CVE-2025-13952 - A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler p

CVE-2026-24421 - phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization

CVE-2026-24412 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24411 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24410 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24409 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24401 - Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protoco

CVE-2026-24407 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24406 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24405 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24404 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24403 - iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color manag

CVE-2026-24402 - Rejected reason: GitHub cannot issue a CVE for this Security Advisory because this advisory includes

CVE-2026-24399 - ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accept

CVE-2026-22586 - Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, For

CVE-2026-22585 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagem

CVE-2026-22583 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in

CVE-2026-22582 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in

CVE-2026-24474 - Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit

CVE-2026-24140 - MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below

CVE-2026-24139 - MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below

CVE-2026-24136 - Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.

CVE-2026-24128 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of

CVE-2026-24127 - Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A ref

CVE-2026-0991 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-12780 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-70458 - A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within dom

CVE-2025-70457 - A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 w

CVE-2026-1386 - A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and ear

CVE-2025-52026 - An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Ap

CVE-2025-52025 - An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms

CVE-2025-52024 - A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes

CVE-2025-52023 - A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated r

CVE-2025-52022 - A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticat

CVE-2025-67264 - An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note5

CVE-2026-21867 - Rejected reason: Reason: This candidate was issued in error.

CVE-2025-70986 - Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to

CVE-2025-70985 - Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arb

CVE-2025-70983 - Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-

CVE-2025-14947 - The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data

CVE-2026-24423 - SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executi

CVE-2026-1299 - The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email

CVE-2025-71177 - LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability

CVE-2025-67231 - A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers t

CVE-2025-67230 - Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows at

CVE-2025-67229 - An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerabil

CVE-2022-25369 - An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user wi

CVE-2021-47906 - BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text paramet

CVE-2021-47905 - MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion

CVE-2021-47904 - PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allow

CVE-2021-47903 - LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in

CVE-2021-47899 - YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows

CVE-2021-47898 - Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service ru

CVE-2021-47897 - PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of

CVE-2021-47896 - PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDis

CVE-2021-47895 - Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the appl

CVE-2021-47894 - Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attac

CVE-2021-47893 - AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature t

CVE-2021-47892 - PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special

CVE-2021-47891 - Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to se

CVE-2021-47890 - LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service runnin

CVE-2021-47889 - Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellCheck

CVE-2021-47888 - Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability tha

CVE-2021-47881 - dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allo

CVE-2018-25132 - MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers

CVE-2018-25116 - MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text i

CVE-2026-22995 - In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ubl

CVE-2026-22994 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak i

CVE-2026-22993 - In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issu

CVE-2026-22992 - In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler err

CVE-2026-22991 - In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_m

CVE-2026-22990 - In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BU

CVE-2026-22989 - In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is runn

CVE-2026-22988 - In the Linux kernel, the following vulnerability has been resolved: arp: do not assume dev_hard_hea

CVE-2026-22987 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: avoid deref

CVE-2026-22986 - In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for

CVE-2026-22985 - In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer

CVE-2026-22984 - In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-

CVE-2026-22983 - In the Linux kernel, the following vulnerability has been resolved: net: do not write to msg_get_in

CVE-2026-22982 - In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash wh

CVE-2026-22981 - In the Linux kernel, the following vulnerability has been resolved: idpf: detach and close netdevs

CVE-2026-22980 - In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4_en

CVE-2026-22979 - In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skb_seg

CVE-2026-22978 - In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak fro

CVE-2025-71161 - In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive fo

CVE-2025-71160 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid cha

CVE-2025-71159 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warni

CVE-2025-71158 - In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is t

CVE-2025-69908 - An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumer

CVE-2025-67125 - A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging

CVE-2025-67124 - A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enable

CVE-2025-66720 - Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function

CVE-2025-66719 - An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the A

CVE-2026-24636 - Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows

CVE-2026-24635 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-24634 - Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultima

CVE-2026-24633 - Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-

CVE-2026-24632 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24631 - Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allo

CVE-2026-24630 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24629 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24627 - Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incor

CVE-2026-24626 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24625 - Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-ad

CVE-2026-24624 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-24623 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24622 - Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows E

CVE-2026-24621 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24620 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24619 - Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-int

CVE-2026-24617 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24616 - Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly

CVE-2026-24615 - Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Inc

CVE-2026-24614 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24613 - Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Ca

CVE-2026-24612 - Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorre

CVE-2026-24609 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-24608 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-24607 - Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploitin

CVE-2026-24606 - Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiti

CVE-2026-24605 - Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exp

CVE-2026-24604 - Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-co

CVE-2026-24603 - Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-

CVE-2026-24602 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. This is

CVE-2026-24601 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24600 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24599 - Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-

