CVE-2026-0573 - An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-co

CVE-2025-8860 - A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VAR

CVE-2025-1272 - The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has t

CVE-2025-14876 - A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit

CVE-2025-12343 - A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file.

CVE-2025-10256 - A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_fire

CVE-2025-0577 - An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of fun

CVE-2026-2666 - A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the fil

CVE-2026-2665 - A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596

CVE-2026-2663 - A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affec

CVE-2026-2662 - A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the funct

CVE-2026-2661 - A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::op

CVE-2026-25500 - Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Dir

CVE-2026-23491 - InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-0875 - A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of

CVE-2026-0874 - A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-

CVE-2026-2660 - A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the functi

CVE-2026-22860 - Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Dir

CVE-2025-70064 - PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-priv

CVE-2025-70063 - The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Dire

CVE-2025-70062 - PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerabilit

CVE-2025-69287 - The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchai

CVE-2026-2659 - A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function

CVE-2026-2658 - A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee.

CVE-2026-24708 - An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By

CVE-2026-20144 - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platf

CVE-2026-20142 - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Sea

CVE-2026-20141 - In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does

CVE-2026-20139 - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platf

CVE-2026-20138 - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Sea

CVE-2026-20137 - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platfo

CVE-2025-70152 - code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the a

CVE-2025-70151 - code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code e

CVE-2025-70150 - CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete

CVE-2025-70148 - Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Manage

CVE-2025-14009 - A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all version

CVE-2026-2657 - A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError o

CVE-2026-2507 - When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note

CVE-2026-2230 - The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v

CVE-2025-70149 - CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.p

CVE-2025-70147 - Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Tab

CVE-2025-70146 - Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Onli

CVE-2025-70141 - SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in aja

CVE-2025-13965 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason:

CVE-2025-13933 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason:

CVE-2025-13602 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-23230 - In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid b

CVE-2026-23229 - In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock p

CVE-2026-23228 - In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active

CVE-2026-23227 - In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock

CVE-2026-23226 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protec

CVE-2026-23225 - In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID i

CVE-2026-23224 - In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-b

CVE-2026-23223 - In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_chec

CVE-2026-23222 - In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CR

CVE-2026-23221 - In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free

CVE-2026-23220 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused

CVE-2025-71237 - In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block ove

CVE-2025-71236 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp befo

CVE-2025-71235 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unl

CVE-2025-71234 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of

CVE-2025-71233 - In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating s

CVE-2025-71232 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error

CVE-2025-71231 - In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds

CVE-2025-71230 - In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb->s_fs_info is al

CVE-2025-71229 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix alignment faul

CVE-2025-70998 - UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default cre

CVE-2025-65791 - ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passe

CVE-2025-65519 - mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML f

CVE-2025-15579 - Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Inject

CVE-2026-2656 - A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::ba

CVE-2026-2329 - An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bi

CVE-2026-27100 - Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds

CVE-2026-27099 - Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not

CVE-2026-23219 - In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloc_tagging_slab

CVE-2026-23218 - In the Linux kernel, the following vulnerability has been resolved: gpio: loongson-64bit: Fix incor

CVE-2026-23217 - In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot dead

CVE-2026-23216 - In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-af

CVE-2026-23215 - In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobb

CVE-2026-23214 - In the Linux kernel, the following vulnerability has been resolved: btrfs: reject new transactions

CVE-2026-23213 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Disable MMIO access

CVE-2026-23212 - In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races ar

CVE-2026-23211 - In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swap_space at

CVE-2026-1426 - The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all

CVE-2026-1404 - The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Mem

CVE-2025-71228 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71227 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for

CVE-2025-71226 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2025-71225 - In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updatin

CVE-2025-61982 - An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenC

CVE-2026-2655 - A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscr

CVE-2026-2654 - A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.g

CVE-2026-2464 - Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remot

CVE-2026-1441 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1440 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1439 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1438 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1437 - Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2

CVE-2026-1436 - Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the us

CVE-2026-1435 - Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incor

CVE-2025-8308 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab

CVE-2025-60038 - A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute a

CVE-2025-60037 - A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute a

CVE-2025-60036 - A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth Indra

CVE-2025-60035 - A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth Indr

CVE-2025-59920 - When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assi

CVE-2025-33253 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution b

CVE-2025-33252 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution.

CVE-2025-33251 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution.

CVE-2025-33250 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution.

