CVE-2022-50975 - An unauthenticated remote attacker is able to use an existing session id of a logged in user and gai

CVE-2026-24071 - It was found that the XPC service offered by the privileged helper of Native Access uses the PID of

CVE-2026-24070 - During the installation of the Native Access application, a privileged helper `com.native-instrument

CVE-2026-1761 - A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsin

CVE-2026-1760 - A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer

CVE-2026-1186 - EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepar

CVE-2026-1757 - A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project,

CVE-2025-8587 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-0599 - A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote

CVE-2025-7105 - A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function

CVE-2025-6208 - The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolle

CVE-2025-10279 - In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is a

CVE-2024-5986 - A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to a

CVE-2024-5386 - In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset

CVE-2024-4147 - In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allo

CVE-2024-2356 - A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the pari

CVE-2026-1751 - A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before

CVE-2026-1117 - A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allo

CVE-2024-54263 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-20422 - In Modem, there is a possible system crash due to improper input validation. This could lead to remo

CVE-2026-20421 - In Modem, there is a possible system crash due to improper input validation. This could lead to remo

CVE-2026-20420 - In Modem, there is a possible system crash due to incorrect error handling. This could lead to remot

CVE-2026-20419 - In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught excepti

CVE-2026-20418 - In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20417 - In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to l

CVE-2026-20415 - In imgsys, there is a possible memory corruption due to improper locking. This could lead to local d

CVE-2026-20414 - In imgsys, there is a possible escalation of privilege due to use after free. This could lead to loc

CVE-2026-20413 - In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20412 - In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead

CVE-2026-20411 - In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to

CVE-2026-20410 - In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20409 - In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to

CVE-2026-20408 - In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to r

CVE-2026-20407 - In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This

CVE-2026-20406 - In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote d

CVE-2026-20405 - In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote

CVE-2026-20404 - In Modem, there is a possible system crash due to improper input validation. This could lead to remo

CVE-2026-20403 - In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote

CVE-2026-20402 - In Modem, there is a possible system crash due to improper input validation. This could lead to remo

CVE-2026-20401 - In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote d

CVE-2025-9974 - The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows a

CVE-2026-1518 - A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backc

CVE-2026-22888 - Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthor

CVE-2026-22881 - Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, whic

CVE-2026-20711 - Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which

CVE-2026-0658 - The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in so

CVE-2025-15396 - The Library Viewer WordPress plugin before 3.2.0 does not sanitise and escape some parameters before

CVE-2025-15030 - The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset proce

CVE-2026-1746 - A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the fi

CVE-2026-1745 - A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects

CVE-2026-1531 - A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disab

CVE-2026-1530 - A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-th

CVE-2025-13881 - A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited priv

CVE-2026-25202 - The database account and password are hardcoded, allowing login with the account to manipulate the d

CVE-2026-25201 - An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege esca

CVE-2026-25200 - A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentica

CVE-2026-24788 - RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If explo

CVE-2026-1744 - A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the funct

CVE-2026-1743 - A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected

CVE-2026-1742 - A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the f

CVE-2026-1741 - A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_

CVE-2026-1740 - A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_sess

CVE-2026-1739 - A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmP

CVE-2026-1738 - A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add o

CVE-2026-1737 - A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_h

CVE-2025-13348 - An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manage

CVE-2026-1736 - A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11

CVE-2026-1735 - A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknow

CVE-2026-1734 - A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unkn

CVE-2026-25253 - OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string a

CVE-2026-1733 - A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tid

CVE-2020-37064 - EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWL

CVE-2020-37063 - TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to p

CVE-2020-37062 - DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to po

CVE-2020-37061 - BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to

CVE-2020-37055 - SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially e

CVE-2020-37048 - Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability tha

CVE-2020-37047 - Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmt

CVE-2020-37045 - Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon s

CVE-2020-37037 - Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users t

CVE-2023-54343 - QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing re

CVE-2022-50952 - Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerabilit

CVE-2022-50951 - WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote

CVE-2022-50950 - Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate

CVE-2022-50942 - Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attac

CVE-2022-50941 - BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers

CVE-2022-50940 - Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows r

CVE-2022-50797 - Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerabilit

CVE-2021-47921 - Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote a

CVE-2021-47920 - WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allow

CVE-2021-47919 - Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file'

CVE-2021-47918 - Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inj

CVE-2021-47917 - Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters tha

CVE-2021-47916 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2021-47915 - PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that a

CVE-2021-47914 - PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.ph

CVE-2021-47913 - PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that all

CVE-2021-47912 - PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in cate

CVE-2021-47911 - Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index modu

CVE-2021-47909 - Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, ven

CVE-2021-47908 - Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parame

CVE-2021-47885 - Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in bi

CVE-2021-47856 - Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the sea

CVE-2026-25069 - SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulne

CVE-2026-1165 - The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to

CVE-2025-14554 - The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-

CVE-2026-23039 - In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc d

CVE-2026-23038 - In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak

CVE-2026-23037 - In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial

CVE-2026-23036 - In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before iget

CVE-2026-23035 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e

CVE-2026-23034 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence ref

CVE-2026-23033 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_po

CVE-2026-23032 - In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by relea

CVE-2026-23031 - In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bul

CVE-2026-23030 - In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a

CVE-2026-23029 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device

CVE-2026-23028 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device

CVE-2026-23027 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device

CVE-2026-23026 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memor

CVE-2026-23025 - In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: prevent pcp corr

