CVE-2026-50704 - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due

CVE-2026-50703 - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due

CVE-2026-50701 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev d

CVE-2026-50700 - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due

CVE-2026-49269 - Apple M1 GPUs retain register file data between compute shader dispatches from different processes.

CVE-2026-50699 - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An

CVE-2026-50698 - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due

CVE-2026-12986 - A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x,

CVE-2026-11878 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-11877 - An unauthorized user can modify configuration through API calls that affects the OpenText Access Man

CVE-2026-57307 - A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allow

CVE-2026-57306 - A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_4

CVE-2026-57305 - A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows

CVE-2026-57304 - A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/

CVE-2026-57303 - Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external en

CVE-2026-57302 - Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the

CVE-2026-57301 - Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rathe

CVE-2026-57300 - A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows atta

CVE-2026-57299 - Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlie

CVE-2026-57298 - A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Securit

CVE-2026-57297 - A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earli

CVE-2026-57296 - Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences

CVE-2026-57295 - A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81

CVE-2026-57294 - A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows a

CVE-2026-57293 - An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attac

CVE-2026-57292 - A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and

CVE-2026-57291 - Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers

CVE-2026-57290 - A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_844

CVE-2026-57289 - Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS ce

CVE-2026-57288 - Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the

CVE-2026-57287 - Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encryp

CVE-2026-57286 - A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows att

CVE-2026-57285 - A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlie

CVE-2026-57284 - Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can

CVE-2026-57283 - A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed465

CVE-2026-57282 - Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name w

CVE-2026-57281 - Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformat

CVE-2026-57280 - Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type c

CVE-2026-42450 - OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2

CVE-2026-35025 - ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows aut

CVE-2026-29034 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-12537 - Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versio

CVE-2026-56761 - hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allow

CVE-2026-56370 - ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsIma

CVE-2026-56368 - ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw p

CVE-2026-56358 - n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a

CVE-2026-56351 - n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft

CVE-2026-56338 - Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that p

CVE-2026-56337 - Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist_app_v2 RP

CVE-2026-56310 - Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/membe

CVE-2026-56302 - Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, a

CVE-2026-56272 - Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instea

CVE-2026-56270 - Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability i

CVE-2026-56269 - Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded defaul

CVE-2026-56262 - Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoint

CVE-2026-56257 - Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing t

CVE-2026-56256 - Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive O

CVE-2026-56245 - Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINE

CVE-2026-56244 - Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST du

CVE-2026-56237 - Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mecha

CVE-2026-56232 - Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys pr

CVE-2026-56231 - Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST

CVE-2026-56223 - Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-us

CVE-2026-13163 - Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint

CVE-2026-13140 - Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytoken

CVE-2026-12242 - The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions

CVE-2025-71361 - picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle

CVE-2025-71354 - picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.Object

CVE-2025-71332 - Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insu

CVE-2026-13150 - Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pd

CVE-2026-52944 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission byp

CVE-2026-52943 - In the Linux kernel, the following vulnerability has been resolved: net: skbuff: fix missing zeroco

CVE-2026-11968 - Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File W

CVE-2026-10745 - Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privile

CVE-2026-7761 - The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link D

CVE-2026-56052 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-52942 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_log: validate MAC

CVE-2026-52941 - In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid NULL deref of co

CVE-2026-52940 - In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header

CVE-2026-52939 - In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rds_

CVE-2026-52938 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereferen

CVE-2026-52937 - In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tap

CVE-2026-52936 - In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace

CVE-2026-52935 - In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an

CVE-2026-52934 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversi

CVE-2026-52933 - In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: fix signed compa

CVE-2026-52932 - In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination

CVE-2026-52931 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: tp_meter: avoid use

CVE-2026-52930 - In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan clean

CVE-2026-52929 - In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back d

CVE-2026-52928 - In the Linux kernel, the following vulnerability has been resolved: af_unix: Reject SIOCATMARK on n

CVE-2026-52927 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB re

CVE-2026-52926 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gatew

CVE-2026-52925 - In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when r

CVE-2026-52924 - In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale C

CVE-2026-52923 - In the Linux kernel, the following vulnerability has been resolved: ipc: limit next_id allocation t

CVE-2026-52922 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward

CVE-2026-52921 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash:* r

CVE-2026-52920 - In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_policy: fix stric

CVE-2026-52919 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tp_meter counte

CVE-2026-52918 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize accept_q a

CVE-2026-52917 - In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associ

CVE-2026-52916 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unic

CVE-2026-52915 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_hbh: reject ove

CVE-2026-52914 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reasse

CVE-2026-52913 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on di

CVE-2026-52912 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: hold bridg

CVE-2026-9724 - The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to

CVE-2026-9721 - The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in a

CVE-2026-9710 - The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-p

CVE-2026-9709 - The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST

CVE-2026-9643 - The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting vi

CVE-2026-9620 - The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted im

CVE-2026-9619 - The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in al

CVE-2026-9616 - The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions

CVE-2026-9612 - The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive In

CVE-2026-9184 - The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of d

CVE-2026-9183 - The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Informat

CVE-2026-9179 - The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter

CVE-2026-9178 - The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up

CVE-2026-9175 - The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to

CVE-2026-9172 - The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to

CVE-2026-8905 - The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all

CVE-2026-8896 - The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-8865 - The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-8705 - The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]`

