CVE-2026-22489 - Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow i

CVE-2026-22488 - Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder dashbo

CVE-2026-22487 - Missing Authorization vulnerability in baqend Speed Kit baqend allows Exploiting Incorrectly Configu

CVE-2026-22486 - Missing Authorization vulnerability in Hakob Re Gallery regallery allows Exploiting Incorrectly Conf

CVE-2026-21639 - A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMA

CVE-2026-21638 - A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMA

CVE-2026-0671 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-61550 - Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNe

CVE-2025-61549 - Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.a

CVE-2025-61548 - SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.asp

CVE-2025-61547 - Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop P

CVE-2025-61546 - There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Soluti

CVE-2025-61246 - indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php

CVE-2025-59470 - This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres u

CVE-2025-59469 - This vulnerability allows a Backup or Tape Operator to write files as root.

CVE-2025-59468 - This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postg

CVE-2025-56425 - An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10

CVE-2025-56424 - An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote

CVE-2025-55125 - This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root b

CVE-2025-50334 - An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via t

CVE-2026-22255 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-22246 - Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notif

CVE-2026-22245 - Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon perf

CVE-2026-22244 - OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code

CVE-2025-68151 - CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implem

CVE-2025-67858 - A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity los

CVE-2025-67091 - An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.

CVE-2025-67090 - The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available

CVE-2025-67089 - A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulne

CVE-2025-63611 - Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Exp

CVE-2026-22241 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr

CVE-2026-22043 - RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.

CVE-2026-22042 - RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `Im

CVE-2026-22041 - Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patter

CVE-2026-22034 - Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and

CVE-2026-22032 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11

CVE-2026-22028 - Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DO

CVE-2025-67603 - A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall c

CVE-2025-66003 - An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a loca

CVE-2025-66002 - An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability

CVE-2025-4596 - Asseco ADMX system is used for processing medical records. It allows logged in users to access medic

CVE-2026-21895 - The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a R

CVE-2026-21892 - Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visu

CVE-2026-21891 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In ve

CVE-2026-21885 - Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (

CVE-2026-21876 - The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web

CVE-2025-8307 - Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks i

CVE-2025-8306 - Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks i

CVE-2025-14025 - A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, ar

CVE-2026-0719 - A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME

CVE-2025-69260 - A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker

CVE-2025-69259 - A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote

CVE-2025-69258 - A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote atta

CVE-2025-62877 - Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login p

CVE-2025-66001 - NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which

CVE-2026-22242 - CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vul

CVE-2026-21894 - n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an aut

CVE-2026-21874 - NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker

CVE-2026-21873 - NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in t

CVE-2026-21872 - NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in t

CVE-2026-21871 - NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGU

CVE-2026-0676 - Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured

CVE-2026-0675 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-0674 - Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-cam

CVE-2025-69169 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor

CVE-2025-68892 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68891 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68890 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68889 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68887 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68875 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68874 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68873 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-68867 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67937 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67936 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67935 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67934 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67933 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67932 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67931 - Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulle

CVE-2025-67930 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67928 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-67927 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67926 - Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiti

CVE-2025-67925 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67924 - Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows U

CVE-2025-67922 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67921 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-67920 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-67919 - Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-cor

CVE-2025-67918 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67917 - Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Co

CVE-2025-67916 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-67915 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetic

CVE-2025-67914 - Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This iss

CVE-2025-67913 - Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows A

CVE-2025-67911 - Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite a

CVE-2025-67910 - Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio content

CVE-2025-27004 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-27002 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-23993 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-23504 - Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework

CVE-2025-22728 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-22726 - Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows Ser

CVE-2025-22725 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-22715 - Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal

CVE-2025-22713 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2025-22712 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-22708 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-22707 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-22509 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-15224 - When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication,

CVE-2025-15079 - When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl c

CVE-2025-14984 - The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file u

CVE-2025-14819 - When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_

CVE-2025-14524 - When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-prot

CVE-2025-14431 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-14430 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-14429 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-14360 - Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Pr

CVE-2025-14359 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-14358 - Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functi

CVE-2025-14017 - When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one

CVE-2025-13504 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-13034 - When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl

CVE-2025-12551 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-12550 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2025-12549 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-0701 - A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by

