CVE-2026-6008 - Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, El

CVE-2026-5798 - Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app

CVE-2026-5790 - Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontContr

CVE-2026-43644 - podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api

CVE-2025-12008 - Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information

CVE-2026-8468 - Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denia

CVE-2026-8295 - An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size

CVE-2025-68421 - Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials

CVE-2025-68420 - Comarch ERP Optima client connects to a database using a high privileged account regardless of an ap

CVE-2026-2347 - Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technolog

CVE-2025-11024 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability i

CVE-2026-8280 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10

CVE-2026-8144 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10

CVE-2026-7481 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 be

CVE-2026-7471 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 be

CVE-2026-7377 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 be

CVE-2026-6883 - GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 be

CVE-2026-6335 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that

CVE-2026-6073 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 be

CVE-2026-6063 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 b

CVE-2026-4527 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.1

CVE-2026-4524 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.

CVE-2026-3607 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10

CVE-2026-3160 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10

CVE-2026-3074 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10

CVE-2026-3073 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10

CVE-2026-2900 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 b

CVE-2026-1659 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10

CVE-2026-1338 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.1

CVE-2026-1322 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10

CVE-2026-1184 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 be

CVE-2025-14870 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10

CVE-2025-14869 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10

CVE-2025-13874 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10

CVE-2025-12669 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.1

CVE-2026-46419 - Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a funct

CVE-2026-44919 - In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum

CVE-2026-41281 - Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensi

CVE-2026-8500 - Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI applica

CVE-2026-32991 - Improper authorization checks of team members privileges allow a team member to escalate privileges

CVE-2026-29206 - Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections

CVE-2026-44478 - hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2

CVE-2026-44471 - gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be const

CVE-2026-44448 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0,

CVE-2026-44447 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints

CVE-2026-44446 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0,

CVE-2026-44445 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0,

CVE-2026-44442 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoi

CVE-2026-44441 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0,

CVE-2026-44440 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0,

CVE-2026-44439 - PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCa

CVE-2026-44437 - The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to befo

CVE-2026-44426 - ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full

CVE-2026-44425 - ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-contro

CVE-2026-44424 - ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full devic

CVE-2026-44423 - ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full sess

CVE-2026-44369 - CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 t

CVE-2026-42463 - SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0,

CVE-2026-40328 - Rejected reason: This CVE is a duplicate of another CVE.

CVE-2026-40327 - Rejected reason: This CVE is a duplicate of another CVE.

CVE-2026-32993 - Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allo

CVE-2026-32992 - SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to m

CVE-2026-29205 - Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the

CVE-2026-8328 - The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv(

CVE-2026-45714 - CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template In

CVE-2026-45708 - CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission

CVE-2026-45229 - Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that

CVE-2026-45228 - Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configur

CVE-2026-45055 - CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_U

CVE-2026-45053 - CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload v

CVE-2026-44418 - EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() functio

CVE-2026-44381 - MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vu

CVE-2026-44380 - MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access

CVE-2026-44379 - MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections d

CVE-2026-44377 - CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template In

CVE-2026-44376 - CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnera

CVE-2026-44373 - Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a prox

CVE-2026-44372 - Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redire

CVE-2026-44368 - PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_m

CVE-2026-42561 - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a

CVE-2026-42304 - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4

CVE-2026-39428 - CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vuln

CVE-2026-39358 - CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injec

CVE-2026-21821 - The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x lib

CVE-2025-27853 - The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be

CVE-2025-27852 - The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site sc

CVE-2025-27851 - The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSo

CVE-2025-27850 - The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a ma

CVE-2026-44364 - MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and e

CVE-2026-44363 - MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7

CVE-2026-44351 - fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authenticatio

CVE-2026-42552 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::

CVE-2026-42551 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditional

CVE-2026-42550 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert(), SimplePdo::up

CVE-2026-42549 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command ca

CVE-2026-42548 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?

CVE-2026-33381 - When a user's access to mint tokens for a service account is revoked, it is sometimes still possible

CVE-2026-33380 - A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the

CVE-2026-33378 - Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL

CVE-2026-33377 - An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. T

CVE-2026-33376 - When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses sp

CVE-2026-28383 - A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading

CVE-2026-28380 - Any Editor could delete any snapshot, even if they have no access to read or write them.

CVE-2026-28379 - A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server cra

CVE-2026-28376 - The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a la

CVE-2026-28374 - Editors could delete any annotation, even those they do not have read access to. The editor user can

CVE-2026-8496 - A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously cra

CVE-2026-8466 - Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial

CVE-2026-44248 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-43970 - Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib a

CVE-2026-42587 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42586 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42585 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42584 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42583 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42582 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when de

CVE-2026-42581 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42580 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42579 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42578 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42577 - Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Fin

CVE-2026-41410 - Rejected reason: REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-40520. Reason: Thi

CVE-2026-41255 - CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior t

CVE-2026-41132 - CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior t

CVE-2026-33585 - Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platfor

CVE-2026-33584 - Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthori

CVE-2026-33583 - Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and interna

CVE-2026-30906 - Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an

CVE-2026-30905 - External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer b

CVE-2026-30904 - Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticat

CVE-2026-22677 - Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session imp

CVE-2026-0247 - Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent®

CVE-2026-0242 - A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to exe

CVE-2026-0241 - Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass acc

CVE-2026-0240 - An information disclosure vulnerability in Trust Protection Foundation enables an authenticated atta

CVE-2026-0239 - An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticat

CVE-2026-45411 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host except

CVE-2026-45109 - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18

CVE-2026-44582 - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16

CVE-2026-44581 - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16

CVE-2026-44580 - Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16

CVE-2026-44579 - Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 1

CVE-2026-44578 - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.1

CVE-2026-44009 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.

CVE-2026-44008 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpecies

CVE-2026-44007 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting

CVE-2026-44006 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.g

CVE-2026-44005 - vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable pro

CVE-2026-44004 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc(

CVE-2026-44003 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performa

CVE-2026-44002 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intende

CVE-2026-44001 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2

CVE-2026-44000 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 a

CVE-2026-43999 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be byp

CVE-2026-43998 - vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can

CVE-2026-43997 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Obj

CVE-2026-44577 - Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16

CVE-2026-44576 - Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16

CVE-2026-44575 - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16

CVE-2026-44574 - Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16

CVE-2026-44573 - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16

CVE-2026-2695 - A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E D

CVE-2024-48519 - Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 a

CVE-2026-8367 - aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compro

CVE-2026-6282 - A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud S

CVE-2026-6281 - A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allo

CVE-2026-45740 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, p

CVE-2026-45033 - GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.4

CVE-2026-45028 - Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the conf

CVE-2026-44665 - fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute va

CVE-2026-44664 - fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanit

CVE-2026-44572 - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16

CVE-2026-44479 - Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, h

CVE-2026-44470 - The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple s

CVE-2026-44467 - The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple s

CVE-2026-44459 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44458 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44457 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44456 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44455 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44432 - urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress t

CVE-2026-44431 - urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects foll

CVE-2026-44295 - protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static cod

CVE-2026-44294 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44293 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44292 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44291 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44290 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44289 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44288 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-42937 - Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and

CVE-2026-42930 - When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be a

CVE-2026-42924 - An authenticated attacker with the Resource Administrator or Administrator role can create SNMP conf

CVE-2026-42920 - When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, un

CVE-2026-42919 - A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrativ

CVE-2026-42781 - When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethe

CVE-2026-42780 - A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated a

CVE-2026-42557 - jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jup

CVE-2026-42409 - When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are confi

CVE-2026-42408 - When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command t

CVE-2026-42406 - A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke

CVE-2026-42290 - protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JS

CVE-2026-42266 - jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jup

CVE-2026-42063 - A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administra

CVE-2026-42058 - An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information

CVE-2026-41959 - Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network

CVE-2026-41957 - An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-I

CVE-2026-41956 - When a classification profile is configured on a UDP virtual server, undisclosed requests can cause

CVE-2026-41954 - Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and

CVE-2026-41953 - A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at l

CVE-2026-41227 - On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result i

CVE-2026-41225 - A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at le

CVE-2026-41219 - An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privile

CVE-2026-41218 - When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASS

CVE-2026-41217 - A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenti

CVE-2026-40703 - A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuratio

CVE-2026-40699 - A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-pr

CVE-2026-40698 - A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke

CVE-2026-40631 - An authenticated attacker with the Resource Administrator or Administrator role can modify configura

CVE-2026-40629 - When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual serv

CVE-2026-40618 - When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel Q

CVE-2026-40462 - Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undiscl

CVE-2026-40435 - When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow

CVE-2026-40423 - When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Mana

CVE-2026-40067 - When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the

CVE-2026-40061 - When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TM

CVE-2026-40060 - When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed req

CVE-2026-39459 - A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authent

CVE-2026-39458 - When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traf

CVE-2026-39455 - When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LD

CVE-2026-36742 - Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when bat

CVE-2026-36741 - U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Ne

CVE-2026-36738 - U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control.

CVE-2026-35062 - An authenticated iControl SOAP user may be able to obtain information of other accounts.  Note: Sof

CVE-2026-34176 - When running in Appliance mode, an authenticated remote command injection vulnerability exists in an

CVE-2026-34019 - When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols,

CVE-2026-32673 - A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the

CVE-2026-32643 - A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke

CVE-2026-31156 - A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as th

CVE-2026-28758 - When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST co

CVE-2026-24464 - When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iContro

CVE-2026-20916 - An authenticated iControl REST user with low privileges can create or modify arbitrary files through

CVE-2025-32425 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig

CVE-2025-29338 - NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discover

CVE-2025-28344 - striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.

CVE-2025-28343 - striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.

CVE-2024-55045 - Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the t

CVE-2024-51395 - Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484

CVE-2024-51394 - Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484

CVE-2020-37225 - Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allo