CVE-2026-24598 - Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows

CVE-2026-24596 - Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for Wor

CVE-2026-24595 - Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting

CVE-2026-24594 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24593 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy

CVE-2026-24591 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24589 - Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus al

CVE-2026-24588 - Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Expl

CVE-2026-24587 - Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-coun

CVE-2026-24585 - Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-p

CVE-2026-24584 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24583 - Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gat

CVE-2026-24581 - Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewar

CVE-2026-24580 - Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Ca

CVE-2026-24579 - Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-te

CVE-2026-24578 - Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change all

CVE-2026-24577 - Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting

CVE-2026-24576 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24572 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-24571 - Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting In

CVE-2026-24570 - Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Inc

CVE-2026-24569 - Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows

CVE-2026-24568 - Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly C

CVE-2026-24567 - Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allo

CVE-2026-24566 - Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Co

CVE-2026-24565 - Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion

CVE-2026-24564 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israp

CVE-2026-24563 - Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectl

CVE-2026-24562 - Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu all

CVE-2026-24561 - Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploit

CVE-2026-24560 - Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipul

CVE-2026-24559 - Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact

CVE-2026-24558 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24557 - Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetR

CVE-2026-24556 - Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly

CVE-2026-24555 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24553 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore

CVE-2026-24551 - Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exp

CVE-2026-24550 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24549 - Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site

CVE-2026-24548 - Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Ser

CVE-2026-24544 - Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly

CVE-2026-24543 - Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows E

CVE-2026-24542 - Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order all

CVE-2026-24541 - Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Ex

CVE-2026-24540 - Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive all

CVE-2026-24539 - Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rg

CVE-2026-24538 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-24536 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr

CVE-2026-24535 - Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic

CVE-2026-24534 - Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting

CVE-2026-24532 - Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & M

CVE-2026-24531 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-24530 - Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting I

CVE-2026-24529 - Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-rese

CVE-2026-24528 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24526 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24525 - Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploit

CVE-2026-24524 - Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Con

CVE-2026-24523 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (

CVE-2026-24522 - Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incor

CVE-2026-24521 - Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows

CVE-2026-0994 - A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python,

CVE-2025-71157 - In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device r

CVE-2025-71156 - In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling u

CVE-2025-71155 - In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_

CVE-2025-71154 - In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory l

CVE-2025-71153 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_f

CVE-2025-71152 - In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track o

CVE-2025-71151 - In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and informatio

CVE-2025-71150 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when i

CVE-2025-71149 - In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle

CVE-2025-71148 - In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destruct

CVE-2025-71147 - In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory lea

CVE-2025-71146 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix le

CVE-2025-69907 - An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing aut

CVE-2025-71145 - In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF d

CVE-2025-13921 - The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress i

CVE-2026-0914 - The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2025-4320 - Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password v

CVE-2025-4319 - Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forg

CVE-2025-14866 - The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions

CVE-2025-2204 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-22276 - Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains

CVE-2026-22275 - Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains

CVE-2026-22274 - Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains

CVE-2026-22273 - Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains

CVE-2025-46699 - Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Specia

CVE-2026-22271 - Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains

CVE-2026-1364 - IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated re

CVE-2026-1363 - IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, al

CVE-2026-24515 - In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user

CVE-2026-0603 - A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQ

CVE-2024-11976 - The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versio

CVE-2026-0927 - The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitr

CVE-2025-14745 - The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is

CVE-2025-14069 - The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2026-24342 - Rejected reason: Not used

CVE-2026-24341 - Rejected reason: Not used

CVE-2026-24340 - Rejected reason: Not used

CVE-2026-24339 - Rejected reason: Not used

CVE-2026-24338 - Rejected reason: Not used

CVE-2026-24337 - Rejected reason: Not used

CVE-2026-24336 - Rejected reason: Not used

CVE-2026-24335 - Rejected reason: Not used

CVE-2026-24334 - Rejected reason: Not used

CVE-2025-67847 - A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-si

CVE-2025-3839 - A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications

CVE-2025-15522 - The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for

CVE-2026-0796 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulner

CVE-2026-0795 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulner

CVE-2026-0794 - ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerabilit

CVE-2026-0793 - ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerabilit

CVE-2026-0792 - ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution V

CVE-2026-0791 - ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vul

CVE-2026-0790 - ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerab

CVE-2026-0789 - ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Di

CVE-2026-0788 - ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability

CVE-2026-0787 - ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-0786 - ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-0785 - ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerabi

CVE-2026-0784 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulner

CVE-2026-0783 - ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulner