CVE-2025-70303 - A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denia

CVE-2025-70302 - A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause

CVE-2025-67647 - SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Pr

CVE-2025-13845 - CWE-416: Use After Free vulnerability that could cause remote code execution when the end user impor

CVE-2025-13844 - CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user

CVE-2025-9014 - A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-

CVE-2025-70307 - A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial

CVE-2025-70299 - A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a De

CVE-2025-36911 - In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to re

CVE-2026-23496 - Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and

CVE-2026-23495 - Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API

CVE-2026-23494 - Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the ap

CVE-2026-23493 - Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the ht

CVE-2026-22867 - LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a

CVE-2026-22265 - Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.

CVE-2026-20076 - A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could

CVE-2026-20075 - A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager

CVE-2026-20047 - A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Ci

CVE-2025-70656 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65

CVE-2025-70310 - A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial

CVE-2025-70309 - A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a

CVE-2025-70308 - An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a

CVE-2025-70305 - A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Servic

CVE-2025-70304 - A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to ca

CVE-2025-70298 - GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.

CVE-2025-66417 - GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated u

CVE-2025-66292 - DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitr

CVE-2025-62193 - Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via special

CVE-2025-67246 - A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lac

CVE-2025-67079 - File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code

CVE-2025-67078 - Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers

CVE-2025-67077 - File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under c

CVE-2025-67076 - Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated a

CVE-2025-64516 - GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorize

CVE-2025-61973 - A local privilege escalation vulnerability exists during the installation of Epic Games Store via th

CVE-2021-47843 - Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject m

CVE-2021-47819 - ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to u

CVE-2021-47799 - Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo

CVE-2021-47784 - Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to cras

CVE-2021-47781 - Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trig

CVE-2021-47777 - Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' pa

CVE-2021-47776 - Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to ma

CVE-2021-47775 - YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vul

CVE-2021-47774 - Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field t

CVE-2021-47773 - Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService tha

CVE-2021-47772 - 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text f

CVE-2021-47771 - RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allow

CVE-2021-47769 - Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fie

CVE-2021-47768 - ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export m

CVE-2021-47767 - 10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the

CVE-2021-47766 - Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter

CVE-2021-47765 - AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash

CVE-2021-47764 - AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash

CVE-2021-47763 - Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allo

CVE-2021-47762 - HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to

CVE-2021-47761 - MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users

CVE-2021-47760 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a dupl

CVE-2021-47759 - MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attacke

CVE-2021-47758 - Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerabili

CVE-2021-47757 - Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerabili

CVE-2021-47755 - Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attacker

CVE-2021-47754 - Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate

CVE-2021-47753 - phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote atta

CVE-2021-47752 - AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers

CVE-2026-0992 - A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs

CVE-2026-0990 - A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occur

CVE-2026-0989 - A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are

CVE-2025-71019 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the s

CVE-2025-70744 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the

CVE-2025-67084 - File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arb

CVE-2025-67083 - Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to

CVE-2025-67082 - An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" an

CVE-2025-67081 - An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" paramete

CVE-2026-22646 - Certain error messages returned by the application expose internal system details that should not be

CVE-2026-22645 - The application discloses all used components, versions and license information to unauthenticated a

CVE-2026-22644 - Certain requests pass the authentication token in the URL as string query parameter, making it vulne

CVE-2026-22643 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22642 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22641 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22640 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22639 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-22638 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-0897 - Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google 

CVE-2025-13859 - The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modifica

CVE-2025-13062 - The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions

CVE-2025-12895 - The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthori

CVE-2026-22920 - The device's passwords have not been adequately salted, making them vulnerable to password extractio

CVE-2026-22919 - An attacker with administrative access may inject malicious content into the login page, potentially

CVE-2026-22918 - An attacker may exploit missing protection against clickjacking by tricking users into performing un

CVE-2026-22917 - Improper input handling in a system endpoint may allow attackers to overload resources, causing a de

CVE-2026-22916 - An attacker with low privileges may be able to trigger critical system functions such as reboot or f

CVE-2026-22915 - An attacker with low privileges may be able to read files from specific directories on the device, p

CVE-2026-22914 - An attacker with limited permissions may still be able to write files to specific locations on the d

CVE-2026-22913 - Improper handling of a URL parameter may allow attackers to execute code in a user's browser after l

CVE-2026-22912 - Improper validation of a login parameter may allow attackers to redirect users to malicious websites

CVE-2026-22911 - Firmware update files may expose password hashes for system accounts, which could allow a remote att

CVE-2026-22910 - The device is deployed with weak and publicly known default passwords for certain hidden user levels

CVE-2026-22909 - Certain system functions may be accessed without proper authorization, allowing attackers to start,

CVE-2026-22908 - Uploading unvalidated container images may allow remote attackers to gain full access to the system,

CVE-2026-22907 - An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read a

CVE-2026-22637 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-0976 - A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak a

CVE-2026-0713 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-0712 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-14457 - The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unau

CVE-2025-14448 - The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-23582 - Rejected reason: Not used

CVE-2026-23581 - Rejected reason: Not used

CVE-2026-23580 - Rejected reason: Not used

CVE-2026-23579 - Rejected reason: Not used

CVE-2026-23578 - Rejected reason: Not used

CVE-2026-23577 - Rejected reason: Not used

CVE-2026-23576 - Rejected reason: Not used

CVE-2026-23575 - Rejected reason: Not used

CVE-2026-23574 - Rejected reason: Not used

CVE-2026-0600 - Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and l

CVE-2026-0421 - A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L1

CVE-2025-14058 - A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allo

CVE-2025-13455 - A vulnerability was reported in ThinkPlus configuration software that could allow a local authentica

