CVE-2026-33280 - Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to g

CVE-2026-32678 - Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to

CVE-2026-32669 - Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is explo

CVE-2026-27650 - OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is

CVE-2026-22744 - In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed

CVE-2026-22743 - Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpr

CVE-2026-22742 - Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability i

CVE-2026-22738 - In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value

CVE-2024-14028 - Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS

CVE-2026-4910 - A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.

CVE-2026-3098 - The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,

CVE-2026-4909 - A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown fu

CVE-2026-4908 - A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unkn

CVE-2026-4907 - A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db675105

CVE-2026-4906 - A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decode

CVE-2026-33935 - MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an

CVE-2026-33890 - MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an

CVE-2026-33747 - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and

CVE-2026-33745 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, t

CVE-2026-33744 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-33735 - MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an

CVE-2026-33730 - Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP us

CVE-2026-33729 - OpenFGA is a high-performance and flexible authorization/permission engine built for developers and

CVE-2026-33728 - dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to

CVE-2026-33726 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to

CVE-2026-33725 - Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise

CVE-2026-33721 - MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior t

CVE-2026-33718 - OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vuln

CVE-2026-33701 - OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation l

CVE-2026-33699 - pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerabilit

CVE-2026-33693 - Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the `v4_is_in

CVE-2026-4905 - A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the f

CVE-2026-4904 - A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm

CVE-2026-33945 - Incus is a system container and virtual machine manager. Incus instances have an option to provide c

CVE-2026-33898 - Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spa

CVE-2026-33697 - Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS

CVE-2026-29071 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-29070 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-28788 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-28786 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-27893 - vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1

CVE-2026-4903 - A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickInd

CVE-2026-4902 - A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of t

CVE-2026-34352 - In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the

CVE-2026-33897 - Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template

CVE-2026-33743 - Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafte

CVE-2026-33711 - Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screen

CVE-2026-33542 - Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validati

CVE-2026-4900 - A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unk

CVE-2026-4899 - A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by th

CVE-2026-4898 - A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vu

CVE-2026-4346 - The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi creden

CVE-2026-3650 - A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed D

CVE-2026-33687 - Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 con

CVE-2026-33686 - Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 hav

CVE-2026-33682 - Streamlit is a data oriented application development framework for python. Streamlit Open Source ver

CVE-2026-33674 - PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperl

CVE-2026-33673 - PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulne

CVE-2026-33672 - Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulner

CVE-2026-33671 - Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulner

CVE-2026-33670 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir inte

CVE-2026-33669 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieve

CVE-2026-33664 - Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 ren

CVE-2026-33661 - Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to v

CVE-2026-33658 - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions

CVE-2026-33653 - Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting (XSS

CVE-2026-28377 - A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /statu

CVE-2026-1556 - Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths

CVE-2026-0748 - In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both

CVE-2025-12805 - A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows una

CVE-2026-4933 - Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsin

CVE-2026-4393 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request

CVE-2026-3622 - The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation lea

CVE-2026-3573 - Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injecti

CVE-2026-3532 - Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows P

CVE-2026-3531 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OA

CVE-2026-3530 - Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Serv

CVE-2026-3529 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3528 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3527 - Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploitin

CVE-2026-3526 - Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsin

CVE-2026-3525 - Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsin

CVE-2026-33742 - Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel

CVE-2026-33738 - Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo `description`

CVE-2026-33645 - Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path tr

CVE-2026-33644 - Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in

CVE-2026-33640 - Outline is a service that allows for collaborative documentation. Outline implements an Email OTP lo

CVE-2026-33638 - Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version

CVE-2026-33635 - iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-

CVE-2026-33628 - Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel

CVE-2026-33623 - PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Pinc

CVE-2026-33622 - PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Pinc

CVE-2026-33621 - PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Pinc

CVE-2026-33620 - PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Pinc

CVE-2026-33619 - PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Pinc

CVE-2026-33545 - MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's `read_sqli

CVE-2026-33541 - TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage

CVE-2026-33537 - Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v (S

CVE-2026-33375 - The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer

CVE-2026-2272 - A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files,

CVE-2026-2271 - A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an inte

CVE-2026-2239 - A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string funct

CVE-2026-2100 - A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_Der

CVE-2026-21724 - A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning

CVE-2026-0968 - A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit

CVE-2026-0967 - A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_ho

CVE-2026-0966 - The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. T

CVE-2026-0965 - A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing

CVE-2026-0964 - A malicious SCP server can send unexpected paths that could make the client application override loc

CVE-2026-33632 - ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.

CVE-2026-33631 - ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.

CVE-2026-33536 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-33535 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior

CVE-2026-33532 - `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `ya

CVE-2026-33531 - InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vu

CVE-2026-33530 - InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoin

CVE-2026-33529 - Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authe

CVE-2026-33528 - GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the

CVE-2026-33525 - Authelia is an open-source authentication and authorization server providing two-factor authenticati

CVE-2026-32287 - Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, l

CVE-2026-32286 - The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised Pos

CVE-2026-32285 - The Delete function fails to properly validate offsets when processing malformed JSON input. This ca

CVE-2026-32284 - The msgpack decoder fails to properly validate the input buffer length when processing truncated fix

CVE-2026-2436 - A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerabi

CVE-2023-7338 - Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interfac

CVE-2021-4474 - Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interf

CVE-2026-4926 - Impact: A bad regular expression is generated any time you have multiple sequential optional groups

CVE-2026-4923 - Impact: When using multiple wildcards, combined with at least one parameter, a regular expression c

CVE-2026-3190 - A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permissi

CVE-2026-3121 - A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a miscon

CVE-2026-33506 - Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or Op

CVE-2026-33505 - Ory Keto is am open source authorization server for managing permissions at scale. Prior to version

CVE-2026-33491 - Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version

CVE-2026-33153 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-33152 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-33149 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-33148 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-30463 - Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /cont

CVE-2026-30458 - An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset toke

CVE-2026-30457 - An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute

CVE-2026-29969 - A cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.aspx endpoint of staffwiki v7.0.

CVE-2026-29055 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-28503 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-26213 - thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os comm

CVE-2026-33732 - srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing disc

CVE-2026-33504 - Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth

CVE-2026-33503 - Ory Kratos is an identity, user management and authentication system for cloud services. Prior to ve

CVE-2026-33496 - ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes H

CVE-2026-33495 - ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes H

CVE-2026-33494 - ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes H

CVE-2026-33490 - H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc.16, the `mount()` method in h

CVE-2026-33487 - goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSig

CVE-2026-33486 - Roadiz is a polymorphic content management system based on a node system that can handle many types

CVE-2026-33481 - Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from containe

CVE-2026-33477 - FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operatio

CVE-2026-32857 - Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vul

CVE-2026-4867 - Impact: A bad regular expression is generated any time you have three or more parameters within a s

CVE-2026-3116 - Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request

CVE-2026-3115 - Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail t

CVE-2026-3114 - Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail t

CVE-2026-3113 - Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail t

CVE-2026-3112 - Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail t

CVE-2026-3109 - Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allo

CVE-2026-3108 - Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail t

CVE-2026-34071 - Stirling-PDF is a locally hosted web application that allows you to perform various operations on PD

CVE-2026-33636 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl

CVE-2026-33470 - Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In ve

CVE-2026-33469 - Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In ve

CVE-2026-33468 - Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQuery

CVE-2026-33442 - Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeSt

CVE-2026-33438 - Stirling-PDF is a locally hosted web application that allows you to perform various operations on PD

CVE-2026-33430 - Briefcase is a tool for converting a Python project into a standalone native application. Starting i

CVE-2026-33416 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl

CVE-2026-33402 - Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 thro

CVE-2026-33015 - EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS pe

CVE-2026-33014 - EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing,

CVE-2026-33009 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C+

CVE-2026-32846 - OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in medi

CVE-2026-29905 - Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent

CVE-2026-29044 - EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is

CVE-2026-27828 - EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_s

CVE-2026-27816 - EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::hand

CVE-2026-27815 - EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::hand

CVE-2026-27814 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) trig

CVE-2026-27813 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to us

CVE-2026-26074 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to po

CVE-2026-26073 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to po

CVE-2026-4897 - A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessiv

CVE-2026-33397 - The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branc

CVE-2026-30162 - Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field.

CVE-2026-29976 - Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker t

CVE-2026-29934 - A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0

CVE-2026-29933 - A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7

CVE-2026-28298 - SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulne

CVE-2026-28297 - SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulne

CVE-2026-27664 - A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.1

CVE-2026-27663 - A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.1

CVE-2026-26072 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `s

CVE-2026-26071 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `s

CVE-2026-26070 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `s

CVE-2026-26008 - EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (

CVE-2026-23995 - EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in

CVE-2026-22790 - EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payloa

CVE-2026-22593 - EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux

CVE-2026-4877 - A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affect

CVE-2026-4876 - A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted eleme

CVE-2026-33413 - etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42

CVE-2026-33396 - OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-p

CVE-2026-33343 - etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42

CVE-2026-2511 - The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL I

CVE-2026-2389 - The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-2231 - The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pa

CVE-2026-1032 - The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio

CVE-2025-55264 - HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attac

CVE-2025-55263 - HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to

CVE-2025-55262 - HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability

CVE-2025-55261 - HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker

CVE-2019-25650 - River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability t

CVE-2019-25649 - River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation c

CVE-2019-25648 - MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to cr

CVE-2018-25219 - PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulne

CVE-2018-25218 - PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vu

CVE-2018-25217 - PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allo

CVE-2018-25216 - AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the

CVE-2018-25215 - Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that all

CVE-2018-25214 - MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the app

CVE-2018-25213 - Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allow

CVE-2018-25212 - Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception

CVE-2018-25211 - Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers t

CVE-2026-4887 - A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an of

CVE-2026-4875 - A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected eleme

CVE-2026-1961 - A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Fo

CVE-2025-55277 - HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an

CVE-2025-55276 - HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a cleare

CVE-2025-55275 - HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker c

CVE-2025-55274 - HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfiguratio

CVE-2025-55273 - HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using

CVE-2025-55272 - HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights int

CVE-2025-55271 - HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how t

CVE-2025-55270 - HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject exec

CVE-2025-55269 - HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for att

CVE-2025-55268 - HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spa

CVE-2025-55267 - HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload

CVE-2025-55266 - HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's ses

CVE-2025-55265 - HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to

CVE-2025-41359 - Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecti

CVE-2025-41027 - Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an at

CVE-2025-41026 - Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an at

CVE-2025-41368 - Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in

CVE-2018-25210 - WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the en