CVE-2025-55265 - HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to

CVE-2025-41359 - Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecti

CVE-2025-41027 - Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an at

CVE-2025-41026 - Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an at

CVE-2025-41368 - Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in

CVE-2018-25210 - WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the en

CVE-2018-25209 - OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthe

CVE-2018-25208 - qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract da

CVE-2018-25207 - Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that

CVE-2018-25206 - KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands

CVE-2018-25205 - ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers

CVE-2018-25204 - Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to byp

CVE-2018-25203 - Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated atta

CVE-2018-25202 - SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database qu

CVE-2018-25201 - School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login function

CVE-2018-25195 - Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that

CVE-2018-25185 - Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attac

CVE-2018-25183 - Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attacker

CVE-2026-4809 - plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an appli

CVE-2026-4274 - Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail t

CVE-2026-24068 - The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConn

CVE-2026-23398 - In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer derefere

CVE-2026-23397 - In the Linux kernel, the following vulnerability has been resolved: nfnetlink_osf: validate individ

CVE-2026-23396 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref

CVE-2026-4862 - A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue

CVE-2026-4263 - Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private m

CVE-2026-4262 - Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private m

CVE-2026-4861 - A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function

CVE-2026-4860 - A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the funct

CVE-2026-4874 - A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSR

CVE-2026-4850 - A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unkno

CVE-2026-4849 - A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown f

CVE-2026-4848 - A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function

CVE-2026-4847 - A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown fun

CVE-2026-4747 - Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This

CVE-2026-4652 - On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CON

CVE-2026-4247 - When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes

CVE-2026-32680 - The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation fold

CVE-2026-28760 - The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load ce

CVE-2026-1890 - The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowi

CVE-2026-1430 - The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, w

CVE-2025-15488 - The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution du

CVE-2025-15433 - The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to d

CVE-2026-4846 - A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknow

CVE-2026-4845 - A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown function of the fil

CVE-2026-1206 - The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensi

CVE-2026-4844 - A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects so

CVE-2026-4842 - A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulner

CVE-2026-4841 - A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unk

CVE-2026-4840 - A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue i

CVE-2026-4389 - The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cr

CVE-2026-4331 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthoriz

CVE-2026-4329 - The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-4281 - The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization

CVE-2026-4278 - The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2026-33201 - Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulner

CVE-2026-2931 - The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versio

CVE-2026-4839 - A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown f

CVE-2026-4838 - A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown

CVE-2026-4335 - The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-4075 - The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-3328 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via dese

CVE-2026-1986 - The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is v

CVE-2026-4836 - A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unkn

CVE-2026-4835 - A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an un

CVE-2025-15101 - A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interfac

CVE-2014-125112 - Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Pla

CVE-2026-4833 - A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compil

CVE-2026-4831 - A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the fi

CVE-2026-4484 - The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,

CVE-2026-4830 - A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the

CVE-2026-33942 - Saloon is a PHP library that gives users tools to build API integrations and SDKs. Versions prior to

CVE-2026-33526 - Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vul

CVE-2026-33515 - Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid

CVE-2026-33287 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version

CVE-2026-33285 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version

CVE-2026-33183 - Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version

CVE-2026-33182 - Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version

CVE-2026-32748 - Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource dur

CVE-2026-4826 - A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability

CVE-2026-4758 - The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient

CVE-2026-34056 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-34055 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-34053 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-34051 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33934 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33933 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33932 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33931 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33918 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33917 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33915 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33914 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-30892 - crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the

CVE-2026-4825 - A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown

CVE-2026-33913 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33912 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33911 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33910 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33909 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-33348 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-32120 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2026-29187 - OpenEMR is a free and open source electronic health records and medical practice management applicat

CVE-2025-2535 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-4824 - A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue

CVE-2026-4823 - A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability i

CVE-2025-36187 - IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0

CVE-2025-14684 - IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorize

CVE-2026-4822 - A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown fu

CVE-2026-33249 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Star

CVE-2026-33248 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33223 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33222 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-30976 - Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950,

CVE-2026-30975 - Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authenticatio

CVE-2026-2485 - IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scrip

CVE-2026-2484 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure v

CVE-2026-2483 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. T

CVE-2026-1561 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve

CVE-2026-1262 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure

CVE-2026-1015 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request for

CVE-2026-1014 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive i

CVE-2025-64648 - IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain

CVE-2025-64647 - IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow

CVE-2025-64646 - IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory du

CVE-2025-36440 - IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to miss

CVE-2025-36438 - IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to

CVE-2025-36422 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer i

CVE-2025-36258 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and othe

CVE-2025-14974 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Obj

CVE-2025-14917 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve

CVE-2025-14915 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve

CVE-2025-14912 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request for

CVE-2025-14810 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after priv

CVE-2025-14808 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensit

CVE-2025-14807 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection,

CVE-2026-33247 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33246 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The

CVE-2026-33219 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33218 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33217 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-33216 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-29785 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio

CVE-2026-27889 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Star

CVE-2025-70888 - An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate

CVE-2025-14790 - IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensit

CVE-2025-12708 - IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local us

CVE-2026-33809 - A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, c

CVE-2026-33751 - n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1,

CVE-2026-33749 - n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1,

CVE-2026-33724 - n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control

CVE-2026-33722 - n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authent

CVE-2026-33720 - n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_

CVE-2026-27602 - Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/

CVE-2026-1001 - Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Har

CVE-2025-70952 - pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, wher

CVE-2025-70887 - An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the s

CVE-2026-33713 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26,

CVE-2026-33696 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27,

CVE-2026-33665 - n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP a

CVE-2026-33663 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27,

CVE-2026-33660 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26,

CVE-2026-30587 - Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and

CVE-2026-27496 - n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, a

CVE-2025-67030 - Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in pl

CVE-2026-3988 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9

CVE-2026-3857 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9

CVE-2026-34085 - fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, lead

CVE-2026-32573 - Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB T

CVE-2026-32567 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icop

CVE-2026-32562 - Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting In

CVE-2026-32546 - Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting

CVE-2026-32545 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32544 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32542 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32541 - Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manag

CVE-2026-32540 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32539 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32538 - Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer

CVE-2026-32537 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32536 - Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-p

CVE-2026-32535 - Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ti

CVE-2026-32534 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32533 - Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allo

CVE-2026-32532 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32531 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32530 - Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Es

CVE-2026-32529 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32528 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32527 - Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor

CVE-2026-32526 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32525 - Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilde

CVE-2026-32524 - Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync a

CVE-2026-32523 - Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic al

CVE-2026-32522 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanq

CVE-2026-32521 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32520 - Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allow

CVE-2026-32519 - Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalati

CVE-2026-32518 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32517 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32516 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32515 - Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrec

CVE-2026-32514 - Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorr

CVE-2026-32513 - Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list

CVE-2026-32512 - Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-an

CVE-2026-32511 - Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.T

CVE-2026-32510 - Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injec

CVE-2026-32509 - Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection

CVE-2026-32508 - Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Inj

CVE-2026-32507 - Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injecti

CVE-2026-32506 - Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injec

CVE-2026-32505 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32504 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32503 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32502 - Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-

CVE-2026-32501 - Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allow

CVE-2026-32500 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-32499 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-32498 - Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-

CVE-2026-32497 - Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authenti

CVE-2026-32496 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL

CVE-2026-32495 - Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploi

CVE-2026-32494 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32493 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32492 - Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity

CVE-2026-32491 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32490 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-32489 - Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Conf

CVE-2026-32488 - Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows

CVE-2026-32485 - Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting In

CVE-2026-32484 - Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.

CVE-2026-32483 - Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Ex

CVE-2026-32482 - Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a W

CVE-2026-32441 - Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woo

CVE-2026-31921 - Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce product

CVE-2026-31920 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-31914 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-31913 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whit

CVE-2026-2995 - GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 bef

CVE-2026-2973 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9

CVE-2026-2745 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9

CVE-2026-2726 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9

CVE-2026-2414 - Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escal

CVE-2026-29092 - Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Emai

CVE-2026-27659 - Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail t

CVE-2026-27656 - Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail t

CVE-2026-27095 - Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reser

CVE-2026-27088 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27087 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27084 - Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.