CVE-2026-34547 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34546 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-2480 - The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2026-5215 - A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-5214 - A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-3

CVE-2026-34605 - SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the Sa

CVE-2026-34585 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows cra

CVE-2026-34542 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34541 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34540 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34539 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34537 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34536 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34535 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34534 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34533 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior t

CVE-2026-34453 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service expose

CVE-2026-34452 - The Claude SDK for Python provides access to the Claude API from Python applications. From version 0

CVE-2026-34451 - Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScrip

CVE-2026-34450 - The Claude SDK for Python provides access to the Claude API from Python applications. From version 0

CVE-2026-34449 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can ac

CVE-2026-34448 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place

CVE-2026-34443 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version

CVE-2026-34442 - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version

CVE-2026-34441 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0

CVE-2026-34406 - APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated report

CVE-2026-34405 - Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑gene

CVE-2026-34404 - Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑gene

CVE-2026-34401 - XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and ed

CVE-2026-34400 - Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API (q=) was vulnerable

CVE-2026-5213 - A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-5212 - A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW,

CVE-2026-3470 - A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization

CVE-2026-3469 - A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Ema

CVE-2026-3468 - A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Securit

CVE-2026-34740 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Progra

CVE-2026-34739 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the User_Location plugin's

CVE-2026-34738 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing

CVE-2026-34737 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin inclu

CVE-2026-34733 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation sc

CVE-2026-34732 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin te

CVE-2026-34731 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done

CVE-2026-34716 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugi

CVE-2026-34613 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint object

CVE-2026-34611 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint object

CVE-2026-34586 - PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multip

CVE-2026-34396 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel ren

CVE-2026-34395 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/

CVE-2026-34394 - WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin conf

CVE-2026-34384 - Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_

CVE-2026-34383 - Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's i

CVE-2026-34382 - Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the

CVE-2026-34381 - Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admi

CVE-2026-34372 - Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1

CVE-2026-34367 - InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create profe

CVE-2026-34366 - InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create profe

CVE-2026-1579 - The MAVLink communication protocol does not require cryptographic authentication by default. When M

CVE-2026-5211 - A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321,

CVE-2026-4800 - Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added valida

CVE-2026-34784 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34365 - InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create profe

CVE-2026-34215 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34206 - Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet w

CVE-2026-34204 - MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a

CVE-2026-34203 - Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and

CVE-2026-30290 - An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attacke

CVE-2026-30285 - An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers

CVE-2026-30280 - An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play Al

CVE-2026-2950 - Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset an

CVE-2026-5210 - A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown

CVE-2026-5209 - A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected

CVE-2026-3356 - The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthori

CVE-2026-30521 - A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper

CVE-2026-5206 - A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This v

CVE-2026-5190 - Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allo

CVE-2026-33415 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-33300 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-33185 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-33074 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-33073 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32951 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32726 - SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version

CVE-2026-32725 - SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version

CVE-2026-32620 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32619 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32618 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32615 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32607 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32273 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32243 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32143 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-32113 - Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2

CVE-2026-30520 - A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulner

CVE-2026-30286 - An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows att

CVE-2026-30283 - An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 a

CVE-2026-30282 - An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows

CVE-2026-30279 - An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allow

CVE-2026-30278 - An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers

CVE-2026-30277 - An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 all

CVE-2026-2123 - A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on

CVE-2025-62184 - Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerabil

CVE-2026-5205 - A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the funct

CVE-2026-34361 - HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in J

CVE-2026-34360 - HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in J

CVE-2026-34359 - HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in J

CVE-2026-24165 - NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data

CVE-2026-24164 - NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data

CVE-2026-24154 - NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access

CVE-2026-24153 - NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disab

CVE-2026-24148 - NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unpr

CVE-2026-5204 - A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of

CVE-2026-5203 - A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFol

CVE-2026-5087 - PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes i

CVE-2026-4819 - In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user creden

CVE-2026-4818 - In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users withou

CVE-2026-34595 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34574 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34573 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34243 - wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper tit

CVE-2026-34240 - JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulne

CVE-2026-34237 - MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versi

CVE-2026-34235 - PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17

CVE-2026-34231 - Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting (XSS

CVE-2026-34227 - Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.

CVE-2026-34221 - MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map pattern

CVE-2026-34220 - MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map pattern

CVE-2026-34219 - libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to ve

CVE-2026-34218 - ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.

CVE-2026-30284 - An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to ov

CVE-2026-30281 - An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite crit

CVE-2026-30276 - An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to o

CVE-2026-22569 - An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may c

CVE-2026-22561 - Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versi

CVE-2026-4799 - In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirec

CVE-2026-34532 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34504 - OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider i

CVE-2026-34503 - OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or

CVE-2026-34377 - ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus ve

CVE-2026-34373 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34363 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34224 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.

CVE-2026-34214 - Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 4

CVE-2026-34210 - mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/ch

CVE-2026-34209 - mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/ses

CVE-2026-34202 - ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain versio

CVE-2026-34200 - Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MC

CVE-2026-34172 - Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versio

CVE-2026-34165 - go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before

CVE-2026-34163 - FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Pr

CVE-2026-34162 - FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing

CVE-2026-33762 - go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-g

CVE-2026-33581 - OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows at

CVE-2026-33580 - OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webho

CVE-2026-33579 - OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command

CVE-2026-33578 - OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalou

CVE-2026-33577 - OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairin

CVE-2026-33576 - OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating se

CVE-2026-33276 - Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users

CVE-2026-30314 - Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability th

CVE-2026-30312 - DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability tha

CVE-2026-30311 - Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability th

CVE-2026-30309 - InfCode's terminal auto-execution module contains a critical command filtering vulnerability that re

CVE-2026-29870 - A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allow

CVE-2026-20915 - Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticate

CVE-2026-0596 - A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver

CVE-2026-3308 - An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attac

CVE-2026-34156 - NocoBase is an AI-powered no-code/low-code platform for building business applications and enterpris

CVE-2026-34155 - RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles us

CVE-2026-30310 - In its design for automatic terminal command execution, Sixth offers two options: Execute safe comma

CVE-2026-5198 - A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element

CVE-2026-4267 - The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Re

CVE-2026-3191 - The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up

CVE-2026-3139 - The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugi

CVE-2026-34509 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-34508 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-34506 - OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plu

CVE-2026-34505 - OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowi

CVE-2026-32988 - OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged write

CVE-2026-32982 - OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia f

CVE-2026-32977 - OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFil

CVE-2026-32976 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands t

CVE-2026-32971 - OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run appro

CVE-2026-32970 - OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gatew

CVE-2026-32921 - OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable scrip

CVE-2026-32920 - OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ witho

CVE-2026-32917 - OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachme

CVE-2026-32916 - OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plug

CVE-2026-27854 - An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist us

CVE-2026-27853 - An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DN

CVE-2026-24030 - An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over

CVE-2026-24029 - When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over

CVE-2026-24028 - An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet,

CVE-2026-0397 - When the internal webserver is enabled (default is disabled), an attacker might be able to trick an

CVE-2026-0396 - An attacker might be able to inject HTML content into the internal web dashboard by sending crafted

CVE-2025-14213 - Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an

CVE-2024-14031 - Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zs

CVE-2024-14030 - Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zs

CVE-2026-4400 - Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private

CVE-2026-4399 - Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evad

CVE-2026-34887 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2025-15618 - Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret ke

CVE-2026-5197 - A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an

CVE-2026-4317 - SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly sanitized

CVE-2026-5201 - A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in

CVE-2026-5196 - A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknow

CVE-2026-5195 - A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknow

CVE-2026-3107 - Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password man

CVE-2026-3106 - Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password manage

CVE-2025-41357 - Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability a

CVE-2025-41356 - Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability a

CVE-2025-41355 - Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability

CVE-2025-10559 - A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Mana

CVE-2025-10553 - A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Fa

CVE-2025-10551 - A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborat

CVE-2026-5186 - A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_

CVE-2026-5185 - A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi

CVE-2026-5184 - A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown

CVE-2026-3881 - The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a

CVE-2026-5183 - A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the functio

CVE-2026-5182 - A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown functi

CVE-2026-34881 - OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Fo

CVE-2026-1877 - The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-1834 - The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2026-5181 - A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This i

CVE-2026-5180 - A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability af

CVE-2026-5179 - A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects a

CVE-2026-4146 - The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘upd

CVE-2026-1797 - The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sens

CVE-2026-1710 - The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized

CVE-2026-5178 - A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by th

CVE-2026-5177 - A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerabi

CVE-2026-34073 - cryptography is a package designed to expose cryptographic primitives and recipes to Python develope

CVE-2026-34070 - LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22,

CVE-2026-34060 - Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp ve

CVE-2026-34054 - vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows bui

CVE-2026-34043 - Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to

CVE-2026-34042 - act is a project which allows for local running of github actions. Prior to version 0.2.86, act's bu

CVE-2026-34041 - act is a project which allows for local running of github actions. Prior to version 0.2.86, act unco

CVE-2026-34040 - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has be

CVE-2026-34036 - Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) softwar

CVE-2026-33997 - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has be

CVE-2026-32727 - SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enf

CVE-2026-32716 - SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enf

CVE-2026-32714 - SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Key

CVE-2026-5176 - A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the funct

CVE-2026-4020 - The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all version

CVE-2026-3300 - The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injec

CVE-2026-5115 - The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable

CVE-2026-4794 - Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authentic

CVE-2026-32734 - baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-si