CVE-2026-13504 - A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability af

CVE-2026-13503 - A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function ge

CVE-2026-13502 - A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.read

CVE-2026-13501 - A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerabil

CVE-2026-13500 - A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the

CVE-2026-13499 - A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts a

CVE-2026-13498 - A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unk

CVE-2026-13497 - A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element

CVE-2026-13496 - A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an

CVE-2026-13495 - A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknow

CVE-2026-13493 - A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown proce

CVE-2026-13491 - A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the functio

CVE-2026-13490 - A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects t

CVE-2026-13489 - A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the functi

CVE-2026-13488 - A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. A

CVE-2026-13487 - A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is

CVE-2026-13486 - A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This i

CVE-2026-13485 - A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an u

CVE-2026-13484 - A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacte

CVE-2026-13483 - A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_cr

CVE-2026-13482 - A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function usernam

CVE-2026-10646 - Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a po

CVE-2026-10644 - The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH S

CVE-2026-10593 - The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE

CVE-2026-58058 - Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_ge

CVE-2026-58057 - Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a cas

CVE-2026-58056 - RustDesk gates incoming control messages on per-capability flags rather than on the session's author

CVE-2026-58055 - nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Cont

CVE-2026-58054 - MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when cre

CVE-2026-58053 - Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options

CVE-2026-58052 - 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5

CVE-2026-58051 - libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new e

CVE-2026-58050 - libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsyste

CVE-2026-58049 - FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at t

CVE-2026-10643 - Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()

CVE-2026-54219 - UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fail

CVE-2026-50141 - Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability

CVE-2026-44942 - A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.1

CVE-2026-42490 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabiliti

CVE-2026-42489 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabiliti

CVE-2026-42488 - Some shadow paging errors paths will switch the page-tables without updating the currently running v

CVE-2026-42487 - HVM guest I/O port accesses are subject to either emulation or at least translation. Translations a

CVE-2026-40457 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before co

CVE-2026-40456 - An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de du

CVE-2026-40455 - An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within th

CVE-2026-12539 - Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time,

CVE-2026-12527 - A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communicati

CVE-2026-12039 - Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolut

CVE-2026-11958 - Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, ve

CVE-2026-11719 - An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missi

CVE-2026-8811 - SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF

CVE-2026-50643 - 8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of #line directives and GNU line

CVE-2026-55746 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the P

CVE-2026-55745 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Pe

CVE-2026-55744 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Pe

CVE-2026-55742 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the ad

CVE-2026-55741 - Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the ad

CVE-2026-28573 - In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission

CVE-2026-12505 - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its r

CVE-2026-12569 - A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and

CVE-2026-48768 - TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/ge

CVE-2026-48764 - TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by re

CVE-2026-54533 - vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, m

CVE-2026-54445 - vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 p

CVE-2026-53676 - ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution

CVE-2026-50268 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50202 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50201 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-48759 - TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Referenc

CVE-2026-45617 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In version

CVE-2026-45357 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In version

CVE-2026-44646 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In version

CVE-2026-44645 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In version

CVE-2026-44644 - LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 1

CVE-2026-12568 - The postman_download module uses the workspace name field from the Postman API to construct the loca

CVE-2026-12567 - The github_workflows module constructs local directory paths from user-controlled repository names w

CVE-2026-12566 - The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response h

CVE-2024-27928 - vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, i

CVE-2024-24769 - vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, u

CVE-2026-8050 - In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemB

CVE-2026-8049 - In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explici

CVE-2026-54386 - marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page th

CVE-2026-50200 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50196 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-50194 - Steeltoe is an open source project that provides a collection of libraries that helps users build cl

CVE-2026-48997 - e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection v

CVE-2026-48991 - XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentic

CVE-2026-48990 - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encry

CVE-2026-48989 - Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0

CVE-2026-48820 - CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.

CVE-2026-49133 - Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers w

CVE-2026-48988 - markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerabilit

CVE-2026-48979 - PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography

CVE-2026-48821 - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site

CVE-2026-55202 - Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during

CVE-2026-55201 - Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the down

CVE-2026-55200 - libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh

CVE-2026-55199 - libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vul

CVE-2026-54388 - Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Cont

CVE-2026-54387 - Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and

CVE-2026-48823 - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scr

CVE-2026-48822 - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scr

CVE-2026-48817 - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a r

CVE-2026-48814 - Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP

CVE-2026-12529 - A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Pr

CVE-2026-11407 - Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated adm

CVE-2026-10741 - Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy

CVE-2026-10696 - Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026

CVE-2026-55198 - Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export en

CVE-2026-55197 - Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endp

CVE-2026-55196 - Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration

CVE-2026-53871 - Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cooki

CVE-2026-53870 - Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-reada

CVE-2026-53869 - Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows

CVE-2026-48818 - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Win

CVE-2026-9679 - Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turni

CVE-2026-9678 - Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstr

CVE-2026-7300 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext

CVE-2026-6734 - Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins

CVE-2026-6733 - Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sock

CVE-2026-53805 - NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vuln

CVE-2026-48591 - Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allo

CVE-2026-47774 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to vers

CVE-2026-3894 - Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffer

CVE-2026-39199 - snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.

CVE-2026-30803 - Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Ov

CVE-2026-30802 - Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This

CVE-2026-30799 - Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plu

CVE-2026-2675 - Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plu

CVE-2026-2674 - Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professio

CVE-2026-2467 - Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflo

CVE-2026-11525 - Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contain

CVE-2026-9675 - Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumul

CVE-2026-53875 - picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that a

CVE-2026-53874 - picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated us

CVE-2026-53873 - picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block

CVE-2026-53872 - picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenti

CVE-2026-3490 - picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire

CVE-2026-36418 - JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling

CVE-2026-1288 - A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Rev

CVE-2026-12515 - A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficien

CVE-2026-12151 - Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragment

CVE-2025-71325 - picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling

CVE-2025-71323 - picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code

CVE-2025-71322 - PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowin

CVE-2025-71321 - picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to b

CVE-2025-71320 - picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and opera

CVE-2025-26240 - In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code wit

CVE-2026-55748 - OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a c

CVE-2026-54812 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54810 - Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configu

CVE-2026-54415 - Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS befo

CVE-2026-47103 - Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that

CVE-2026-12528 - A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A

CVE-2026-10850 - Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description

CVE-2026-9591 - Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e

CVE-2026-55738 - A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microt

CVE-2026-54819 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54818 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54817 - Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API all

CVE-2026-54816 - Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads

CVE-2026-54815 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54814 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-54813 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54809 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54808 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54417 - An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a rem

CVE-2026-54193 - Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.

CVE-2026-52716 - Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.

CVE-2026-52707 - Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.

CVE-2026-49108 - Unauthenticated PHP Object Injection in Moderno < 1.43 versions.

CVE-2026-40757 - Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

CVE-2026-40756 - Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

CVE-2026-40752 - Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.

CVE-2026-40738 - Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.

CVE-2026-40733 - Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.

CVE-2026-40720 - Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

CVE-2026-39590 - Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.

CVE-2026-39576 - Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.

CVE-2026-39560 - Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.

CVE-2026-39559 - Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.

CVE-2026-39556 - Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.

CVE-2026-39523 - Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.

CVE-2026-39445 - Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.

CVE-2026-39442 - Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.

CVE-2026-10641 - Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/cl

CVE-2025-69189 - Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access C

CVE-2025-69175 - Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.

CVE-2025-69174 - Unauthenticated Local File Inclusion in Etude <= 1.6 versions.

CVE-2025-69170 - Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.

CVE-2025-69166 - Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.

CVE-2025-69164 - Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.

CVE-2025-69158 - Unauthenticated Local File Inclusion in Granola <= 1.13 versions.

CVE-2025-69157 - Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.

CVE-2025-69144 - Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.

CVE-2025-69140 - Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.

CVE-2025-69128 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV

CVE-2025-69127 - Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.

CVE-2025-69126 - Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.

CVE-2025-69123 - Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.

CVE-2025-69120 - Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.

CVE-2025-69111 - Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.

CVE-2025-69106 - Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.

CVE-2025-68524 - Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.

CVE-2025-60236 - Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue

CVE-2025-60231 - Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Inject

CVE-2025-60230 - Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.

CVE-2025-60229 - Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This iss

CVE-2025-59554 - Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.

CVE-2025-15657 - Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.

CVE-2026-9690 - Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.

CVE-2026-8317 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-5667 - Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan

CVE-2026-55706 - sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via c

CVE-2026-54811 - Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.

CVE-2026-54807 - Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

CVE-2026-54806 - Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

CVE-2026-54805 - Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

CVE-2026-54804 - Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

CVE-2026-54803 - Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

CVE-2026-54802 - Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

CVE-2026-54196 - Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

CVE-2026-54195 - Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

CVE-2026-54194 - Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

CVE-2026-54192 - Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

CVE-2026-54189 - Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

CVE-2026-54188 - Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

CVE-2026-54187 - Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

CVE-2026-54186 - Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.

CVE-2026-54185 - Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

CVE-2026-54184 - Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

CVE-2026-53876 - RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may

CVE-2026-52706 - Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.

CVE-2026-52705 - Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.

CVE-2026-52698 - Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation &amp

CVE-2026-52696 - Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.

CVE-2026-49778 - Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.

CVE-2026-49767 - Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.

CVE-2026-49113 - Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

CVE-2026-49107 - Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.

CVE-2026-49084 - Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.

CVE-2026-49081 - Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.

CVE-2026-49080 - Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.

CVE-2026-49079 - Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.

CVE-2026-49076 - Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.

CVE-2026-49075 - Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.

CVE-2026-49074 - Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.

CVE-2026-49073 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-49072 - Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.

CVE-2026-49071 - Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.