CVE-2026-23024 - In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak of flow s

CVE-2026-23023 - In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_v

CVE-2026-23022 - In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_v

CVE-2026-23021 - In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory l

CVE-2026-23020 - In the Linux kernel, the following vulnerability has been resolved: net: 3com: 3c59x: fix possible

CVE-2026-23019 - In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NUL

CVE-2026-23018 - In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before init

CVE-2026-23017 - In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the

CVE-2026-23016 - In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conn

CVE-2026-23015 - In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak

CVE-2025-71191 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device

CVE-2025-71190 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix de

CVE-2025-71189 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF n

CVE-2025-71188 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix

CVE-2025-71187 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix dev

CVE-2025-71186 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix d

CVE-2025-71185 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fi

CVE-2025-71184 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on

CVE-2025-71183 - In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflictin

CVE-2025-71182 - In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_

CVE-2025-71181 - In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock()

CVE-2025-71180 - In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IR

CVE-2026-1251 - The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to I

CVE-2026-0683 - The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to S

CVE-2026-1431 - The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a miss

CVE-2025-15525 - The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to u

CVE-2025-15510 - The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due

CVE-2026-25156 - HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 deliver

CVE-2020-37057 - Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows at

CVE-2020-37056 - Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to b

CVE-2020-37054 - Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to uplo

CVE-2020-37053 - Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to le

CVE-2020-37052 - AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unaut

CVE-2020-37051 - Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form

CVE-2020-37050 - Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary

CVE-2020-37049 - Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that

CVE-2020-37046 - Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability

CVE-2020-37044 - OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoi

CVE-2020-37043 - 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to by

CVE-2020-37042 - Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer'

CVE-2020-37041 - OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthen

CVE-2020-37040 - Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute ar

CVE-2020-37039 - Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the applicati

CVE-2020-37038 - Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the appl

CVE-2020-37036 - RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that al

CVE-2020-37035 - e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that

CVE-2020-37034 - HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to downl

CVE-2020-37033 - Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate

CVE-2020-37032 - Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console th

CVE-2020-37031 - Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to

CVE-2020-37029 - FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that al

CVE-2020-37028 - Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability i

CVE-2020-37027 - Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attack

CVE-2020-37026 - Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable

CVE-2020-37025 - Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to

CVE-2020-37024 - Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code regist

CVE-2020-37023 - Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass

CVE-2019-25232 - NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP fie

CVE-2026-25154 - LocalSend is a free, open-source app that allows users to share files and messages with nearby devic

CVE-2026-25153 - Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node p

CVE-2026-25152 - Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node p

CVE-2026-1705 - A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the fu

CVE-2025-36442 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.

CVE-2025-36428 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.

CVE-2025-36427 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a deni

CVE-2025-36424 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a deni

CVE-2025-36423 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a loca

CVE-2025-36407 - IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE

CVE-2025-36387 - IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an aut

CVE-2025-36384 - IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate the

CVE-2025-36366 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a deni

CVE-2025-36365 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.

CVE-2025-36353 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.

CVE-2025-36184 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an ins

CVE-2025-36123 - IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.

CVE-2025-36098 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.

CVE-2025-36070 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.

CVE-2025-36009 - IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user

CVE-2025-36001 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.

CVE-2025-2668 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a

CVE-2026-25141 - Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specificat

CVE-2026-25130 - Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the C

CVE-2026-25129 - PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11

CVE-2026-1723 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi

CVE-2025-24293 - # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to pre

CVE-2026-23835 - LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feat

CVE-2025-11175 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La

CVE-2025-69662 - SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive infor

CVE-2025-62349 - Salt contains an authentication protocol version downgrade weakness that can allow a malicious minio

CVE-2025-62348 - Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML p

CVE-2025-51958 - aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute

CVE-2024-9432 - Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedd

CVE-2026-1702 - A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an

CVE-2026-1701 - A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue

CVE-2025-15497 - Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authentic

CVE-2026-1700 - A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerab

CVE-2026-1691 - A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSy

CVE-2026-1690 - A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function s

CVE-2026-1689 - A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element

CVE-2020-37060 - Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configurat

CVE-2020-37059 - Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileg

CVE-2020-37058 - Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows se

CVE-2020-37030 - Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to pot

CVE-2020-37022 - OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's n

CVE-2020-37019 - Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attacke

CVE-2020-37014 - Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input t

CVE-2020-37003 - Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your

CVE-2020-36998 - Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in m

CVE-2020-36996 - PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page tha

CVE-2020-36966 - Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization set

CVE-2026-25128 - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object wi

CVE-2026-25050 - Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the `NativeAuthenticat

CVE-2026-24855 - ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Si

CVE-2026-24854 - ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoi

CVE-2026-1688 - A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affe

CVE-2026-1687 - A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unk

CVE-2026-1686 - A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function se

CVE-2025-7964 - After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network le

CVE-2025-4686 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-1685 - A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function su

CVE-2026-1684 - A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleR

CVE-2024-4027 - A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameter

CVE-2026-1683 - A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the fun

CVE-2026-1682 - A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationRele

CVE-2025-9226 - Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected

CVE-2025-6723 - Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive defaul

CVE-2026-1498 - An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacke

CVE-2025-13176 - Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.

CVE-2026-22626 - Due to insufficient input parameter validation on the interface, authenticated users of certain HIKS