-2026-23794 - Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into

CVE-2026-21862 - RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based acc

CVE-2026-25036 - Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorre

CVE-2026-25028 - Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementin

CVE-2026-25027 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25024 - Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliate

CVE-2026-25023 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev R

CVE-2026-25022 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25021 - Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows E

CVE-2026-25020 - Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Explo

CVE-2026-25019 - Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiti

CVE-2026-25016 - Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting In

CVE-2026-25015 - Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request

CVE-2026-25014 - Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross

CVE-2026-25012 - Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting

CVE-2026-25011 - Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom

CVE-2026-25010 - Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Inc

CVE-2026-24998 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV

CVE-2026-24997 - Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-v

CVE-2026-24996 - Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exp

CVE-2026-24995 - Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allow

CVE-2026-24994 - Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all

CVE-2026-24992 - Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Pr

CVE-2026-24991 - Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 exte

CVE-2026-24990 - Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly C

CVE-2026-24988 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24986 - Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simpl

CVE-2026-24985 - Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signatu

CVE-2026-24984 - Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploit

CVE-2026-24982 - Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows

CVE-2026-24967 - Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrec

CVE-2026-24966 - Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium all

CVE-2026-24965 - Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery c

CVE-2026-24962 - Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Sit

CVE-2026-24961 - Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Si

CVE-2026-24958 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24957 - Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Explo

CVE-2026-24954 - Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows O

CVE-2026-24952 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24951 - Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Config

CVE-2026-24947 - Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-elemen

CVE-2026-24945 - Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-f

CVE-2026-24942 - Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows C

CVE-2026-24940 - Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploitin

CVE-2026-24939 - Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows

CVE-2026-24938 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-1814 - Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the Cred

CVE-2026-1312 - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.or

CVE-2026-1287 - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRela

CVE-2026-1285 - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils

CVE-2026-1207 - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookup

CVE-2025-65017 - Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.

CVE-2025-5319 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-14550 - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest`

CVE-2025-13473 - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The `django.c

CVE-2020-37102 - Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantSer

CVE-2020-37101 - VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inj

CVE-2020-37100 - Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local att

CVE-2020-37099 - Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configu

CVE-2020-37098 - Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local att

CVE-2019-25261 - AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration t

CVE-2025-7760 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-6397 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-1664 - Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResol

CVE-2026-1432 - SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon'

CVE-2025-11598 - In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner

CVE-2025-67857 - A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadverte

CVE-2025-67856 - A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks

CVE-2025-67855 - A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS)

CVE-2025-67853 - A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the co

CVE-2025-67852 - A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote a

CVE-2025-67851 - A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exporte

CVE-2025-67850 - A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to i

CVE-2025-67849 - A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper saniti

CVE-2025-67848 - A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authe

CVE-2025-59902 - HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and rende

CVE-2025-41065 - Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability a

CVE-2025-8461 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-8456 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-1730 - The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect fi

CVE-2026-1592 - Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Creat

CVE-2026-1591 - Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file

CVE-2026-1375 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure

CVE-2026-1371 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive

CVE-2025-8590 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology

CVE-2025-8589 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-24465 - Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A craf

CVE-2026-24449 - For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system

CVE-2026-22550 - OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request fro

CVE-2026-20704 - Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user acces

CVE-2026-1447 - The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to

CVE-2026-1210 - The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-1065 - The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all ver

CVE-2026-1058 - The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field va

CVE-2026-0617 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-24694 - The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries

CVE-2026-0950 - The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerab

CVE-2025-9711 - A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the loca

CVE-2025-58381 - A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with adm

CVE-2025-14274 - The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripti

CVE-2025-58380 - A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin p

CVE-2026-24936 - When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters

CVE-2026-1788 - : Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol impl

CVE-2026-0909 - The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions

CVE-2026-0383 - A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to

CVE-2026-24935 - A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the sig

CVE-2026-24934 - The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when

CVE-2026-24933 - The API communication component fails to validate the SSL/TLS certificate when sending HTTPS request

CVE-2026-24932 - The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL

CVE-2025-67484 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-67483 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-67482 - Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability

CVE-2025-67481 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-67480 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-67479 - Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is as

CVE-2025-67478 - Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files

CVE-2025-67477 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-67476 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-67475 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61658 - Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files

CVE-2025-61657 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61656 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61655 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61654 - Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated with program files in

CVE-2025-61653 - Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program fi

CVE-2025-61652 - Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * bef

CVE-2025-61651 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-58383 - A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user

CVE-2025-58382 - A vulnerability in the secure configuration of authentication and management services in Brocade Fa

CVE-2025-58379 - Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker t

CVE-2025-12774 - A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of

CVE-2025-61650 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61649 - Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files

CVE-2025-61648 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61646 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-61645 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-15556 - Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verifi

CVE-2025-12773 - A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a

CVE-2025-11261 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-11173 - Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files

CVE-2025-61647 - Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files

CVE-2025-61644 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61643 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-61642 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61641 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-61640 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61639 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Med

CVE-2025-61638 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61637 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61636 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61635 - Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program fil

CVE-2025-61634 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2026-25228 - Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a pat

CVE-2026-25222 - PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing atta

CVE-2026-25221 - PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0

CVE-2026-25144 - Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The

CVE-2026-25142 - SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict _

CVE-2026-25137 - The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, e

CVE-2026-25134 - Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150,

CVE-2026-25060 - OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disab

CVE-2026-25059 - OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path tra

CVE-2026-24763 - OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.

CVE-2026-24737 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and me

CVE-2026-24471 - continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a ma

CVE-2026-24133 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argumen

CVE-2026-24051 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.2

CVE-2026-24043 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argumen

CVE-2026-24040 - jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Nod

CVE-2026-24007 - Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is m

CVE-2026-23997 - FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and e

CVE-2026-23515 - Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a comm

CVE-2026-23476 - FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8,

CVE-2026-22780 - Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap

CVE-2026-22778 - vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.

CVE-2026-1778 - Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTP

CVE-2026-1777 - The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing ke

CVE-2026-0924 - BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their

CVE-2025-70960 - A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allow

CVE-2025-70959 - A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows

CVE-2025-70958 - Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion

CVE-2025-6927 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-6597 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-6596 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-6595 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-6594 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-6593 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-6592 - Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program fil

CVE-2025-6591 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-6590 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Med

CVE-2025-6589 - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files

CVE-2025-69207 - Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion O

CVE-2025-66480 - Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical v

CVE-2025-36436 - IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 I

CVE-2025-36253 - IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow

CVE-2025-36238 - IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 throug

CVE-2025-36194 - IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 throug

CVE-2025-13096 - IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007,

CVE-2025-12772 - Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support

CVE-2025-12680 - Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SAN

CVE-2025-12679 - A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in p

CVE-2026-22229 - A command injection vulnerability may be exploited after the admin's authentication via the import o

CVE-2026-22227 - A command injection vulnerability may be exploited after the admin's authentication via the configur

CVE-2026-22226 - A command injection vulnerability may be exploited after the admin's authentication in the VPN serve

CVE-2026-22225 - A command injection vulnerability may be exploited after the admin's authentication in the VPN Conne

CVE-2026-22224 - A command injection vulnerability may be exploited after the admin's authentication in the cloud com

CVE-2026-22223 - An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent au

CVE-2026-22222 - An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent au

CVE-2026-22221 - An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent au

CVE-2026-0631 - An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent

CVE-2026-0630 - An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.

CVE-2026-1770 - Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CM

CVE-2026-1232 - A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows

CVE-2026-0921 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2025-47402 - Transient DOS when processing a received frame with an excessively large authentication information

CVE-2025-47399 - Memory Corruption while processing IOCTL call to update sensor property settings with invalid input

CVE-2025-47398 - Memory Corruption while deallocating graphics processing unit memory buffers due to improper handlin

CVE-2025-47397 - Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOM

CVE-2025-47366 - Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrec

CVE-2025-47364 - Memory corruption while calculating offset from partition start point.

CVE-2025-47363 - Memory corruption when calculating oversized partition sizes without proper checks.

CVE-2025-47359 - Memory Corruption when multiple threads simultaneously access a memory free API.

CVE-2025-47358 - Memory Corruption when user space address is modified and passed to mem_free API, causing kernel mem

CVE-2025-15395 - IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to acc

CVE-2025-14914 - IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to

CVE-2026-1703 - When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted ou