CVE-2026-5437 - An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing.

CVE-2026-4116 - Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent

CVE-2026-4114 - Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent

CVE-2026-4113 - An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a

CVE-2026-4112 - Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SM

CVE-2026-34757 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl

CVE-2026-34578 - OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authenti

CVE-2025-70811 - Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute

CVE-2025-70810 - Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute

CVE-2025-62718 - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios

CVE-2025-50228 - Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and

CVE-2026-4660 - HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during

CVE-2025-45806 - A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers

CVE-2026-3005 - The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2026-2519 - The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to

CVE-2026-24661 - Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhoo

CVE-2026-21388 - Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhoo

CVE-2025-57735 - When user logged out, the JWT token the user had authtenticated with was not invalidated, which coul

CVE-2024-1490 - An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the

CVE-2026-4901 - Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials

CVE-2026-34538 - Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to

CVE-2026-34185 - Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters.

CVE-2026-34184 - Hydrosystem Control System does not enforce authorization for some directories. This allows an unaut

CVE-2026-34179 - In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go

CVE-2026-34178 - In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/in

CVE-2026-34177 - Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidde

CVE-2025-62188 - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache Dolphin

CVE-2026-5854 - A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the

CVE-2026-5853 - A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by thi

CVE-2026-5852 - A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function se

CVE-2026-5851 - A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the funct

CVE-2026-5850 - A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s

CVE-2026-5849 - A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown funct

CVE-2026-5848 - A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function

CVE-2026-5847 - A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown f

CVE-2026-5844 - A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file pr

CVE-2026-5842 - A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is

CVE-2026-5841 - A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7Web

CVE-2026-5840 - A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown fu

CVE-2026-5839 - A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknow

CVE-2026-5838 - A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unk

CVE-2026-5742 - The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and

CVE-2026-4336 - The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ

CVE-2026-1830 - The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up

CVE-2026-5837 - A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the

CVE-2026-5836 - A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is som

CVE-2026-5835 - A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an u

CVE-2026-5834 - A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function

CVE-2026-5833 - A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impac

CVE-2026-5357 - The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid'

CVE-2026-4429 - The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'm

CVE-2026-4124 - The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and in

CVE-2026-3574 - The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-3568 - The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versio

CVE-2026-5832 - A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze

CVE-2026-5831 - A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown funct

CVE-2026-5830 - A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of th

CVE-2026-5829 - A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element

CVE-2026-5828 - A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is a

CVE-2026-4326 - The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all v

CVE-2026-5827 - A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unkno

CVE-2026-5826 - A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unkno

CVE-2026-5825 - A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects

CVE-2026-5824 - A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects

CVE-2026-5823 - A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this

CVE-2026-5815 - A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_ma

CVE-2026-5814 - A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue

CVE-2026-5813 - A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affe

CVE-2026-5812 - A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This a

CVE-2026-5811 - A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this i

CVE-2026-5173 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.

CVE-2026-4916 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9

CVE-2026-4398 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-4332 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef

CVE-2026-3438 - A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 th

CVE-2026-3199 - A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 throug

CVE-2026-2619 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 bef

CVE-2026-2104 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9

CVE-2026-1752 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 bef

CVE-2026-1516 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 b

CVE-2026-1101 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef

CVE-2026-1092 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9

CVE-2025-9484 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 bef

CVE-2025-12664 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9

CVE-2026-5919 - Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 all

CVE-2026-5918 - Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote

CVE-2026-5915 - Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed

CVE-2026-5914 - Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a us

CVE-2026-5913 - Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to per

CVE-2026-5912 - Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perf

CVE-2026-5911 - Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to

CVE-2026-5910 - Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5909 - Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5908 - Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5907 - Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attac

CVE-2026-5906 - Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote

CVE-2026-5905 - Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a re

CVE-2026-5904 - Rejected reason: Determined a bug and not a vulnerability

CVE-2026-5903 - Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who

CVE-2026-5902 - Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had c

CVE-2026-5901 - Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attac

CVE-2026-5900 - Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypa

CVE-2026-5899 - Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowe

CVE-2026-5898 - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att

CVE-2026-5897 - Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5896 - Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinc

CVE-2026-5895 - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att

CVE-2026-5894 - Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5893 - Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit

CVE-2026-5892 - Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote att

CVE-2026-5891 - Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo

CVE-2026-5890 - Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potent

CVE-2026-5889 - Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read pot

CVE-2026-5888 - Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to

CVE-2026-5887 - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7

CVE-2026-5886 - Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attac

CVE-2026-5885 - Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.