CVE-2026-8690 - The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization by

CVE-2026-8688 - The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versi

CVE-2026-8628 - The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF

CVE-2026-8622 - The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via P

CVE-2026-8617 - The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data

CVE-2026-8614 - The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missin

CVE-2026-7617 - The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, a

CVE-2026-6292 - The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2026-4297 - The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in al

CVE-2026-13006 - ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and inc

CVE-2026-12417 - The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Re

CVE-2026-12416 - The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in a

CVE-2026-12100 - The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up

CVE-2026-12095 - The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up

CVE-2026-12094 - The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion

CVE-2026-11997 - The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t

CVE-2026-11370 - The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up

CVE-2026-10753 - The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write

CVE-2026-10749 - The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during po

CVE-2026-10735 - Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress pl

CVE-2026-10552 - The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to

CVE-2026-10531 - The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shor

CVE-2026-10092 - The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-10091 - The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-9539 - An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in free

CVE-2026-12851 - Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVisio

CVE-2026-12850 - Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVisio

CVE-2026-12849 - Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVisio

CVE-2026-12848 - GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled ove

CVE-2026-12847 - GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled ove

CVE-2026-12846 - GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled ove

CVE-2026-12488 - A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.

CVE-2026-12486 - Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVisio

CVE-2026-12485 - GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled ove

CVE-2026-3652 - The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parame

CVE-2026-11614 - The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-12681 - Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-atte

CVE-2026-54639 - Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulne

CVE-2026-7574 - Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, inc

CVE-2026-6458 - Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incor

CVE-2026-5818 - Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::act

CVE-2026-56785 - FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where na

CVE-2026-54588 - Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4

CVE-2026-48493 - Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only user

CVE-2026-47693 - Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4

CVE-2026-12164 - Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may as

CVE-2026-12163 - Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 cont

CVE-2026-11972 - When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile modul

CVE-2026-54518 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson

CVE-2026-9073 - A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that

CVE-2026-56120 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a

CVE-2026-54517 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson

CVE-2026-54516 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson

CVE-2026-54515 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson

CVE-2026-54514 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson

CVE-2026-54513 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson

CVE-2026-54512 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson

CVE-2026-53931 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-impor

CVE-2026-53930 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration en

CVE-2026-53929 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NC_SECURE_ATTACH

CVE-2026-53928 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh toke

CVE-2026-53927 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch

CVE-2026-53926 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensB

CVE-2026-50193 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson

CVE-2026-47388 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP t

CVE-2026-47387 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view

CVE-2026-47386 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-

CVE-2026-47385 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user

CVE-2026-47384 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user

CVE-2026-47383 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated comm

CVE-2026-47382 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test e

CVE-2026-47381 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspa

CVE-2026-47380 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timi

CVE-2026-47379 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view passw

CVE-2026-47378 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view en

CVE-2026-47377 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashR

CVE-2026-47376 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset pa

CVE-2026-47375 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user

CVE-2026-47279 - NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-vie

CVE-2026-46554 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens co

CVE-2026-46553 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL pat

CVE-2026-46552 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions

CVE-2026-46551 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path

CVE-2026-46550 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token coo

CVE-2026-46549 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strat

CVE-2026-46548 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering

CVE-2026-46547 - NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulne

CVE-2026-41862 - Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialis

CVE-2026-23513 - FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior

CVE-2026-12892 - A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 v

CVE-2026-12891 - A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC vid

CVE-2026-12112 - A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server all

CVE-2026-11820 - A flaw was found in the community.general Ansible collection's nexmo module. The module constructs H

CVE-2026-11819 - Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2026-11807 - A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The

CVE-2025-64105 - FOSSBilling is a billing and client management system that automates invoicing, payments, and commun

CVE-2026-54762 - Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium s

CVE-2026-54761 - Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high sever

CVE-2026-54555 - rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the

CVE-2026-54328 - Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or

CVE-2026-54327 - Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth cred

CVE-2026-54326 - Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Ma

CVE-2026-54325 - Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and res

CVE-2026-53622 - Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerabilit

CVE-2026-48491 - Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity

CVE-2026-48020 - Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a

CVE-2026-45792 - rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK

CVE-2026-39253 - An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivot

CVE-2026-55736 - Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-

CVE-2026-55249 - @rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their

CVE-2026-54322 - Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent wor

CVE-2026-54321 - Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent wor

CVE-2026-54320 - Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent wor

CVE-2026-54319 - Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent wor

CVE-2026-53755 - Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server

CVE-2026-53754 - Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server

CVE-2026-53753 - Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expres

CVE-2026-57062 - CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS forma

CVE-2026-57053 - GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs

CVE-2026-55517 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens

CVE-2026-54324 - Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent wor

CVE-2026-54323 - Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent wor

CVE-2026-54318 - Home Assistant is open source home automation software that puts local control and privacy first. Pr

CVE-2026-54317 - Home Assistant is open source home automation software that puts local control and privacy first. Pr