CVE-2026-8176 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-12043 - Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library m

CVE-2026-45062 - FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the

CVE-2026-11417 - OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.

CVE-2026-7542 - The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in vers

CVE-2026-11393 - Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI be

CVE-2026-11401 - An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon

CVE-2026-11400 - An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amaz

CVE-2026-10843 - A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator

CVE-2026-49204 - Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking as

CVE-2026-10722 - A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of

CVE-2026-4035 - A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment v

CVE-2026-10177 - A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function reque

CVE-2026-44698 - Home Assistant is open source home automation software that puts local control and privacy first. Pr

CVE-2026-48522 - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argu

CVE-2026-47074 - Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCa

CVE-2026-46119 - In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds

CVE-2026-46116 - In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrm_s

CVE-2026-42790 - Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key m

CVE-2026-42789 - Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_

CVE-2026-49017 - In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processin

CVE-2026-9496 - Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitS

CVE-2026-39965 - TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypas

CVE-2026-9133 - Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug

CVE-2026-5946 - Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS i

CVE-2026-6394 - The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is

CVE-2026-42526 - In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-ama

CVE-2026-47358 - Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL re

CVE-2026-8507 - Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When pa

CVE-2026-46356 - Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's

CVE-2026-44308 - Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. Fro

CVE-2026-44225 - Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pu

CVE-2026-43929 - ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlie

CVE-2026-42175 - requests-hardened is a library that overrides the default behaviors of the requests library, and add

CVE-2026-42141 - Xibo is an open source digital signage platform with a web content management system and Windows dis

CVE-2026-42882 - oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentic

CVE-2026-42864 - FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/rai

CVE-2026-44738 - Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user

CVE-2026-42339 - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management sys

CVE-2026-42193 - Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhook

CVE-2026-42192 - Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cro

CVE-2026-43352 - In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING

CVE-2025-59854 - HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the ap

CVE-2026-42810 - Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds tem

CVE-2026-7191 - Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4

CVE-2026-5942 - Flaws in page lifecycle management allow document structure changes to desynchronize internal compon

CVE-2026-5941 - Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing

CVE-2026-6968 - Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated use

CVE-2026-6967 - Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough b

CVE-2026-6966 - Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/

CVE-2026-6912 - Improperly controlled modification of dynamically-determined object attributes in the Cognito User P

CVE-2026-6911 - Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT to

CVE-2026-31955 - Xibo is an open source digital signage platform with a web content management system and Windows dis

CVE-2026-41332 - OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMP

CVE-2026-41272 - Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.

CVE-2026-41173 - The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from A

CVE-2026-31509 - In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking

CVE-2026-41145 - MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio

CVE-2026-40344 - MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio

CVE-2026-40576 - excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vu

CVE-2026-6550 - Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python befor

CVE-2026-6248 - The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and

CVE-2026-25883 - Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0

CVE-2026-24467 - OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber advers

CVE-2026-6437 - Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Drive

CVE-2026-25125 - October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 c

CVE-2026-5059 - aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability all

CVE-2026-5058 - aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remo

CVE-2026-39974 - n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive acce

CVE-2026-39361 - OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment

CVE-2026-35516 - LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update an

CVE-2026-5709 - Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.1

CVE-2026-5708 - Unsanitized control of user-modifiable attributes in the session creation component in AWS Research

CVE-2026-5707 - Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and

CVE-2026-34975 - Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header inject

CVE-2026-5190 - Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allo

CVE-2026-1612 - AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to acces

CVE-2026-31943 - LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `p

CVE-2026-33505 - Ory Keto is am open source authorization server for managing permissions at scale. Prior to version

CVE-2026-33504 - Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth

CVE-2026-33503 - Ory Kratos is an identity, user management and authentication system for cloud services. Prior to ve

CVE-2026-33663 - n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27,

CVE-2026-23372 - In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work be

CVE-2026-23339 - In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_trans

CVE-2026-23330 - In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data

CVE-2026-33419 - MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AISt

CVE-2026-33401 - Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the p

CVE-2026-33340 - LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A c

CVE-2026-33226 - Budibase is a low code platform for creating internal tools, workflows, and admin panels. In version

CVE-2025-63261 - AWStats 8.0 is vulnerable to Command Injection via the open function

CVE-2026-33024 - AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vuln

CVE-2026-4428 - A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs t

CVE-2026-32622 - SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 a