CVE-2026-23745 - node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Lin

CVE-2026-21223 - Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to by

CVE-2026-20960 - Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a

CVE-2025-56451 - Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via t

CVE-2025-15529 - A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_ha

CVE-2025-15528 - A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown

CVE-2026-23800 - Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escala

CVE-2026-23643 - CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a c

CVE-2019-25297 - Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain

CVE-2026-23744 - MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier

CVE-2026-23742 - Skipper is an HTTP router and reverse proxy for service composition. The default skipper configurati

CVE-2026-23735 - GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable,

CVE-2026-23731 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerabl

CVE-2026-23730 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability w

CVE-2026-23729 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability w

CVE-2026-23728 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability w

CVE-2026-23727 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability w

CVE-2026-23726 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability w

CVE-2026-23725 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (X

CVE-2026-23724 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (X

CVE-2026-23723 - WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection v

CVE-2026-23722 - WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting

CVE-2026-23645 - SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a St

CVE-2026-23634 - Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configura

CVE-2025-69581 - An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes f

CVE-2012-10064 - Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in

CVE-2026-23535 - wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translatio

CVE-2026-23490 - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been fou

CVE-2025-68924 - In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka

CVE-2025-62291 - In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server

CVE-2025-61873 - Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket v

CVE-2025-48647 - In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory over

CVE-2025-15032 - Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow a

CVE-2021-47847 - Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path config

CVE-2021-47845 - Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service config

CVE-2021-47844 - Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious p

CVE-2021-47842 - StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inje

CVE-2021-47841 - SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject mali

CVE-2021-47840 - Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to sto

CVE-2021-47839 - Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject

CVE-2021-47838 - Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embe

CVE-2021-47837 - Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to

CVE-2021-47836 - Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to injec

CVE-2021-47835 - Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to stor

CVE-2021-47834 - Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticate

CVE-2021-47833 - WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe th

CVE-2021-47832 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a dupl

CVE-2021-47831 - Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the appli

CVE-2021-47829 - DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configurati

CVE-2021-47828 - BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service config

CVE-2021-47827 - WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows

CVE-2021-47826 - Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc

CVE-2021-47825 - Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local us

CVE-2021-47824 - iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the appli

CVE-2021-47823 - Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to

CVE-2021-47822 - DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configur

CVE-2021-47821 - RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the appl

CVE-2021-47820 - Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remo

CVE-2021-47818 - DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to cra

CVE-2021-47816 - Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows auth

CVE-2026-0629 - Authentication bypass in the password recovery feature of the local web interface across multiple VI

CVE-2025-51602 - mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of servic

CVE-2025-43904 - In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinato

CVE-2025-43508 - A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1.

CVE-2025-31510 - In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to

CVE-2025-31186 - A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. A

CVE-2025-24531 - In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error s

CVE-2025-24528 - In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflo

CVE-2025-24090 - A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and

CVE-2025-24089 - A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and

CVE-2024-54556 - This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPad

CVE-2024-44238 - The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1

CVE-2024-44210 - This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15

CVE-2026-23529 - Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Googl

CVE-2026-23528 - Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupy

CVE-2026-23523 - Dive is an open-source MCP Host Desktop Application that enables integration with function-calling L

CVE-2026-22782 - RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79

CVE-2026-0949 - PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that a

CVE-2025-71020 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the s

CVE-2025-70746 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the f

CVE-2025-29943 - Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the confi

CVE-2026-21625 - User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads ar

CVE-2026-21624 - Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of

CVE-2026-21623 - Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Ea

CVE-2025-68921 - SteelSeries Nahimic 3 1.10.7 allows Directory traversal.

CVE-2026-0823 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-0696 - In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnl

CVE-2026-0695 - In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail

CVE-2025-15104 - Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make th

CVE-2026-0616 - TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then b

CVE-2026-0615 - The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used

CVE-2026-0613 - The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool,

CVE-2026-0612 - The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can b

CVE-2025-14894 - Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.p

CVE-2025-14510 - Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This i

CVE-2025-14435 - Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite

CVE-2025-68675 - In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection

CVE-2025-68438 - In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_te

CVE-2025-59870 - HCL MyXalytics  is affected by improper management of a static JWT signing secret in the web applica

CVE-2025-14844 - The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authenticatio

CVE-2026-22876 - Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Cor

CVE-2026-20894 - Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by T

CVE-2026-20759 - OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by T

CVE-2026-1004 - The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Expos

CVE-2026-0913 - The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is v

CVE-2025-60021 - Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all version

CVE-2025-14822 - Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which

CVE-2025-14757 - The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Byp

CVE-2025-12007 - There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F

CVE-2025-12006 - There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F

CVE-2026-1003 - The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and i

CVE-2025-14375 - The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is

CVE-2026-0942 - The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerabl

CVE-2026-0939 - The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to

CVE-2026-0916 - The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2025-14853 - The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forge

CVE-2025-14793 - The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forge

CVE-2026-23769 - lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to impr

CVE-2026-23768 - lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbi

CVE-2026-0975 - Delta Electronics DIAView has Command Injection vulnerability.

CVE-2026-1000 - The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data mod

CVE-2026-0858 - Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored X

CVE-2025-15527 - The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, an

CVE-2025-15526 - The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all version

CVE-2025-15370 - The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vuln

CVE-2025-14982 - The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitiv

CVE-2025-14384 - The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPre

CVE-2025-12957 - The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all vers

CVE-2025-12641 - The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorizati

CVE-2026-23714 - Rejected reason: Not used

CVE-2026-23713 - Rejected reason: Not used

CVE-2026-23712 - Rejected reason: Not used

CVE-2026-23711 - Rejected reason: Not used

CVE-2026-23710 - Rejected reason: Not used

CVE-2026-23709 - Rejected reason: Not used

CVE-2026-1023 - Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing u

CVE-2026-1022 - Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing una

CVE-2026-1021 - Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, all

CVE-2026-1020 - Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, al

CVE-2026-1019 - Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, all

CVE-2026-1018 - Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allow

CVE-2025-62582 - Delta Electronics DIAView has multiple vulnerabilities.

CVE-2025-62581 - Delta Electronics DIAView has multiple vulnerabilities.

CVE-2025-65118 - The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick

CVE-2025-65117 - The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Desig

CVE-2025-64769 - The Process Optimization application suite leverages connection channels/protocols that by-default

CVE-2025-64729 - The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tampe

CVE-2025-64691 - The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tampe

CVE-2025-61943 - The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Stand

CVE-2025-61937 - The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code ex

CVE-2026-1011 - A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment end

CVE-2025-14237 - Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printe

CVE-2025-14236 - Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) w

CVE-2025-14235 - Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Pr

CVE-2025-14234 - Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*)

CVE-2025-14233 - Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Print

CVE-2025-14232 - Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Print

CVE-2025-14231 - Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Prin

CVE-2021-47815 - Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that

CVE-2021-47814 - NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the applic

CVE-2021-47813 - Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash

CVE-2021-47812 - GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbit

CVE-2021-47811 - Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remo

CVE-2021-47810 - WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that

CVE-2021-47809 - Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows servic

CVE-2021-47808 - Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration

CVE-2021-47807 - Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configura

CVE-2021-47806 - Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configurati

CVE-2021-47805 - Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configurat

CVE-2021-47804 - Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant ser

CVE-2021-47803 - iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that

CVE-2021-47801 - Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parame

CVE-2021-47800 - b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modif

CVE-2021-47798 - NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows

CVE-2021-47797 - Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash

CVE-2021-47796 - Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows un

CVE-2021-47795 - GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross

CVE-2021-47794 - ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to

CVE-2021-47793 - Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the

CVE-2021-47792 - Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to ex

CVE-2021-47791 - SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers

CVE-2021-47790 - Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to ex

CVE-2021-47789 - Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows

CVE-2021-47788 - WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users

CVE-2021-47787 - TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running

CVE-2021-47786 - Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger

CVE-2021-47785 - Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field th

CVE-2021-47783 - Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload ma

CVE-2021-47782 - Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoi

CVE-2021-47780 - Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentia

CVE-2021-47779 - Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation

CVE-2021-47756 - Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows

CVE-2020-36930 - SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configurat

CVE-2020-36929 - Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service

CVE-2020-36928 - Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service

CVE-2020-36927 - DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service

CVE-2020-36926 - SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search for

CVE-2026-22864 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to bloc

CVE-2026-22863 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finaliz

CVE-2026-22045 - Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential

CVE-2026-1012 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-1010 - A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missin

CVE-2026-1009 - A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-s

CVE-2026-1008 - A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 3

CVE-2025-68671 - lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's

CVE-2026-0915 - Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's

CVE-2025-67823 - A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.

CVE-2025-67822 - A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) throu

CVE-2023-7334 - Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an

CVE-2011-10041 - Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnera

CVE-2026-21921 - A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Jun

CVE-2026-21920 - An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series

CVE-2026-21918 - A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SR

CVE-2026-21917 - An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module o

CVE-2026-21914 - An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allow

CVE-2026-21913 - An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Junipe

CVE-2026-21912 - A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ether

CVE-2026-21911 - An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper

CVE-2026-21910 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin

CVE-2026-21909 - A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (r

CVE-2026-21908 - A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Junipe

CVE-2026-21907 - A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Ne

CVE-2026-21906 - An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) o

CVE-2026-21905 - A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer

CVE-2026-21903 - A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Network

CVE-2026-1002 - The Vert.x Web static handler component cache can be manipulated to deny the access to static files

CVE-2026-0203 - An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Network

CVE-2025-70893 - A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.

CVE-2025-70892 - Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user mana

CVE-2025-70891 - A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System

CVE-2025-70890 - A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An au

CVE-2025-67025 - Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to exe

CVE-2025-65368 - SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.

CVE-2025-60011 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon

CVE-2025-60007 - A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos

CVE-2025-60003 - A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS a

CVE-2025-59961 - An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (j

CVE-2025-59960 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (j

CVE-2025-59959 - An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Netwo

CVE-2025-52987 - A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfi

CVE-2026-23766 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with

CVE-2026-23746 - Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) ve

CVE-2026-23622 - Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_

CVE-2026-23527 - H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there

CVE-2026-23520 - Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the upd

CVE-2026-23519 - RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to

CVE-2026-23511 - ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration

CVE-2025-65349 - A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless

CVE-2025-15265 - An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key

CVE-2024-48077 - NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A craft