CVE-2025-13454 - A potential vulnerability was reported in ThinkPlus configuration software that could allow a local

CVE-2025-13453 - A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with phy

CVE-2025-13154 - An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantag

CVE-2025-12533 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-12166 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2026-0601 - A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthentica

CVE-2026-23512 - SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search P

CVE-2026-0962 - SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of

CVE-2026-0961 - BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

CVE-2026-0960 - HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service

CVE-2026-0959 - IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial o

CVE-2026-0861 - Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned

CVE-2026-23498 - Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017

CVE-2026-23497 - Frappe Learning Management System (LMS) is a learning system that helps users structure their conten

CVE-2026-23492 - Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an inc

CVE-2026-23477 - Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat ve

CVE-2026-22036 - Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the dec

CVE-2025-71166 - Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulne

CVE-2025-71165 - Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulne

CVE-2025-71164 - Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulne

CVE-2025-33206 - NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command inje

CVE-2025-14557 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-14556 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-11224 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4

CVE-2026-22859 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client

CVE-2026-22858 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-over

CVE-2026-22857 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-f

CVE-2026-22856 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the seri

CVE-2026-22855 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-boun

CVE-2026-22854 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-over

CVE-2026-22853 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array

CVE-2026-22852 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP se

CVE-2026-22851 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition b

CVE-2026-22819 - Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free pla

CVE-2025-71021 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the

CVE-2025-70747 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of th

CVE-2025-65397 - An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera vers

CVE-2025-63644 - A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1

CVE-2026-22787 - html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14

CVE-2026-22779 - BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior

CVE-2026-22708 - Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running

CVE-2026-22694 - AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android vers

CVE-2026-21889 - Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directl

CVE-2025-70968 - FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().

CVE-2025-67835 - Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated att

CVE-2025-67834 - Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filt

CVE-2025-67833 - Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag

CVE-2025-65396 - A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allo

CVE-2025-37185 - Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow

CVE-2025-37184 - A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacke

CVE-2025-37183 - Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow

CVE-2025-37182 - Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow

CVE-2025-37181 - Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow

CVE-2026-22211 - TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the prin

CVE-2025-67399 - An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker t

CVE-2025-14242 - A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overf

CVE-2026-22820 - Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a

CVE-2026-22240 - The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subseque

CVE-2026-22239 - The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticate

CVE-2026-22238 - The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An u

CVE-2026-22237 - The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An

CVE-2026-22236 - The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An

CVE-2025-9142 - A local user can trigger Harmony SASE Windows client to write or delete files outside the intended c

CVE-2025-71144 - In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on

CVE-2025-71143 - In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: As

CVE-2025-71142 - In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabl

CVE-2025-71141 - In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions

CVE-2025-71140 - In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use sp

CVE-2025-71139 - In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allo

CVE-2025-71138 - In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL p

CVE-2025-71137 - In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift

CVE-2025-71136 - In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible

CVE-2025-71135 - In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-poi

CVE-2025-71134 - In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageb

CVE-2025-71133 - In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read

CVE-2025-71132 - In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context

CVE-2025-71131 - In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-

CVE-2025-71130 - In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize t

CVE-2025-71129 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfu

CVE-2025-71128 - In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize options_len

CVE-2025-71127 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon

CVE-2025-71126 - In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallba

CVE-2025-71125 - In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupp

CVE-2025-71124 - In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: move preempt_prep

CVE-2025-71123 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in par

CVE-2025-71122 - In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for ove

CVE-2025-71121 - In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affini

CVE-2025-71120 - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL

CVE-2025-71119 - In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT befor

CVE-2025-71118 - In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Names

CVE-2025-71117 - In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing fr

CVE-2025-71116 - In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() mor

CVE-2025-71115 - In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier T

CVE-2025-71114 - In the Linux kernel, the following vulnerability has been resolved: via_wdt: fix critical boot hang

CVE-2025-71113 - In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initializ

CVE-2025-71112 - In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validati

CVE-2025-71111 - In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros

CVE-2025-71110 - In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in def

CVE-2025-71109 - In the Linux kernel, the following vulnerability has been resolved: MIPS: ftrace: Fix memory corrup

CVE-2025-71108 - In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorr

CVE-2025-71107 - In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads co

CVE-2025-71106 - In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in fi

CVE-2025-71105 - In the Linux kernel, the following vulnerability has been resolved: f2fs: use global inline_xattr_s

CVE-2025-71104 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup af

CVE-2025-71103 - In the Linux kernel, the following vulnerability has been resolved: drm/msm: adreno: fix deferencin

CVE-2025-71102 - In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in _

CVE-2025-56226 - Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function withi

CVE-2025-14317 - In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about

CVE-2025-13175 - Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator w

CVE-2025-67859 - A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power p

CVE-2025-66169 - Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Cam

CVE-2025-66005 - Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 ca

CVE-2025-14338 - Polkit authentication dis isabled by default and a race condition in the Polkit authorization check

CVE-2026-0532 - External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) c

CVE-2025-0647 - In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB

CVE-2026-0529 - Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an at

CVE-2026-23550 - Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privi

CVE-2026-0813 - The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'short_link

CVE-2026-0812 - The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedin_

CVE-2026-0741 - The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripti

CVE-2026-0739 - The WMF Mobile Redirector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-0734 - The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allo

CVE-2025-68492 - Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnera

CVE-2025-15513 - The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data du

CVE-2025-15512 - The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data d

CVE-2025-15475 - The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorize

CVE-2025-15376 - The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v

CVE-2025-14846 - The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in a

CVE-2025-14770 - The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' param

CVE-2025-14173 - The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions u

CVE-2026-0717 - The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Informa