CVE-2026-6024 - A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7W

CVE-2026-6016 - A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd o

CVE-2026-6015 - A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of

CVE-2026-5477 - An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge C

CVE-2026-6014 - A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of th

CVE-2026-6013 - A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSet

CVE-2026-6012 - A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSet

CVE-2026-6011 - A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown f

CVE-2026-4482 - The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted

CVE-2026-6010 - A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulner

CVE-2026-6007 - A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknow

CVE-2026-6006 - A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted e

CVE-2026-6005 - A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is

CVE-2026-5501 - wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the

CVE-2026-5500 - wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication t

CVE-2026-5479 - In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and r

CVE-2026-5466 - wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the sig

CVE-2026-5188 - An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extensi

CVE-2026-2305 - The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-6004 - A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown

CVE-2026-6003 - A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This iss

CVE-2026-6000 - A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unkn

CVE-2026-5999 - A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the com

CVE-2026-33551 - An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.

CVE-2026-5998 - A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function

CVE-2026-5997 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the f

CVE-2026-5996 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected el

CVE-2026-4977 - The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for W

CVE-2026-4664 - The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in

CVE-2026-4351 - The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in

CVE-2026-4305 - The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Si

CVE-2026-4057 - The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to

CVE-2026-3360 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecu

CVE-2026-2712 - The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to mi

CVE-2026-25203 - Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

CVE-2026-1924 - The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-1263 - The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to,

CVE-2026-5995 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function se

CVE-2026-5994 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the

CVE-2026-5993 - A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects

CVE-2026-5992 - A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of

CVE-2026-5991 - A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtra

CVE-2026-5990 - A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function

CVE-2026-5989 - A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /g

CVE-2026-5460 - A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare pr

CVE-2026-5448 - X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may

CVE-2026-5393 - Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVer

CVE-2026-5392 - Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the hea

CVE-2026-5988 - A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the

CVE-2026-5987 - A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the f

CVE-2026-5986 - A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the func

CVE-2026-5985 - A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected el

CVE-2026-5507 - When restoring a session from cache, a pointer from the serialized session data is used in a free op

CVE-2026-5504 - A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover pl

CVE-2026-5503 - In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find

CVE-2026-5295 - A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() functi

CVE-2026-34424 - Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access to

CVE-2026-5984 - A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of th

CVE-2026-5983 - A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDD

CVE-2026-5982 - A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAd

CVE-2026-5981 - A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall

CVE-2026-5778 - Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in

CVE-2026-5772 - A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) duri

CVE-2026-5264 - Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1

CVE-2026-5263 - URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate

CVE-2026-40154 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched templat

CVE-2026-40153 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in she

CVE-2026-40152 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools v

CVE-2026-40151 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a

CVE-2026-40150 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praison

CVE-2026-40149 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list en

CVE-2026-40148 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in Praiso

CVE-2026-40117 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py

CVE-2026-40116 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in P

CVE-2026-40115 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (se

CVE-2026-40114 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbi

CVE-2026-40113 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delim

CVE-2026-40112 - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/a

CVE-2026-40111 - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praison

CVE-2026-39848 - Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop opera

CVE-2026-35646 - OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook t

CVE-2026-35645 - OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subage

CVE-2026-35644 - OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers wit

CVE-2026-35642 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events

CVE-2026-35640 - OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing

CVE-2026-35639 - OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve m

CVE-2026-35638 - OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allow

CVE-2026-35637 - OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization che

CVE-2026-35636 - OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where

CVE-2026-35635 - OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Ch

CVE-2026-35634 - OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway wher

CVE-2026-35633 - OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP

CVE-2026-35632 - OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.up

CVE-2026-35631 - OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat comman

CVE-2026-35629 - OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel e

CVE-2026-35628 - OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authent

CVE-2026-35627 - OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct mes

CVE-2026-35626 - OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice cal

CVE-2026-35625 - OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-au

CVE-2026-35624 - OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that match

CVE-2026-35623 - OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication t

CVE-2026-35622 - OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google C

CVE-2026-35618 - OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verificatio

CVE-2026-35617 - OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy

CVE-2026-34512 - OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:s

CVE-2026-33797 - An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows

CVE-2026-33793 - An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Network

CVE-2026-33791 - An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos O

CVE-2026-33790 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of

CVE-2026-33788 - A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs

CVE-2026-33787 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon

CVE-2026-33786 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon

CVE-2026-33785 - A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a

CVE-2026-33784 - A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual L

CVE-2026-33783 - A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networ

CVE-2026-33782 - A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Ju

CVE-2026-33781 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin

CVE-2026-33780 - A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning D

CVE-2026-33779 - An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks J

CVE-2026-33778 - An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by

CVE-2026-33776 - A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved a

CVE-2026-33775 - A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber

CVE-2026-33774 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin

CVE-2026-33773 - An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Junip

CVE-2026-33771 - A Weak Password Requirements vulnerability in the password management function of Juniper Networks C

