CVE-2026-0851 - A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an un

CVE-2026-0850 - A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is

CVE-2025-68493 - Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Str

CVE-2025-15506 - A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects t

CVE-2026-0843 - A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260

CVE-2026-0842 - A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of t

CVE-2026-0841 - A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function str

CVE-2026-0840 - A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerabili

CVE-2026-0839 - A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the f

CVE-2026-0838 - A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of

CVE-2026-0837 - A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the

CVE-2026-0836 - A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function str

CVE-2025-15505 - A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function

CVE-2026-0824 - A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of t

CVE-2026-0822 - A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function j

CVE-2025-13393 - The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery

CVE-2025-12379 - The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross

CVE-2026-0821 - A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the fu

CVE-2025-14555 - The Countdown Timer – Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2025-15504 - A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the

CVE-2025-14506 - The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-0831 - The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and

CVE-2025-62235 - Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Secur

CVE-2025-53477 - NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection compl

CVE-2025-53470 - Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could

CVE-2025-52435 - J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Imprope

CVE-2025-15503 - A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0

CVE-2025-14976 - The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profi

CVE-2025-15502 - A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. T

CVE-2026-22777 - ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39

CVE-2026-22773 - vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to

CVE-2026-22705 - RustCrypto: Signatures offers support for digital signatures, which provide authentication of data u

CVE-2026-22704 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25

CVE-2026-22703 - Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 a

CVE-2026-22702 - virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TO

CVE-2025-14948 - The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnera

CVE-2025-14943 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive

CVE-2026-22701 - filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race cond

CVE-2026-22700 - RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including

CVE-2026-22699 - RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including

CVE-2026-22698 - RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including

CVE-2026-22693 - HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability

CVE-2026-22689 - Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSoc

CVE-2026-22685 - DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversa

CVE-2026-22611 - AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Ama

CVE-2026-22691 - pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible

CVE-2026-22690 - pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible

CVE-2026-22688 - WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval.

CVE-2026-22687 - WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval.

CVE-2026-22610 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-22589 - Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.

CVE-2025-65091 - XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, us

CVE-2025-65090 - XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, us

CVE-2025-61676 - October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12,

CVE-2025-61674 - October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12,

CVE-2025-13457 - The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all

CVE-2026-22597 - Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6

CVE-2026-22596 - Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6

CVE-2026-22595 - Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through

CVE-2026-22594 - Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through

CVE-2026-22030 - React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-

CVE-2026-22029 - React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7

CVE-2026-21884 - React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.

CVE-2025-68470 - React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an att

CVE-2025-61686 - React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/d

CVE-2025-59057 - React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-ro

CVE-2026-22612 - Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vu

CVE-2026-22609 - Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imp

CVE-2026-22608 - Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes an

CVE-2026-22607 - Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including

CVE-2026-22606 - Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including

CVE-2026-22605 - OpenProject is an open-source, web-based project management software. OpenProject versions prior to

CVE-2026-22604 - OpenProject is an open-source, web-based project management software. For OpenProject versions from

CVE-2026-22603 - OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenP

CVE-2026-22602 - OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low

CVE-2026-22601 - OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1

CVE-2026-22600 - OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulner

CVE-2026-22697 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-22027 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-22026 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-22025 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-22024 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-22023 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-21900 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-21899 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-21898 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2026-21897 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Exte

CVE-2025-15501 - A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. I

CVE-2026-22584 - Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacO

CVE-2025-62487 - On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were

CVE-2025-46299 - A memory initialization issue was addressed with improved memory handling. This issue is fixed in Sa

CVE-2025-46298 - The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2

CVE-2025-46297 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 2

CVE-2025-46286 - A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.

CVE-2025-15500 - A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This i

CVE-2025-15499 - A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. T

CVE-2026-0830 - Processing specially crafted workspace folder names could allow for arbitrary command injection in t

CVE-2025-60538 - A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass auth

CVE-2025-51626 - SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_ord

CVE-2025-67811 - Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated us

CVE-2025-67810 - In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename par

CVE-2025-66715 - A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary c

CVE-2025-67070 - A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unaut

CVE-2026-22198 - GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting (XSS) vuln

CVE-2026-22197 - GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list fu

CVE-2026-22196 - GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functional

CVE-2026-22195 - GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionali

CVE-2026-22194 - GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerabilit

CVE-2025-70161 - EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName fie

CVE-2025-69542 - A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1

CVE-2025-69426 - The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credential

CVE-2025-69425 - The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution s

CVE-2025-67004 - ** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read a

CVE-2025-66744 - In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service sys

CVE-2025-46645 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions

CVE-2025-15496 - A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPa

CVE-2025-15495 - A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the

CVE-2025-15494 - A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of

CVE-2025-15493 - A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function

CVE-2025-15035 - Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authent

CVE-2020-36875 - AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code ex

CVE-2026-0817 - Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension all

CVE-2026-0803 - A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an

CVE-2025-67282 - In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which

CVE-2025-67281 - In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a

CVE-2025-67280 - In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities

CVE-2025-67279 - An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to es

CVE-2025-67278 - An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to es

CVE-2025-67133 - An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via

CVE-2025-56225 - fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monop

CVE-2025-46676 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions

CVE-2025-46644 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions

CVE-2025-46643 - Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions

CVE-2025-15492 - A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown fu

CVE-2025-14598 - BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionalit

CVE-2026-22082 - This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup

CVE-2026-22081 - This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup

CVE-2025-7072 - The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (sha

CVE-2025-66052 - Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "sys

CVE-2025-66051 - Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible fo

CVE-2025-66050 - Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password

CVE-2025-66049 - Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue w

CVE-2025-14172 - The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all v

CVE-2025-13967 - The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t

CVE-2025-13908 - The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '

CVE-2025-13903 - The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pu

CVE-2025-13897 - The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2025-13893 - The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$

CVE-2025-13892 - The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the

CVE-2025-13862 - The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `category` p

CVE-2025-13854 - The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'radius' p

CVE-2025-13852 - The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2025-13717 - The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data d

CVE-2025-13704 - The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '

CVE-2025-13701 - The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SER

CVE-2025-11453 - The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-22080 - This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup

CVE-2026-22079 - This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup

CVE-2025-9222 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.

CVE-2025-64093 - Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary comman

CVE-2025-64092 - This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parame

CVE-2025-64091 - This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of t

CVE-2025-64090 - This vulnerability allows authenticated attackers to execute commands via the hostname of the device

CVE-2025-3950 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6

CVE-2025-13900 - The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name'

CVE-2025-13895 - The Top Position Google Finance plugin for WordPress is vulnerable to Reflected Cross-Site Scripting

CVE-2025-13853 - The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'da

CVE-2025-13781 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 bef

CVE-2025-13772 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 bef

CVE-2025-13761 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 1

CVE-2025-13729 - The Entry Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '

CVE-2025-11246 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6

CVE-2025-10569 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 b

CVE-2026-0627 - The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload

CVE-2026-21409 - Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-mi

CVE-2025-69195 - A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the file

CVE-2025-69194 - A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails

CVE-2025-14937 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2025-14741 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unau

CVE-2025-14657 - The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress i

CVE-2025-14146 - The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all ver

CVE-2025-13935 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori

CVE-2025-13934 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori

CVE-2025-13753 - The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized

CVE-2025-13628 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori

CVE-2026-20976 - Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute a

CVE-2026-20975 - Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local a

CVE-2026-20974 - Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 al

CVE-2026-20973 - Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker

CVE-2026-20972 - Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows

CVE-2026-20971 - Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially

CVE-2026-20970 - Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execu

CVE-2026-20969 - Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to ac

CVE-2026-20968 - Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execu

CVE-2026-0563 - The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is

CVE-2025-70974 - Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the

CVE-2025-15057 - The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh

CVE-2025-15055 - The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no

CVE-2025-15019 - The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce plugin for Wo

CVE-2025-14980 - The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions

CVE-2025-14893 - The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' p

CVE-2025-14782 - The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vuln

CVE-2025-14736 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all v

CVE-2025-14720 - The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unau

CVE-2025-14718 - The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorizati

CVE-2025-14574 - The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up t

CVE-2025-14803 - The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The

CVE-2025-13749 - The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress

CVE-2025-14886 - The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of dat

CVE-2026-22636 - Rejected reason: Not used

CVE-2026-22635 - Rejected reason: Not used

CVE-2026-22634 - Rejected reason: Not used

CVE-2026-22633 - Rejected reason: Not used

CVE-2026-22632 - Rejected reason: Not used

CVE-2026-22631 - Rejected reason: Not used

CVE-2026-22630 - Rejected reason: Not used

CVE-2025-66315 - There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due

CVE-2026-22714 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-22713 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-22712 - Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerabili

CVE-2026-22710 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-0733 - A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impac

CVE-2026-0732 - A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the fil

CVE-2026-0731 - A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown func

CVE-2026-0730 - A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the f

CVE-2026-0729 - A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is a

CVE-2025-14436 - The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-22588 - Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.

CVE-2026-0728 - A security vulnerability has been detected in code-projects Intern Membership Management System 1.0.

CVE-2025-68719 - KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user i

CVE-2025-68718 - KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with

CVE-2025-68717 - KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validati

CVE-2025-68716 - KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LA

CVE-2025-15464 - Exported Activity allows external applications to gain application context and directly launch Gmail

CVE-2025-14505 - The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value

CVE-2026-0747 - Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote

CVE-2025-68715 - An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HT

CVE-2025-66916 - The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/c

CVE-2025-66913 - JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled

CVE-2026-22257 - Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a f

CVE-2026-22256 - Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generate an f

CVE-2026-22253 - Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authoriza

CVE-2026-21860 - Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_jo

CVE-2025-67325 - Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows re

CVE-2025-65731 - An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02)

CVE-2025-65518 - Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition.

CVE-2026-22587 - Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attac

CVE-2026-22235 - OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' en

CVE-2026-22234 - OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'At

CVE-2026-22233 - OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimate