CVE-2026-55602 - http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0,

CVE-2026-55388 - piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's co

CVE-2026-54290 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-54289 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-54287 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-54286 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-54285 - opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extrac

CVE-2026-54283 - Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts ma

CVE-2026-54282 - Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not vali

CVE-2026-54280 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, pay

CVE-2026-54279 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, hos

CVE-2026-54278 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, dur

CVE-2026-54277 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it

CVE-2026-54276 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, Dig

CVE-2026-54275 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the

CVE-2026-54274 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if

CVE-2026-54273 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no

CVE-2026-54271 - protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix

CVE-2026-54270 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protob

CVE-2026-54269 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, p

CVE-2026-53632 - launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1,

CVE-2026-53571 - Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents

CVE-2026-53540 - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not v

CVE-2026-53539 - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing applicati

CVE-2026-53538 - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser trea

CVE-2026-53537 - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header p

CVE-2026-50556 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-50555 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-50269 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, att

CVE-2026-50184 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-50171 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-50170 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-50169 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-50168 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-49356 - Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/c

CVE-2026-48712 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, p

CVE-2026-46417 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-42127 - The public dashboard query endpoint does not limit request body size before processing, allowing una

CVE-2026-12249 - An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Director

CVE-2026-11994 - Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report m

CVE-2026-11825 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-10789 - A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the M

CVE-2026-9610 - IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resour

CVE-2026-9320 - IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.

CVE-2026-9072 - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intellige

CVE-2026-9071 - IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.

CVE-2026-9006 - IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) wi

CVE-2026-8934 - A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine se

CVE-2026-8858 - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remo

CVE-2026-8823 - Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting

CVE-2026-8646 - IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3

CVE-2026-8636 - IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an atta

CVE-2026-8059 - IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable

CVE-2026-7664 - IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP p

CVE-2026-7253 - IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling

CVE-2026-56104 - Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attack

CVE-2026-54268 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-54267 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-54266 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-54265 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-54264 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-53655 - node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended

CVE-2026-53550 - js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document c

CVE-2026-52725 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-50557 - Angular is a development platform for building mobile and desktop web applications using TypeScript/

CVE-2026-50178 - The Angular Language Service VS Code Extension provides a rich editing experience for Angular templa

CVE-2026-49241 - The Angular Language Service VS Code Extension provides a rich editing experience for Angular templa

CVE-2026-41049 - Incorrect caching of authentication between different users of the  qSnapper dbus service before ver

CVE-2026-41048 - Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.

CVE-2026-41047 - Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 all

CVE-2026-41046 - A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed

CVE-2026-41045 - A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a loca

CVE-2026-12725 - A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both

CVE-2026-12628 - IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.

CVE-2026-12549 - The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflo

CVE-2026-12479 - A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskI

CVE-2026-11943 - Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document

CVE-2026-11942 - Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable

CVE-2026-11372 - IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vul

CVE-2026-10845 - IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication

CVE-2024-51454 - IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim

CVE-2023-33854 - IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, a

CVE-2026-9162 - Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail t

CVE-2026-9029 - The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelCon

CVE-2026-8074 - Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission ch

CVE-2026-7167 - The vulnerability arises when the system fails to properly validate the 'email' field during the aut

CVE-2026-7166 - Vulnerability involving the exposure of sensitive data provided without adequate protection. The API

CVE-2026-7165 - The vulnerability is present in the ‘/addJugador’ endpoint: * The 'keyJugador' and 'keyJugadorObj

CVE-2026-6673 - Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail t

CVE-2026-6653 - Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allow

CVE-2026-6062 - Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 Fail t

CVE-2026-5139 - Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail t

CVE-2026-56450 - AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An a

CVE-2026-56448 - A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456a

CVE-2026-56447 - MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbit

CVE-2026-56446 - MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log

CVE-2026-56425 - The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its

CVE-2026-56424 - MISP core contained multiple broken access-control flaws where authorization checks were performed a

CVE-2026-56423 - MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sh

CVE-2026-54100 - A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platf

CVE-2026-54099 - A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platf

CVE-2026-42129 - The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authen

CVE-2026-28381 - The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run qu

CVE-2026-12888 - An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Appl

CVE-2026-12602 - Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is

CVE-2026-10601 - The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied

CVE-2026-10561 - IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python exe

CVE-2025-66389 - GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval

CVE-2025-33128 - IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim

CVE-2025-2669 - IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5

CVE-2024-54178 - IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 c

CVE-2026-56422 - Multiple MISP core controllers and model capture paths accepted client-controlled request fields suc

CVE-2026-11373 - Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Clien

CVE-2026-12863 - An unvalidated redirect was contained in Venueless' social login functionality and could be exploite

CVE-2026-12862 - Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula in

CVE-2026-12581 - EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote a

CVE-2026-12580 - EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authent

CVE-2025-4994 - The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable

CVE-2023-45796 - A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 a

CVE-2023-45795 - A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a

CVE-2026-54665 - Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request hea

CVE-2026-44914 - Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that includ

CVE-2026-44913 - Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache N

CVE-2026-44911 - Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 throu

CVE-2025-66336 - Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-cont

CVE-2025-62198 - An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier.

CVE-2026-8157 - The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned

CVE-2026-7859 - The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on on

CVE-2026-6858 - The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displaye

CVE-2026-4259 - The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a p

CVE-2026-4110 - The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a p

CVE-2026-10530 - The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when gene

CVE-2026-6645 - An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the Pa

CVE-2026-8918 - A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform ar

CVE-2026-11748 - A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, wher

CVE-2026-11746 - A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling

CVE-2026-11745 - A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, wher

CVE-2026-12823 - A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function

CVE-2026-12822 - A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function

CVE-2026-12821 - A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown

CVE-2026-12815 - A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the c

CVE-2026-12845 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in

CVE-2026-12814 - A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system

CVE-2026-12813 - A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function h

CVE-2026-12812 - A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects a

CVE-2026-12811 - A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the functio

CVE-2026-12810 - A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is t

CVE-2026-12809 - A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redire

CVE-2026-12808 - A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the

CVE-2026-12807 - A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file

CVE-2026-12806 - A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function for

CVE-2026-12805 - A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::pars

CVE-2026-12804 - A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the li

CVE-2026-56412 - libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler

CVE-2026-56411 - xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.

CVE-2026-56410 - xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.

CVE-2026-56409 - xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is

CVE-2026-56408 - libexpat before 2.8.2 has an integer overflow in copyString.

CVE-2026-56407 - libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and en

CVE-2026-56406 - libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was

CVE-2026-56405 - libexpat before 2.8.2 has an integer overflow in getAttributeId.

CVE-2026-56404 - libexpat before 2.8.2 has an integer overflow in addBinding.

CVE-2026-56403 - libexpat before 2.8.2 has an integer overflow in storeAtts.

CVE-2026-56397 - SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace

CVE-2026-56396 - phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRig

CVE-2026-56395 - SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace

CVE-2026-56394 - Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon e

CVE-2026-56393 - Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multipl

CVE-2026-56385 - Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypa

CVE-2026-56384 - Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Con

CVE-2026-56383 - Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig compo

CVE-2026-56382 - Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code exec

CVE-2026-56381 - Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Pe

CVE-2026-56378 - ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD

CVE-2026-56367 - ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD

CVE-2026-56316 - Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload

CVE-2026-56299 - Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/*

CVE-2026-56265 - Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT

CVE-2026-56253 - Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_member

CVE-2026-56251 - Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows

CVE-2026-56242 - Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_

CVE-2026-56239 - Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.apply_us

CVE-2026-56236 - Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build crede

CVE-2026-56229 - Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build

CVE-2025-71378 - picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce method

CVE-2025-71357 - picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterp

CVE-2025-71351 - picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __re

CVE-2025-71348 - picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_modu

CVE-2026-12799 - A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue i

CVE-2026-12798 - A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is th

CVE-2026-12797 - A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_

CVE-2026-12796 - A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redire

CVE-2026-12795 - A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps

CVE-2026-12789 - A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the func

CVE-2026-12788 - A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1

CVE-2026-12787 - A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0.

CVE-2026-12786 - A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this i

CVE-2026-52911 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn->binding slow

CVE-2026-12784 - A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown fu

CVE-2026-12782 - A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is a

CVE-2026-12781 - A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unk

CVE-2026-12780 - A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in th

CVE-2026-12779 - A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unkno

CVE-2026-12778 - A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affect

CVE-2026-12776 - A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a3

CVE-2026-12775 - A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909

CVE-2026-12774 - A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnera

CVE-2026-12773 - A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyA

CVE-2026-12772 - A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authe

CVE-2026-12771 - A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of

CVE-2026-12770 - A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown f

CVE-2026-56355 - GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.

CVE-2026-56347 - AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in m

CVE-2026-56346 - AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.js

CVE-2026-56345 - AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecord

CVE-2026-56342 - AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test

CVE-2026-56341 - AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plu

CVE-2026-56340 - vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings p

CVE-2025-71379 - vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vul

CVE-2026-5366 - Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-contr

CVE-2026-56332 - Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that al

CVE-2026-56330 - Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout e

CVE-2026-56325 - Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the

CVE-2026-56319 - Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:a

CVE-2026-56317 - Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability i

CVE-2026-56307 - Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices en

CVE-2026-56304 - picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthentic

CVE-2026-56295 - Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints

CVE-2026-56294 - capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the

CVE-2026-56282 - Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /repli

CVE-2026-56276 - Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that

CVE-2026-56267 - Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/for

CVE-2026-56235 - Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC func

CVE-2026-56228 - Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its p

CVE-2026-56227 - Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation

CVE-2026-56218 - Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded imag

CVE-2025-71331 - Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient inpu

CVE-2024-58351 - Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the

CVE-2026-12673 - Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting i

CVE-2022-50972 - WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute ar

CVE-2020-37255 - WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows un

CVE-2019-25763 - WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability

CVE-2026-48939 - A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the fil

CVE-2026-48909 - SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation

CVE-2026-48908 - A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files

CVE-2026-12119 - The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a mis

CVE-2026-11912 - The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insuff

CVE-2026-11911 - The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficie

CVE-2026-9843 - The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbi

CVE-2026-9265 - Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8