CVE-2026-0700 - A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is

CVE-2026-0699 - A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an

CVE-2025-13679 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori

CVE-2026-0698 - A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affect

CVE-2026-0697 - A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element

CVE-2026-22581 - Rejected reason: Not used

CVE-2026-22580 - Rejected reason: Not used

CVE-2026-22579 - Rejected reason: Not used

CVE-2026-22578 - Rejected reason: Not used

CVE-2026-22577 - Rejected reason: Not used

CVE-2026-21427 - The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL s

CVE-2026-0707 - A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regardin

CVE-2025-14275 - The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versi

CVE-2025-12640 - The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin

CVE-2019-25296 - The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due

CVE-2026-21883 - Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a s

CVE-2026-21881 - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is

CVE-2026-21880 - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below hav

CVE-2026-21879 - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are

CVE-2019-25295 - The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions

CVE-2026-22035 - Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to O

CVE-2026-21877 - n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated

CVE-2026-21868 - Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression

CVE-2026-21875 - ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attac

CVE-2026-21869 - llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_disc

CVE-2026-21859 - Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Sid

CVE-2026-21858 - n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0

CVE-2026-21695 - Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mas

CVE-2026-21694 - Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access

CVE-2025-15346 - A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfss

CVE-2019-25291 - INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distri

CVE-2019-25290 - Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerabilit

CVE-2019-25289 - SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the w

CVE-2019-25284 - V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities

CVE-2019-25282 - V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows

CVE-2019-25280 - Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execu

CVE-2019-25279 - FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allo

CVE-2019-25278 - FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows r

CVE-2019-25277 - FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' pa

CVE-2019-25270 - SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' PO

CVE-2019-25268 - NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary li

CVE-2019-25259 - Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerabili

CVE-2019-25231 - devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkServi

CVE-2017-20216 - FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote com

CVE-2017-20215 - FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection

CVE-2017-20214 - FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that can

CVE-2017-20213 - FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerabi

CVE-2017-20212 - FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerabi

CVE-2026-21857 - REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with b

CVE-2026-21851 - MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and

CVE-2026-21697 - axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists

CVE-2025-69262 - pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability wh

CVE-2025-62224 - User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows a

CVE-2023-7333 - A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an u

CVE-2026-22047 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-22046 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21693 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21692 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21691 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21690 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21689 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21688 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21687 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21686 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21685 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21684 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21683 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21441 - urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient

CVE-2025-69264 - pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute ar

CVE-2025-69263 - pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hoste

CVE-2025-69222 - LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side r

CVE-2025-13151 - Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of

CVE-2025-12776 - The Report Builder component of the application stores user input directly in a web page and display

CVE-2026-22190 - Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulne

CVE-2026-22189 - Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulne

CVE-2026-22188 - Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability

CVE-2026-22187 - Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-contr

CVE-2026-22186 - Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in

CVE-2026-22185 - OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commi

CVE-2026-22184 - zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility loca

CVE-2026-21682 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21681 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2025-69255 - RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alp

CVE-2025-69221 - LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper acc

CVE-2025-69220 - LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper acc

CVE-2025-68705 - RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alp

CVE-2025-66620 - An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files

CVE-2025-64305 - MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which co

CVE-2025-61939 - An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain,

CVE-2026-21856 - The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6

CVE-2026-21855 - The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflec

CVE-2026-21854 - The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authe

CVE-2026-0670 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2026-22539 - As the service interaction is performed without authentication, an attacker with some knowledge of t

CVE-2026-21680 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21679 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21678 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21506 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21505 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21504 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21503 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21502 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21501 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21500 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21499 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21498 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21497 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21496 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-21495 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-0669 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wiki

CVE-2026-0668 - Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualDa

CVE-2025-66560 - Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to

CVE-2025-61782 - OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.

CVE-2025-61492 - A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 a

CVE-2025-58441 - Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there

CVE-2025-4677 - Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Ca

CVE-2026-22544 - An attacker with a network connection could detect credentials in clear text.

CVE-2026-22543 - The credentials required to access the device's web server are sent in base64 within the HTTP header

CVE-2026-22537 - The lack of hardening of the system allows the user used to manage and maintain the charger to consu

CVE-2026-22536 - The absence of permissions control for the user XXX allows the current configuration in the sudoers