CVE-2026-5107 - A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type

CVE-2026-5106 - A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown

CVE-2026-5105 - A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the

CVE-2026-5104 - A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is th

CVE-2026-5103 - A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the fun

CVE-2025-15036 - A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/py

CVE-2026-5102 - A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability af

CVE-2026-2370 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9

CVE-2025-7741 - Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded pa

CVE-2026-5101 - A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function

CVE-2026-4176 - Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9

CVE-2026-4946 - Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically e

CVE-2026-0562 - A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated u

CVE-2026-0560 - A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0

CVE-2026-0558 - A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users

CVE-2026-34005 - In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injec

CVE-2026-5046 - A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the

CVE-2026-5045 - A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet o

CVE-2026-5044 - A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function form

CVE-2026-33575 - OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup cod

CVE-2026-33574 - OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer th

CVE-2026-33573 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC th

CVE-2026-33572 - OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissio

CVE-2026-32987 - OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verifica

CVE-2026-32980 - OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-

CVE-2026-32979 - OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute

CVE-2026-32978 - OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fa

CVE-2026-32975 - OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode tha

CVE-2026-32974 - OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode whe

CVE-2026-32973 - OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlist

CVE-2026-32972 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated oper

CVE-2026-32924 - OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction event

CVE-2026-32923 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction i

CVE-2026-32922 - OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that

CVE-2026-32919 - OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped calle

CVE-2026-32918 - OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool

CVE-2026-32915 - OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents t

CVE-2026-32914 - OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /

CVE-2026-5043 - A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formS

CVE-2026-5042 - A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function

CVE-2026-5041 - A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0

CVE-2026-5037 - A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of th

CVE-2026-5036 - A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhc

CVE-2026-5035 - A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part

CVE-2026-5034 - A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown

CVE-2026-5033 - A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability

CVE-2026-5031 - A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown func

CVE-2026-5030 - A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the fun

CVE-2026-5023 - A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275

CVE-2026-5021 - A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the fi

CVE-2026-5020 - A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is th

CVE-2026-4851 - GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserializa

CVE-2026-5019 - A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected b

CVE-2026-5018 - A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown

CVE-2026-5017 - A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an u

CVE-2026-5016 - A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of th

CVE-2026-5015 - A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown fun

CVE-2026-5014 - A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.j

CVE-2026-5013 - A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of

CVE-2026-5012 - A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the f

CVE-2026-5011 - A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function

CVE-2026-5007 - A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRep

CVE-2026-3256 - HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HT

CVE-2025-15604 - Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functi

CVE-2026-5004 - A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC

CVE-2026-5003 - A vulnerability was found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054.

CVE-2026-5002 - A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b

CVE-2026-5001 - A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The

CVE-2026-5000 - A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b05

CVE-2026-4999 - A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128ee

CVE-2026-4998 - A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the f

CVE-2026-4997 - A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function i

CVE-2026-4996 - A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the fu

CVE-2018-25225 - SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated atta

CVE-2018-25224 - PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated atta

CVE-2018-25223 - Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to e

CVE-2018-25222 - SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute

CVE-2018-25221 - EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remot

CVE-2018-25220 - Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute ar

CVE-2017-20229 - MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers t

CVE-2017-20228 - Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attack

CVE-2017-20227 - JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability tha

CVE-2017-20226 - Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to ex

CVE-2017-20225 - TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to e

CVE-2016-20049 - JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attacke

CVE-2016-20048 - iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to exe

CVE-2016-20047 - EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling

CVE-2016-20046 - zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handli

CVE-2016-20045 - HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers t

CVE-2016-20044 - PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execut

CVE-2016-20043 - NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers t

CVE-2016-20042 - TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arb

CVE-2016-20041 - Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the appli

CVE-2016-20040 - TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that

CVE-2016-20039 - Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma paramete

CVE-2016-20038 - yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to e

CVE-2016-20037 - xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local at

CVE-2026-4995 - A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unkno

CVE-2025-9497 - Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual

CVE-2026-4994 - A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_excep

CVE-2026-4993 - A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function o

CVE-2026-1679 - The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking

CVE-2026-4992 - A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of

CVE-2026-4991 - A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element

CVE-2026-33996 - LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK

CVE-2026-33994 - Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starti

CVE-2026-33993 - Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior

CVE-2026-33992 - pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97,

CVE-2026-33991 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sis

CVE-2026-33936 - The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with s

CVE-2026-4990 - A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unkn

CVE-2026-4988 - A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/

CVE-2026-4985 - A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function c

CVE-2026-34226 - Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Vers

CVE-2026-33989 - Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@m

CVE-2026-33981 - changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:`

CVE-2026-33979 - Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body

CVE-2026-33976 - Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a

CVE-2026-33955 - Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulne

CVE-2026-33954 - LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private not

CVE-2026-33953 - LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requ

CVE-2026-33946 - MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to versi

CVE-2026-33943 - Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In v

CVE-2026-33941 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33940 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33939 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-27309 - Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that

CVE-2019-25652 - UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certi

CVE-2026-4976 - A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the fu

CVE-2026-34046 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.

CVE-2026-33938 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33937 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33916 - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr

CVE-2026-33907 - Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing

CVE-2026-33906 - Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager rol

CVE-2026-33904 - Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF'

CVE-2026-33903 - Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing

CVE-2026-33896 - Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip

CVE-2026-33895 - Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip

CVE-2026-33894 - Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip

CVE-2026-33891 - Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip

CVE-2026-33887 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33886 - Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 an

CVE-2026-33885 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33884 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33883 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33882 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and

CVE-2026-33881 - Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows an

CVE-2026-33879 - Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated tra

CVE-2026-33875 - Gematik Authenticator securely authenticates users for login to digital health applications. Version

CVE-2026-33874 - Gematik Authenticator securely authenticates users for login to digital health applications. Startin

CVE-2026-33873 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.

CVE-2026-4975 - A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of th

CVE-2026-4974 - A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTim

CVE-2026-4973 - A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulner

CVE-2026-4972 - A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affect

CVE-2026-4971 - A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown

CVE-2026-34475 - Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url sce

CVE-2026-34391 - Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows

CVE-2026-34389 - Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the us

CVE-2026-34388 - Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability

CVE-2026-33872 - elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prio

CVE-2026-33871 - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F

CVE-2026-33870 - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F

CVE-2026-33869 - Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x

CVE-2026-33868 - Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8,

CVE-2026-33765 - Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tra

CVE-2026-33739 - FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.

CVE-2026-33654 - nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerabili

CVE-2026-33045 - Home Assistant is open source home automation software that puts local control and privacy first. St

CVE-2026-33044 - Home Assistant is open source home automation software that puts local control and privacy first. St

CVE-2026-32241 - Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an

CVE-2026-31951 - LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user

CVE-2026-31950 - LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the

CVE-2026-31945 - LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerab

CVE-2026-4970 - A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unk

CVE-2026-4969 - A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is

CVE-2026-34386 - Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in F

CVE-2026-34375 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet St

CVE-2026-34374 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedu

CVE-2026-34369 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_vid

CVE-2026-29180 - Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerabil

CVE-2026-26061 - Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthent

CVE-2026-26060 - Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s passwor

CVE-2026-4968 - A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown f

CVE-2026-4966 - A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown func

CVE-2026-4965 - A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type

CVE-2026-34368 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `transferBal

CVE-2026-34364 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.

CVE-2026-30568 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 i

CVE-2026-30567 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 i

CVE-2026-4964 - A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the

CVE-2026-4963 - A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function eval

CVE-2026-4962 - A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknow

CVE-2026-4961 - A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the funct

CVE-2026-4960 - A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle o

CVE-2026-34411 - Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentic

CVE-2026-34362 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `verifyToken

CVE-2026-34245 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Play

CVE-2026-33867 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows co

CVE-2026-33770 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `fixCleanTit

CVE-2026-33767 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like

CVE-2026-30576 - A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in th

CVE-2026-30575 - A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in th

CVE-2026-30574 - A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in th

CVE-2026-30571 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 i

CVE-2026-30570 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 i

CVE-2026-30569 - A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0.

CVE-2026-28369 - A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line sta

CVE-2026-28368 - A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially cra

CVE-2025-15381 - In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment

CVE-2026-4959 - A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file

CVE-2026-4958 - A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_co

CVE-2026-30534 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/man

CVE-2026-30533 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin

CVE-2026-30532 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin

CVE-2026-30531 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actio

CVE-2026-30530 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actio

CVE-2026-30529 - A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actio

CVE-2026-30527 - A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering Syst

CVE-2026-30302 - The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, r

CVE-2026-5027 - The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form

CVE-2026-5026 - The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml'

CVE-2026-5025 - The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the

CVE-2026-5022 - The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or aut

CVE-2026-5010 - A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerabi

CVE-2026-4984 - The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twili

CVE-2026-4980 - A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.

CVE-2026-4957 - A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.

CVE-2026-4956 - A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected ele

CVE-2026-4955 - A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unk

CVE-2026-4954 - A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function li

CVE-2026-4953 - A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchIm

CVE-2026-33766 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, `isSSRFSafeURL()

CVE-2026-33764 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's

CVE-2026-33763 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_vid

CVE-2026-33761 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, three `list.json

CVE-2026-33759 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pla

CVE-2026-33758 - OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao

CVE-2026-33757 - OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao

CVE-2026-33755 - Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions

CVE-2026-33750 - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior

CVE-2026-33748 - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and

CVE-2026-33433 - Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.

CVE-2026-33284 - GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/suppor

CVE-2026-33206 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-33205 - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books.

CVE-2026-30689 - A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access cont

CVE-2026-30637 - Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php

CVE-2026-30407 - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by