CVE-2026-5884 - Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed

CVE-2026-5883 - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5882 - Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5881 - Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5880 - Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo

CVE-2026-5879 - Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 a

CVE-2026-5878 - Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to

CVE-2026-5877 - Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ex

CVE-2026-5876 - Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a rem

CVE-2026-5875 - Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform

CVE-2026-5874 - Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who co

CVE-2026-5873 - Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5872 - Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5871 - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5870 - Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut

CVE-2026-5869 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o

CVE-2026-5868 - Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attack

CVE-2026-5867 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o

CVE-2026-5866 - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5865 - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5864 - Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker t

CVE-2026-5863 - Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5862 - Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5861 - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5860 - Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut

CVE-2026-5859 - Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5858 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to e

CVE-2026-5810 - A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown funct

CVE-2026-5808 - A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae63405933

CVE-2026-5806 - A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unkn

CVE-2026-5711 - The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 's

CVE-2026-40037 - OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetc

CVE-2026-40036 - Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py

CVE-2026-40035 - Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that en

CVE-2026-40032 - UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in t

CVE-2026-40031 - MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-l

CVE-2026-40030 - parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path ar

CVE-2026-40029 - parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file p

CVE-2026-40028 - Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML repo

CVE-2026-40027 - ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerabili

CVE-2026-40026 - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem

CVE-2026-40025 - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem ke

CVE-2026-40024 - The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an

CVE-2026-39901 - monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a tra

CVE-2026-5805 - A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an

CVE-2026-5803 - A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f38934

CVE-2026-5451 - The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-5436 - The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to

CVE-2026-39892 - cryptography is a package designed to expose cryptographic primitives and recipes to Python develope

CVE-2026-39891 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function

CVE-2026-39890 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method

CVE-2026-39889 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream serv

CVE-2026-39888 - PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.p

CVE-2026-39885 - FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the m

CVE-2026-39883 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2

CVE-2026-39882 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters

CVE-2026-39881 - Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerabilit

CVE-2026-39860 - Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allow

CVE-2026-39844 - NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward

CVE-2026-39429 - kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and containe

CVE-2026-39416 - AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. P

CVE-2026-39415 - Frappe Learning Management System (LMS) is a learning system that helps users structure their conten

CVE-2026-39414 - MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEA

CVE-2026-5802 - A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of

CVE-2026-39880 - Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.

CVE-2026-39864 - Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an ou

CVE-2026-39863 - Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.

CVE-2026-39862 - Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code e

CVE-2026-39859 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3

CVE-2026-39413 - LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API

CVE-2026-39412 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4

CVE-2026-39411 - LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow

CVE-2026-39362 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DO

CVE-2026-35525 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3

CVE-2026-35479 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who hav

CVE-2026-35478 - InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authentica

CVE-2026-35477 - InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-2

CVE-2026-35476 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authe

CVE-2026-23869 - A denial of service vulnerability exists in React Server Components, affecting the following package

CVE-2026-39851 - Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, th

CVE-2026-35455 - immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStore

CVE-2026-35446 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35407 - Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a

CVE-2026-35403 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35401 - Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a m

CVE-2026-35400 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35169 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35165 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-34985 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-34837 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint

CVE-2026-34782 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the RE

CVE-2026-34724 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side te

CVE-2026-34723 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauth

CVE-2026-34722 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the us

CVE-2026-34721 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OA

CVE-2026-34720 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SS

CVE-2026-34719 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the we

CVE-2026-34718 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HT

CVE-2026-34392 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-34248 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in sha

CVE-2026-34166 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3

CVE-2026-33350 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-30818 - An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an au

CVE-2026-30817 - An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an

CVE-2026-30816 - An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows

CVE-2026-30815 - An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an au

CVE-2026-30814 - A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenti

CVE-2026-2942 - The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missin

CVE-2026-27806 - Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk e

CVE-2026-20709 - Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Serie

CVE-2026-0814 - The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due

CVE-2026-0811 - The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in a

CVE-2025-50673 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50672 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para

CVE-2025-50671 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para

CVE-2025-50670 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para

CVE-2025-50669 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to i

CVE-2025-50668 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50667 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50666 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of mult

CVE-2025-50665 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of inpu

CVE-2025-50664 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para

CVE-2025-50663 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50662 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50661 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of mult

CVE-2025-50660 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50659 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50657 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50655 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50654 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of th

CVE-2025-50653 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the

CVE-2025-50652 - An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /savep

CVE-2025-50650 - A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of