CVE-2025-71092 - In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in

CVE-2025-71091 - In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enable

CVE-2025-71090 - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd_file reference l

CVE-2025-71089 - In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_

CVE-2025-71088 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fallback earlier on simu

CVE-2025-71087 - In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in

CVE-2025-71086 - In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array in

CVE-2025-71085 - In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head

CVE-2025-71084 - In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multic

CVE-2025-71083 - In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer der

CVE-2025-71082 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of

CVE-2025-71081 - In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node l

CVE-2025-71080 - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6_get_pcpu

CVE-2025-71079 - In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix deadlock between

CVE-2025-71078 - In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multih

CVE-2025-71077 - In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR bank

CVE-2025-71076 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to p

CVE-2025-71075 - In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-fr

CVE-2025-71074 - In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/remova

CVE-2025-71073 - In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending

CVE-2025-71072 - In the Linux kernel, the following vulnerability has been resolved: shmem: fix recovery on rename f

CVE-2025-71071 - In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-f

CVE-2025-71070 - In the Linux kernel, the following vulnerability has been resolved: ublk: clean up user copy refere

CVE-2025-71069 - In the Linux kernel, the following vulnerability has been resolved: f2fs: invalidate dentry cache o

CVE-2025-71068 - In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rq_pages i

CVE-2025-71067 - In the Linux kernel, the following vulnerability has been resolved: ntfs: set dummy blocksize to re

CVE-2025-71066 - In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove c

CVE-2025-71065 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential de

CVE-2025-71064 - In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the num_tqps i

CVE-2025-71027 - Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of th

CVE-2025-71026 - Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of

CVE-2025-71025 - Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of

CVE-2025-71024 - Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter

CVE-2025-71023 - Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the f

CVE-2025-70753 - Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of th

CVE-2025-69992 - phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the

CVE-2025-69991 - phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.

CVE-2025-69990 - phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php.

CVE-2025-68823 - In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when reading

CVE-2025-68822 - In the Linux kernel, the following vulnerability has been resolved: Input: alps - fix use-after-fre

CVE-2025-68821 - In the Linux kernel, the following vulnerability has been resolved: fuse: fix readahead reclaim dea

CVE-2025-68820 - In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer d

CVE-2025-68819 - In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix ou

CVE-2025-68818 - In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Pe

CVE-2025-68817 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ks

CVE-2025-68816 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fw_tracer, Validate f

CVE-2025-68815 - In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr clas

CVE-2025-68814 - In the Linux kernel, the following vulnerability has been resolved: io_uring: fix filename leak in

CVE-2025-68813 - In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref i

CVE-2025-68812 - In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check f

CVE-2025-68811 - In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for mem

CVE-2025-68810 - In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_

CVE-2025-68809 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: vfs: fix race on m_flags

CVE-2025-68808 - In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local

CVE-2025-68807 - In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbt_ena

CVE-2025-68806 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by

CVE-2025-68805 - In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corrupt

CVE-2025-68804 - In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp:

CVE-2025-68803 - In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation negle

CVE-2025-68802 - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prev

CVE-2025-68801 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix nei

CVE-2025-68800 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-aft

CVE-2025-68799 - In the Linux kernel, the following vulnerability has been resolved: caif: fix integer underflow in

CVE-2025-68798 - In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event befor

CVE-2025-68797 - In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointe

CVE-2025-68796 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zer

CVE-2025-68795 - In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing user

CVE-2025-68794 - In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correc

CVE-2025-68793 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job->pasid ac

CVE-2025-68792 - In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range

CVE-2025-68791 - In the Linux kernel, the following vulnerability has been resolved: fuse: missing copy_finish in fu

CVE-2025-68790 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister

CVE-2025-68789 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-68788 - In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCES

CVE-2025-68787 - In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nr_s

CVE-2025-68786 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on

CVE-2025-68785 - In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle at

CVE-2025-68784 - In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr

CVE-2025-68783 - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: valid

CVE-2025-68782 - In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset t_task_cdb

CVE-2025-68781 - In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-afte

CVE-2025-68780 - In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set free_c

CVE-2025-68779 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering

CVE-2025-68778 - In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting in

CVE-2025-68777 - In the Linux kernel, the following vulnerability has been resolved: Input: ti_am335x_tsc - fix off-

CVE-2025-68776 - In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer deref

CVE-2025-68775 - In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handsh

CVE-2025-68774 - In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfs_bnode_

CVE-2025-68773 - In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length pari

CVE-2025-68772 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating com

CVE-2025-68771 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_

CVE-2025-68770 - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix XDP_TX path For X

CVE-2025-68769 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_

CVE-2025-68768 - In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs

CVE-2025-68767 - In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when

CVE-2025-66698 - An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted

CVE-2025-65783 - An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Admini

CVE-2025-12548 - A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote a

CVE-2024-54855 - fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH ser

CVE-2026-22755 - Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in

CVE-2025-55462 - A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-contr

CVE-2025-36640 - A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App

CVE-2025-13447 - OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an aut

CVE-2025-13444 - OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an aut

CVE-2026-0892 - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of

CVE-2026-0891 - Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird

CVE-2026-0890 - Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefo

CVE-2026-0889 - Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 an

CVE-2026-0888 - Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbir

CVE-2026-0887 - Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects F

CVE-2026-0886 - Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, F

CVE-2026-0885 - Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ES

CVE-2026-0884 - Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox

CVE-2026-0883 - Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefo

CVE-2026-0882 - Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32,

CVE-2026-0881 - Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thund

CVE-2026-0880 - Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox

CVE-2026-0879 - Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability af

CVE-2026-0878 - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vul

CVE-2026-0877 - Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox

CVE-2026-0684 - The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all

CVE-2025-9435 - Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the Use

CVE-2025-9427 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-14507 - The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensiti

CVE-2025-11669 - Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Acces

CVE-2025-11250 - Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypas

CVE-2025-13774 - A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL inje

CVE-2026-0859 - TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directo

CVE-2025-59022 - Backend users who had access to the recycler module could delete arbitrary data from any database ta

CVE-2025-59021 - Backend users with access to the redirects module and write permission on the sys_redirect table wer

CVE-2025-59020 - By exploiting the defVals parameter, attackers could bypass field‑level access checks during record

CVE-2025-14001 - The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to

CVE-2025-40944 - A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versio

CVE-2025-40942 - A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected

CVE-2025-40805 - Affected devices do not properly enforce user authentication on specific API endpoints. This could f

CVE-2025-41717 - An unauthenticated remote attacker can trick a high privileged user into uploading a malicious paylo

CVE-2025-14829 - The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion

CVE-2025-10915 - The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a miss

CVE-2026-22837 - Rejected reason: Not used

CVE-2026-22836 - Rejected reason: Not used

CVE-2026-22835 - Rejected reason: Not used

CVE-2026-22834 - Rejected reason: Not used

CVE-2026-22833 - Rejected reason: Not used

CVE-2026-22832 - Rejected reason: Not used

CVE-2026-22831 - Rejected reason: Not used

CVE-2026-22830 - Rejected reason: Not used

CVE-2026-22829 - Rejected reason: Not used

CVE-2025-66177 - There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/

CVE-2025-66176 - There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Acce

CVE-2026-0514 - Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated atta

CVE-2026-0513 - Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM C

CVE-2026-0511 - SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks fo

CVE-2026-0510 - The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an o

CVE-2026-0507 - Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RF

CVE-2026-0506 - Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an

CVE-2026-0504 - Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticat

CVE-2026-0503 - Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP E

CVE-2026-0501 - Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General

CVE-2026-0500 - Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (Work

CVE-2026-0499 - SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into

CVE-2026-0498 - SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vul

CVE-2026-0497 - SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users t

CVE-2026-0496 - SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload

CVE-2026-0495 - SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send u

CVE-2026-0494 - Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an att

CVE-2026-0493 - Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Recon

CVE-2026-0492 - SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials

CVE-2026-0491 - SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in

CVE-2026-22813 - OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert

CVE-2026-22812 - OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unaut

CVE-2026-22805 - Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Meta

CVE-2026-22804 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa

CVE-2026-22801 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl

CVE-2026-22800 - PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10

CVE-2026-22695 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl

CVE-2026-22214 - RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnera

CVE-2026-22213 - RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnera

CVE-2026-22212 - TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the

CVE-2025-15514 - Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in

CVE-2024-58340 - LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS)

CVE-2024-58339 - LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resou

CVE-2024-14021 - LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserializa

CVE-2026-22799 - Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoin

CVE-2026-22798 - hermes is an implementation of the HERMES workflow to automatize software publication with rich meta

CVE-2026-22794 - Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the ser

CVE-2026-22789 - WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1

CVE-2026-22788 - WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1

CVE-2026-22786 - Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.8.7 has a p

CVE-2025-67146 - Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'na

CVE-2025-29329 - Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.

CVE-2025-12420 - A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticat

CVE-2026-22772 - Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC)

CVE-2025-67147 - Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via th

CVE-2021-41074 - A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's

CVE-2025-66802 - Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The

CVE-2025-51567 - A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, w

CVE-2023-36331 - Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily

CVE-2026-22785 - orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specificat

CVE-2026-22784 - Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability

CVE-2026-22783 - Iris is a web collaborative platform that helps incident responders share technical details during i

CVE-2026-22781 - TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before versio

CVE-2026-22776 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0

CVE-2026-22771 - Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based

CVE-2026-22252 - LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio tr

CVE-2026-22200 - Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary

CVE-2025-14470 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-22251 - wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported provid

CVE-2026-22250 - wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification

CVE-2026-22050 - ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled a

CVE-2026-22033 - Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent

CVE-2025-68657 - Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior t

CVE-2025-68656 - Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior t

CVE-2025-68471 - Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protoco

CVE-2025-68468 - Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protoco

CVE-2025-68276 - Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protoco

CVE-2025-68622 - Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0,

CVE-2025-68472 - MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25

CVE-2025-66689 - A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attac

CVE-2025-63314 - A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 a

CVE-2025-46070 - An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the B

CVE-2025-46068 - An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the upd

CVE-2025-46067 - An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sen

CVE-2025-46066 - An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges

CVE-2025-71063 - Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

CVE-2025-67813 - Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for int

CVE-2025-66939 - Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute

CVE-2025-65553 - D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jamming on the 433 MHz alarm sens

CVE-2025-65552 - D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz senso

CVE-2025-41078 - Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated use

CVE-2025-41077 - IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user witho

CVE-2025-41006 - Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo

CVE-2025-41005 - Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdem

CVE-2025-41004 - Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/project

CVE-2025-41003 - Imaster's Patient Record Management System contains a stored Cross-Site Scripting (XSS) vulnerabilit

CVE-2025-40978 - Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored

CVE-2025-40977 - Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack o

CVE-2025-40976 - Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper

CVE-2025-40975 - Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper va

CVE-2025-14279 - MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of O

CVE-2026-0855 - Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing

CVE-2026-0854 - Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing a

CVE-2025-14579 - The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, w

CVE-2025-69276 - Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux all

CVE-2025-69275 - Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windo

CVE-2025-69274 - Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Win

CVE-2025-69273 - Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authen

CVE-2025-69272 - Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Wind

CVE-2025-69271 - Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux

CVE-2025-69270 - Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectr

CVE-2025-69269 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi