CVE-2026-22625 - Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive

CVE-2026-22624 - Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate

CVE-2026-22623 - Due to insufficient input parameter validation on the interface, authenticated users of certain HIKS

CVE-2026-0709 - Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insuf

CVE-2025-26385 - Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements us

CVE-2026-1699 - In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml u

CVE-2026-22277 - Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements u

CVE-2026-21418 - Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements us

CVE-2025-1395 - Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation an

CVE-2026-25211 - Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initializ

CVE-2026-25210 - In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize

CVE-2026-1680 - Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Servic

CVE-2026-0963 - An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Contro

CVE-2026-0805 - An input neutralization vulnerability in the Backup Configuration component of Crafty Controller all

CVE-2025-12899 - A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified

CVE-2026-25097 - Rejected reason: Not used

CVE-2026-25096 - Rejected reason: Not used

CVE-2026-25095 - Rejected reason: Not used

CVE-2026-25094 - Rejected reason: Not used

CVE-2026-25093 - Rejected reason: Not used

CVE-2026-25092 - Rejected reason: Not used

CVE-2026-25091 - Rejected reason: Not used

CVE-2026-25090 - Rejected reason: Not used

CVE-2026-24729 - An unrestricted upload of file with dangerous type vulnerability in the file upload function of Inte

CVE-2026-24728 - A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of I

CVE-2026-24714 - Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic pack

CVE-2025-15322 - Tanium addressed an improper access controls vulnerability in Tanium Server.

CVE-2026-1638 - A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element

CVE-2026-1665 - A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. Th

CVE-2026-1637 - A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromA

CVE-2026-25126 - PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote AP

CVE-2026-25117 - pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5ab

CVE-2026-25116 - Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2,

CVE-2026-25063 - gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerabi

CVE-2026-25061 - tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.

CVE-2026-25047 - deepHas provides a test for the existence of a nested object key and optionally returns that key. A

CVE-2026-25046 - Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applicati

CVE-2026-25040 - Budibase is a low code platform for creating internal tools, workflows, and admin panels. In version

CVE-2026-24905 - Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubern

CVE-2026-24904 - TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In

CVE-2026-24902 - TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private networ

CVE-2026-24846 - malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Sta

CVE-2026-24845 - malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Sta

CVE-2026-1625 - A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_425

CVE-2026-1624 - A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unk

CVE-2026-1340 - A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem

CVE-2026-1281 - A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem

CVE-2026-1623 - A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW

CVE-2025-15288 - Tanium addressed an improper access controls vulnerability in Interact.

CVE-2026-25068 - alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based

CVE-2026-24687 - Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's pos

CVE-2026-22806 - vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and c

CVE-2025-69929 - An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate priv

CVE-2025-69604 - An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default

CVE-2025-69516 - A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint

CVE-2025-63658 - A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984

CVE-2025-63657 - An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f3

CVE-2025-63656 - An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e9

CVE-2025-63655 - A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commi

CVE-2025-63653 - An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37

CVE-2025-63652 - A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984

CVE-2025-63651 - A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e98

CVE-2025-63650 - An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e98

CVE-2025-63649 - An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parse

CVE-2025-15550 - birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endp

CVE-2025-15549 - FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated admini

CVE-2026-1610 - A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknow

CVE-2026-1601 - A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function s

CVE-2026-1457 - An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, ma

CVE-2026-1453 - A missing authentication for critical function vulnerability in KiloView Encoder Series could allow

CVE-2025-69749 - Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.

CVE-2025-15548 - Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to

CVE-2025-15543 - Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expos

CVE-2025-15542 - Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to f

CVE-2025-15541 - Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to

CVE-2025-13399 - A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent att

CVE-2026-24780 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig

CVE-2026-24414 - The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration

CVE-2026-24413 - Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.1

CVE-2026-24054 - Kata Containers is an open source project focusing on a standard implementation of lightweight Virtu

CVE-2026-23896 - immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0

CVE-2026-1600 - A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 202601

CVE-2026-1599 - A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 202601

CVE-2026-1598 - A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. I

CVE-2025-45160 - A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a fi

CVE-2025-15545 - The backup restore function does not properly validate unexpected or unrecognized tags within the ba

CVE-2026-1597 - A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown pr

CVE-2026-1596 - A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920

CVE-2026-1595 - A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown

CVE-2026-0936 - An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior t

CVE-2025-71011 - An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_

CVE-2025-62514 - Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.

CVE-2025-13905 - CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation t

CVE-2026-1594 - A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected b

CVE-2026-1593 - A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulne

CVE-2026-1590 - A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown

CVE-2026-1589 - A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown

CVE-2025-7714 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-7713 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-71009 - An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 a

CVE-2025-71008 - A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_dif

CVE-2020-37021 - 10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services

CVE-2020-37020 - SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain

CVE-2020-37018 - GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated ag

CVE-2020-37017 - CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentiall

CVE-2020-37016 - BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to exe

CVE-2020-37015 - Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows u

CVE-2020-37013 - Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and regist

CVE-2020-37012 - Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers t

CVE-2020-37011 - Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger

CVE-2020-37010 - BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input

CVE-2020-37009 - MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that al

CVE-2020-37008 - EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to mani

CVE-2020-37007 - Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate us

CVE-2020-37006 - berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows rem

CVE-2020-37005 - TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows

CVE-2020-37004 - Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows atta

CVE-2020-37002 - Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execut

CVE-2020-37001 - Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File featur

CVE-2020-37000 - Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers t

CVE-2020-36999 - Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the

CVE-2020-36997 - BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Stru

CVE-2020-36995 - Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to cr

CVE-2020-36994 - QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input fi

CVE-2026-1616 - The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (O

CVE-2026-1588 - A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function insta

CVE-2025-7014 - Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking

CVE-2025-7013 - Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Men

CVE-2026-1587 - A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11

CVE-2026-1586 - A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogs_gtp2_f_teid_to_ip of the

CVE-2026-1469 - Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vulnerability allows an attacker t

CVE-2025-7016 - Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd

CVE-2025-7015 - Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Me

CVE-2026-22764 - Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vuln

CVE-2026-23571 - A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically wit

CVE-2026-23570 - A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Co

CVE-2026-23569 - An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distri

CVE-2026-23568 - An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distri

CVE-2026-23567 - An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Co

CVE-2026-23566 - A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBra

CVE-2026-23565 - A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBra

CVE-2026-23564 - A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBra

CVE-2026-23563 - Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath ins

CVE-2026-1188 - In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual

CVE-2025-14975 - The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset

CVE-2026-25067 - SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vuln

CVE-2025-55704 - Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may a

CVE-2025-53869 - Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, w

CVE-2026-1552 - A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of

CVE-2026-1551 - A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown

CVE-2025-15344 - Tanium addressed a SQL injection vulnerability in Asset.

CVE-2026-24897 - Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticat

CVE-2026-1550 - A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this i

CVE-2026-1549 - A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an

CVE-2026-1548 - A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUs

CVE-2026-24889 - soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes:

CVE-2026-24888 - Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to

CVE-2026-24857 - `bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`

CVE-2026-1547 - A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserD

CVE-2026-1546 - A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is t

CVE-2026-1545 - A weakness has been identified in itsourcecode School Management System 1.0. The affected element is

CVE-2026-1544 - A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 o

CVE-2026-24856 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-24835 - Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentic

CVE-2026-24769 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-

CVE-2026-24768 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated

CVE-2026-24767 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-

CVE-2026-24766 - NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticate

CVE-2026-24742 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2026-24739 - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Pr

CVE-2026-23743 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2026-1535 - A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an u

CVE-2026-1534 - A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown funct

CVE-2026-1533 - A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is

CVE-2026-1532 - A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uplo

CVE-2025-71007 - An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attack

CVE-2025-71006 - A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers

CVE-2025-71005 - A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to

CVE-2025-71004 - A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to c

CVE-2025-71003 - An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers

CVE-2026-21865 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2025-71002 - A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attacke

CVE-2025-69289 - Discourse is an open source discussion platform. A privilege escalation vulnerability in versions pr

CVE-2025-69218 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2025-68934 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2025-68933 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2025-68666 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2025-68662 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2025-68119 - Downloading and building modules with malicious version strings can cause local code execution. On s

CVE-2025-61731 - Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file wit

CVE-2025-61730 - During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level bou

CVE-2025-61728 - archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file i

CVE-2025-61726 - The net/url package does not set a limit on the number of query parameters in a query. While the max

CVE-2025-46691 - Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control v

CVE-2025-14840 - Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager all

CVE-2025-14472 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Reque

CVE-2025-13986 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page

CVE-2025-13985 - Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue aff

CVE-2025-13984 - Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allow

CVE-2025-13983 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2025-13982 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site R

CVE-2025-13981 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2025-13980 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium

CVE-2025-13979 - Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue

CVE-2023-37525 - A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files

CVE-2026-24775 - OpenProject is an open-source, web-based project management software. In the new editor for collabor

CVE-2026-24772 - OpenProject is an open-source, web-based project management software. To enable the real time collab

CVE-2026-0750 - Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Comm

CVE-2026-0749 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-71001 - A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to ca

CVE-2025-69602 - A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application do

CVE-2025-69601 - A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v4

CVE-2025-68660 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2025-68659 - Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and

CVE-2025-68479 - Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, a

CVE-2025-67723 - Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and

CVE-2025-66488 - Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4,

CVE-2022-40620 - FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not prop

CVE-2022-40619 - FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HT

CVE-2025-71000 - An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial

CVE-2025-70999 - A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0

CVE-2025-65891 - A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (D

CVE-2025-57796 - Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded stati

CVE-2025-57795 - Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerabilit

CVE-2025-57794 - Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerabi

CVE-2025-57793 - Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficien

CVE-2025-57792 - Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficien

CVE-2025-46316 - An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.

CVE-2025-46306 - The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and

CVE-2025-33237 - NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL p

CVE-2025-33220 - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest co

CVE-2025-33219 - NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attack

CVE-2025-33218 - NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy

CVE-2025-33217 - NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use aft

CVE-2020-36973 - PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users

CVE-2020-36972 - SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the detai

CVE-2020-36971 - Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the lice

CVE-2020-36970 - PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read a

CVE-2020-36969 - M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modif

CVE-2020-36968 - M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrie

CVE-2020-36967 - Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file

CVE-2020-36965 - docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that al

CVE-2020-36964 - YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP servi

CVE-2020-36963 - Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that

CVE-2020-36962 - Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field tha

CVE-2020-36961 - 10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception hand

CVE-2020-36945 - WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenti

CVE-2020-36944 - ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allow

CVE-2020-36943 - aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash th

CVE-2026-24685 - OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 1