CVE-2026-23118 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning an

CVE-2026-23117 - In the Linux kernel, the following vulnerability has been resolved: ice: add missing ice_deinit_hw(

CVE-2026-23116 - In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remov

CVE-2026-23115 - In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port r

CVE-2026-23114 - In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE w

CVE-2026-23113 - In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: check IO_WQ_BIT

CVE-2025-71200 - In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent

CVE-2026-2312 - The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in

CVE-2026-1512 - The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is v

CVE-2026-1843 - The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activ

CVE-2026-1258 - The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation

CVE-2026-1254 - The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authoriz

CVE-2026-1249 - The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulner

CVE-2026-0550 - The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycre

CVE-2025-8572 - The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than

CVE-2026-2024 - The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' paramete

CVE-2026-2022 - The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing c

CVE-2026-1988 - The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File I

CVE-2026-1987 - The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v

CVE-2026-1985 - The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Guten

CVE-2026-1944 - The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of

CVE-2026-1939 - The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `

CVE-2026-1915 - The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' p

CVE-2026-1910 - The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-1905 - The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width'

CVE-2026-1903 - The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-1901 - The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'q

CVE-2026-1796 - The StyleBidet plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path

CVE-2026-1795 - The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL

CVE-2026-1792 - The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in

CVE-2026-1394 - The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-1306 - The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type

CVE-2026-1303 - The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions

CVE-2026-1187 - The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filena

CVE-2026-1096 - The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'la

CVE-2026-0753 - The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v

CVE-2026-0751 - The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2026-0745 - The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all ve

CVE-2026-0736 - The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2026-0735 - The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '

CVE-2026-0727 - The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all

CVE-2026-0693 - The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scri

CVE-2026-0559 - The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vuln

CVE-2026-0557 - The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'

CVE-2025-6792 - The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of dat

CVE-2025-15483 - The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop_name’

CVE-2025-14873 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2025-14852 - The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver

CVE-2026-1932 - The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized m

CVE-2026-2469 - Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutraliza

CVE-2026-2144 - The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all ve

CVE-2026-2027 - The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored

CVE-2026-1983 - The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery

CVE-2026-1912 - The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code'

CVE-2026-1904 - The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-1754 - The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v

CVE-2026-1164 - The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘messa

CVE-2026-0692 - The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authoriza

CVE-2026-26303 - Rejected reason: Not used

CVE-2026-26302 - Rejected reason: Not used

CVE-2026-26301 - Rejected reason: Not used

CVE-2026-26300 - Rejected reason: Not used

CVE-2026-26299 - Rejected reason: Not used

CVE-2026-26298 - Rejected reason: Not used

CVE-2026-26297 - Rejected reason: Not used

CVE-2026-26296 - Rejected reason: Not used

CVE-2026-26295 - Rejected reason: Not used

CVE-2025-14608 - The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in

CVE-2025-14067 - The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a mis

CVE-2025-13973 - The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Dis

CVE-2025-13681 - The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all version

CVE-2026-24853 - Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to r

CVE-2026-26273 - Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerabilit

CVE-2026-1844 - The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pys

CVE-2026-1841 - The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Store

CVE-2025-70957 - A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The v

CVE-2025-70956 - A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The

CVE-2025-70955 - A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The

CVE-2025-70954 - A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Bloc

CVE-2025-70866 - LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level

CVE-2025-69633 - A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for Presta

CVE-2025-15157 - The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unaut

CVE-2026-26335 - Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for t

CVE-2026-26334 - Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veram

CVE-2026-26333 - Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on T

CVE-2025-68128 - Rejected reason: reserved but not needed

CVE-2025-68127 - Rejected reason: reserved but not needed

CVE-2025-68126 - Rejected reason: reserved but not needed

CVE-2025-68125 - Rejected reason: reserved but not needed

CVE-2025-68124 - Rejected reason: reserved but not needed

CVE-2025-58184 - Rejected reason: reserved but not needed

CVE-2025-58182 - Rejected reason: reserved but not needed

CVE-2025-47915 - Rejected reason: reserved but not needed

CVE-2024-34157 - Rejected reason: reserved but not needed

CVE-2024-34154 - Rejected reason: reserved but not needed

CVE-2023-45291 - Rejected reason: reserved but not needed

CVE-2026-26269 - Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerab

CVE-2026-2441 - Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute a

CVE-2026-26264 - BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc

CVE-2026-26208 - ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable

CVE-2026-26190 - Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2

CVE-2026-26187 - lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to

CVE-2026-25991 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-25964 - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

CVE-2026-21878 - BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.r

CVE-2025-36552 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36545 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36542 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36538 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36534 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36532 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36526 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36524 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36523 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-36517 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-35997 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-35993 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-35976 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-35962 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-35961 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-35960 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-32734 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-32733 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-32090 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-32085 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-32082 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-32009 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-31942 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-31364 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-31358 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-31145 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-30517 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-29869 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-27941 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-27928 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-27573 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-27569 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-27251 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-26471 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-25049 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-24524 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-24518 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-24492 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-24321 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-24300 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-22845 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-20110 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-20107 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-20098 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-20089 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-20078 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-20066 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-20038 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2025-20007 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i

CVE-2026-21870 - BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (M

CVE-2025-69770 - A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allow

CVE-2025-66676 - An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a craft

CVE-2026-2026 - A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Win

CVE-2026-26268 - Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration

CVE-2026-26226 - beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to

CVE-2025-70123 - An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote a

CVE-2025-70122 - A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers

CVE-2025-70121 - An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote atta

CVE-2025-1790 - Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user c

CVE-2026-26221 - Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Servic

CVE-2025-70095 - A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of Open

CVE-2025-70094 - A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3

CVE-2025-70093 - An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted

CVE-2025-70091 - A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows

CVE-2026-25531 - Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for

CVE-2026-1578 - HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated ve

CVE-2026-23112 - In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in

CVE-2026-23111 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inver

CVE-2026-1619 - Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/K

CVE-2026-1618 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. Fl

CVE-2025-14349 - Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in