CVE-2026-21919 - An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos

CVE-2026-21916 - A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allow

CVE-2026-21915 - A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JS

CVE-2026-21904 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit

CVE-2025-59969 - A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanc

CVE-2025-13914 - A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Netw

CVE-2026-5980 - A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACF

CVE-2026-5979 - A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the funct

CVE-2026-5978 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the

CVE-2026-5977 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function s

CVE-2026-5447 - Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overfl

CVE-2026-5446 - In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce

CVE-2026-40109 - Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolk

CVE-2026-40107 - SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with

CVE-2026-40093 - nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and ear

CVE-2026-35206 - Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specia

CVE-2023-54364 - Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenti

CVE-2023-54363 - Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthent

CVE-2023-54362 - Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that

CVE-2023-54361 - Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allo

CVE-2023-54360 - Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attacke

CVE-2023-54359 - WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that all

CVE-2023-54358 - WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that all

CVE-2026-5976 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the funct

CVE-2026-5975 - A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the

CVE-2026-5974 - A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the

CVE-2026-5973 - A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime

CVE-2026-5972 - A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the funct

CVE-2026-5194 - Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA cert

CVE-2026-5187 - Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c.

CVE-2026-4436 - A low-privileged remote attacker can send Modbus packets to manipulate register values that are inp

CVE-2026-40089 - Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audi

CVE-2026-40088 - PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow

CVE-2026-40087 - LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.2

CVE-2026-40077 - Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept

CVE-2026-39977 - flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-fil

CVE-2026-35577 - Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. P

CVE-2026-35063 - OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authe

CVE-2026-34734 - HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the

CVE-2026-34500 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled a

CVE-2026-34487 - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin

CVE-2026-34486 - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-2914

CVE-2026-34483 - Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache

CVE-2026-32990 - Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.

CVE-2026-29923 - The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privil

CVE-2026-29146 - Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This

CVE-2026-29145 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled v

CVE-2026-29129 - Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects

CVE-2026-25854 - Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via th

CVE-2026-24880 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Ap

CVE-2025-13926 - An attacker could use data obtained by sniffing the network traffic to forge packets in order to ma

CVE-2026-39912 - V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response b

CVE-2026-35556 - OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an atta

CVE-2026-35195 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's imple

CVE-2026-35186 - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34988 - Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34987 - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime wi

CVE-2026-34983 - Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can resu

CVE-2026-34971 - Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34946 - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34945 - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's

CVE-2026-34944 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platfo

CVE-2026-34943 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contain

CVE-2026-34942 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's imple

CVE-2026-34941 - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contain

CVE-2026-31170 - An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex

CVE-2026-28205 - OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability w

CVE-2026-5971 - A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the functi

CVE-2026-5970 - A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function chec

CVE-2026-5329 - Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in t

CVE-2026-40072 - web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.1

CVE-2026-40071 - pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /js

CVE-2026-40070 - BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::Wallet

CVE-2026-40069 - BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's

CVE-2026-39987 - marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The

CVE-2026-39985 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-39983 - basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via C

CVE-2026-39981 - AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the ess

CVE-2026-39980 - OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.

CVE-2026-39961 - Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From

CVE-2026-39911 - Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScrip

CVE-2026-39315 - Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable tha

CVE-2026-35207 - dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a

CVE-2026-30478 - A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows

CVE-2026-1584 - A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sen

CVE-2025-70797 - Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execut

CVE-2025-63238 - A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to t

CVE-2026-5962 - A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecur

CVE-2026-5961 - A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vul

CVE-2026-40046 - Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveM

CVE-2026-39976 - Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is a

CVE-2026-39974 - n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive acce

CVE-2026-39972 - Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-e

CVE-2026-39962 - MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutraliz

CVE-2026-39959 - Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol

CVE-2026-39958 - oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metada

CVE-2026-39957 - Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug i

CVE-2026-39943 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, D

CVE-2026-39942 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, t

CVE-2026-39856 - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-

CVE-2026-39855 - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an inte

CVE-2026-30479 - A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attacke

CVE-2026-5960 - A weakness has been identified in code-projects Patient Record Management System 1.0. This affects a

CVE-2026-4878 - A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TO

CVE-2026-39941 - ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows at

CVE-2026-39853 - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack

CVE-2026-39843 - Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of

CVE-2026-39398 - Rejected reason: The affected product and advisory are not public.

CVE-2026-35205 - Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins

CVE-2026-35204 - Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm p

CVE-2026-35041 - fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service

CVE-2026-35040 - fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers

CVE-2026-34020 - Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The RE

CVE-2026-33266 - Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie en

CVE-2026-33005 - Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered u

CVE-2025-70365 - A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output

CVE-2025-70364 - An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execu

CVE-2025-15480 - In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during cra

CVE-2025-14551 - In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. U

CVE-2026-5959 - A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affect

CVE-2026-5445 - An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDec

CVE-2026-5444 - A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a

CVE-2026-5443 - A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pix

CVE-2026-5442 - A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded

CVE-2026-5441 - An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.c