CVE-2026-5315 - A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbt

CVE-2026-21767 - HCL BigFix Platform is affected by insufficient authentication.  The application might allow users t

CVE-2026-21765 - HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private

CVE-2026-5314 - A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_intern

CVE-2026-4759 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-3882 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-32929 - V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Ope

CVE-2026-32928 - V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_co

CVE-2026-32927 - V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp

CVE-2026-32926 - V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_lin

CVE-2026-32925 - V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::Wr

CVE-2025-66487 - IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authentica

CVE-2025-66486 - IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inje

CVE-2025-66485 - IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper va

CVE-2025-66484 - IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerabil

CVE-2025-66483 - IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which coul

CVE-2025-36375 - IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 thr

CVE-2025-0711 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-5313 - A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif

CVE-2026-3987 - A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a p

CVE-2026-34572 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34571 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34570 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34569 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34568 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34567 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34566 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34565 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34564 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34563 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34562 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34561 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34560 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-34559 - CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w

CVE-2026-5312 - A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-4820 - IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authoriza

CVE-2026-4364 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-4101 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-34873 - An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resumi

CVE-2026-34545 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34544 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34543 - OpenEXR provides the specification and reference implementation of the EXR file format, an image sto

CVE-2026-34531 - Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to versi

CVE-2026-34530 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-34529 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-34528 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-34525 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34520 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34519 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34518 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34517 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34516 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34515 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34514 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-34513 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-2862 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-2475 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-22815 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.1

CVE-2026-1491 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2026-1345 - IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10

CVE-2025-36373 - IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 thr

CVE-2025-13916 - IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could

CVE-2026-5311 - A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-32

CVE-2026-34872 - An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a

CVE-2026-34750 - Payload is a free and open source headless content management system. Prior to version 3.78.0 in @pa

CVE-2026-34749 - Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cro

CVE-2026-34748 - Payload is a free and open source headless content management system. Prior to version 3.78.0 in @pa

CVE-2026-34747 - Payload is a free and open source headless content management system. Prior to version 3.79.1, certa

CVE-2026-34746 - Payload is a free and open source headless content management system. Prior to version 3.79.1, an au

CVE-2026-34456 - Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vi

CVE-2026-34455 - Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1

CVE-2025-66442 - In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decry

CVE-2026-35000 - ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPa

CVE-2026-34874 - An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer der

CVE-2026-34871 - An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0

CVE-2026-25835 - Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generato

CVE-2026-25833 - Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6()

CVE-2026-5199 - A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or

CVE-2026-34875 - An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occ

CVE-2026-34751 - Payload is a free and open source headless content management system. Prior to version 3.79.1 in @pa

CVE-2026-34447 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior

CVE-2026-34446 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior

CVE-2026-34445 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior

CVE-2026-34397 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0

CVE-2026-34376 - PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multip

CVE-2026-34236 - Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before ve

CVE-2026-34222 - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. P

CVE-2026-34159 - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's

CVE-2026-34076 - Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from

CVE-2026-34072 - Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log

CVE-2026-27489 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior

CVE-2026-25834 - Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.

CVE-2026-5310 - A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown

CVE-2026-34604 - Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-b

CVE-2026-34603 - Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added le

CVE-2026-33990 - Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior

CVE-2026-33978 - Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a sto

CVE-2026-33949 - Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability

CVE-2026-30643 - An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag

CVE-2026-30273 - pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base

CVE-2026-2265 - An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Rep

CVE-2026-20174 - A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an auth

CVE-2026-20160 - A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated

CVE-2026-20155 - A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager

CVE-2026-20151 - A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could all

CVE-2026-20097 - A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem

CVE-2026-20096 - A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem

CVE-2026-20095 - A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem

CVE-2026-20094 - A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem

CVE-2026-20093 - A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC)

CVE-2026-20090 - A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem

CVE-2026-20089 - A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem

CVE-2026-20088 - A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem

CVE-2026-20087 - A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem

CVE-2026-20085 - A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, r

CVE-2026-20042 - A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker

CVE-2026-20041 - A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthent

CVE-2024-43028 - A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 all

CVE-2024-40489 - There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filte

CVE-2026-5175 - Improper access control in the multi-factor authentication (MFA) management API in Devolutions Serve

CVE-2026-4989 - Improper input validation in the gateway health check feature in Devolutions Server allows a low-pri

CVE-2026-4927 - Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with u

CVE-2026-4925 - Improper access control in the users MFA feature in Devolutions Server allows an authenticated user

CVE-2026-4924 - Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.

CVE-2026-4829 - Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 an

CVE-2026-4828 - Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier

CVE-2026-35099 - Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege esca

CVE-2026-34510 - OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that acce

CVE-2026-31027 - TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig in

CVE-2025-67807 - The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid userna

CVE-2025-67806 - The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid userna

CVE-2025-67805 - A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endp

CVE-2026-30573 - A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The

CVE-2026-30526 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System

CVE-2026-30523 - A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack

CVE-2026-30292 - An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows att

CVE-2026-30291 - An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows

CVE-2026-29598 - Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DD

CVE-2025-13535 - The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based

CVE-2026-5271 - pymanager included the current working directory in sys.path meaning modules could be shadowed by mo

CVE-2026-3877 - A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the Ve

CVE-2026-35094 - A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system

CVE-2026-35093 - A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file i

CVE-2026-35092 - A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity va

CVE-2026-35091 - A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vul

CVE-2026-34999 - OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot

CVE-2026-34430 - ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash t

CVE-2026-30522 - A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper

CVE-2026-30289 - An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows a

CVE-2026-30287 - An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5

CVE-2026-0522 - A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allo

CVE-2026-29014 - MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability t

CVE-2026-22768 - Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource

CVE-2026-22767 - Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability.

CVE-2026-25601 - A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. Th

CVE-2026-24096 - Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta

CVE-2026-0932 - Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-a

CVE-2026-23899 - An improper access check allows unauthorized access to webservice endpoints.

CVE-2026-23898 - Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server

CVE-2026-21632 - Lack of output escaping for article titles leads to XSS vectors in various locations.

CVE-2026-21631 - Lack of output escaping leads to a XSS vector in the multilingual associations component.

CVE-2026-21630 - Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endp

CVE-2026-21629 - The ajax component was excluded from the default logged-in-user check in the administrative area. Th

CVE-2026-1879 - A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown

CVE-2024-53828 - Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attack

CVE-2026-5261 - A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element

CVE-2026-4370 - A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.

CVE-2026-34889 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-23411 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between free

CVE-2026-23410 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata d

CVE-2026-23409 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential enco

CVE-2026-23408 - In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns

CVE-2026-23407 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds ch

CVE-2026-23406 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug i

CVE-2026-23405 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number

CVE-2026-23404 - In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive pro

CVE-2026-23403 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in ve

CVE-2026-23402 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in dire

CVE-2026-23401 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing

CVE-2026-5259 - A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unk

CVE-2026-28265 - PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker w

CVE-2026-27101 - Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx,

CVE-2026-5258 - A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file i

CVE-2026-4748 - A regression in the way hashes were calculated caused rules containing the address range syntax (x.x

CVE-2026-5257 - A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some u

CVE-2026-5256 - A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown

CVE-2026-5255 - A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown par

CVE-2026-2696 - The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (inclu

CVE-2025-15484 - The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permis

CVE-2026-5292 - Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker t

CVE-2026-5291 - Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote atta

CVE-2026-5290 - Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who

CVE-2026-5289 - Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who

CVE-2026-5288 - Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attac

CVE-2026-5287 - Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute

CVE-2026-5286 - Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute

CVE-2026-5285 - Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execut

CVE-2026-5284 - Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co

CVE-2026-5283 - Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote atta

CVE-2026-5282 - Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker t

CVE-2026-5281 - Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co

CVE-2026-5280 - Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to ex

CVE-2026-5279 - Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execut

CVE-2026-5278 - Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote atta

CVE-2026-5277 - Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attac

CVE-2026-5276 - Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote

CVE-2026-5275 - Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attac

CVE-2026-5274 - Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to per

CVE-2026-5273 - Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute

CVE-2026-5272 - Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to ex

CVE-2026-5254 - A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issu

CVE-2026-5253 - A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unkno

CVE-2026-5252 - A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the

CVE-2026-5251 - A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file

CVE-2026-5249 - A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucm

CVE-2026-4947 - Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitatio

CVE-2026-4374 - Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Clo

CVE-2026-3831 - The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unau

CVE-2026-3780 - The application's installer runs with elevated privileges but resolves system executables and DLLs u

CVE-2026-3779 - The application's list box calculate array logic keeps stale references to page or form objects afte

CVE-2026-3778 - The application does not detect or guard against cyclic PDF object references while handling JavaScr

CVE-2026-3777 - The application does not properly validate the lifetime and validity of internal view cache pointers

CVE-2026-3776 - The application does not validate the presence of required appearance (AP) data before accessing sta

CVE-2026-3775 - The application's update service, when checking for updates, loads certain system libraries from a s

CVE-2026-3774 - The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to upd

CVE-2026-5248 - A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file

CVE-2026-35057 - XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in struct

CVE-2026-35056 - XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but mali

CVE-2026-35055 - XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightb

CVE-2026-35054 - XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering

CVE-2026-2394 - Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.

CVE-2025-71282 - XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir

CVE-2025-71281 - XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose pref

CVE-2025-71280 - XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems.

CVE-2025-71279 - XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accou

CVE-2025-71278 - XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects

CVE-2025-13855 - IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A r

CVE-2024-58342 - XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedi

CVE-2026-5240 - A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affe

CVE-2026-5238 - A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue

CVE-2026-4668 - The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL

CVE-2026-5237 - A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this

CVE-2026-5236 - A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_Bit

CVE-2026-5235 - A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_Bi

CVE-2026-34556 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34555 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34554 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34553 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34552 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34551 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t