CVE-2025-33249 - NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, wh

CVE-2025-33246 - NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where

CVE-2025-33245 - NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code executio

CVE-2025-33243 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution i

CVE-2025-33241 - NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution b

CVE-2025-33240 - NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input

CVE-2025-33239 - NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input co

CVE-2025-33236 - NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cau

CVE-2025-14340 - Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, 

CVE-2026-2386 - The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCom

CVE-2026-1582 - The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio

CVE-2026-1317 - The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL In

CVE-2025-8781 - The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Inject

CVE-2025-7630 - Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in

CVE-2025-14799 - The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorizatio

CVE-2026-2653 - A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_chec

CVE-2026-2426 - The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, a

CVE-2026-1942 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthoriz

CVE-2025-14444 - The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin

CVE-2026-2126 - The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is v

CVE-2025-13727 - The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored

CVE-2025-11185 - The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-2495 - The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for Word

CVE-2026-2127 - The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode

CVE-2026-1941 - The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2026-1656 - The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing a

CVE-2026-1649 - The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce_v

CVE-2026-2419 - The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, a

CVE-2026-2112 - The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,

CVE-2026-25421 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collisio

CVE-2026-1943 - The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2026-1938 - The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized licens

CVE-2026-1860 - The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all version

CVE-2026-1831 - The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin

CVE-2026-1655 - The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing a

CVE-2026-2644 - A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solv

CVE-2026-2642 - A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted e

CVE-2026-2633 - The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorizati

CVE-2026-2296 - The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vuln

CVE-2026-2281 - The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label

CVE-2026-2019 - The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all vers

CVE-2026-1937 - The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modifi

CVE-2026-1857 - The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request

CVE-2026-1807 - The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scri

CVE-2026-1666 - The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'r

CVE-2026-1640 - The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable

CVE-2026-2641 - A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the fun

CVE-2026-2023 - The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-1906 - The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Dire

CVE-2026-1639 - The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable

CVE-2026-1368 - The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its

CVE-2026-1304 - The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-1072 - The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all

CVE-2025-12356 - The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modifi

CVE-2025-12122 - The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2025-11737 - The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-2576 - The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulne

CVE-2026-1931 - The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' p

CVE-2026-1925 - The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthori

CVE-2026-1714 - The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plu

CVE-2026-1296 - The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in

CVE-2026-1277 - The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and incl

CVE-2025-6460 - The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2025-13959 - The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fi

CVE-2025-12075 - The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data

CVE-2025-12074 - The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, an

CVE-2025-12071 - The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in al

CVE-2025-12037 - The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-27171 - zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp

CVE-2026-27038 - Rejected reason: Not used

CVE-2026-27037 - Rejected reason: Not used

CVE-2026-27036 - Rejected reason: Not used

CVE-2026-27035 - Rejected reason: Not used

CVE-2026-27034 - Rejected reason: Not used

CVE-2026-27033 - Rejected reason: Not used

CVE-2026-27032 - Rejected reason: Not used

CVE-2026-27031 - Rejected reason: Not used

CVE-2026-23599 - A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass

CVE-2026-22048 - StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sig

CVE-2026-1344 - Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.

CVE-2026-2570 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-26119 - Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges

CVE-2026-1670 - The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an

CVE-2025-62183 - Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerabil

CVE-2025-13689 - IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands

CVE-2025-13333 - IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during sys

CVE-2026-2629 - A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100

CVE-2026-2627 - A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function

CVE-2026-2623 - A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file bloss

CVE-2025-36348 - IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0

CVE-2025-36183 - IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious f

CVE-2025-33135 - IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 thr

CVE-2025-33088 - IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's

CVE-2023-38005 - IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated us

CVE-2026-2622 - A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function conten

CVE-2026-2621 - A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Managemen

CVE-2026-23598 - Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow

CVE-2026-23597 - Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow

CVE-2026-23596 - A vulnerability in the management API of the affected product could allow an unauthenticated remote

CVE-2026-23595 - An authentication bypass in the application API allows an unauthorized administrative account to be

CVE-2025-36379 - IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptogra

CVE-2025-36377 - IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration

CVE-2025-36376 - IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration

CVE-2025-14289 - IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inje

CVE-2025-13691 - IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP res

CVE-2026-2620 - A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this is

CVE-2026-26357 - Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input Duri

CVE-2026-22769 - Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia

CVE-2026-22762 - Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain a

CVE-2026-22284 - Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of

CVE-2026-0102 - Under specific conditions, a malicious webpage may trigger autofill population after two consecutive

CVE-2025-70846 - lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in

CVE-2025-67102 - A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authentica

CVE-2025-36598 - Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam

CVE-2025-36597 - Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam

CVE-2025-36243 - IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow

CVE-2025-33130 - IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause

CVE-2025-33124 - IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause

CVE-2025-33101 - IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in

CVE-2025-33089 - IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or per

CVE-2025-32355 - Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. Ho

CVE-2025-27904 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind

CVE-2025-27903 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind

CVE-2025-27901 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Wind

CVE-2025-27900 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishin

CVE-2025-27899 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environmen

CVE-2025-27898 - IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout whic

CVE-2025-13108 - IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitiv

CVE-2023-38265 - IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location

CVE-2026-2630 - A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbit

CVE-2026-26736 - TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow vi

CVE-2026-26732 - TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via t

CVE-2026-26731 - TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via t

CVE-2026-24734 - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP

CVE-2026-24733 - Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests t

CVE-2025-66614 - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 1

CVE-2025-59793 - Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxi

CVE-2025-36019 - IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vuln

CVE-2025-36018 - IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery whic

CVE-2025-12755 - IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images