CVE-2026-23956 - seroval facilitates JS value stringification, including complex structures beyond JSON.stringify cap

CVE-2026-23699 - AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vu

CVE-2025-27380 - HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an

CVE-2025-27379 - A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an au

CVE-2026-23952 - ImageMagick is free and open-source software used for editing and manipulating digital images. Versi

CVE-2026-23951 - SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the val

CVE-2026-23946 - Tendenci is an open source content management system built for non-profits, associations and cause-b

CVE-2026-23893 - openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above a

CVE-2025-27378 - AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest

CVE-2025-27377 - Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connectio

CVE-2026-23887 - Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.1

CVE-2026-23873 - hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. A

CVE-2026-1036 - The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to una

CVE-2026-24048 - Backstage is an open framework for building developer portals, and @backstage/backend-defaults provi

CVE-2026-24047 - Backstage is an open framework for building developer portals, and @backstage/cli-common provides co

CVE-2026-24046 - Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archi

CVE-2026-23996 - FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 h

CVE-2026-23990 - The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the

CVE-2026-23986 - Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier sug

CVE-2026-23968 - Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier sug

CVE-2026-23737 - seroval facilitates JS value stringification, including complex structures beyond JSON.stringify cap

CVE-2026-23736 - seroval facilitates JS value stringification, including complex structures beyond JSON.stringify cap

CVE-2026-23630 - Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23

CVE-2026-23960 - Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on

CVE-2026-23526 - CVAT is an open source interactive video and image annotation tool for computer vision. In versions

CVE-2026-23524 - Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In ver

CVE-2026-23518 - Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2

CVE-2026-23517 - Fleet is open source device management software. A broken access control issue in versions prior to

CVE-2026-23516 - CVAT is an open source interactive video and image annotation tool for computer vision. In versions

CVE-2026-23499 - Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43,

CVE-2026-22849 - Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43,

CVE-2026-22822 - External Secrets Operator reads information from a third-party service and automatically injects the

CVE-2026-22808 - fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4

CVE-2026-22807 - vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1

CVE-2026-22793 - 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client

CVE-2026-22792 - 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client

CVE-2026-22598 - ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to versio

CVE-2026-21852 - Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's proje

CVE-2025-69285 - SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior t

CVE-2026-23955 - EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer valu

CVE-2025-69209 - ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform.

CVE-2025-68141 - EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of

CVE-2025-68140 - EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the receiv

CVE-2025-68139 - EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default

CVE-2025-68138 - EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Ch

CVE-2025-68137 - EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring

CVE-2025-68136 - EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP

CVE-2025-13465 - Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omi

CVE-2025-12781 - When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the

CVE-2025-68135 - EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properl

CVE-2025-68134 - EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` functi

CVE-2025-68132 - EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in th

CVE-2026-23755 - D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in th

CVE-2026-23754 - D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in bac

CVE-2026-0834 - Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthentic

CVE-2025-69766 - Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function d

CVE-2025-69763 - Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, w

CVE-2025-69762 - Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, whi

CVE-2025-66960 - An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/g

CVE-2025-66959 - An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF deco

CVE-2021-47887 - OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc serv

CVE-2021-47886 - Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that a

CVE-2021-47884 - OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port

CVE-2021-47883 - Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that all

CVE-2021-47882 - FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration tha

CVE-2021-47880 - Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows lo

CVE-2021-47879 - eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driv

CVE-2021-47878 - eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Se

CVE-2021-47877 - GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attack

CVE-2021-47876 - GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allo

CVE-2021-47875 - GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers t

CVE-2021-47874 - VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows

CVE-2021-47873 - VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface

CVE-2021-47872 - SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php pag

CVE-2021-47871 - Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated

CVE-2021-47870 - GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerab

CVE-2021-47869 - Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Schedul

CVE-2021-47868 - WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that al

CVE-2021-47867 - WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows l

CVE-2021-47866 - WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows

CVE-2021-47865 - ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the ser

CVE-2021-47864 - OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostS

CVE-2021-47863 - MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service config

CVE-2021-47862 - Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that al

CVE-2021-47861 - Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to

CVE-2021-47860 - GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows u

CVE-2021-47859 - ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that

CVE-2021-47858 - Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'st

CVE-2021-47857 - Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitl

CVE-2021-47855 - Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes pa

CVE-2021-47854 - DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service

CVE-2021-47853 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2021-47852 - Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authent

CVE-2021-47851 - Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arb

CVE-2021-47850 - Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbi

CVE-2021-47849 - Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive s

CVE-2021-47848 - Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass l

CVE-2021-47846 - Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting

CVE-2021-47830 - GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerabilit

CVE-2021-47817 - OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to

CVE-2021-47802 - Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that all

CVE-2021-47778 - GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authentic

CVE-2021-47770 - OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with

CVE-2021-47748 - Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute

CVE-2021-47746 - NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative

CVE-2026-20109 - Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Ente

CVE-2026-20092 - A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow

CVE-2026-20080 - A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could al

CVE-2026-20055 - Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Ente

CVE-2026-20045 - A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications M

CVE-2025-70648 - Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the

CVE-2025-70646 - Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the su

CVE-2025-70644 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_6

CVE-2025-57681 - The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and bef

CVE-2026-1290 - Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.T

CVE-2025-70651 - Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_

CVE-2025-70650 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the

CVE-2025-70645 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the

CVE-2025-13878 - Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 v

CVE-2026-22977 - In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercop

CVE-2026-22444 - The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some AP

CVE-2026-22022 - Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin

CVE-2025-14083 - A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend s

CVE-2026-0988 - A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_

CVE-2026-0663 - Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticat

CVE-2026-24016 - The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely loa

CVE-2026-24061 - telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t

CVE-2026-22976 - In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix NULL de

CVE-2025-14559 - A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issua

CVE-2026-1035 - A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenMa

CVE-2026-24026 - Rejected reason: Not used

CVE-2026-24025 - Rejected reason: Not used

CVE-2026-24024 - Rejected reason: Not used

CVE-2026-24023 - Rejected reason: Not used

CVE-2026-24022 - Rejected reason: Not used

CVE-2026-24021 - Rejected reason: Not used

CVE-2026-24020 - Rejected reason: Not used

CVE-2025-68133 - EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust th

CVE-2025-15521 - The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulne

CVE-2026-0933 - SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages dep

CVE-2026-21990 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21989 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21988 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21987 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21986 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21985 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21984 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21983 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21982 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21981 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21980 - Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applicati

CVE-2026-21979 - Vulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion (compone

CVE-2026-21978 - Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applicat

CVE-2026-21977 - Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data L

CVE-2026-21976 - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co

CVE-2026-21975 - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec

CVE-2026-21974 - Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applica

CVE-2026-21973 - Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applica

CVE-2026-21972 - Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interfa

CVE-2026-21971 - Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P

CVE-2026-21970 - Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applica

CVE-2026-21969 - Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply

CVE-2026-21968 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported

CVE-2026-21967 - Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (componen

CVE-2026-21966 - Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Appl

CVE-2026-21965 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supp

CVE-2026-21964 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supp

CVE-2026-21963 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21962 - Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusi

CVE-2026-21961 - Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone

CVE-2026-21960 - Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java uti

CVE-2026-21959 - Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader)

CVE-2026-21957 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21956 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21955 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo

CVE-2026-21952 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported ve

CVE-2026-21951 - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Inte

CVE-2026-21950 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported

CVE-2026-21949 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported

CVE-2026-21948 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported

CVE-2026-21947 - Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracl

CVE-2026-21946 - Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run

CVE-2026-21945 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ

CVE-2026-21944 - Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply

CVE-2026-21943 - Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Scripting Admin

CVE-2026-21942 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). Supported v

CVE-2026-21941 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported

CVE-2026-21940 - Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group

CVE-2026-21939 - Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affecte

CVE-2026-21938 - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port

CVE-2026-21937 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi

CVE-2026-21936 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t

CVE-2026-21935 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported v

CVE-2026-21934 - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Push

CVE-2026-21933 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ

CVE-2026-21932 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ

CVE-2026-21931 - Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX (component: Brookstrut S

CVE-2026-21930 - Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesyst

CVE-2026-21929 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported ve

CVE-2026-21928 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported v

CVE-2026-21927 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported v

CVE-2026-21926 - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastru

CVE-2026-21925 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ

CVE-2026-21924 - Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications

CVE-2026-21923 - Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applica

CVE-2026-21922 - Vulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion (compone

CVE-2026-0865 - User-controlled header names and values containing newlines can allow injecting HTTP headers.

CVE-2026-0672 - When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTT

CVE-2025-58744 - Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Miln

CVE-2025-58743 - Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability in the Password class in C2SC

CVE-2025-58742 - Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endp

CVE-2025-58741 - Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector C

CVE-2025-58740 - The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in

CVE-2025-15367 - The poplib module, when passed a user-controlled command, can have additional commands injected usin

CVE-2025-15366 - The imaplib module, when passed a user-controlled command, can have additional commands injected usi

CVE-2025-15282 - User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newli

CVE-2025-11468 - When folding a long comment in an email header containing exclusively unfoldable characters, the par

CVE-2026-21664 - HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerabili

CVE-2026-21663 - HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the bann

CVE-2026-21642 - HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `ban

CVE-2026-21641 - HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability

CVE-2026-21640 - HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the R

CVE-2026-21637 - A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS

CVE-2026-21636 - A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass network r

CVE-2025-66902 - An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain

CVE-2025-66692 - A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 56

CVE-2025-63648 - A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of ownto

CVE-2025-63647 - A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 33

CVE-2025-59466 - We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors b

CVE-2025-59465 - A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash b

CVE-2025-59464 - A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to

CVE-2025-57156 - NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in ownto

CVE-2025-57155 - NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server thr

CVE-2025-55132 - A flaw in Node.js's permission model allows a file's access and modification timestamps to be change

CVE-2025-55131 - A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are int

CVE-2025-55130 - A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-w

CVE-2026-0622 - Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_S

CVE-2026-1245 - A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary

CVE-2025-66803 - Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout opera

CVE-2025-56005 - An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Exec

CVE-2025-67263 - Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerabil

CVE-2025-67261 - Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulne

CVE-2025-55423 - A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router mode

CVE-2025-33233 - NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could ca

CVE-2025-33231 - NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanis

CVE-2025-33230 - NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker co

CVE-2025-33229 - NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker

CVE-2025-33228 - NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could ca

CVE-2025-67824 - The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 a

CVE-2025-65482 - An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attacker