CVE-2026-31913 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whit

CVE-2026-2995 - GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 bef

CVE-2026-2973 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9

CVE-2026-2745 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9

CVE-2026-2726 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9

CVE-2026-2414 - Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escal

CVE-2026-29092 - Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Emai

CVE-2026-27659 - Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail t

CVE-2026-27656 - Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail t

CVE-2026-27095 - Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reser

CVE-2026-27088 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27087 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27084 - Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.

CVE-2026-27083 - Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-compan

CVE-2026-27082 - Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injec

CVE-2026-27081 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27080 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27079 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27078 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27077 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27076 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27075 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27073 - Use of Hard-coded Credentials vulnerability in Addi Addi &#8211; Cuotas que se adaptan a ti buy-now-

CVE-2026-27071 - Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Config

CVE-2026-27054 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-27051 - Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This iss

CVE-2026-27049 - Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobic

CVE-2026-27048 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27047 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-27046 - Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorre

CVE-2026-27045 - Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommer

CVE-2026-27044 - Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lit

CVE-2026-27040 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-T

CVE-2026-27039 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-26233 - Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail t

CVE-2026-25645 - Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` uti

CVE-2026-25469 - Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill &#8211; WooCommerce viabill-w

CVE-2026-25465 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25464 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25462 - Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured

CVE-2026-25461 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25460 - Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly

CVE-2026-25458 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25457 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25456 - Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping

CVE-2026-25455 - Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-produc

CVE-2026-25454 - Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly

CVE-2026-25452 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25447 - Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widge

CVE-2026-25437 - Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly

CVE-2026-25435 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25430 - Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPFor

CVE-2026-25429 - Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Inje

CVE-2026-25417 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25414 - Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privil

CVE-2026-25413 - Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-

CVE-2026-25406 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tuto

CVE-2026-25401 - Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting In

CVE-2026-25400 - Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injectio

CVE-2026-25398 - Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor

CVE-2026-25397 - Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-upl

CVE-2026-25396 - Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbas

CVE-2026-25390 - Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploitin

CVE-2026-25383 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25382 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25381 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25380 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25379 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25377 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25376 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25373 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25371 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25366 - Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippe

CVE-2026-25365 - Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiti

CVE-2026-25361 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25360 - Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issu

CVE-2026-25359 - Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection

CVE-2026-25358 - Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This

CVE-2026-25357 - Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membersh

CVE-2026-25356 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25355 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25354 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25353 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25352 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25351 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25350 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25349 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25347 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25346 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25345 - Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery si

CVE-2026-25344 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTh

CVE-2026-25342 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25341 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25340 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25339 - Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPFor

CVE-2026-25334 - Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking

CVE-2026-25328 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-

CVE-2026-25327 - Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reser

CVE-2026-25317 - Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce

CVE-2026-25309 - Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows

CVE-2026-25306 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25304 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25035 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / Contest

CVE-2026-25034 - Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allo

CVE-2026-25033 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25032 - Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection

CVE-2026-25031 - Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Objec

CVE-2026-25030 - Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injec

CVE-2026-25029 - Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.T

CVE-2026-25026 - Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Confi

CVE-2026-25025 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25018 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25017 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-25013 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-25009 - Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Inc

CVE-2026-25007 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-25002 - Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress &#821

CVE-2026-25001 - Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets

CVE-2026-24993 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-24989 - Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows

CVE-2026-24987 - Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting I

CVE-2026-24983 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24981 - Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows

CVE-2026-24980 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24979 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24978 - Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object In

CVE-2026-24977 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-24976 - Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library al

CVE-2026-24975 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24974 - Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object

CVE-2026-24973 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24972 - Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting I

CVE-2026-24971 - Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege

CVE-2026-24970 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in desi

CVE-2026-24969 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in desi

CVE-2026-24968 - Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escal

CVE-2026-24964 - Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Cont

CVE-2026-24391 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24382 - Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Inc

CVE-2026-24378 - Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-ma

CVE-2026-24376 - Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploit

CVE-2026-24373 - Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form

CVE-2026-24372 - Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscript

CVE-2026-24370 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24369 - Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Con

CVE-2026-24364 - Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting In

CVE-2026-24363 - Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimati

CVE-2026-24362 - Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploitin

CVE-2026-24359 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-li

CVE-2026-23979 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-23977 - Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce supp

CVE-2026-23973 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-23972 - Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-

CVE-2026-23971 - Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.

CVE-2026-23807 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-23806 - Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allo

CVE-2026-23636 - Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, th

CVE-2026-23635 - Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a

CVE-2026-22524 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-22523 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-22520 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-22516 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22515 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22514 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22513 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22512 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22511 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22510 - Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object In

CVE-2026-22509 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22508 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22507 - Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Inject

CVE-2026-22506 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22505 - Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allo

CVE-2026-22504 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22503 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22502 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22500 - Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-

CVE-2026-22499 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22498 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22496 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22495 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22494 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22493 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-22491 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-22485 - Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploitin

CVE-2026-22484 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-22480 - Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-

CVE-2026-22448 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in flex

CVE-2026-20719 - Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail t

CVE-2026-1724 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 bef

CVE-2026-1712 - Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue a

CVE-2025-69358 - Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management all

CVE-2025-69347 - Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscri

CVE-2025-69096 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-14595 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 bef

CVE-2025-13436 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9

CVE-2025-13078 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9

CVE-2026-3218 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3217 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3216 - Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request

CVE-2026-3215 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3214 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Func

CVE-2026-3213 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3212 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3211 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Si

CVE-2026-3210 - Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue a

CVE-2026-2349 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-2348 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-26833 - thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in

CVE-2026-26832 - node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versi

CVE-2026-26831 - textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple

CVE-2026-24750 - Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an

CVE-2026-20125 - A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3

CVE-2026-20115 - A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated atta

CVE-2026-20114 - A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allo

CVE-2026-20113 - A vulnerability in the web-based Cisco IOx application hosting environment management interface of C

CVE-2026-20112 - A vulnerability in the web-based Cisco IOx application hosting environment management interface of C

CVE-2026-20110 - A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to

CVE-2026-20108 - A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow a

CVE-2026-20104 - A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches,

CVE-2026-20086 - A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) pac

CVE-2026-20084 - A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated

CVE-2026-20083 - A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allo

CVE-2026-20012 - A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco

CVE-2026-20004 - A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent

CVE-2026-1917 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allow

CVE-2024-58341 - OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers t

CVE-2026-4363 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 bef

CVE-2026-3126 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-33268 - Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacke

CVE-2026-26830 - pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parame

CVE-2026-23514 - Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access

CVE-2025-59707 - In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account cre

CVE-2025-59706 - In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables re

CVE-2025-32991 - In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote

CVE-2026-4816 - A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vu

CVE-2026-4815 - A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an a

CVE-2026-3591 - A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with

CVE-2026-3119 - Under certain conditions, `named` may crash when processing a correctly signed query containing a TK

CVE-2026-3104 - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying

CVE-2026-28529 - cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf fun

CVE-2026-1519 - If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the re

CVE-2025-40842 - Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnera

CVE-2025-40841 - Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF)

CVE-2025-27260 - Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Ele

CVE-2024-51348 - A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmw

CVE-2024-51347 - A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw

CVE-2024-51346 - An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information

CVE-2026-4761 - When a certificate and its private key are installed in the Windows machine certificate store using

CVE-2026-4760 - From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows