CVE-2026-4999 - A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128ee

CVE-2026-4998 - A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the f

CVE-2026-4997 - A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function i

CVE-2026-4996 - A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the fu

CVE-2026-2595 - The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2018-25225 - SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated atta

CVE-2018-25224 - PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated atta

CVE-2018-25223 - Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to e

CVE-2018-25222 - SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute

CVE-2018-25221 - EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remot

CVE-2018-25220 - Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute ar

CVE-2017-20229 - MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers t

CVE-2017-20228 - Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attack

CVE-2017-20227 - JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability tha

CVE-2017-20226 - Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to ex

CVE-2017-20225 - TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to e

CVE-2016-20049 - JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attacke

CVE-2016-20048 - iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to exe

CVE-2016-20047 - EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling

CVE-2016-20046 - zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handli

CVE-2016-20045 - HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers t

CVE-2016-20044 - PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execut

CVE-2016-20043 - NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers t

CVE-2016-20042 - TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arb

CVE-2016-20041 - Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the appli

CVE-2016-20040 - TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that

CVE-2016-20039 - Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma paramete

CVE-2016-20038 - yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to e

CVE-2016-20037 - xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local at

CVE-2026-4995 - A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unkno

CVE-2025-9497 - Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual

CVE-2026-4994 - A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_excep

CVE-2026-4993 - A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function o

CVE-2026-2442 - The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Im

CVE-2026-23399 - In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix poss

CVE-2026-1307 - The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to

CVE-2025-15445 - The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without n

CVE-2025-12886 - The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up

CVE-2026-4987 - The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulne

CVE-2026-1679 - The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking

CVE-2026-4992 - A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of

CVE-2026-4991 - A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element

CVE-2026-4248 - The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all vers

CVE-2026-33996 - LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK

CVE-2026-33994 - Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starti

CVE-2026-33993 - Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior

CVE-2026-33992 - pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97,

CVE-2026-33991 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sis

CVE-2026-33936 - The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with s

CVE-2026-4990 - A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unkn

CVE-2026-4988 - A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/

CVE-2026-4985 - A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function c

CVE-2026-34226 - Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Vers

CVE-2026-33989 - Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@m

CVE-2026-33981 - changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:`

CVE-2026-33980 - Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants t

CVE-2026-33979 - Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body

CVE-2026-33976 - Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a

CVE-2026-33955 - Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulne

CVE-2026-33954 - LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private not

CVE-2026-33953 - LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requ

CVE-2026-33946 - MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to versi

CVE-2026-33943 - Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In v

CVE-2026-33941 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33940 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33939 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-27309 - Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that

CVE-2019-25652 - UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certi

CVE-2019-25651 - Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC

CVE-2026-4976 - A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the fu

CVE-2026-34046 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.

CVE-2026-33938 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33937 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33916 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33907 - Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing

CVE-2026-33906 - Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager rol

CVE-2026-33904 - Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF'

CVE-2026-33903 - Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing

CVE-2026-33896 - Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip

CVE-2026-33895 - Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip

CVE-2026-33894 - Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip

CVE-2026-33891 - Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip

CVE-2026-33887 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33886 - Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 an

CVE-2026-33885 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33884 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33883 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33882 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33881 - Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows an

CVE-2026-33879 - Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated tra

CVE-2026-33875 - Gematik Authenticator securely authenticates users for login to digital health applications. Version

CVE-2026-33874 - Gematik Authenticator securely authenticates users for login to digital health applications. Startin

CVE-2026-33873 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.

CVE-2026-32187 - Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

CVE-2026-4975 - A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of th

CVE-2026-4974 - A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTim

CVE-2026-4973 - A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulner

CVE-2026-4972 - A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affect

CVE-2026-4971 - A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown

CVE-2026-34475 - Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url sce

CVE-2026-34391 - Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows

CVE-2026-34389 - Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the us

CVE-2026-34388 - Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability

CVE-2026-34205 - Home Assistant is open source home automation software that puts local control and privacy first. Ho

CVE-2026-33872 - elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prio

CVE-2026-33871 - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F

CVE-2026-33870 - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F

CVE-2026-33869 - Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x

CVE-2026-33868 - Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8,

CVE-2026-33765 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-33739 - FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.

CVE-2026-33654 - nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerabili

CVE-2026-33045 - Home Assistant is open source home automation software that puts local control and privacy first. St

CVE-2026-33044 - Home Assistant is open source home automation software that puts local control and privacy first. St

CVE-2026-32241 - Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an

CVE-2026-31951 - LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user

CVE-2026-31950 - LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the

CVE-2026-31945 - LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerab

CVE-2026-31943 - LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `p

CVE-2026-4970 - A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unk

CVE-2026-4969 - A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is

CVE-2026-34387 - Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability

CVE-2026-34386 - Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in F

CVE-2026-34385 - Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulne

CVE-2026-34375 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet St

CVE-2026-34374 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedu

CVE-2026-34369 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_vid

CVE-2026-29180 - Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerabil

CVE-2026-26061 - Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthent

CVE-2026-26060 - Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s passwor

CVE-2025-15612 - Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is

CVE-2026-4968 - A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown f

CVE-2026-4966 - A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown func

CVE-2026-4965 - A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type

CVE-2026-34368 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `transferBal

CVE-2026-34364 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.

CVE-2026-30568 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30567 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2025-15617 - Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that al

CVE-2026-4964 - A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the

CVE-2026-4963 - A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function eval

CVE-2026-4962 - A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknow

CVE-2026-4961 - A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the funct

CVE-2026-4960 - A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle o

CVE-2026-34411 - Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentic

CVE-2026-34362 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `verifyToken

CVE-2026-34247 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Live

CVE-2026-34245 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Play

CVE-2026-33867 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows co

CVE-2026-33770 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `fixCleanTit

CVE-2026-33767 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like

CVE-2026-30576 - A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in th

CVE-2026-30575 - A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in th

CVE-2026-30574 - A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in th

CVE-2026-30571 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30570 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-30569 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy

CVE-2026-28369 - A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line sta

CVE-2026-28368 - A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially cra

CVE-2026-28367 - A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` a

CVE-2025-15616 - Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and

CVE-2025-15615 - Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper res

CVE-2025-15381 - In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment

CVE-2026-4959 - A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file

CVE-2026-4958 - A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_co

CVE-2026-32984 - Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corr

CVE-2026-32983 - Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper res

CVE-2026-30534 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/man

CVE-2026-30533 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin

CVE-2026-30532 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin

CVE-2026-30531 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actio

CVE-2026-30530 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actio

CVE-2026-30529 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actio

CVE-2026-30527 - A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering Syst

CVE-2026-30302 - The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, r

CVE-2023-7340 - Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corr

CVE-2026-5027 - The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form

CVE-2026-5026 - The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml'

CVE-2026-5025 - The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the

CVE-2026-5022 - The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or aut

CVE-2026-5010 - A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerabi

CVE-2026-4984 - The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twili

CVE-2026-4980 - A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.

CVE-2026-4957 - A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.

CVE-2026-4956 - A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected ele

CVE-2026-4955 - A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unk

CVE-2026-4954 - A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function li

CVE-2026-4953 - A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchIm

CVE-2026-33766 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, `isSSRFSafeURL()

CVE-2026-33764 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's

CVE-2026-33763 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_vid

CVE-2026-33761 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, three `list.json

CVE-2026-33759 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pla

CVE-2026-33758 - OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao

CVE-2026-33757 - OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao

CVE-2026-33755 - Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions

CVE-2026-33750 - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior

CVE-2026-33748 - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and

CVE-2026-33433 - Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.

CVE-2026-33284 - GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/suppor

CVE-2026-33206 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-33205 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-30689 - A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access cont

CVE-2026-30637 - Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php

CVE-2026-30407 - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by

CVE-2026-30304 - In its design for automatic terminal command execution, AI Code offers two options: Execute safe com

CVE-2026-30303 - The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, render

CVE-2026-29871 - A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9

CVE-2026-28375 - A testdata data-source can be used to trigger out-of-memory crashes in Grafana.

CVE-2026-27880 - The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cau

CVE-2026-27879 - A resample query can be used to trigger out-of-memory crashes in Grafana.

CVE-2026-27877 - When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed

CVE-2026-27876 - A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary

CVE-2026-1496 - Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for comman

CVE-2025-69988 - BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attack

CVE-2025-69986 - A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.

CVE-2025-61190 - A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within

CVE-2024-11604 - Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText

CVE-2026-32859 - ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerabi

CVE-2026-32695 - Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik

CVE-2025-13478 - Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote au

CVE-2026-4982 - A user with permission "update world" in any Venueless world is able to exfiltrate chat messages fro

CVE-2026-4340 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-4622 - OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute

CVE-2026-4621 - Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable t

CVE-2026-4620 - OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute

CVE-2026-4619 - Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any

CVE-2026-4309 - Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a s

CVE-2026-25101 - Bludit allows user's session identifier to be set before authentication. The value of this session I

CVE-2026-25100 - Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An auth

CVE-2026-25099 - Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any t

CVE-2023-7339 - Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows over

CVE-2026-3457 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-27860 - If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP au

CVE-2026-27859 - A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much C

CVE-2026-27858 - Attacker can send a specifically crafted message before authentication that causes managesieve to al

CVE-2026-27857 - Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage

CVE-2026-27856 - Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attac

CVE-2026-27855 - Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache i

CVE-2026-24031 - Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This

CVE-2026-0394 - When dovecot has been configured to use per-domain passwd files, and they are placed one path compon

CVE-2025-59032 - ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be us

CVE-2025-59031 - Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles

CVE-2025-59028 - When sending invalid base64 SASL data, login process is disconnected from the auth server, causing a

CVE-2026-4948 - A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-autho

CVE-2026-34353 - In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbit

CVE-2026-33559 - WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On

CVE-2026-33366 - Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allo

CVE-2026-33280 - Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to g

CVE-2026-32678 - Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to