CVE-2026-1536 - A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition heade

CVE-2025-70336 - A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.

CVE-2025-69517 - An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticate

CVE-2025-61140 - The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

CVE-2025-58150 - Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Som

CVE-2025-57283 - The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs

CVE-2026-23014 - In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is

CVE-2026-1521 - A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handl

CVE-2026-1520 - A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown func

CVE-2026-1237 - Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or ex

CVE-2026-1060 - The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions

CVE-2025-14795 - The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2026-1056 - The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insuffici

CVE-2025-14865 - The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross

CVE-2020-36993 - LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functional

CVE-2020-36992 - Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allow

CVE-2020-36991 - ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potenti

CVE-2020-36990 - Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configur

CVE-2020-36989 - ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows

CVE-2020-36988 - PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that

CVE-2020-36987 - Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe

CVE-2020-36986 - Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially ex

CVE-2020-36985 - IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configura

CVE-2020-36984 - EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local

CVE-2026-1399 - The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2026-1398 - The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u

CVE-2026-1391 - The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in a

CVE-2026-1380 - The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2026-1377 - The imwptip plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,

CVE-2026-1280 - The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a m

CVE-2026-0844 - The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions

CVE-2026-0483 - Stored Cross-Site Scripting (XSS) vulnerability in the PDF file upload functionality of Live Helper

CVE-2025-59901 - Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_dir

CVE-2025-59900 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe

CVE-2025-59899 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe

CVE-2025-59898 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe

CVE-2025-59897 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe

CVE-2025-59896 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe

CVE-2025-59895 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of

CVE-2025-59894 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P

CVE-2025-59893 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P

CVE-2025-59892 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P

CVE-2025-59891 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P

CVE-2025-26386 - Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. Th

CVE-2025-15511 - The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a mis

CVE-2025-14616 - The Recooty – Job Widget (Old Dashboard) plugin for WordPress is vulnerable to Cross-Site Request Fo

CVE-2025-14386 - The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization p

CVE-2025-14283 - The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Temp

CVE-2025-14063 - The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via

CVE-2025-41351 - Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud s

CVE-2026-1400 - The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arb

CVE-2026-1381 - The Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress is vulnerable to Stored

CVE-2026-1053 - The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2026-0702 - The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL

CVE-2025-7740 - Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authen

CVE-2026-1389 - The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable

CVE-2026-1054 - The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to,

CVE-2026-0818 - When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded

CVE-2025-40554 - SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that,

CVE-2025-40553 - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil

CVE-2025-40552 - SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that

CVE-2025-40551 - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil

CVE-2025-40537 - SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that,

CVE-2025-40536 - SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that

CVE-2026-1466 - Jirafeau normally prevents browser preview for text files due to the possibility that for example SV

CVE-2026-1310 - The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all

CVE-2026-1295 - The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Sit

CVE-2026-1244 - The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-0832 - The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modificat

CVE-2026-0825 - The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to auth

CVE-2025-9082 - The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2025-14039 - The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_simple_

CVE-2025-12709 - The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulner

CVE-2026-1298 - The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions u

CVE-2026-1083 - The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-S

CVE-2025-8072 - The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2025-14610 - The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in a

CVE-2025-13471 - The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in

CVE-2026-24867 - Rejected reason: Not used

CVE-2026-24866 - Rejected reason: Not used

CVE-2026-24865 - Rejected reason: Not used

CVE-2026-24864 - Rejected reason: Not used

CVE-2026-24863 - Rejected reason: Not used

CVE-2026-24862 - Rejected reason: Not used

CVE-2026-24861 - Rejected reason: Not used

CVE-2026-24860 - Rejected reason: Not used

CVE-2026-24859 - Rejected reason: Not used

CVE-2026-1514 - Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulne

CVE-2026-1506 - A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /

CVE-2026-1513 - billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper saniti

CVE-2026-1505 - A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the

CVE-2026-24852 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-24850 - The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML

CVE-2026-24842 - node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security c

CVE-2026-24841 - Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critic

CVE-2026-24840 - Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardco

CVE-2026-24839 - Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokp

CVE-2026-24838 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-21569 - This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0

CVE-2026-24837 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-24836 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-24833 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-24785 - Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-q

CVE-2026-24784 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e

CVE-2026-24134 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prio

CVE-2026-23830 - SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnera

CVE-2025-67645 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2025-55292 - Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Nod

CVE-2025-54373 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-24910 - In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by

CVE-2026-24909 - vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extrac

CVE-2026-24783 - soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0

CVE-2026-24779 - vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a

CVE-2026-24778 - Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.

CVE-2026-24770 - RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibl

CVE-2026-24765 - PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.

CVE-2026-24748 - Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and

CVE-2026-24747 - PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerabili

CVE-2026-24741 - ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the `POST /delete` endp

CVE-2026-24740 - Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s ag

CVE-2026-24738 - gmrtd is a Go library for reading Machine Readable Travel Documents (MRTDs). Prior to version 0.17.2

CVE-2026-24736 - Squidex is an open source headless content management system and content management hub. Versions of

CVE-2026-1504 - Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowe

CVE-2025-21589 - An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Sessio

CVE-2026-24858 - An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in

CVE-2026-24771 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to versi

CVE-2026-24688 - pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulne

CVE-2026-24473 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to versi

CVE-2026-24472 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to versi

CVE-2025-14988 - A security issue has been identified in ibaPDA that could allow unauthorized actions on the file sys

CVE-2025-12810 - Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation m

CVE-2026-24883 - In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with

CVE-2026-24882 - In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PK

CVE-2026-24881 - In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped s

CVE-2026-24398 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to versi

CVE-2026-24116 - Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.

CVE-2026-23892 - OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to an

CVE-2026-22264 - Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned intege

CVE-2026-22263 - Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3,

CVE-2026-22262 - Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prep

CVE-2026-22261 - Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficie

CVE-2026-0746 - The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up t

CVE-2020-36983 - Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local atta

CVE-2020-36982 - Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperServi

CVE-2020-36981 - Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service tha

CVE-2020-36980 - SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service conf

CVE-2020-36979 - Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Wi

CVE-2020-36978 - Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in

CVE-2020-36977 - Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationS

CVE-2020-36976 - Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its serv

CVE-2020-36975 - EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local

CVE-2020-36974 - Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local

CVE-2026-23593 - A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could

CVE-2026-23592 - Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allo

CVE-2026-22260 - Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3,

CVE-2026-1315 - By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device t

CVE-2026-0919 - The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an exce

CVE-2026-0918 - The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing

CVE-2025-33234 - NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful ex

CVE-2025-14911 - User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed Grid

CVE-2026-23881 - Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1

CVE-2026-22259 - Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted

CVE-2026-22258 - Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC tr

CVE-2026-22039 - Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1

CVE-2026-1483 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1482 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1481 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1480 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1479 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1478 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1477 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1476 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1475 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1474 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1473 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-1472 - An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluatio

CVE-2026-0705 - Local privilege escalation due to insecure folder permissions. The following products are affected:

CVE-2025-69564 - code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php

CVE-2025-69563 - code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via t

CVE-2025-69562 - code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php

CVE-2025-69559 - code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php.

CVE-2025-65264 - The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via

CVE-2026-24875 - Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.

CVE-2026-24874 - Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-m

CVE-2026-24873 - Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-

CVE-2026-24872 - improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire

CVE-2026-24871 - Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233 Minecraft-R

CVE-2026-24870 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stc

CVE-2026-24869 - Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox <

CVE-2026-24868 - Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.

CVE-2026-24832 - Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop:

CVE-2026-24831 - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.T

CVE-2026-22796 - Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7

CVE-2026-22795 - Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malf

CVE-2026-0648 - The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in t

CVE-2025-69565 - code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php.

CVE-2025-69421 - Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKC

CVE-2025-69420 - Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code whe

CVE-2025-69419 - Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with

CVE-2025-69418 - Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerate

CVE-2025-68670 - xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffe

CVE-2025-68160 - Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter whe

CVE-2025-66199 - Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large

CVE-2025-55102 - A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX

CVE-2025-55095 - The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB ma

CVE-2025-28164 - Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of s

CVE-2025-28162 - Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of s

CVE-2025-15469 - Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using

CVE-2025-15468 - Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or s

CVE-2025-15467 - Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD

CVE-2025-11187 - Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-b

CVE-2021-47902 - Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attacke

CVE-2021-47901 - Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows

CVE-2021-47900 - Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthent

CVE-2020-36951 - Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface t

CVE-2020-36950 - Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to cra

CVE-2020-36949 - TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that

CVE-2020-36948 - VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote att

CVE-2020-36947 - LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endp

CVE-2020-36946 - SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remo

CVE-2020-36942 - Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malici

CVE-2020-36941 - Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formu

CVE-2020-36940 - Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input

CVE-2020-36939 - Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attacke

CVE-2020-36938 - WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated use

CVE-2026-1489 - A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implement

CVE-2026-1470 - n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluat

CVE-2026-1485 - A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs be

CVE-2026-1484 - A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to i

CVE-2026-1213 - All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user

CVE-2025-41728 - A low privileged remote attacker may be able to disclose confidential information from the memory of

CVE-2025-41727 - A local low privileged attacker can bypass the authentication of the Device Manager user interface,

CVE-2025-41726 - A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to th

CVE-2025-12387 - A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger

CVE-2025-12386 - Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo.

CVE-2026-24830 - Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23

CVE-2026-24829 - Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affe

CVE-2026-24828 - Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue a

CVE-2026-24827 - Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius:

CVE-2026-24826 - Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of

CVE-2026-24348 - Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow

CVE-2026-24347 - Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manip

CVE-2026-24346 - Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attack

CVE-2026-24345 - Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypa

CVE-2026-21417 - Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Pass

CVE-2026-1467 - A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Ret

CVE-2026-24825 - Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/y

CVE-2026-24824 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-24823 - Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerab

CVE-2026-24822 - Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). Th