CVE-2026-54316 - Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.

CVE-2026-54257 - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C

CVE-2026-54157 - LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow

CVE-2026-54022 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54021 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54019 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54018 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54016 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54015 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54014 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54013 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54012 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54011 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54010 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54009 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54008 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54007 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-54006 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-53662 - immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 u

CVE-2026-52846 - Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML

CVE-2026-52845 - Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_

CVE-2026-52844 - Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy

CVE-2026-50221 - In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-H

CVE-2026-49983 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gat

CVE-2026-49860 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connecti

CVE-2026-49859 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch() was called,

CVE-2026-49440 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(ca

CVE-2026-49411 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility

CVE-2026-49406 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYO

CVE-2026-49402 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:child_proces

CVE-2026-49401 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system

CVE-2026-45692 - Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the author

CVE-2026-45135 - Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCG

CVE-2026-44726 - Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's

CVE-2026-0864 - When using the "configparser" module to write configuration files containing multi-line text values

CVE-2025-71382 - MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering e

CVE-2025-61029 - An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cau

CVE-2025-61024 - An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers

CVE-2020-9713 - Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and ear

CVE-2020-9711 - Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier a

CVE-2020-9695 - Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier a

CVE-2026-56968 - GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM

CVE-2026-56117 - dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the

CVE-2026-56116 - dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Rou

CVE-2026-56115 - Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low

CVE-2026-56114 - dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulner

CVE-2026-56113 - dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that al

CVE-2026-55450 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unaut

CVE-2026-55447 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by co

CVE-2026-55446 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an a

CVE-2026-55423 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the l

CVE-2026-55255 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an In

CVE-2026-54308 - n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent36

CVE-2026-54307 - n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-

CVE-2026-54306 - n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollutio

CVE-2026-54305 - n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE

CVE-2026-54304 - n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authen

CVE-2026-54302 - n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authen

CVE-2026-54301 - n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authen

CVE-2026-50574 - yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an extern

CVE-2026-50023 - yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-d

CVE-2026-50019 - yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used a

CVE-2026-49465 - n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authen

CVE-2026-49444 - n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authen

CVE-2026-48520 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the

CVE-2026-48519 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "

CVE-2026-45732 - n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth

CVE-2026-44961 - The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As

CVE-2026-44960 - A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user vi

CVE-2026-44959 - A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6

CVE-2026-44958 - An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Reviv

CVE-2026-44957 - A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Ads

CVE-2026-44956 - Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is incl

CVE-2026-44792 - n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attack

CVE-2026-44791 - n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authen

CVE-2026-44790 - n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authen

CVE-2026-44789 - n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authen

CVE-2026-42867 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langf

CVE-2026-34917 - Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, w

CVE-2026-34916 - A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and ear

CVE-2026-34915 - A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and ear

CVE-2026-34914 - A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and ear

CVE-2026-34913 - A missing access control check when linking trackers to campaigns through the campaign-trackers.php

CVE-2026-34912 - A missing access control check when linking banners or campaigns to a zone through the zone-include.

CVE-2026-33760 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langf

CVE-2026-13007 - Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose

CVE-2026-12958 - Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of

CVE-2026-12957 - Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all support

CVE-2026-11940 - tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a

CVE-2025-61028 - An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to c

CVE-2025-61027 - An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cau

CVE-2025-61025 - An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to c

CVE-2025-61023 - An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cau

CVE-2025-61022 - An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers

CVE-2025-61021 - An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows atta

CVE-2025-61020 - An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attacker

CVE-2025-61019 - An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attacker

CVE-2025-61018 - An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers

CVE-2025-13162 - Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master

CVE-2026-56696 - OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing

CVE-2026-56695 - OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allow

CVE-2026-56694 - NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration appr

CVE-2026-56693 - NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-ac

CVE-2026-56692 - NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allow

CVE-2026-56402 - NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse

CVE-2026-55767 - Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with

CVE-2026-55766 - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/p

CVE-2026-55568 - Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expecte

CVE-2026-54314 - n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompre

CVE-2026-54313 - n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with work

CVE-2026-54312 - n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with perm

CVE-2026-54311 - n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated use

CVE-2026-54310 - n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated use

CVE-2026-54309 - n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browse

CVE-2026-54303 - n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Mic

CVE-2026-52673 - SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitra

CVE-2025-62180 - Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that

CVE-2025-55639 - GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind(

CVE-2025-15619 - HCL Connections contains a broken access control vulnerability that may allow an unauthorized user t

CVE-2026-56815 - pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in th

CVE-2026-35019 - NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulner

CVE-2026-35018 - NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code ex

CVE-2026-28496 - FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 hav

CVE-2026-27604 - FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 a

CVE-2026-12969 - An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When p

CVE-2026-11772 - DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can

CVE-2026-10609 - A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creat

CVE-2026-56784 - OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bu

CVE-2026-56762 - Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize()

CVE-2026-56701 - Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload

CVE-2026-56379 - ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG deco

CVE-2026-56376 - ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when mem

CVE-2026-56371 - ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT

CVE-2026-56322 - Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updat

CVE-2026-56315 - picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uui

CVE-2026-56301 - Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on

CVE-2026-56275 - Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node t

CVE-2026-56274 - Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server

CVE-2026-56263 - Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard

CVE-2026-56258 - Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpo

CVE-2026-56248 - Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerab

CVE-2026-56243 - Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane

CVE-2026-56234 - Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/priva

CVE-2026-56225 - Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key managemen

CVE-2026-56222 - Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings

CVE-2026-54892 - Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remo

CVE-2026-4610 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored

CVE-2026-44089 - Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstec

CVE-2026-10857 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i

CVE-2026-10711 - Missing authentication for critical function vulnerability in AKIN Software Computer Import Export I

CVE-2025-71376 - picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoCompl

CVE-2025-71370 - picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper func

CVE-2025-71365 - picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.

CVE-2025-71341 - picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle f

CVE-2025-71337 - Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vuln

CVE-2023-54365 - Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 req

CVE-2026-4983 - Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serv

CVE-2026-11374 - In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the S

CVE-2026-9733 - Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state

CVE-2026-10521 - An high privileged remote attacker can access a hidden configuration method, that should not be acce

CVE-2026-8379 - The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce c

CVE-2026-8378 - The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filena

CVE-2026-8172 - The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input

CVE-2026-8163 - The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some param

CVE-2026-7842 - The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize

CVE-2026-12866 - All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. A

CVE-2026-55655 - A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-

CVE-2026-55654 - A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanu

CVE-2026-55653 - A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the D

CVE-2026-11833 - Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a r

CVE-2026-10658 - A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malfor

CVE-2026-10651 - A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser

CVE-2026-10645 - Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure befor

CVE-2026-54236 - vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fi

CVE-2026-54235 - vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll tem

CVE-2026-54233 - vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's

CVE-2026-54232 - vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM

CVE-2026-53923 - vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0

CVE-2026-48746 - vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a

CVE-2026-47155 - vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's re

CVE-2026-41523 - vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert

CVE-2026-56698 - Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the n

CVE-2026-56697 - Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil

CVE-2026-56357 - n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger

CVE-2026-56348 - n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-pa

CVE-2026-56326 - Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerabi

CVE-2026-56324 - Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that a

CVE-2026-56323 - Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_

CVE-2026-56321 - Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication mid

CVE-2026-56314 - Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates re

CVE-2026-56311 - Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_

CVE-2026-56306 - Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allo

CVE-2026-56280 - Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that a

CVE-2026-56268 - Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apike

CVE-2026-56266 - Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/str

CVE-2026-56255 - Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that

CVE-2026-56221 - Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-c

CVE-2026-55409 - Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 un

CVE-2026-54911 - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior

CVE-2026-54281 - Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an aut

CVE-2026-48517 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CShar

CVE-2026-48516 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFo

CVE-2026-48515 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CShar

CVE-2026-48514 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatt

CVE-2026-48513 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated

CVE-2026-48512 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CShar

CVE-2026-48511 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, ExpandoObjectForm

CVE-2026-48510 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-

CVE-2026-48509 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, the parameterless

CVE-2026-48506 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader

CVE-2026-48505 - Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 un

CVE-2026-48502 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader

CVE-2026-48500 - Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 un

CVE-2026-48167 - Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 un

CVE-2026-48166 - Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 un

CVE-2026-48109 - MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability e

CVE-2026-48067 - Filament is a collection of full-stack components for accelerated Laravel development. From filament

CVE-2026-44889 - WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HT

CVE-2026-44311 - Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting (XS

CVE-2025-71358 - picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.Au

CVE-2025-71344 - picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_p

CVE-2025-71339 - Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle _

CVE-2026-55603 - http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequest

CVE-2026-55599 - phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when

CVE-2026-54651 - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this

CVE-2026-54531 - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this

CVE-2026-54530 - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this

CVE-2026-49468 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.

CVE-2026-49461 - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this

CVE-2026-49460 - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this

CVE-2026-47242 - Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to

CVE-2026-47241 - Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to

CVE-2026-47240 - Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to

CVE-2026-45034 - PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE

CVE-2026-44727 - Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handle

CVE-2026-41479 - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1

CVE-2026-39904 - Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users wi

CVE-2026-48931 - A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before th

CVE-2026-44274 - Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Be

CVE-2026-44273 - Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials v

CVE-2026-44272 - Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of

CVE-2026-44271 - Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of

CVE-2026-10852 - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to deni

CVE-2026-55443 - LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several L

CVE-2026-54300 - @astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Ne

CVE-2026-54299 - Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500

CVE-2026-54298 - Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rende

CVE-2026-54293 - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials s

CVE-2026-54288 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-53779 - WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthe